| Date: | Tue, 18 Apr 2006 15:43:24 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #282 |
SecurityFocus Linux Newsletter #282
----------------------------------------
This Issue is Sponsored By: Patchlink
Automatically analyze, deploy and track security patches
Does your patch management solution automatically track and re-deploy
to ensure network security?
20% of patches unknowingly become un-patched. Learn more about
automating the analysis, distribution and tracking of security patches using
PatchLink's security patch & vulnerability management solution -- the
world's largest repository of tested patches. Request a free trial disk.
http://a.gklmedia.com/sfln/nl/148
------------------------------------------------------------------
I. FRONT AND CENTER
1. Virtualization for security
2. Stop the bots
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel __keyring_search_one Local Denial of Service
Vulnerability
2. XScreenSaver Local Password Disclosure Vulnerability
3. Debian mnoGoSearch-Common Local Database Administrator
Password Disclosure Vulnerability
4. Linux Kernel Perfmon.c Local Denial of Service Vulnerability
5. Plone MembershipTool Access Control Bypass Vulnerability
6. Opera Web Browser Stylesheet Attribute Buffer Overflow
Vulnerability
7. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple
Remote Vulnerabilities
8. FCheck Insecure Temporary File Creation Vulnerability
9. Avast! Linux Home Edition Insecure Temporary File Creation
Vulnerability
10. Linux Kernel Intel EM64T SYSRET Local Denial of Service
Vulnerability
11. Asterisk JPEG File Handling Integer Overflow Vulnerability
12. Xine Playlist Handling Remote Format String Vulnerability
13. Linux Kernel Shared Memory Security Restriction Bypass
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. about /dev/shm?
2. Syncing iptables rules between two servers
3. R: IPtables and C programming??
4. IPtables and C programming??
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Virtualization for security
By Scott Granneman
Scott Granneman gives an overview of the virtualization options for all
three major operating system families and looks at the many ways the
technology can improve your security posture in an organization or at
home.
http://www.securityfocus.com/columnists/397
2. Stop the bots
By Kelly Martin
Botnets are a major source of evil on the Internet, from spam, phishing
attacks, virus propagation and denial-of-service attacks to the
stealing of financial information and other illegal activity. Does disbanding
them raise legal and ethical implications?
http://www.securityfocus.com/columnists/398
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel __keyring_search_one Local Denial of Service
Vulnerability
BugTraq ID: 17451
Remote: No
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17451
Summary:
Linux kernel is susceptible to a local denial-of-service vulnerability.
This vulnerability arises in the '__keyring_search_one' function. This
issue allows local users to crash the kernel, denying service to
legitimate users.
Kernel versions prior to 2.6.16.3 are vulnerable to this issue.
2. XScreenSaver Local Password Disclosure Vulnerability
BugTraq ID: 17471
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17471
Summary:
XScreenSaver is prone to a local password-disclosure vulnerability.
This issue is due to a flaw in the application that may result in the
screen-unlock password being passed onto other applications that are
already running on the computer.
This may disclose the password used to unlock the applications. The
login password is typically used to unlock XScreenSaver, so this issue may
reveal login passwords to attackers.
This issue is currently known to affect users who are running RDesktop
on the locked computer, due to the interaction between the
applications. This may result in the disclosure of the login password across the
network. Other unknown applications in conjunction with XScreenSaver may
result in a similar issue.
Version 4.14, and 4.16 are vulnerable to this issue; other versions may
also be affected.
3. Debian mnoGoSearch-Common Local Database Administrator Password
Disclosure Vulnerability
BugTraq ID: 17477
Remote: No
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17477
Summary:
Debian GNU/Linux is susceptible to a local information-disclosure
vulnerability. This issue is due to the 'debconf' package improperly storing
sensitive information in world-readable files.
This issue allows local users to gain access to the database
administrator password to the 'mnogosearch-common' package. Information gained
through exploiting this issue may aid malicious users in further attacks.
4. Linux Kernel Perfmon.c Local Denial of Service Vulnerability
BugTraq ID: 17482
Remote: No
Date Published: 2006-04-12
Relevant URL: http://www.securityfocus.com/bid/17482
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue arises in 'perfmon.c' on ia64 platforms.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
5. Plone MembershipTool Access Control Bypass Vulnerability
BugTraq ID: 17484
Remote: Yes
Date Published: 2006-04-12
Relevant URL: http://www.securityfocus.com/bid/17484
Summary:
Plone is susceptible to a remote access-control bypass vulnerability.
This issue is due to the application's failure to properly enforce
privileges to various MembershipTool methods.
This issue allows remote, anonymous attackers to modify and delete
portrait images of members. This may help attackers exploit latent
vulnerabilities in image-rendering software. Other attacks may also be
possible.
6. Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
BugTraq ID: 17513
Remote: Yes
Date Published: 2006-04-13
Relevant URL: http://www.securityfocus.com/bid/17513
Summary:
Opera is prone to a buffer-overflow vulnerability. This issue is due to
the application's failure to properly bounds-check user-supplied input
before using it in a string-copy operation.
This issue allows remote attackers to crash affected web browsers. Due
to the nature of this issue, attackers may be able to exploit this
issue to execute machine code, but this has not been confirmed.
Opera version 8.52 is vulnerable to this issue; other versions may also
be affected.
7. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote
Vulnerabilities
BugTraq ID: 17516
Remote: Yes
Date Published: 2006-04-13
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released 9 security advisories specifying
security vulnerabilities in Mozilla Suite, Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as the
information embargo on the Mozilla Bugzilla entries is lifted, and further
information becomes available. This BID will then be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
8. FCheck Insecure Temporary File Creation Vulnerability
BugTraq ID: 17524
Remote: No
Date Published: 2006-04-15
Relevant URL: http://www.securityfocus.com/bid/17524
Summary:
FCheck creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to
view files and obtain privileged information. The attacker may also
perform symlink attacks, overwriting arbitrary files in the context of the
affected application.
A successful attack would most likely result in loss of confidentiality
and theft of privileged information. Successful exploitation of a
symlink attack may allow an attacker to overwrite sensitive files. This may
result in a denial of service; other attacks may also be possible.
9. Avast! Linux Home Edition Insecure Temporary File Creation
Vulnerability
BugTraq ID: 17535
Remote: No
Date Published: 2006-04-14
Relevant URL: http://www.securityfocus.com/bid/17535
Summary:
Avast! Linux Home Edition creates temporary files in an insecure
manner.
An attacker with local access could potentially exploit this issue to
view files and obtain privileged information. The attacker may also
perform symlink attacks, overwriting arbitrary files in the context of the
affected application.
A successful attack would most likely result in loss of confidentiality
and theft of privileged information. Successful exploitation of a
symlink attack may allow an attacker to overwrite sensitive files. This may
result in a denial of service; other attacks may also be possible.
10. Linux Kernel Intel EM64T SYSRET Local Denial of Service
Vulnerability
BugTraq ID: 17541
Remote: No
Date Published: 2006-04-17
Relevant URL: http://www.securityfocus.com/bid/17541
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue arises in Intel EM64T CPUs when returning program control
using SYSRET.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
11. Asterisk JPEG File Handling Integer Overflow Vulnerability
BugTraq ID: 17561
Remote: Yes
Date Published: 2006-04-17
Relevant URL: http://www.securityfocus.com/bid/17561
Summary:
Asterisk is prone to an integer-overflow vulnerability.
This issue arises when the application handles a malformed JPEG file.
An attacker could exploit this vulnerability to execute arbitrary code
in the context of the vulnerable application.
12. Xine Playlist Handling Remote Format String Vulnerability
BugTraq ID: 17579
Remote: Yes
Date Published: 2006-04-18
Relevant URL: http://www.securityfocus.com/bid/17579
Summary:
xine is reported prone to a remote format-string vulnerability.
This issue arises when the application handles specially-crafted
playlist files. An attacker can exploit this vulnerability by crafting a
malicious file that contains format specifiers and sending the file to an
unsuspecting user.
A successful attack may crash the application or lead to arbitrary code
execution.
All versions of xine are considered vulnerable at the moment.
13. Linux Kernel Shared Memory Security Restriction Bypass
Vulnerability
BugTraq ID: 17587
Remote: No
Date Published: 2006-04-18
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to a vulnerability regarding shared memory
access.
A local attacker could potentially gain read and write access to shared
memory and write access to read-only tmpfs filesystems, bypassing
security restrictions.
An attacker can exploit this issue to possibly corrupt applications and
their data when the applications use temporary files or shared memory.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. about /dev/shm?
http://www.securityfocus.com/archive/91/431111
2. Syncing iptables rules between two servers
http://www.securityfocus.com/archive/91/430423
3. R: IPtables and C programming??
http://www.securityfocus.com/archive/91/430003
4. IPtables and C programming??
http://www.securityfocus.com/archive/91/429848
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Patchlink
Automatically analyze, deploy and track security patches
Does your patch management solution automatically track and re-deploy
to ensure network security?
20% of patches unknowingly become un-patched. Learn more about
automating the analysis, distribution and tracking of security patches using
PatchLink's security patch & vulnerability management solution -- the
world's largest repository of tested patches. Request a free trial disk.
http://a.gklmedia.com/sfmn/nl/148