| Date: | Tue, 25 Apr 2006 17:11:57 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #283 |
SecurityFocus Linux Newsletter #283
----------------------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack
Step-by-Step!" - White Paper
Blind SQL Injection can deliver total control of your server to a
hacker giving them the ability to read, write and manipulate all data stored
in your backend systems! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl
------------------------------------------------------------------
I. FRONT AND CENTER
1. Forensic felonies
II. LINUX VULNERABILITY SUMMARY
1. FCheck Insecure Temporary File Creation Vulnerability
2. Linux Kernel Intel EM64T SYSRET Local Denial of Service
Vulnerability
3. Asterisk JPEG File Handling Integer Overflow Vulnerability
4. Xine Playlist Handling Remote Format String Vulnerability
5. Linux Kernel Shared Memory Security Restriction Bypass
Vulnerability
6. Linux Kernel IP_ROUTE_INPUT Local Denial of Service
Vulnerability
7. Multiple Vendor AMD CPU Local FPU Information Disclosure
Vulnerability
8. Multiple Linux-Based Cisco Products Local Privilege
Escalation Vulnerability
9. Beagle Helper Applications Arbitrary Code Execution
Vulnerability
10. GNOME Foundation GDM .ICEauthority Improper File
Permissions Vulnerability
11. Linux Kernel RCU signal handling __group_complete_signal
Function Unspecified Vulnerability
12. Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service
Vulnerability
13. DNSmasq Broadcast Reply Denial Of Service Vulnerability
14. Blender BVF File Import Python Code Execution Vulnerability
15. Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
Vulnerability
16. Fenice Remote Buffer Overflow and Denial Of Service
Vulnerabilities
17. ABC2PS ABC Music Files Remote Buffer Overflow Vulnerability
18. Invision Power Board Index.PHP CK Parameter SQL Injection
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Content management solution w/ linux server?
2. about /dev/shm?
3. Syncing iptables rules between two servers
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Forensic felonies
By Mark Rasch
A new law in Georgia on private investigators extends to computer
forensics and computer incident response, meaning that forensics experts who
testify in court without a PI license may be committing a felony.
http://www.securityfocus.com/columnists/399
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. FCheck Insecure Temporary File Creation Vulnerability
BugTraq ID: 17524
Remote: No
Date Published: 2006-04-15
Relevant URL: http://www.securityfocus.com/bid/17524
Summary:
FCheck creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to
view files and obtain privileged information. The attacker may also
perform symlink attacks, overwriting arbitrary files in the context of the
affected application.
A successful attack would most likely result in loss of confidentiality
and theft of privileged information. Successful exploitation of a
symlink attack may allow an attacker to overwrite sensitive files. This may
result in a denial of service; other attacks may also be possible.
2. Linux Kernel Intel EM64T SYSRET Local Denial of Service
Vulnerability
BugTraq ID: 17541
Remote: No
Date Published: 2006-04-17
Relevant URL: http://www.securityfocus.com/bid/17541
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue arises in Intel EM64T CPUs when returning program control
using SYSRET.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
3. Asterisk JPEG File Handling Integer Overflow Vulnerability
BugTraq ID: 17561
Remote: Yes
Date Published: 2006-04-17
Relevant URL: http://www.securityfocus.com/bid/17561
Summary:
Asterisk is prone to an integer-overflow vulnerability.
This issue arises when the application handles a malformed JPEG file.
An attacker could exploit this vulnerability to execute arbitrary code
in the context of the vulnerable application.
4. Xine Playlist Handling Remote Format String Vulnerability
BugTraq ID: 17579
Remote: Yes
Date Published: 2006-04-18
Relevant URL: http://www.securityfocus.com/bid/17579
Summary:
The xine package is reported prone to a remote format-string
vulnerability.
This issue arises when the application handles specially crafted
playlist files. An attacker can exploit this vulnerability by crafting a
malicious file that contains format specifiers and then sending the file to
an unsuspecting user.
A successful attack may crash the application or lead to arbitrary code
execution.
All versions of xine are considered vulnerable at the moment.
5. Linux Kernel Shared Memory Security Restriction Bypass Vulnerability
BugTraq ID: 17587
Remote: No
Date Published: 2006-04-18
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to a vulnerability regarding access to shared
memory.
A local attacker could potentially gain read and write access to shared
memory and write access to read-only tmpfs filesystems, bypassing
security restrictions.
An attacker can exploit this issue to possibly corrupt applications and
their data when the applications use temporary files or shared memory.
6. Linux Kernel IP_ROUTE_INPUT Local Denial of Service Vulnerability
BugTraq ID: 17593
Remote: No
Date Published: 2006-04-19
Relevant URL: http://www.securityfocus.com/bid/17593
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue is due to a design error in the 'ip_route_input()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.8.
7. Multiple Vendor AMD CPU Local FPU Information Disclosure
Vulnerability
BugTraq ID: 17600
Remote: No
Date Published: 2006-04-19
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local
information-disclosure vulnerability. This issue is due to a flaw in the operating
systems that fail to properly use AMD CPUs.
Local attackers may exploit this vulnerability to gain access to
potentially sensitive information regarding other processes executing on
affected computers. This may aid attackers in retrieving information
regarding cryptographic keys or other sensitive information.
This issue affects Linux and FreeBSD operating systems that use
generations 7 and 8 AMD CPUs.
8. Multiple Linux-Based Cisco Products Local Privilege Escalation
Vulnerability
BugTraq ID: 17609
Remote: No
Date Published: 2006-04-19
Relevant URL: http://www.securityfocus.com/bid/17609
Summary:
Multiple Linux-based Cisco products are prone to a local
privilege-escalation vulnerability. The applications fail to properly sanitize
user-supplied input.
This issue allows attackers with telnet or SSH access to affected
devices to execute arbitrary shell commands with superuser privileges. This
facilitates the complete compromise of affected devices.
9. Beagle Helper Applications Arbitrary Code Execution Vulnerability
BugTraq ID: 17611
Remote: Yes
Date Published: 2006-04-19
Relevant URL: http://www.securityfocus.com/bid/17611
Summary:
Beagle is susceptible to an insecure indexing issue when dealing with
helper applications. This can lead to arbitrary code execution.
An attacker can exploit this issue to execute arbitrary code with the
privileges of the user running the vulnerable application.
10. GNOME Foundation GDM .ICEauthority Improper File Permissions
Vulnerability
BugTraq ID: 17635
Remote: No
Date Published: 2006-04-20
Relevant URL: http://www.securityfocus.com/bid/17635
Summary:
GDM is prone to an improper file-permissions vulnerability.
An attacker can exploit this issue to gain access to sensitive or
privileged information that may facilitate a complete compromise of the
vulnerable computer.
11. Linux Kernel RCU signal handling __group_complete_signal Function
Unspecified Vulnerability
BugTraq ID: 17640
Remote: No
Date Published: 2006-04-21
Relevant URL: http://www.securityfocus.com/bid/17640
Summary:
Linux Kernel is prone to a local unspecified vulnerability.
This issue exists in the '__group_complete_signal' function of the RCU
signal-handling facility.
Due to a lack of details, further information cannot be provided at the
moment. This BID will be updated when more details are available.
12. Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service
Vulnerability
BugTraq ID: 17645
Remote: Yes
Date Published: 2006-04-21
Relevant URL: http://www.securityfocus.com/bid/17645
Summary:
Ruby is affected by a denial-of-service vulnerability in the WEBrick
HTTP server. This issue is due to the use of blocking network operations.
Ruby's implementation of XML/RPC is also affected, as it utilizes the
vulnerable WEBrick server.
This issue allows remote attackers to cause affected web servers to
fail to respond to further legitimate requests.
Ruby versions prior to 1.8.3 are affected by this issue.
13. DNSmasq Broadcast Reply Denial Of Service Vulnerability
BugTraq ID: 17662
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17662
Summary:
Dnsmasq is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to crash by
sending a 'broadcast reply' request to the server application.
By causing the application to crash, the attacker can deny service to
legitimate users.
14. Blender BVF File Import Python Code Execution Vulnerability
BugTraq ID: 17663
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17663
Summary:
Blender is susceptible to a Python code-execution vulnerability. This
issue is due to the application's failure to properly sanitize
user-supplied input before using it in a Python 'eval' statement.
This issue allows attackers to execute arbitrary Python code in the
context of the user running the affected application.
15. Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
Vulnerability
BugTraq ID: 17671
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17671
Summary:
Mozilla Firefox is prone to a buffer-overflow vulnerability when
rendering malformed JavaScript content. An attacker could exploit this issue
to cause the browser to fail or potentially execute arbitrary code.
Firefox version 1.5.0.2 and earlier versions running on Windows and
Linux platforms are affected.
16. Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
BugTraq ID: 17678
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17678
Summary:
Fenice is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform
sufficient bounds checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue potentially allows remote
attackers to execute arbitrary machine code in the context of the
affected server process. Failed exploit attempts will likely crash the
application, denying service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw.
This issue allows remote attackers to crash the affected application,
denying service to legitimate users.
Version 1.10 of Fenice is vulnerable to these issues; other versions
may also be affected.
17. ABC2PS ABC Music Files Remote Buffer Overflow Vulnerability
BugTraq ID: 17689
Remote: Yes
Date Published: 2006-04-25
Relevant URL: http://www.securityfocus.com/bid/17689
Summary:
abc2ps is prone to a remote buffer-overflow vulnerability.
A remote attacker can exploit this issue to execute arbitrary code in
the context of a user running the application. As a result, the attacker
can gain unauthorized access to the vulnerable computer.
18. Invision Power Board Index.PHP CK Parameter SQL Injection
Vulnerability
BugTraq ID: 17690
Remote: Yes
Date Published: 2006-04-25
Relevant URL: http://www.securityfocus.com/bid/17690
Summary:
Invision Power Board is prone to an SQL injection vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
A successful exploit could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Content management solution w/ linux server?
http://www.securityfocus.com/archive/91/431513
2. about /dev/shm?
http://www.securityfocus.com/archive/91/431111
3. Syncing iptables rules between two servers
http://www.securityfocus.com/archive/91/430423
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack
Step-by-Step!" - White Paper
Blind SQL Injection can deliver total control of your server to a
hacker giving them the ability to read, write and manipulate all data stored
in your backend systems! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl