From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #284 |
SecurityFocus Linux Newsletter #284
----------------------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your
desktops and laptops. Safend Auditor identifies every USB, FireWire and
PCMCIA device that has connected to your endpoints. Asses you endpoint
vulnerabilities for FREE!
http://www.securityfocus.com/cgi-bin/ib.pl
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sendmail and secure design
2. Five common Web application vulnerabilities
II. LINUX VULNERABILITY SUMMARY
1. DNSmasq Broadcast Reply Denial Of Service Vulnerability
2. Blender BVF File Import Python Code Execution Vulnerability
3. Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
Vulnerability
4. Fenice Remote Buffer Overflow and Denial Of Service
Vulnerabilities
5. Ethereal Multiple Protocol Dissector Vulnerabilities In
Versions Prior To 0.99.0
6. ABC2PS ABC Music Files Remote Buffer Overflow Vulnerability
7. Invision Power Board Index.PHP CK Parameter SQL Injection
Vulnerability
8. ABCMIDI ABC Music Files Remote Buffer Overflow Vulnerability
9. PowerDNS Malformed EDNS0 Packet Remote Denial of Service
Vulnerability
10. BL4 SMTP Server Buffer Overflow Vulnerability
11. Invision Power Board Func_msg.PHP SQL Injection
Vulnerability
12. LibTiff TIFFFetchData Integer Overflow Vulnerability
13. LibTiff Double Free Memory Corruption Vulnerability
14. Linux Kernel SMBFS CHRoot Security Restriction Bypass
Vulnerability
15. SWS Web Server Multiple Arbitrary Code Execution
Vulnerabilities
16. Linux Kernel CIFS CHRoot Security Restriction Bypass
Vulnerability
17. ResMgr Unauthorized USB Device Access Vulnerability
18. Clam AntiVirus FreshClam Remote Buffer Overflow
Vulnerability
19. Xine Filename Handling Remote Format String Vulnerability
20. MySQL Remote Information Disclosure and Buffer Overflow
Vulnerabilities
21. RSync Receive_XATTR Integer Overflow Vulnerability
22. Invision Gallery Post.PHP SQL Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Content management solution w/ linux server?
2. Syncing iptables rules between two servers
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sendmail and secure design
By Jason Miller
Sendmail's wide market share, ancient code base and long vulnerability
history make it an interesting example about the need for software to
start from a secure design.
http://www.securityfocus.com/columnists/400
2. Five common Web application vulnerabilities
By Sumit Siddharth, Pratiksha Doshi
This article looks at five common Web application attacks, primarily
for PHP applications, and then presents a short case study of a
vulnerable Website that was found using Google and easily exploited.
http://www.securityfocus.com/infocus/1864
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. DNSmasq Broadcast Reply Denial Of Service Vulnerability
BugTraq ID: 17662
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17662
Summary:
Dnsmasq is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to crash by
sending a 'broadcast reply' request to the server application.
By causing the application to crash, the attacker can deny service to
legitimate users.
2. Blender BVF File Import Python Code Execution Vulnerability
BugTraq ID: 17663
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17663
Summary:
Blender is susceptible to a Python code-execution vulnerability. This
issue is due to the application's failure to properly sanitize
user-supplied input before using it in a Python 'eval' statement.
This issue allows attackers to execute arbitrary Python code in the
context of the user running the affected application.
3. Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
Vulnerability
BugTraq ID: 17671
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17671
Summary:
Mozilla Firefox is prone to a buffer-overflow vulnerability when
rendering malformed JavaScript content. An attacker could exploit this issue
to cause the browser to fail or potentially execute arbitrary code.
Firefox version 1.5.0.2 and earlier versions running on Windows and
Linux platforms are affected.
4. Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
BugTraq ID: 17678
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17678
Summary:
Fenice is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform
sufficient bounds checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue potentially allows remote
attackers to execute arbitrary machine code in the context of the
affected server process. Failed exploit attempts will likely crash the
application, denying service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw.
This issue allows remote attackers to crash the affected application,
denying service to legitimate users.
Version 1.10 of Fenice is vulnerable to these issues; other versions
may also be affected.
5. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions
Prior To 0.99.0
BugTraq ID: 17682
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor.
The reported issues are in various protocol dissectors. These issues
include:
- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities
These issues could allow remote attackers to execute arbitrary machine
code in the context of the vulnerable application. Attackers could also
crash the affected application.
Various vulnerabilities affect different versions of Ethereal, from
0.8.5 through to 0.10.14.
6. ABC2PS ABC Music Files Remote Buffer Overflow Vulnerability
BugTraq ID: 17689
Remote: Yes
Date Published: 2006-04-25
Relevant URL: http://www.securityfocus.com/bid/17689
Summary:
The abc2ps application is prone to a remote buffer-overflow
vulnerability.
A remote attacker can exploit this issue to execute arbitrary code in
the context of a user running the application. As a result, the attacker
can gain unauthorized access to the vulnerable computer.
7. Invision Power Board Index.PHP CK Parameter SQL Injection
Vulnerability
BugTraq ID: 17690
Remote: Yes
Date Published: 2006-04-25
Relevant URL: http://www.securityfocus.com/bid/17690
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
8. ABCMIDI ABC Music Files Remote Buffer Overflow Vulnerability
BugTraq ID: 17704
Remote: Yes
Date Published: 2006-04-26
Relevant URL: http://www.securityfocus.com/bid/17704
Summary:
abcMIDI is prone to a remote buffer-overflow vulnerability.
A remote attacker can exploit this issue to execute arbitrary code in
the context of a user running the application. As a result, the attacker
can gain unauthorized access to the vulnerable computer.
9. PowerDNS Malformed EDNS0 Packet Remote Denial of Service
Vulnerability
BugTraq ID: 17711
Remote: Yes
Date Published: 2006-04-26
Relevant URL: http://www.securityfocus.com/bid/17711
Summary:
A denial-of-service vulnerability affects PowerDNS. This issue is due
to the application's failure to properly handle malformed DNS packets.
The vulnerability allows remote attackers from external networks to
crash affected DNS servers, denying further service to legitimate users.
PowerDNS version 3.0 is affected by this issue.
10. BL4 SMTP Server Buffer Overflow Vulnerability
BugTraq ID: 17714
Remote: Yes
Date Published: 2006-04-27
Relevant URL: http://www.securityfocus.com/bid/17714
Summary:
BL4 SMTP Server is reported susceptible to a remote buffer-overflow
vulnerability in its SMTP service. This issue is due to the application's
failure to properly bounds-check user-supplied input before copying it
to a finite-sized memory buffer.
This vulnerability allows remote attackers to crash the server, and
execute arbitrary machine code in the context of the affected server
process.
Version prior to 0.1.5 are reported to be affected by this issue. Other
versions may also be affected.
11. Invision Power Board Func_msg.PHP SQL Injection Vulnerability
BugTraq ID: 17719
Remote: Yes
Date Published: 2006-04-27
Relevant URL: http://www.securityfocus.com/bid/17719
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
12. LibTiff TIFFFetchData Integer Overflow Vulnerability
BugTraq ID: 17732
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17732
Summary:
Applications using the LibTIFF library are prone to an integer-overflow
vulnerability.
An attacker could exploit this vulnerability to execute arbitrary code
in the context of the vulnerable application that uses the affected
library. Failed exploit attempts will likely cause denial-of-service
conditions.
13. LibTiff Double Free Memory Corruption Vulnerability
BugTraq ID: 17733
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17733
Summary:
Applications using the LibTIFF library are prone to a double-free
vulnerability; a fix is available.
Attackers may be able to exploit this issue to cause denial-of-service
conditions in affected applications using a vulnerable version of the
library; arbitrary code execution may also be possible.
14. Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability
BugTraq ID: 17735
Remote: No
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17735
Summary:
The Linux Kernel is prone to a vulnerability that allows attackers to
bypass a security restriction. This issue is due to a failure in the
kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem
('smbfs'). A local attacker who is bounded by the chroot can exploit this issue
to bypass the chroot restriction and gain unauthorized access to the
filesystem.
15. SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 17737
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17737
Summary:
SWS Web Server is prone to multiple vulnerabilities permitting
arbitrary code execution.
The application is prone to multiple format-string and buffer-overflow
vulnerabilities that can attackers can exploit to execute arbitrary
code. A successful exploit may facilitate a compromise of the affected
computer.
16. Linux Kernel CIFS CHRoot Security Restriction Bypass Vulnerability
BugTraq ID: 17742
Remote: No
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17742
Summary:
The Linux Kernel is prone to a vulnerability that allows attackers to
bypass a security restriction. This issue is due to a failure in the
kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem
('cifs'). A local attacker who is bounded by the chroot can exploit this issue
to bypass the chroot restriction and gain unauthorized access to the
filesystem.
17. ResMgr Unauthorized USB Device Access Vulnerability
BugTraq ID: 17752
Remote: No
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17752
Summary:
The resmgr module is prone to a vulnerability that permits unauthorized
access to USB devices.
A successful exploit of this issue would result in a bypass of access
controls leading to a false sense of security and a possible loss of
confidentiality if data is intercepted; other attacks are also possible.
18. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
BugTraq ID: 17754
Remote: Yes
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-overflow
vulnerability. The utility fails to perform sufficient boundary checks
in server-supplied HTTP data before copying it to an insufficiently
sized memory buffer.
To exploit this issue, attackers must subvert webservers in the ClamAV
database server pool. Or, they would perform DNS-based attacks or
man-in-the-middle attacks to cause affected freshclam applications to
connect to attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code in
the context of the freshclam utility. The affected utility may run with
superuser privileges, aiding remote attackers in the complete
compromise of affected computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
19. Xine Filename Handling Remote Format String Vulnerability
BugTraq ID: 17769
Remote: Yes
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17769
Summary:
The xine package is susceptible to a remote format-string
vulnerability.
This issue arises when the application handles specially crafted
filenames. An attacker can exploit this vulnerability by crafting a malicious
filename that contains format specifiers and then coercing unsuspecting
users to try to execute the affected application with the malicious
filename as an argument.
A successful attack may crash the application or lead to arbitrary code
execution.
Version 0.99.4 of xine is vulnerable to this issue; other versions may
also be affected.
20. MySQL Remote Information Disclosure and Buffer Overflow
Vulnerabilities
BugTraq ID: 17780
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities. The issues
are:
- A buffer-overflow vulnerability due to insufficient bounds-checking
of user-supplied data prior to copying it to an insufficiently sized
memory-buffer. This issue allows remote attackers to execute arbitrary
machine code in the context of affected database servers. Failed exploit
attempts likely result in crashing the server and denying further
service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient
input-sanitization and bounds-checking of user-supplied data. These issues
allow remote users to gain access to potentially sensitive information
that may aid them in further attacks.
21. RSync Receive_XATTR Integer Overflow Vulnerability
BugTraq ID: 17788
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17788
Summary:
The rsync utility is susceptible to a remote integer-overflow
vulnerability. This issue is due to a failure of the application to properly
ensure that user-supplied input does not result in the overflowing of
integer values. This may result in user-supplied data being copied past the
end of a memory buffer.
Attackers may exploit this issue to execute arbitrary machine code in
the context of the affected application, facilitating in the compromise
of affected computers.
Versions of rsync prior to 2.6.8 that have had the 'xattrs.diff' patch
applied are vulnerable to this issue.
22. Invision Gallery Post.PHP SQL Injection Vulnerability
BugTraq ID: 17793
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17793
Summary:
Invision Gallery is prone to a SQL-injection vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Content management solution w/ linux server?
http://www.securityfocus.com/archive/91/431513
2. Syncing iptables rules between two servers
http://www.securityfocus.com/archive/91/430423
V. SPONSOR INFORMATION
------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your
desktops and laptops. Safend Auditor identifies every USB, FireWire and
PCMCIA device that has connected to your endpoints. Asses you endpoint
vulnerabilities for FREE!
http://www.securityfocus.com/cgi-bin/ib.pl