From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #285 |
SecurityFocus Linux Newsletter #285
----------------------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your
desktops and laptops. Safend Auditor identifies every USB, FireWire and
PCMCIA device that has connected to your endpoints. Asses you endpoint
vulnerabilities for FREE!
http://www.securityfocus.com/cgi-bin/ib.pl
------------------------------------------------------------------
I. FRONT AND CENTER
1. Innovative ways to fool people
2. Malicious cryptography, part 1
II. LINUX VULNERABILITY SUMMARY
1. ResMgr Unauthorized USB Device Access Vulnerability
2. Clam AntiVirus FreshClam Remote Buffer Overflow
Vulnerability
3. Xine Filename Handling Remote Format String Vulnerability
4. MySQL Remote Information Disclosure and Buffer Overflow
Vulnerabilities
5. RSync Receive_XATTR Integer Overflow Vulnerability
6. Invision Gallery Post.PHP SQL Injection Vulnerability
7. X.Org XRender Extension Buffer Overflow Vulnerability
8. CGI:IRC Client.C Remote Buffer Overflow and Denial Of
Service Vulnerabilities
9. EjabberD Installer Insecure Temporary File Creation
Vulnerability
10. Linux Kernel SCTP-netfilter Remote Denial of Service
Vulnerability
11. Quagga Information Disclosure and Route Injection
Vulnerabilities
12. LibTiff TIFFToRGB Denial of Service Vulnerability
13. Linux Kernel SELinux_PTrace Local Denial of Service
Vulnerability
14. Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
Vulnerability
15. Invision Power Board Func_mod.PHP SQL Injection
Vulnerability
16. Invision Power Board Index.PHP SQL Injection Vulnerability
17. Linux-VServer Local Insecure Guest Context Capabilities
Vulnerability
18. hostapd Invalid EAPOL Key Length Remote Denial Of Service
Vulnerability
19. Quake 3 Engine remapShader Command Remote Buffer Overflow
Vulnerability
20. Nagios Remote Negative Content-Length Buffer Overflow
Vulnerability
21. Drupal Project Module HTML Injection Vulnerability
22. PSToText Arbitrary Script Code Execution Vulnerability
23. ISPConfig Session.INC.PHP Remote File Include Vulnerability
24. Linux Kernel Multiple SCTP Remote Denial of Service
Vulnerabilities
25. OpenOBEX IRCP Arbitrary File Overwrite Vulnerability
III. LINUX FOCUS LIST SUMMARY
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Innovative ways to fool people
By Scott Granneman
Scott Granneman's latest column looks at recent security examples where
people have been fooled in increasingly innovative ways: from
keyloggers used in a massive bank heist and new Trojans that encrypt data and
request ransom money, to real financial rip-offs that extend out from
online virtual gaming worlds like World of Warcraft.
http://www.securityfocus.com/columnists/401
2. Malicious cryptography, part 1
By Frederic Raynal
This two-part article series looks at how cryptography is a
double-edged sword: it is used to make us safer, but it is also being used for
malicious purposes within sophisticated viruses. Part one introduces the
concepts behind cryptovirology and offers examples of malicious
potential with the SuckIt rootkit and a possible SSH worm. It then introduces
armored viruses that use shape shifting (polymorphism and metamorphism)
to avoid detection.
http://www.securityfocus.com/infocus/1865
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. ResMgr Unauthorized USB Device Access Vulnerability
BugTraq ID: 17752
Remote: No
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17752
Summary:
The resmgr module is prone to a vulnerability that permits unauthorized
access to USB devices.
A successful exploit of this issue would result in a bypass of access
controls leading to a false sense of security and a possible loss of
confidentiality if data is intercepted; other attacks are also possible.
2. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
BugTraq ID: 17754
Remote: Yes
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-overflow
vulnerability. The utility fails to perform sufficient boundary checks
in server-supplied HTTP data before copying it to an insufficiently
sized memory buffer.
To exploit this issue, attackers must subvert webservers in the ClamAV
database server pool. Or, they would perform DNS-based attacks or
man-in-the-middle attacks to cause affected freshclam applications to
connect to attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code in
the context of the freshclam utility. The affected utility may run with
superuser privileges, aiding remote attackers in the complete
compromise of affected computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
3. Xine Filename Handling Remote Format String Vulnerability
BugTraq ID: 17769
Remote: Yes
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17769
Summary:
The xine package is susceptible to a remote format-string
vulnerability.
This issue arises when the application handles specially crafted
filenames. An attacker can exploit this vulnerability by crafting a malicious
filename that contains format specifiers and then coercing unsuspecting
users to try to execute the affected application with the malicious
filename as an argument.
A successful attack may crash the application or lead to arbitrary code
execution.
Version 0.99.4 of xine is vulnerable to this issue; other versions may
also be affected.
4. MySQL Remote Information Disclosure and Buffer Overflow
Vulnerabilities
BugTraq ID: 17780
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-checking
of user-supplied data before copying it to an insufficiently sized
memory buffer. This issue allows remote attackers to execute arbitrary
machine code in the context of affected database servers. Failed exploit
attempts will likely crash the server, denying further service to
legitimate users.
- Two information-disclosure vulnerabilities due to insufficient
input-sanitization and bounds-checking of user-supplied data. These issues
allow remote users to gain access to potentially sensitive information
that may aid them in further attacks.
5. RSync Receive_XATTR Integer Overflow Vulnerability
BugTraq ID: 17788
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17788
Summary:
The rsync utility is susceptible to a remote integer-overflow
vulnerability. This issue is due to the application's failure to properly ensure
that user-supplied input doesn't overflow integer values. This may
result in user-supplied data being copied past the end of a memory buffer.
Attackers may exploit this issue to execute arbitrary machine code in
the context of the affected application, facilitating in the compromise
of affected computers.
Versions of rsync prior to 2.6.8 that have had the 'xattrs.diff' patch
applied are vulnerable to this issue.
6. Invision Gallery Post.PHP SQL Injection Vulnerability
BugTraq ID: 17793
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17793
Summary:
Invision Gallery is prone to a SQL-injection vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
7. X.Org XRender Extension Buffer Overflow Vulnerability
BugTraq ID: 17795
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17795
Summary:
The X.Org X Window System is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with
elevated privileges. This may facilitate a compromise of the affected
computer.
8. CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service
Vulnerabilities
BugTraq ID: 17799
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17799
Summary:
CGI:IRC is susceptible to multiple remote vulnerabilities.
A buffer-overflow vulnerability and denial-of-service vulnerability
affect CGI:IRC, and potentially allow remote attackers to execute
arbitrary machine code and to crash the affected application.
Version 0.5.7 is vulnerable to these issues; other versions may also be
affected.
9. EjabberD Installer Insecure Temporary File Creation Vulnerability
BugTraq ID: 17804
Remote: No
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17804
Summary:
The ejabberd server creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to
perform symlink attacks, overwriting arbitrary files in the context of
the affected application.
A successful attack would most likely result in loss of confidentiality
and theft of privileged information. Successful exploitation of a
symlink attack may allow an attacker to overwrite sensitive files. This may
result in a denial of service; other attacks may also be possible.
This issue reportedly exists in the installer-generating program that
ejabberd utilizes to create the installation package.
10. Linux Kernel SCTP-netfilter Remote Denial of Service Vulnerability
BugTraq ID: 17806
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17806
Summary:
The Linux kernel netfilter module is susceptible to a remote
denial-of-service vulnerability.
This issue is triggered when excessive kernel memory is consumed in an
infinite loop. This problem stems from a memory leak in the kernel's
'SCTP-netfilter' code.
This issue allows remote attackers to consume excessive kernel memory,
eventually leading to an out-of-memory condition and ultimately to a
denial of service for legitimate users.
Kernel versions prior to 2.6.16.13 are vulnerable to this issue.
11. Quagga Information Disclosure and Route Injection Vulnerabilities
BugTraq ID: 17808
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17808
Summary:
Quagga is susceptible to remote information-disclosure and
route-injection vulnerabilities. The application fails to properly ensure that
required authentication and protocol configuration options are enforced.
These issues allow remote attackers to gain access to potentially
sensitive network-routing configuration information and to inject arbitrary
routes into the RIP routing table. This may aid malicious users in
further attacks against targeted networks.
Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues; other
versions may also be affected.
12. LibTiff TIFFToRGB Denial of Service Vulnerability
BugTraq ID: 17809
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17809
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial of service
in applications using the affected library.
13. Linux Kernel SELinux_PTrace Local Denial of Service Vulnerability
BugTraq ID: 17830
Remote: No
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17830
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue is due to a design error when SELinux is enabled and ptrace
is used.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
14. Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
Vulnerability
BugTraq ID: 17831
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17831
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability.
This issue is due to the kernel's failure to properly bounds-check
user-supplied data before copying it to an insufficiently sized memory
buffer.
This issue allows remote attackers to crash affected computers.
Presumably, attackers could execute arbitrary machine code in the context of
affected kernels, but this has not been confirmed.
Linux kernel versions in the 2.6 series prior to 2.6.16 are vulnerable
to this issue.
15. Invision Power Board Func_mod.PHP SQL Injection Vulnerability
BugTraq ID: 17837
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17837
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
16. Invision Power Board Index.PHP SQL Injection Vulnerability
BugTraq ID: 17839
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17839
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
17. Linux-VServer Local Insecure Guest Context Capabilities
Vulnerability
BugTraq ID: 17842
Remote: No
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17842
Summary:
The Linux-VServer package is susceptible to a vulnerability regarding
insecure guest-context capabilities. This issue is due to the kernel's
failure to properly enforce security restrictions in guest hosts.
This issue allows unprivileged users in guest hosts to perform various
operations that should be restricted to superusers. By exploiting this
issue, attackers can launch various attacks in guest hosts.
Note that this issue allows attackers to execute privileged operations
only in the guest context, not in the host context.
18. hostapd Invalid EAPOL Key Length Remote Denial Of Service
Vulnerability
BugTraq ID: 17846
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17846
Summary:
The hostapd application is affected by a remote denial-of-service
vulnerability. This issue is due to the application's failure to properly
handle malformed EAPOL-Key packets.
This issue allows remote attackers to crash affected applications,
denying further network service to legitimate users.
Version 0.3.7 of hostapd is vulnerable to this issue; previous versions
may also be affected.
19. Quake 3 Engine remapShader Command Remote Buffer Overflow
Vulnerability
BugTraq ID: 17857
Remote: Yes
Date Published: 2006-05-05
Relevant URL: http://www.securityfocus.com/bid/17857
Summary:
The Quake 3 engine is susceptible to a remote buffer-overflow
vulnerability. This issue is due to the application's failure to properly
bounds-check user-supplied data before copying it to an insufficiently sized
memory buffer.
Remote attackers may exploit this issue to execute arbitrary machine
code in the context of affected game clients. Failed exploit attempts
will likely crash affected clients.
This vulnerability reportedly affects the following games:
- Quake 3 Arena
- Return to Castle Wolfenstein
- Wolfenstein: Enemy Territory
Other games may also be affected.
20. Nagios Remote Negative Content-Length Buffer Overflow Vulnerability
BugTraq ID: 17879
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/17879
Summary:
Nagios is susceptible to a remote buffer-overflow vulnerability. This
issue is due to the application's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized memory
buffer.
This issue allows remote attackers to execute arbitrary machine code in
the context of hosting webservers.
Nagios versions prior to 2.3 in the 2.x series, and versions prior to
1.4 in the 1.x series are vulnerable to this issue.
21. Drupal Project Module HTML Injection Vulnerability
BugTraq ID: 17885
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/17885
Summary:
Drupal is prone to an HTML-injection vulnerability. This issue is due
to the application's failure to properly sanitize user-supplied input
before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected website, potentially allowing the attacker to steal
cookie-based authentication credentials. An attacker could also exploit
this issue to control how the site is rendered to the user; other attacks
are also possible.
22. PSToText Arbitrary Script Code Execution Vulnerability
BugTraq ID: 17897
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/17897
Summary:
The pstotext utility is susceptible to an arbitrary command-execution
vulnerability. This issue is due to the application's failure to
properly sanitize user-supplied input.
If pstotext is called with command-line arguments containing
user-supplied data, attackers can execute arbitrary script code in the context of
the application calling the vulnerable utility. This may aid attackers
in the remote compromise of computers that use the utility in CGI
scripts or in a printer-queue application.
Version 1.9 of pstotext is vulnerable to this issue; other versions may
also be affected.
23. ISPConfig Session.INC.PHP Remote File Include Vulnerability
BugTraq ID: 17909
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17909
Summary:
ISPConfig is prone to a remote file-include vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file
containing malicious PHP code and execute it in the context of the
webserver process. This may allow the attacker to compromise the
application and the underlying system; other attacks are also possible.
This issue affects version 2.2.2; other versions may also be affected.
24. Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
BugTraq ID: 17910
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17910
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-service
vulnerabilities. These issues are triggered when unexpected SCTP
packets are handled by the kernel.
These issues allow remote attackers to trigger kernel panics, denying
further service to legitimate users.
A valid SCTP endpoint must be listening in order to exploit these
issues.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
25. OpenOBEX IRCP Arbitrary File Overwrite Vulnerability
BugTraq ID: 17921
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17921
Summary:
OpenOBEX's ircp utility is susceptible to a remote file-overwrite
vulnerability. This issue is due to a failure of the application to verify
that a destination file does not exist prior to creating one during file
transfers.
This issue allows remote attackers to overwrite arbitrary files with
arbitrary data. This may aid in further attacks.
OpenOBEX version 1.2 is vulnerable to this issue; other versions may
also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
V. SPONSOR INFORMATION
------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your
desktops and laptops. Safend Auditor identifies every USB, FireWire and
PCMCIA device that has connected to your endpoints. Asses you endpoint
vulnerabilities for FREE!
http://www.securityfocus.com/cgi-bin/ib.pl