SecurityFocus Linux Newsletter #245
----------------------------------------
This Issue is Sponsored By: CrossTec
NetOp Desktop Firewall & Policy Server lets you centrally manage which applications can run on your enterprise PCs. NetOp's tiny driver-centric design prevents unauthorized programs and processes, including viruses, keyloggers, spyware and more from executing -- without slowing down your systems. The future of endpoint protection is available today. Try it FREE.
------------------------------------------------------------------
I. FRONT AND CENTER
1. CardSystems made its choices clear
2. The CardSystems blame game
II. LINUX VULNERABILITY SUMMARY
1. ClamAV Multiple Integer Overflow Vulnerabilities
2. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
3. Gentoo Sandbox Multiple Insecure Temporary File Creation Vulnerabilities
4. PSToText Arbitrary Code Execution Vulnerability
5. NetPBM PSToPNM Arbitrary Code Execution Vulnerability
6. ProFTPD SQLShowInfo SQL Output Format String Vulnerability
7. ProFTPD Shutdown Message Format String Vulnerability
8. Ethereal Multiple Protocol Dissector Vulnerabilities
9. Opera Web Browser Content-Disposition Header Download Dialog File Extension Spoofing Vulnerability
10. Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval Vulnerability
11. Kismet Multiple Unspecified Remote Vulnerabilities
12. Metasploit Framework Unspecified Remote Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. CardSystems made its choices clear
By Daniel Hanson
The last thing that many of us need is another example where a situation needs to be solved by ill-conceived legislation that is proposed and passed in the heat of something big.
http://www.securityfocus.com/columnists/343
2. The CardSystems blame game
By Mark Rasch
On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on "Credit Card Data Processing: How Secure Is It?"
http://www.securityfocus.com/columnists/344
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. ClamAV Multiple Integer Overflow Vulnerabilities
BugTraq ID: 14359
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14359
Summary:
ClamAV is susceptible to multiple integer overflow vulnerabilities.
Specifically, the vulnerabilities present themselves when the ClamAV antivirus library handles malformed files.
This may allow attackers to control the flow of execution, and potentially execute attacker-supplied code in the context of the affected application.
ClamAV 0.86.1 and prior versions are reported to be affected.
2. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
BugTraq ID: 14374
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14374
Summary:
Vim is susceptible to an arbitrary command execution vulnerability with ModeLines. This issue is due to insufficient sanitization of user-supplied input.
By modifying a text file to include ModeLines containing the 'glob()', or 'expand()' functions with shell metacharacters, attackers may cause arbitrary commands to be executed.
This vulnerability allows an attacker to execute arbitrary commands with the privileges of the vim user. This gives an attacker the ability to gain remote access to computers running the vulnerable software.
This issue is similar to BIDs 6384 and 11941.
3. Gentoo Sandbox Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 14375
Remote: No
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14375
Summary:
Sandbox is reported prone to multiple local insecure temporary file creation vulnerabilities. These issues are due to design errors that cause the application to fail to verify the existence of files before writing to them.
This application runs with superuser privileges, allowing local attackers to overwrite arbitrary files. This may cause system-wide crashes, denying service to legitimate users. It may also be possible to gain elevated privileges by exploiting this vulnerability, but this has not been confirmed.
4. PSToText Arbitrary Code Execution Vulnerability
BugTraq ID: 14378
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14378
Summary:
pstotext is susceptible to an arbitrary command execution vulnerability. This issue is due to a failure of the application to ensure that GhostScript is executed in a secure manner.
This issue allows attackers to create malicious PostScript files, that when parsed by the affected utility, allow arbitrary commands to be executed. This occurs in the context of the user running the affected utility.
5. NetPBM PSToPNM Arbitrary Code Execution Vulnerability
BugTraq ID: 14379
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14379
Summary:
pstopnm is susceptible to an arbitrary command execution vulnerability. This issue is due to a failure of the application to ensure that GhostScript is executed in a secure manner.
This issue allows attackers to create malicious PostScript files, that when parsed by the affected utility, allow arbitrary commands to be executed. This occurs in the context of the user running the affected utility.
This vulnerability was reported in version 10.0 of netpbm. Other versions may also be affected.
6. ProFTPD SQLShowInfo SQL Output Format String Vulnerability
BugTraq ID: 14380
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14380
Summary:
A format string vulnerability exists in ProFTPD. This issue is exposed when the SQLShowInfo directive is enabled. If the attacker can influence data in the backend SQL database, it is possible to exploit this issue by inserting a malicious format string into data that will be queried by ProFTPD.
Successful exploitation will result in arbitrary code execution in the context of the server.
7. ProFTPD Shutdown Message Format String Vulnerability
BugTraq ID: 14381
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14381
Summary:
A format string vulnerability exists in ProFTPD. This issue is exposed when the server prints a shutdown message containing certain variables such as the current directory. If an attacker could create a directory on the server, it may be possible to trigger this issue.
Successful exploitation will result in arbitrary code execution in the context of the server.
8. Ethereal Multiple Protocol Dissector Vulnerabilities
BugTraq ID: 14399
Remote: Yes
Date Published: 2005-07-27
Relevant URL: http://www.securityfocus.com/bid/14399
Summary:
Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer overflow vulnerabilities
- Format string vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Unspecified denial of service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.
Various vulnerabilities affect differing versions of Ethereal, from 0.8.5, through to 0.10.11.
9. Opera Web Browser Content-Disposition Header Download Dialog File Extension Spoofing Vulnerability
BugTraq ID: 14402
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14402
Summary:
Opera Web Browser is prone to a vulnerability that can allow remote attackers to spoof file extensions through the download dialog.
An attacker may exploit this issue by crafting a malformed HTTP 'Content-Disposition' header that spoofs file extensions to trick vulnerable users into opening and executing a malicious file.
Opera Web Browser versions prior to 8.02 are affected by this issue.
10. Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval Vulnerability
BugTraq ID: 14410
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14410
Summary:
Opera Web Browser is prone to a vulnerability that may allow an attacker to carry out cross-domain scripting attacks and retrieve files from the local computer.
Opera Web Browser versions prior to 8.02 are affected by this issue.
11. Kismet Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 14430
Remote: Yes
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14430
Summary:
Kismet is prone to three unspecified remote vulnerabilities. These issues could be exploited to completely compromise a computer running Kismet to sniff wireless network traffic.
There is no further information available at this time.
12. Metasploit Framework Unspecified Remote Vulnerability
BugTraq ID: 14431
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14431
Summary:
Metasploit Framework is prone to an unspecified vulnerability. This issue allows remote attackers to compromise the computer of users using the affected application.
This vulnerability is likely exploited by returning malicious data to the application in unknown network connections, causing arbitrary code to be executed in the context of the scanning application.
UPDATE: This BID has been retired as it been determined that the issue is not a vulnerability. Additional information has been provided that states the issue is a due to insufficient filtering of potentially malicious terminal escape sequences when logging external input. These escape sequences are not interpreted at any point by the application, and only pose a threat if rendered with an external viewer within a terminal emulator program that will interpret them. In that instance, this
presents a security vulnerability in the terminal emulator program. As Metasploit does not interpret the malicious input itself, it is not within the scope of the application to filter this type of input. This is not a vulnerability in Metasploit since it does not impact security properties of the application itself.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: CrossTec
NetOp Desktop Firewall & Policy Server lets you centrally manage which applications can run on your enterprise PCs. NetOp's tiny driver-centric design prevents unauthorized programs and processes, including viruses, keyloggers, spyware and more from executing -- without slowing down your systems. The future of endpoint protection is available today. Try it FREE.
----------------------------------------
This Issue is Sponsored By: CrossTec
NetOp Desktop Firewall & Policy Server lets you centrally manage which applications can run on your enterprise PCs. NetOp's tiny driver-centric design prevents unauthorized programs and processes, including viruses, keyloggers, spyware and more from executing -- without slowing down your systems. The future of endpoint protection is available today. Try it FREE.
http://www.securityfocus.com/sponsor/CrossTec_sf-news_050726
------------------------------------------------------------------
I. FRONT AND CENTER
1. CardSystems made its choices clear
2. The CardSystems blame game
II. LINUX VULNERABILITY SUMMARY
1. ClamAV Multiple Integer Overflow Vulnerabilities
2. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
3. Gentoo Sandbox Multiple Insecure Temporary File Creation Vulnerabilities
4. PSToText Arbitrary Code Execution Vulnerability
5. NetPBM PSToPNM Arbitrary Code Execution Vulnerability
6. ProFTPD SQLShowInfo SQL Output Format String Vulnerability
7. ProFTPD Shutdown Message Format String Vulnerability
8. Ethereal Multiple Protocol Dissector Vulnerabilities
9. Opera Web Browser Content-Disposition Header Download Dialog File Extension Spoofing Vulnerability
10. Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval Vulnerability
11. Kismet Multiple Unspecified Remote Vulnerabilities
12. Metasploit Framework Unspecified Remote Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. CardSystems made its choices clear
By Daniel Hanson
The last thing that many of us need is another example where a situation needs to be solved by ill-conceived legislation that is proposed and passed in the heat of something big.
http://www.securityfocus.com/columnists/343
2. The CardSystems blame game
By Mark Rasch
On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on "Credit Card Data Processing: How Secure Is It?"
http://www.securityfocus.com/columnists/344
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. ClamAV Multiple Integer Overflow Vulnerabilities
BugTraq ID: 14359
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14359
Summary:
ClamAV is susceptible to multiple integer overflow vulnerabilities.
Specifically, the vulnerabilities present themselves when the ClamAV antivirus library handles malformed files.
This may allow attackers to control the flow of execution, and potentially execute attacker-supplied code in the context of the affected application.
ClamAV 0.86.1 and prior versions are reported to be affected.
2. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
BugTraq ID: 14374
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14374
Summary:
Vim is susceptible to an arbitrary command execution vulnerability with ModeLines. This issue is due to insufficient sanitization of user-supplied input.
By modifying a text file to include ModeLines containing the 'glob()', or 'expand()' functions with shell metacharacters, attackers may cause arbitrary commands to be executed.
This vulnerability allows an attacker to execute arbitrary commands with the privileges of the vim user. This gives an attacker the ability to gain remote access to computers running the vulnerable software.
This issue is similar to BIDs 6384 and 11941.
3. Gentoo Sandbox Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 14375
Remote: No
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14375
Summary:
Sandbox is reported prone to multiple local insecure temporary file creation vulnerabilities. These issues are due to design errors that cause the application to fail to verify the existence of files before writing to them.
This application runs with superuser privileges, allowing local attackers to overwrite arbitrary files. This may cause system-wide crashes, denying service to legitimate users. It may also be possible to gain elevated privileges by exploiting this vulnerability, but this has not been confirmed.
4. PSToText Arbitrary Code Execution Vulnerability
BugTraq ID: 14378
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14378
Summary:
pstotext is susceptible to an arbitrary command execution vulnerability. This issue is due to a failure of the application to ensure that GhostScript is executed in a secure manner.
This issue allows attackers to create malicious PostScript files, that when parsed by the affected utility, allow arbitrary commands to be executed. This occurs in the context of the user running the affected utility.
5. NetPBM PSToPNM Arbitrary Code Execution Vulnerability
BugTraq ID: 14379
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14379
Summary:
pstopnm is susceptible to an arbitrary command execution vulnerability. This issue is due to a failure of the application to ensure that GhostScript is executed in a secure manner.
This issue allows attackers to create malicious PostScript files, that when parsed by the affected utility, allow arbitrary commands to be executed. This occurs in the context of the user running the affected utility.
This vulnerability was reported in version 10.0 of netpbm. Other versions may also be affected.
6. ProFTPD SQLShowInfo SQL Output Format String Vulnerability
BugTraq ID: 14380
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14380
Summary:
A format string vulnerability exists in ProFTPD. This issue is exposed when the SQLShowInfo directive is enabled. If the attacker can influence data in the backend SQL database, it is possible to exploit this issue by inserting a malicious format string into data that will be queried by ProFTPD.
Successful exploitation will result in arbitrary code execution in the context of the server.
7. ProFTPD Shutdown Message Format String Vulnerability
BugTraq ID: 14381
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14381
Summary:
A format string vulnerability exists in ProFTPD. This issue is exposed when the server prints a shutdown message containing certain variables such as the current directory. If an attacker could create a directory on the server, it may be possible to trigger this issue.
Successful exploitation will result in arbitrary code execution in the context of the server.
8. Ethereal Multiple Protocol Dissector Vulnerabilities
BugTraq ID: 14399
Remote: Yes
Date Published: 2005-07-27
Relevant URL: http://www.securityfocus.com/bid/14399
Summary:
Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer overflow vulnerabilities
- Format string vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Unspecified denial of service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.
Various vulnerabilities affect differing versions of Ethereal, from 0.8.5, through to 0.10.11.
9. Opera Web Browser Content-Disposition Header Download Dialog File Extension Spoofing Vulnerability
BugTraq ID: 14402
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14402
Summary:
Opera Web Browser is prone to a vulnerability that can allow remote attackers to spoof file extensions through the download dialog.
An attacker may exploit this issue by crafting a malformed HTTP 'Content-Disposition' header that spoofs file extensions to trick vulnerable users into opening and executing a malicious file.
Opera Web Browser versions prior to 8.02 are affected by this issue.
10. Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval Vulnerability
BugTraq ID: 14410
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14410
Summary:
Opera Web Browser is prone to a vulnerability that may allow an attacker to carry out cross-domain scripting attacks and retrieve files from the local computer.
Opera Web Browser versions prior to 8.02 are affected by this issue.
11. Kismet Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 14430
Remote: Yes
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14430
Summary:
Kismet is prone to three unspecified remote vulnerabilities. These issues could be exploited to completely compromise a computer running Kismet to sniff wireless network traffic.
There is no further information available at this time.
12. Metasploit Framework Unspecified Remote Vulnerability
BugTraq ID: 14431
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14431
Summary:
Metasploit Framework is prone to an unspecified vulnerability. This issue allows remote attackers to compromise the computer of users using the affected application.
This vulnerability is likely exploited by returning malicious data to the application in unknown network connections, causing arbitrary code to be executed in the context of the scanning application.
UPDATE: This BID has been retired as it been determined that the issue is not a vulnerability. Additional information has been provided that states the issue is a due to insufficient filtering of potentially malicious terminal escape sequences when logging external input. These escape sequences are not interpreted at any point by the application, and only pose a threat if rendered with an external viewer within a terminal emulator program that will interpret them. In that instance, this
presents a security vulnerability in the terminal emulator program. As Metasploit does not interpret the malicious input itself, it is not within the scope of the application to filter this type of input. This is not a vulnerability in Metasploit since it does not impact security properties of the application itself.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: CrossTec
NetOp Desktop Firewall & Policy Server lets you centrally manage which applications can run on your enterprise PCs. NetOp's tiny driver-centric design prevents unauthorized programs and processes, including viruses, keyloggers, spyware and more from executing -- without slowing down your systems. The future of endpoint protection is available today. Try it FREE.
http://www.securityfocus.com/sponsor/CrossTec_sf-news_050726
[ reply ]