SecurityFocus Linux Newsletter #251
----------------------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded market ripe for picking
2. Security lessons from Katrina
II. LINUX VULNERABILITY SUMMARY
1. KDE kcheckpass Local Privilege Escalation Vulnerability
2. OpenTTD Multiple Unspecified Format String Vulnerabilities
3. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow Vulnerability
4. FreeRADIUS Multiple Remote Vulnerabilities
5. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
6. Linux Kernel Sendmsg() Local Buffer Overflow Vulnerability
7. Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
8. Linux Kernel SCSI ProcFS Denial Of Service Vulnerability
9. Linux Kernel Netfilter Ipt_recent Remote Denial of Service Vulnerability
10. Linux Kernel EXT2/EXT3 File System Access Control Bypass Vulnerability
11. Zebedee Remote Denial Of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. scanning for windows spywear with linux
2. Re[2]: Linux hardening
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Embedded market ripe for picking
By Daniel Hanson
Perhaps an embedded version of windows in every device isn't such a bad thing after all.
http://www.securityfocus.com/columnists/353
2. Security lessons from Katrina
By Mark Rasch
From this disaster, there are a few lessons IT staff, and IT security staff, as well as senior management should learn.
http://www.securityfocus.com/columnists/354
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. KDE kcheckpass Local Privilege Escalation Vulnerability
BugTraq ID: 14736
Remote: No
Date Published: 2005-09-05
Relevant URL: http://www.securityfocus.com/bid/14736
Summary:
KDE kcheckpass is prone to a local privilege escalation vulnerability. Successful exploitation could allow an attacker to gain superuser privileges.
All KDE versions from 3.2.0 to 3.4.2 inclusive are vulnerable to this issue.
2. OpenTTD Multiple Unspecified Format String Vulnerabilities
BugTraq ID: 14738
Remote: Yes
Date Published: 2005-09-05
Relevant URL: http://www.securityfocus.com/bid/14738
Summary:
OpenTTD is prone to multiple format string vulnerabilities. Successful exploitation could cause the application to fail or allow remote arbitrary code execution.
3. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 14773
Remote: Yes
Date Published: 2005-09-08
Relevant URL: http://www.securityfocus.com/bid/14773
Summary:
NOD32 Antivirus is affected by a remote buffer overflow vulnerability when handling ARJ archives.
An attacker may exploit this vulnerability to gain unauthorized remote access with SYSTEM privileges.
NOD32 for Windows version 2.5 running nod32.002 version 1.033 build 1127 is reportedly affected, however, it is possible that other versions are vulnerable as well.
4. FreeRADIUS Multiple Remote Vulnerabilities
BugTraq ID: 14775
Remote: Yes
Date Published: 2005-09-08
Relevant URL: http://www.securityfocus.com/bid/14775
Summary:
FreeRADIUS is susceptible to multiple remote vulnerabilities.
The first issues are memory handling vulnerabilities. These issues may allow remote attackers to crash affected services, or possibly execute arbitrary machine code in the context of the vulnerable application.
FreeRADIUS is also affected by a possible file descriptor leak. This may be exploited to gain access to files that an attacker may not normally have access to.
The LDAP module contains a flaw whereby attacker-specified data may be passed on to the configured LDAP database without proper input sanitization.
These issues are all reported to affect version 1.0.4 of FreeRADIUS, previous versions are also likely vulnerable to one or more of these issues.
Update: The vendor has posted a response to these issues, please see "Response to Suse Audit Report on FreeRADIUS" for further details.
5. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
BugTraq ID: 14784
Remote: Yes
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14784
Summary:
Mozilla/Netscape/Firefox are reported prone to a remote buffer overflow vulnerability when handling a malformed URI.
A successful attack may result in a crash or the execution of arbitrary code.
Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and Netscape 8.0.3.3 and 7.2 are affected as well.
6. Linux Kernel Sendmsg() Local Buffer Overflow Vulnerability
BugTraq ID: 14785
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14785
Summary:
Linux kernel is prone to a local buffer overflow vulnerability.
The vulnerability affects 'sendmsg()' when malformed user-supplied data is copied from userland to kernel memory.
A successful attack can allow a local attacker to trigger an overflow, which may lead to a denial of service condition due to memory corruption. Arbitrary code execution resulting in privilege escalation is possible as well.
7. Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
BugTraq ID: 14787
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14787
Summary:
Linux Kernel is prone to a kernel memory access vulnerability.
This issue affecting the 'raw_sendmsg()' function can allow a local attacker to disclose kernel memory or manipulate the hardware state due to unauthorized access to IO ports.
Linux kernel 2.6.10 is reportedly vulnerable, however, other versions are likely to be affected as well.
8. Linux Kernel SCSI ProcFS Denial Of Service Vulnerability
BugTraq ID: 14790
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14790
Summary:
The Linux kernel is prone to a denial of service vulnerability. The kernel is affected by a memory leak which eventually can result in a denial of service.
A local attacker can exploit this vulnerability by making repeated reads to the '/proc/scsi/sg/devices' file and exhaust kernel memory, resulting in a denial of service.
9. Linux Kernel Netfilter Ipt_recent Remote Denial of Service Vulnerability
BugTraq ID: 14791
Remote: Yes
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14791
Summary:
Linux Kernel is reported prone to a local denial of service vulnerability.
An attacker can exploit this issue by sending specially crafted packets to a vulnerable computer employing the 'ipt_recent' module.
A successful attack can cause a denial of service condition.
10. Linux Kernel EXT2/EXT3 File System Access Control Bypass Vulnerability
BugTraq ID: 14793
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14793
Summary:
Linux Kernel is prone to an access control bypass vulnerability when using the EXT2/EXT3 file systems.
Successful attacks may involve data corruption and modification, information disclosure, and execution of arbitrary code.
11. Zebedee Remote Denial Of Service Vulnerability
BugTraq ID: 14796
Remote: Yes
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14796
Summary:
A remote denial of service vulnerability affects Zebedee. This issue is due to a failure of the application to properly handle exceptional network requests.
Specifically, Zebedee is unable to handle requests for connections that contain a zero for the requested destination port.
A remote attacker may leverage this issue to crash the affected application, denying service to legitimate users.
Zebedee version 2.4.1 is reported vulnerable to this issue; other versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. scanning for windows spywear with linux
http://www.securityfocus.com/archive/91/409832
2. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
----------------------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
http://www.securityfocus.com/sponsor/Airdefense_linux-secnews_050913
------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded market ripe for picking
2. Security lessons from Katrina
II. LINUX VULNERABILITY SUMMARY
1. KDE kcheckpass Local Privilege Escalation Vulnerability
2. OpenTTD Multiple Unspecified Format String Vulnerabilities
3. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow Vulnerability
4. FreeRADIUS Multiple Remote Vulnerabilities
5. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
6. Linux Kernel Sendmsg() Local Buffer Overflow Vulnerability
7. Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
8. Linux Kernel SCSI ProcFS Denial Of Service Vulnerability
9. Linux Kernel Netfilter Ipt_recent Remote Denial of Service Vulnerability
10. Linux Kernel EXT2/EXT3 File System Access Control Bypass Vulnerability
11. Zebedee Remote Denial Of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. scanning for windows spywear with linux
2. Re[2]: Linux hardening
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Embedded market ripe for picking
By Daniel Hanson
Perhaps an embedded version of windows in every device isn't such a bad thing after all.
http://www.securityfocus.com/columnists/353
2. Security lessons from Katrina
By Mark Rasch
From this disaster, there are a few lessons IT staff, and IT security staff, as well as senior management should learn.
http://www.securityfocus.com/columnists/354
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. KDE kcheckpass Local Privilege Escalation Vulnerability
BugTraq ID: 14736
Remote: No
Date Published: 2005-09-05
Relevant URL: http://www.securityfocus.com/bid/14736
Summary:
KDE kcheckpass is prone to a local privilege escalation vulnerability. Successful exploitation could allow an attacker to gain superuser privileges.
All KDE versions from 3.2.0 to 3.4.2 inclusive are vulnerable to this issue.
2. OpenTTD Multiple Unspecified Format String Vulnerabilities
BugTraq ID: 14738
Remote: Yes
Date Published: 2005-09-05
Relevant URL: http://www.securityfocus.com/bid/14738
Summary:
OpenTTD is prone to multiple format string vulnerabilities. Successful exploitation could cause the application to fail or allow remote arbitrary code execution.
3. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 14773
Remote: Yes
Date Published: 2005-09-08
Relevant URL: http://www.securityfocus.com/bid/14773
Summary:
NOD32 Antivirus is affected by a remote buffer overflow vulnerability when handling ARJ archives.
An attacker may exploit this vulnerability to gain unauthorized remote access with SYSTEM privileges.
NOD32 for Windows version 2.5 running nod32.002 version 1.033 build 1127 is reportedly affected, however, it is possible that other versions are vulnerable as well.
4. FreeRADIUS Multiple Remote Vulnerabilities
BugTraq ID: 14775
Remote: Yes
Date Published: 2005-09-08
Relevant URL: http://www.securityfocus.com/bid/14775
Summary:
FreeRADIUS is susceptible to multiple remote vulnerabilities.
The first issues are memory handling vulnerabilities. These issues may allow remote attackers to crash affected services, or possibly execute arbitrary machine code in the context of the vulnerable application.
FreeRADIUS is also affected by a possible file descriptor leak. This may be exploited to gain access to files that an attacker may not normally have access to.
The LDAP module contains a flaw whereby attacker-specified data may be passed on to the configured LDAP database without proper input sanitization.
These issues are all reported to affect version 1.0.4 of FreeRADIUS, previous versions are also likely vulnerable to one or more of these issues.
Update: The vendor has posted a response to these issues, please see "Response to Suse Audit Report on FreeRADIUS" for further details.
5. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
BugTraq ID: 14784
Remote: Yes
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14784
Summary:
Mozilla/Netscape/Firefox are reported prone to a remote buffer overflow vulnerability when handling a malformed URI.
A successful attack may result in a crash or the execution of arbitrary code.
Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and Netscape 8.0.3.3 and 7.2 are affected as well.
6. Linux Kernel Sendmsg() Local Buffer Overflow Vulnerability
BugTraq ID: 14785
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14785
Summary:
Linux kernel is prone to a local buffer overflow vulnerability.
The vulnerability affects 'sendmsg()' when malformed user-supplied data is copied from userland to kernel memory.
A successful attack can allow a local attacker to trigger an overflow, which may lead to a denial of service condition due to memory corruption. Arbitrary code execution resulting in privilege escalation is possible as well.
7. Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
BugTraq ID: 14787
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14787
Summary:
Linux Kernel is prone to a kernel memory access vulnerability.
This issue affecting the 'raw_sendmsg()' function can allow a local attacker to disclose kernel memory or manipulate the hardware state due to unauthorized access to IO ports.
Linux kernel 2.6.10 is reportedly vulnerable, however, other versions are likely to be affected as well.
8. Linux Kernel SCSI ProcFS Denial Of Service Vulnerability
BugTraq ID: 14790
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14790
Summary:
The Linux kernel is prone to a denial of service vulnerability. The kernel is affected by a memory leak which eventually can result in a denial of service.
A local attacker can exploit this vulnerability by making repeated reads to the '/proc/scsi/sg/devices' file and exhaust kernel memory, resulting in a denial of service.
9. Linux Kernel Netfilter Ipt_recent Remote Denial of Service Vulnerability
BugTraq ID: 14791
Remote: Yes
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14791
Summary:
Linux Kernel is reported prone to a local denial of service vulnerability.
An attacker can exploit this issue by sending specially crafted packets to a vulnerable computer employing the 'ipt_recent' module.
A successful attack can cause a denial of service condition.
10. Linux Kernel EXT2/EXT3 File System Access Control Bypass Vulnerability
BugTraq ID: 14793
Remote: No
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14793
Summary:
Linux Kernel is prone to an access control bypass vulnerability when using the EXT2/EXT3 file systems.
Successful attacks may involve data corruption and modification, information disclosure, and execution of arbitrary code.
11. Zebedee Remote Denial Of Service Vulnerability
BugTraq ID: 14796
Remote: Yes
Date Published: 2005-09-09
Relevant URL: http://www.securityfocus.com/bid/14796
Summary:
A remote denial of service vulnerability affects Zebedee. This issue is due to a failure of the application to properly handle exceptional network requests.
Specifically, Zebedee is unable to handle requests for connections that contain a zero for the requested destination port.
A remote attacker may leverage this issue to crash the affected application, denying service to legitimate users.
Zebedee version 2.4.1 is reported vulnerable to this issue; other versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. scanning for windows spywear with linux
http://www.securityfocus.com/archive/91/409832
2. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
http://www.securityfocus.com/sponsor/Airdefense_linux-secnews_050913
[ reply ]