SecurityFocus Linux Newsletter #252
----------------------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
------------------------------------------------------------------
I. FRONT AND CENTER
1. Crime? What crime?
2. Cisco SNMP configuration attack with a GRE tunnel
II. LINUX VULNERABILITY SUMMARY
1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability
2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability
5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability
7. SimpleCDR-X Insecure Temporary File Creation Vulnerability
8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability
9. PHP Session Handling Local Session Hijacking Vulnerability
10. SuSE YaST Local Buffer Overflow Vulnerability
11. Arc Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. scanning for windows spywear with linux
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Crime? What crime?
By Kelly Martin
If there's one thing I've learned in the past few years as editor of SecurityFocus, it's that there is absolutely no saving grace in the security world.
http://www.securityfocus.com/columnists/355
2. Cisco SNMP configuration attack with a GRE tunnel
By Mati Aharoni, William M. Hidalgo
Throughout our education as system administrators, SNMP is often a topic that eludes us.
http://www.securityfocus.com/infocus/1847
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability
BugTraq ID: 14805
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14805
Summary:
KAudioCreator is prone to an arbitrary file overwrite vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to overwrite arbitrary files in the security context of the user running the vulnerable application.
2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
BugTraq ID: 14807
Remote: No
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14807
Summary:
XFree86 is prone to a buffer overrun in its pixmap processing code.
This issue can potentially result in arbitrary code execution and facilitate privileges escalation. It is possible that an attacker may gain superuser privileges by exploiting this issue.
3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
BugTraq ID: 14811
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14811
Summary:
Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions()' function of 'log.c', and is a result of a failure to sufficiently handle malicious TCP packets.
A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected.
It should be noted that the vulnerable code path is only executed when Snort is run with the '-v' (verbose) flag. Due to the performance penalty of running the Snort application in verbose mode, it is likely that most production installations of the application are not vulnerable to this issue.
Update: Further messages have stated that other paths to the vulnerable code may be possible. Using the 'frag3' preprocessor, ASCII mode logging, the '-A fast' command-line option, and possibly other options may expose Snort to this vulnerability. Please see the referenced messages for further information.
4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability
BugTraq ID: 14813
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14813
Summary:
Pam_per_user is prone to an authentication bypass vulnerability. This issue is due to a design error in the module.
Successful exploitation could allow an unauthorized user to bypass authentication, allowing them to gain administrative access to affected computers.
It should be noted that only certain executables that utilize PAM are vulnerable to this issue, due to the method of calling it. The 'login' program is identified as one program that may be exploited, but other programs may also be exploitable in conjunction with this module.
This vulnerability affects pam_per_user versions prior to 0.4.
5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
BugTraq ID: 14816
Remote: No
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14816
Summary:
Util-linux is susceptible to a filesystem option clearing vulnerability. This issue is due to a design flaw that improperly clears mounted-filesystem options in certain circumstances.
This vulnerability allows attackers to clear mounted-filesystem options, allowing them to execute setuid applications to gain elevated privileges. Other attacks are also possible.
6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability
BugTraq ID: 14829
Remote: No
Date Published: 2005-09-14
Relevant URL: http://www.securityfocus.com/bid/14829
Summary:
common-lisp-controller is prone to an arbitrary code injection vulnerability.
Successful exploitation may facilitate privilege escalation; other attacks are also possible.
7. SimpleCDR-X Insecure Temporary File Creation Vulnerability
BugTraq ID: 14855
Remote: No
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14855
Summary:
SimpleCDR-X creates temporary files in an insecure manner.
A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible.
SimpleCDR-X 1.3.3 is reported to be vulnerable. Other versions may also be affected.
8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability
BugTraq ID: 14857
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14857
Summary:
GNOME Workstation Command Center creates temporary files in an insecure manner.
A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible.
GNOME Workstation Command Center version 0.98 is reported to be vulnerable. Other earlier versions may also be affected.
9. PHP Session Handling Local Session Hijacking Vulnerability
BugTraq ID: 14858
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14858
Summary:
PHP is prone to a vulnerability that permits local hijacking of session variables. The problem presents itself in the way PHP stores session variables.
This issue can be exploited to hijack the session variables of victim users of other PHP applications running on a system utilizing a vulnerable version of PHP.
This issue is reported to effect the 3.x and 4.x versions of PHP; other versions may also be affected.
10. SuSE YaST Local Buffer Overflow Vulnerability
BugTraq ID: 14861
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14861
Summary:
SuSE YaST is affected by a local buffer overflow vulnerability.
A local attacker may exploit this issue to execute arbitrary code with superuser privileges.
SuSE Linux 9.3 is reported to be vulnerable. Other versions may be affected as well.
11. Arc Insecure Temporary File Creation Vulnerability
BugTraq ID: 14863
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14863
Summary:
ARC creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Exploitation would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may result in sensitive configuration files being overwritten. This may result in a denial of service; other attacks may also be possible.
ARC 5.21j and earlier versions are reported to be vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. scanning for windows spywear with linux
http://www.securityfocus.com/archive/91/409832
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
----------------------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
http://www.securityfocus.com/sponsor/Airdefense_linux-secnews_050913
------------------------------------------------------------------
I. FRONT AND CENTER
1. Crime? What crime?
2. Cisco SNMP configuration attack with a GRE tunnel
II. LINUX VULNERABILITY SUMMARY
1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability
2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability
5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability
7. SimpleCDR-X Insecure Temporary File Creation Vulnerability
8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability
9. PHP Session Handling Local Session Hijacking Vulnerability
10. SuSE YaST Local Buffer Overflow Vulnerability
11. Arc Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. scanning for windows spywear with linux
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Crime? What crime?
By Kelly Martin
If there's one thing I've learned in the past few years as editor of SecurityFocus, it's that there is absolutely no saving grace in the security world.
http://www.securityfocus.com/columnists/355
2. Cisco SNMP configuration attack with a GRE tunnel
By Mati Aharoni, William M. Hidalgo
Throughout our education as system administrators, SNMP is often a topic that eludes us.
http://www.securityfocus.com/infocus/1847
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability
BugTraq ID: 14805
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14805
Summary:
KAudioCreator is prone to an arbitrary file overwrite vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to overwrite arbitrary files in the security context of the user running the vulnerable application.
2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
BugTraq ID: 14807
Remote: No
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14807
Summary:
XFree86 is prone to a buffer overrun in its pixmap processing code.
This issue can potentially result in arbitrary code execution and facilitate privileges escalation. It is possible that an attacker may gain superuser privileges by exploiting this issue.
3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
BugTraq ID: 14811
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14811
Summary:
Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions()' function of 'log.c', and is a result of a failure to sufficiently handle malicious TCP packets.
A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected.
It should be noted that the vulnerable code path is only executed when Snort is run with the '-v' (verbose) flag. Due to the performance penalty of running the Snort application in verbose mode, it is likely that most production installations of the application are not vulnerable to this issue.
Update: Further messages have stated that other paths to the vulnerable code may be possible. Using the 'frag3' preprocessor, ASCII mode logging, the '-A fast' command-line option, and possibly other options may expose Snort to this vulnerability. Please see the referenced messages for further information.
4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability
BugTraq ID: 14813
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14813
Summary:
Pam_per_user is prone to an authentication bypass vulnerability. This issue is due to a design error in the module.
Successful exploitation could allow an unauthorized user to bypass authentication, allowing them to gain administrative access to affected computers.
It should be noted that only certain executables that utilize PAM are vulnerable to this issue, due to the method of calling it. The 'login' program is identified as one program that may be exploited, but other programs may also be exploitable in conjunction with this module.
This vulnerability affects pam_per_user versions prior to 0.4.
5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
BugTraq ID: 14816
Remote: No
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14816
Summary:
Util-linux is susceptible to a filesystem option clearing vulnerability. This issue is due to a design flaw that improperly clears mounted-filesystem options in certain circumstances.
This vulnerability allows attackers to clear mounted-filesystem options, allowing them to execute setuid applications to gain elevated privileges. Other attacks are also possible.
6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability
BugTraq ID: 14829
Remote: No
Date Published: 2005-09-14
Relevant URL: http://www.securityfocus.com/bid/14829
Summary:
common-lisp-controller is prone to an arbitrary code injection vulnerability.
Successful exploitation may facilitate privilege escalation; other attacks are also possible.
7. SimpleCDR-X Insecure Temporary File Creation Vulnerability
BugTraq ID: 14855
Remote: No
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14855
Summary:
SimpleCDR-X creates temporary files in an insecure manner.
A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible.
SimpleCDR-X 1.3.3 is reported to be vulnerable. Other versions may also be affected.
8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability
BugTraq ID: 14857
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14857
Summary:
GNOME Workstation Command Center creates temporary files in an insecure manner.
A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible.
GNOME Workstation Command Center version 0.98 is reported to be vulnerable. Other earlier versions may also be affected.
9. PHP Session Handling Local Session Hijacking Vulnerability
BugTraq ID: 14858
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14858
Summary:
PHP is prone to a vulnerability that permits local hijacking of session variables. The problem presents itself in the way PHP stores session variables.
This issue can be exploited to hijack the session variables of victim users of other PHP applications running on a system utilizing a vulnerable version of PHP.
This issue is reported to effect the 3.x and 4.x versions of PHP; other versions may also be affected.
10. SuSE YaST Local Buffer Overflow Vulnerability
BugTraq ID: 14861
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14861
Summary:
SuSE YaST is affected by a local buffer overflow vulnerability.
A local attacker may exploit this issue to execute arbitrary code with superuser privileges.
SuSE Linux 9.3 is reported to be vulnerable. Other versions may be affected as well.
11. Arc Insecure Temporary File Creation Vulnerability
BugTraq ID: 14863
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14863
Summary:
ARC creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Exploitation would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may result in sensitive configuration files being overwritten. This may result in a denial of service; other attacks may also be possible.
ARC 5.21j and earlier versions are reported to be vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. scanning for windows spywear with linux
http://www.securityfocus.com/archive/91/409832
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
Learn how wireless laptops can be compromised at public hotspots. This white paper explores how Wi-Phishing works and what procedures and policies are needed to secure the mobile workforce. Also download AirDefense Personal software to protect your wireless laptop anywhere from hotspot phishing, Evil Twin, hackers, misconfigurations.
Download the white paper and AirDefense Personal software at:
http://www.securityfocus.com/sponsor/Airdefense_linux-secnews_050913
[ reply ]