SecurityFocus Linux Newsletter #257
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Collaborative endpoint security, part one
2. Evolution of Web-based worms
3. The click-wrap conundrum
II. LINUX VULNERABILITY SUMMARY
1. Lynx NNTP Article Header Buffer Overflow Vulnerability
2. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
3. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
4. Linux Kernel Console Keymap Local Command Injection Vulnerability
5. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
6. IBM DB2 Universal Database Multiple Vulnerabilities
7. NetPBM PNMToPNG Buffer Overflow Vulnerability
8. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
9. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
10. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
11. BMV PostScript File Handling Integer Overflow Vulnerability
12. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
13. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
14. Squid FTP Server Response Denial Of Service Vulnerability
15. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
16. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
17. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. httpd and port 7200
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Collaborative endpoint security, part one
By Ivan Arce, Eduardo Arias
Part one of this article introduces endpoint security solution technologies and proposes a collaborative approach to solving technical challenges that are commonly faced by the community.
http://www.securityfocus.com/infocus/1849
2. Evolution of Web-based worms
By Daniel Hanson
The Myspace Web worm used a simple vulnerability and XSS to propagate, and it might be a sign of things to come.
http://www.securityfocus.com/columnists/362
3. The click-wrap conundrum
By Mark Rasch
With the rise of spyware, the fact that you didn't understand what you were doing by downloading and installing the software doesn't mean you weren't bound by the End User License Agreement (EULA). However, the FTC argues otherwise.
http://www.securityfocus.com/columnists/365
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Lynx NNTP Article Header Buffer Overflow Vulnerability
BugTraq ID: 15117
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15117
Summary:
Lynx is prone to a buffer overflow when handling NNTP article headers.
This issue may be exploited when the browser handles NNTP content, such as through 'news:' or 'nntp:' URIs. Successful exploitation will result in code execution in the context of the program user.
2. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 15120
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15120
Summary:
Multiple packages in Gentoo Linux are susceptible to an insecure RUNPATH vulnerability. This issue is due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries.
This vulnerability may result in arbitrary code being executed in the context of users executing the vulnerable executables. This may facilitate privilege escalation.
This issue is only exploitable by users that are members of the 'portage' group.
3. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15121
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15121
Summary:
OpenWBEM is susceptible to multiple unspecified remote buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to insufficiently sized memory buffers.
These issues are identified as multiple integer overflow and buffer overflow vulnerabilities. No further details are currently available. This BID will be updated as further information is disclosed.
These issues allow remote attackers to execute arbitrary machine code with superuser privileges, facilitating a complete system compromise.
4. Linux Kernel Console Keymap Local Command Injection Vulnerability
BugTraq ID: 15122
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15122
Summary:
The Linux kernel is susceptible to a local command injection vulnerability via console keymap modifications. This issue is due to the ability of unprivileged users to alter the system-wide console keymap.
Local users may modify the console keymap to include scripted macro commands. This allows attackers to execute arbitrary commands with the privileges of the user that uses the console after them, potentially facilitating privilege escalation.
5. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
BugTraq ID: 15124
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15124
Summary:
The Opera Web browser is prone to multiple vulnerabilities that may result in a browser crash. These issues are exposed when the browser attempts to parse certain malformed HTML content. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
6. IBM DB2 Universal Database Multiple Vulnerabilities
BugTraq ID: 15126
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15126
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.
These issues may allow attackers to carry out denial of service attacks and other unauthorized actions.
These issues affect DB2 versions prior to 8 FixPak 10 also known as version 8.2 FixPak 3.
7. NetPBM PNMToPNG Buffer Overflow Vulnerability
BugTraq ID: 15128
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15128
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-trans' command line option is utilized.
This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.
This vulnerability was reported in version 10.0 of NetPBM. Other versions may also be affected.
8. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 15131
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15131
Summary:
Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers.
Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks.
Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed.
9. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
BugTraq ID: 15148
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15148
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer overflow vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Division by zero denial of service vulnerabilities
- Invalid pointer free() attempt denial of service vulnerabilities
- Unspecified denial of service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.
Various vulnerabilities affect differing versions of Ethereal, from 0.7.7, through to 0.10.12.
10. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
BugTraq ID: 15151
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15151
Summary:
Debian module-assistant creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
11. BMV PostScript File Handling Integer Overflow Vulnerability
BugTraq ID: 15153
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15153
Summary:
BMV is prone to an integer overflow vulnerability.
This issue arises when the application handles a malformed PostScript file.
A successful attack may result in arbitrary code execution leading to unauthorized access. Reports indicate that BMV is installed as setuid root on some distributions by default, which may allow an attacker to gain superuser privileges by exploiting this issue.
12. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
BugTraq ID: 15154
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15154
Summary:
Linux kernel is prone to an issue where a world writable file is created in SYSFS. Exploitation could allow an attacker to obtain sensitive information.
13. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
BugTraq ID: 15156
Remote: Unknown
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15156
Summary:
Linux Kernel is reported prone to an unspecified denial of service vulnerability.
Reports indicate that this issue arises from an infinite loop and affects the routines responsible for handling IPv6.
No further details are available at the moment. This BID will be updated when more information becomes available.
14. Squid FTP Server Response Denial Of Service Vulnerability
BugTraq ID: 15157
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15157
Summary:
Squid is prone to a remote denial of service vulnerability.
This is due to a flaw in the way that Squid communicates with ftp servers.
This issue has been reported in Squid version 2.5 and prior.
15. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
BugTraq ID: 15158
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15158
Summary:
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Service Location Protocol dissector.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
This issue may be exploited by a single TCP packet to port 427, as Ethereal does not keep track of connection states. This allows malicious users to spoof the origin of attacks, as well as exploit this vulnerability when no services are actively listening on TCP port 427.
Note that this issue was originally disclosed in BID 15148 "Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13".
16. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
BugTraq ID: 15165
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15165
Summary:
Squid Proxy running on SUSE Linux is affected by a denial of service vulnerability.
Reports indicate that this issue arises when the application handles specially crafted HTTPS data. Due to the nature of the application, it is conjectured that this vulnerability poses a remote threat.
Successful exploitation may cause the service to crash.
SUSE Linux 9.0 is reported to be vulnerable to this issue.
This BID will be updated when more information is available.
17. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15169
Summary:
phpMyAdmin is prone to a local file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. httpd and port 7200
http://www.securityfocus.com/archive/91/414099
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Collaborative endpoint security, part one
2. Evolution of Web-based worms
3. The click-wrap conundrum
II. LINUX VULNERABILITY SUMMARY
1. Lynx NNTP Article Header Buffer Overflow Vulnerability
2. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
3. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
4. Linux Kernel Console Keymap Local Command Injection Vulnerability
5. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
6. IBM DB2 Universal Database Multiple Vulnerabilities
7. NetPBM PNMToPNG Buffer Overflow Vulnerability
8. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
9. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
10. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
11. BMV PostScript File Handling Integer Overflow Vulnerability
12. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
13. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
14. Squid FTP Server Response Denial Of Service Vulnerability
15. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
16. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
17. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. httpd and port 7200
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Collaborative endpoint security, part one
By Ivan Arce, Eduardo Arias
Part one of this article introduces endpoint security solution technologies and proposes a collaborative approach to solving technical challenges that are commonly faced by the community.
http://www.securityfocus.com/infocus/1849
2. Evolution of Web-based worms
By Daniel Hanson
The Myspace Web worm used a simple vulnerability and XSS to propagate, and it might be a sign of things to come.
http://www.securityfocus.com/columnists/362
3. The click-wrap conundrum
By Mark Rasch
With the rise of spyware, the fact that you didn't understand what you were doing by downloading and installing the software doesn't mean you weren't bound by the End User License Agreement (EULA). However, the FTC argues otherwise.
http://www.securityfocus.com/columnists/365
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Lynx NNTP Article Header Buffer Overflow Vulnerability
BugTraq ID: 15117
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15117
Summary:
Lynx is prone to a buffer overflow when handling NNTP article headers.
This issue may be exploited when the browser handles NNTP content, such as through 'news:' or 'nntp:' URIs. Successful exploitation will result in code execution in the context of the program user.
2. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 15120
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15120
Summary:
Multiple packages in Gentoo Linux are susceptible to an insecure RUNPATH vulnerability. This issue is due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries.
This vulnerability may result in arbitrary code being executed in the context of users executing the vulnerable executables. This may facilitate privilege escalation.
This issue is only exploitable by users that are members of the 'portage' group.
3. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15121
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15121
Summary:
OpenWBEM is susceptible to multiple unspecified remote buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to insufficiently sized memory buffers.
These issues are identified as multiple integer overflow and buffer overflow vulnerabilities. No further details are currently available. This BID will be updated as further information is disclosed.
These issues allow remote attackers to execute arbitrary machine code with superuser privileges, facilitating a complete system compromise.
4. Linux Kernel Console Keymap Local Command Injection Vulnerability
BugTraq ID: 15122
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15122
Summary:
The Linux kernel is susceptible to a local command injection vulnerability via console keymap modifications. This issue is due to the ability of unprivileged users to alter the system-wide console keymap.
Local users may modify the console keymap to include scripted macro commands. This allows attackers to execute arbitrary commands with the privileges of the user that uses the console after them, potentially facilitating privilege escalation.
5. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
BugTraq ID: 15124
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15124
Summary:
The Opera Web browser is prone to multiple vulnerabilities that may result in a browser crash. These issues are exposed when the browser attempts to parse certain malformed HTML content. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
6. IBM DB2 Universal Database Multiple Vulnerabilities
BugTraq ID: 15126
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15126
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.
These issues may allow attackers to carry out denial of service attacks and other unauthorized actions.
These issues affect DB2 versions prior to 8 FixPak 10 also known as version 8.2 FixPak 3.
7. NetPBM PNMToPNG Buffer Overflow Vulnerability
BugTraq ID: 15128
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15128
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-trans' command line option is utilized.
This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.
This vulnerability was reported in version 10.0 of NetPBM. Other versions may also be affected.
8. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 15131
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15131
Summary:
Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers.
Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks.
Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed.
9. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
BugTraq ID: 15148
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15148
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer overflow vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Division by zero denial of service vulnerabilities
- Invalid pointer free() attempt denial of service vulnerabilities
- Unspecified denial of service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.
Various vulnerabilities affect differing versions of Ethereal, from 0.7.7, through to 0.10.12.
10. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
BugTraq ID: 15151
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15151
Summary:
Debian module-assistant creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
11. BMV PostScript File Handling Integer Overflow Vulnerability
BugTraq ID: 15153
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15153
Summary:
BMV is prone to an integer overflow vulnerability.
This issue arises when the application handles a malformed PostScript file.
A successful attack may result in arbitrary code execution leading to unauthorized access. Reports indicate that BMV is installed as setuid root on some distributions by default, which may allow an attacker to gain superuser privileges by exploiting this issue.
12. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
BugTraq ID: 15154
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15154
Summary:
Linux kernel is prone to an issue where a world writable file is created in SYSFS. Exploitation could allow an attacker to obtain sensitive information.
13. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
BugTraq ID: 15156
Remote: Unknown
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15156
Summary:
Linux Kernel is reported prone to an unspecified denial of service vulnerability.
Reports indicate that this issue arises from an infinite loop and affects the routines responsible for handling IPv6.
No further details are available at the moment. This BID will be updated when more information becomes available.
14. Squid FTP Server Response Denial Of Service Vulnerability
BugTraq ID: 15157
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15157
Summary:
Squid is prone to a remote denial of service vulnerability.
This is due to a flaw in the way that Squid communicates with ftp servers.
This issue has been reported in Squid version 2.5 and prior.
15. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
BugTraq ID: 15158
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15158
Summary:
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Service Location Protocol dissector.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
This issue may be exploited by a single TCP packet to port 427, as Ethereal does not keep track of connection states. This allows malicious users to spoof the origin of attacks, as well as exploit this vulnerability when no services are actively listening on TCP port 427.
Note that this issue was originally disclosed in BID 15148 "Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13".
16. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
BugTraq ID: 15165
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15165
Summary:
Squid Proxy running on SUSE Linux is affected by a denial of service vulnerability.
Reports indicate that this issue arises when the application handles specially crafted HTTPS data. Due to the nature of the application, it is conjectured that this vulnerability poses a remote threat.
Successful exploitation may cause the service to crash.
SUSE Linux 9.0 is reported to be vulnerable to this issue.
This BID will be updated when more information is available.
17. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15169
Summary:
phpMyAdmin is prone to a local file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. httpd and port 7200
http://www.securityfocus.com/archive/91/414099
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
[ reply ]