SecurityFocus Linux Newsletter #261
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sony-baloney
II. LINUX VULNERABILITY SUMMARY
1. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4. PHPsysInfo Multiple Input Validation Vulnerabilities
5. Openswan IKE Traffic Denial Of Service Vulnerabilities
6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
10. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
11. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Kryptor for Linux released
2. Automatic Password Generator Tools on Unix Platform
3. SF new column announcement: Linux worm overrated
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sony-baloney
By Scott Granneman
The Sony story brings up dozens of questions about where we are headed with DRM issues and security, and what's really at stake.
http://www.securityfocus.com/columnists/370
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15409
Summary:
Horde is prone to an unspecified cross-site scripting vulnerability. This issue is related to how Horde renders error messages.
Successful exploitation could let an attacker inject hostile HTML and script code into the browser session of another user in the context of the site hosting Horde. This could allow for theft of cookie-based authentication credentials or other attacks.
2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 15411
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15411
Summary:
PHP cURL and GD are prone to multiple safe_mode and open_basedir restriction bypass vulnerabilities. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 15413
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15413
Summary:
PHP on Apache 2 is prone to a restriction bypass vulnerability when calling 'virtual()'. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
4. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15414
Summary:
phpSysinfo is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
phpSysinfo is prone to a local file include vulnerability, an HTTP response splitting vulnerability, and cross-site scripting attacks.
An attacker may exploit these vulnerabilities to access files within the context of the Web server application, poison Web proxy server caches, and execute arbitrary HTML and script code within the context of the victim's Web browser.
Other attacks are also possible.
It should be noted that the cross-site scripting issues are not exploitable on Debian systems.
5. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial of service vulnerabilities in their ISAKMP implementation.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x releases prior to 2.4.2.
6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-alpha' command line option is utilized.
This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.
When an application that uses the vulnerable library processes a malformed XPM file, the application will crash, denying service to legitimate users. It may also be possible for the attacker to exploit this issue to execute arbitrary code with the privileges of the application utilizing the vulnerable library.
8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability. This issue occurs when an application utilizing one of the affected libraries handles a malformed XPM image file.
Exploitation could cause an application utilizing a vulnerable library to enter an infinite loop, resulting in a denial of service.
9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.
When an application that utilizes a vulnerable library processes a malformed XPM image file, it results in a heap-based buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the victim user.
10. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
BugTraq ID: 15472
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15472
Summary:
A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.
This vulnerability would most likely be exploited through HTML e-mail, though other attack vectors exist such as HTML injection attacks in third-party Web applications.
11. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.
Very little information is available on this issue. It is conjectured an attacker can exploit this vulnerability to retrieve or corrupt arbitrary files, this may aid in further attacks against the underlying system; other attacks are also possible.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236
2. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235
3. SF new column announcement: Linux worm overrated
http://www.securityfocus.com/archive/91/416253
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sony-baloney
II. LINUX VULNERABILITY SUMMARY
1. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4. PHPsysInfo Multiple Input Validation Vulnerabilities
5. Openswan IKE Traffic Denial Of Service Vulnerabilities
6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
10. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
11. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Kryptor for Linux released
2. Automatic Password Generator Tools on Unix Platform
3. SF new column announcement: Linux worm overrated
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sony-baloney
By Scott Granneman
The Sony story brings up dozens of questions about where we are headed with DRM issues and security, and what's really at stake.
http://www.securityfocus.com/columnists/370
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15409
Summary:
Horde is prone to an unspecified cross-site scripting vulnerability. This issue is related to how Horde renders error messages.
Successful exploitation could let an attacker inject hostile HTML and script code into the browser session of another user in the context of the site hosting Horde. This could allow for theft of cookie-based authentication credentials or other attacks.
2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 15411
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15411
Summary:
PHP cURL and GD are prone to multiple safe_mode and open_basedir restriction bypass vulnerabilities. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 15413
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15413
Summary:
PHP on Apache 2 is prone to a restriction bypass vulnerability when calling 'virtual()'. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
4. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15414
Summary:
phpSysinfo is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
phpSysinfo is prone to a local file include vulnerability, an HTTP response splitting vulnerability, and cross-site scripting attacks.
An attacker may exploit these vulnerabilities to access files within the context of the Web server application, poison Web proxy server caches, and execute arbitrary HTML and script code within the context of the victim's Web browser.
Other attacks are also possible.
It should be noted that the cross-site scripting issues are not exploitable on Debian systems.
5. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial of service vulnerabilities in their ISAKMP implementation.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x releases prior to 2.4.2.
6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-alpha' command line option is utilized.
This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.
7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
BugTraq ID: 15428
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15428
Summary:
A remote integer overflow vulnerability affects gdk-pixbuf.
When an application that uses the vulnerable library processes a malformed XPM file, the application will crash, denying service to legitimate users. It may also be possible for the attacker to exploit this issue to execute arbitrary code with the privileges of the application utilizing the vulnerable library.
8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability. This issue occurs when an application utilizing one of the affected libraries handles a malformed XPM image file.
Exploitation could cause an application utilizing a vulnerable library to enter an infinite loop, resulting in a denial of service.
9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.
When an application that utilizes a vulnerable library processes a malformed XPM image file, it results in a heap-based buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the victim user.
10. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
BugTraq ID: 15472
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15472
Summary:
A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.
This vulnerability would most likely be exploited through HTML e-mail, though other attack vectors exist such as HTML injection attacks in third-party Web applications.
11. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.
Very little information is available on this issue. It is conjectured an attacker can exploit this vulnerability to retrieve or corrupt arbitrary files, this may aid in further attacks against the underlying system; other attacks are also possible.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236
2. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235
3. SF new column announcement: Linux worm overrated
http://www.securityfocus.com/archive/91/416253
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
[ reply ]