SecurityFocus Linux Newsletter #263
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Evading NIDS, revisited
2. Regaining control
II. LINUX VULNERABILITY SUMMARY
1. Unalz Archive Filename Buffer Overflow Vulnerability
2. Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
3. Linux Kernel PTraced Child Auto-Reap Local Denial of Service Vulnerability
4. Linux Kernel Time_Out_Leases PrintK Local Denial of Service Vulnerability
5. Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
6. Linux Kernel PTrace CLONE_THREAD Local Denial of Service Vulnerability
7. Drupal Image Upload HTML Injection Vulnerability
8. Astaro Security Linux ISAKMP IKE Traffic Denial of Service Vulnerability
9. Drupal View User Profile Authorization Bypass Vulnerability
10. Drupal Submitted Content HTML Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Security, Distributed firewalling application...long ;-)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Evading NIDS, revisited
By Sumit Siddharth
This article looks at some of the most popular IDS evasion attack techniques, based on fragmentation or using the TTL field. Snort's configuration and response to these attacks will also be discussed.
http://www.securityfocus.com/infocus/1852
2. Regaining control
By Kelly Martin
Securing endpoint systems by locking them down using complex software brings back memories of another era, where business computers were once used for business applications only - and businesses retained control over their assets and data.
http://www.securityfocus.com/columnists/372
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Unalz Archive Filename Buffer Overflow Vulnerability
BugTraq ID: 15577
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15577
Summary:
unalz is prone to a buffer overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name.
This vulnerability could be exploited to execute arbitrary code in the context of the user who extracts a malicious archive.
2. Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 15615
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15615
Summary:
Sun JRE is susceptible to various privilege escalation vulnerabilities.
These issues can allow remote Java applications to read/write local files and execute arbitrary applications in the context of an affected user.
Further details are not available at this time. This BID will be updated as further information is disclosed.
3. Linux Kernel PTraced Child Auto-Reap Local Denial of Service Vulnerability
BugTraq ID: 15625
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15625
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
The kernel improperly auto-reaps processes when they are being ptraced, leading to an invalid pointer. Further operations on this pointer result in a kernel crash.
This issue allows local users to crash the kernel, denying service to legitimate users.
Kernel versions prior to 2.6.15 are vulnerable to this issue.
4. Linux Kernel Time_Out_Leases PrintK Local Denial of Service Vulnerability
BugTraq ID: 15627
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15627
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
This issue is triggered by consuming excessive kernel log memory by obtaining numerous file lock leases. Once the leases timeout, the event will be logged, and kernel memory will be consumed.
This issue allows local attackers to consume excessive kernel memory, eventually leading to an out-of-memory condition, and a denial of service for legitimate users.
Kernel versions prior to 2.6.15-rc3 are vulnerable to this issue.
5. Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
BugTraq ID: 15629
Remote: Yes
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format string vulnerability. This issue is due to a failure of the programming language to properly handle format specifiers in formatted printing functions.
An attacker may leverage this issue to write to arbitrary process memory, facilitating code execution in the context of the Perl interpreter process. This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as equivalently vulnerable to exploitation as the C library versions, and properly sanitize all data passed in the format specifier argument.
All applications that utilize formatted printing functions in an unsafe manner should be considered exploitable.
6. Linux Kernel PTrace CLONE_THREAD Local Denial of Service Vulnerability
BugTraq ID: 15642
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15642
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
In instances where a process is created via the 'clone' system call with the 'CLONE_THREAD' argument is ptraced, the kernel fails to properly ensure that the ptracing process is not attempting to trace itself.
This issue allows local users to crash the kernel, denying service to legitimate users.
Kernel versions prior to 2.6.14.2 are vulnerable to this issue.
7. Drupal Image Upload HTML Injection Vulnerability
BugTraq ID: 15663
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15663
Summary:
Drupal is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser.
8. Astaro Security Linux ISAKMP IKE Traffic Denial of Service Vulnerability
BugTraq ID: 15666
Remote: Yes
Date Published: 2005-11-30
Relevant URL: http://www.securityfocus.com/bid/15666
Summary:
Astaro Security Linux is prone to a denial of service when handling malformed IKE traffic.
It is conjectured that the issue can occur if a packet with a malformed payload is sent during an IKE exchange causing the daemon to crash.
9. Drupal View User Profile Authorization Bypass Vulnerability
BugTraq ID: 15674
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15674
Summary:
Drupal is prone to an authorization bypass vulnerability. This issue is due to an unspecified error when the application is running under PHP5.
An attacker can exploit this vulnerability to bypass permissions and gain access to user profiles; this may result in information disclosure.
10. Drupal Submitted Content HTML Injection Vulnerability
BugTraq ID: 15677
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15677
Summary:
Drupal is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Security, Distributed firewalling application...long ;-)
http://www.securityfocus.com/archive/91/418029
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Evading NIDS, revisited
2. Regaining control
II. LINUX VULNERABILITY SUMMARY
1. Unalz Archive Filename Buffer Overflow Vulnerability
2. Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
3. Linux Kernel PTraced Child Auto-Reap Local Denial of Service Vulnerability
4. Linux Kernel Time_Out_Leases PrintK Local Denial of Service Vulnerability
5. Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
6. Linux Kernel PTrace CLONE_THREAD Local Denial of Service Vulnerability
7. Drupal Image Upload HTML Injection Vulnerability
8. Astaro Security Linux ISAKMP IKE Traffic Denial of Service Vulnerability
9. Drupal View User Profile Authorization Bypass Vulnerability
10. Drupal Submitted Content HTML Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Security, Distributed firewalling application...long ;-)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Evading NIDS, revisited
By Sumit Siddharth
This article looks at some of the most popular IDS evasion attack techniques, based on fragmentation or using the TTL field. Snort's configuration and response to these attacks will also be discussed.
http://www.securityfocus.com/infocus/1852
2. Regaining control
By Kelly Martin
Securing endpoint systems by locking them down using complex software brings back memories of another era, where business computers were once used for business applications only - and businesses retained control over their assets and data.
http://www.securityfocus.com/columnists/372
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Unalz Archive Filename Buffer Overflow Vulnerability
BugTraq ID: 15577
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15577
Summary:
unalz is prone to a buffer overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name.
This vulnerability could be exploited to execute arbitrary code in the context of the user who extracts a malicious archive.
2. Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 15615
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15615
Summary:
Sun JRE is susceptible to various privilege escalation vulnerabilities.
These issues can allow remote Java applications to read/write local files and execute arbitrary applications in the context of an affected user.
Further details are not available at this time. This BID will be updated as further information is disclosed.
3. Linux Kernel PTraced Child Auto-Reap Local Denial of Service Vulnerability
BugTraq ID: 15625
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15625
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
The kernel improperly auto-reaps processes when they are being ptraced, leading to an invalid pointer. Further operations on this pointer result in a kernel crash.
This issue allows local users to crash the kernel, denying service to legitimate users.
Kernel versions prior to 2.6.15 are vulnerable to this issue.
4. Linux Kernel Time_Out_Leases PrintK Local Denial of Service Vulnerability
BugTraq ID: 15627
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15627
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
This issue is triggered by consuming excessive kernel log memory by obtaining numerous file lock leases. Once the leases timeout, the event will be logged, and kernel memory will be consumed.
This issue allows local attackers to consume excessive kernel memory, eventually leading to an out-of-memory condition, and a denial of service for legitimate users.
Kernel versions prior to 2.6.15-rc3 are vulnerable to this issue.
5. Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
BugTraq ID: 15629
Remote: Yes
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format string vulnerability. This issue is due to a failure of the programming language to properly handle format specifiers in formatted printing functions.
An attacker may leverage this issue to write to arbitrary process memory, facilitating code execution in the context of the Perl interpreter process. This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as equivalently vulnerable to exploitation as the C library versions, and properly sanitize all data passed in the format specifier argument.
All applications that utilize formatted printing functions in an unsafe manner should be considered exploitable.
6. Linux Kernel PTrace CLONE_THREAD Local Denial of Service Vulnerability
BugTraq ID: 15642
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15642
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
In instances where a process is created via the 'clone' system call with the 'CLONE_THREAD' argument is ptraced, the kernel fails to properly ensure that the ptracing process is not attempting to trace itself.
This issue allows local users to crash the kernel, denying service to legitimate users.
Kernel versions prior to 2.6.14.2 are vulnerable to this issue.
7. Drupal Image Upload HTML Injection Vulnerability
BugTraq ID: 15663
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15663
Summary:
Drupal is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser.
8. Astaro Security Linux ISAKMP IKE Traffic Denial of Service Vulnerability
BugTraq ID: 15666
Remote: Yes
Date Published: 2005-11-30
Relevant URL: http://www.securityfocus.com/bid/15666
Summary:
Astaro Security Linux is prone to a denial of service when handling malformed IKE traffic.
It is conjectured that the issue can occur if a packet with a malformed payload is sent during an IKE exchange causing the daemon to crash.
9. Drupal View User Profile Authorization Bypass Vulnerability
BugTraq ID: 15674
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15674
Summary:
Drupal is prone to an authorization bypass vulnerability. This issue is due to an unspecified error when the application is running under PHP5.
An attacker can exploit this vulnerability to bypass permissions and gain access to user profiles; this may result in information disclosure.
10. Drupal Submitted Content HTML Injection Vulnerability
BugTraq ID: 15677
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15677
Summary:
Drupal is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Security, Distributed firewalling application...long ;-)
http://www.securityfocus.com/archive/91/418029
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
[ reply ]