SecurityFocus Linux Newsletter #273
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Coffee shop WiFi for dummies
2. Sebek 3: tracking the attackers, part two
3. Privacy and anonymity
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
3. OProfile OPControl Path Specification Local Privilege Escalation Vulnerability
4. Sun Java Web Start Untrusted Application Unauthorized Access Vulnerability
5. Sun ONE Directory Server Remote Denial Of Service Vulnerability
6. Adzapper Squid_Redirect URI Handling Remote Denial of Service Vulnerability
7. GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities
8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
9. ELOG Web Logbook Multiple Remote Vulnerabilities
10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution Vulnerability
11. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption Vulnerability
12. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
13. Noweb Insecure Temporary File Creation Vulnerability
14. Valve Software Half-Life CSTRIKE Server Remote Denial of Service Vulnerability
15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
17. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
18. PostgreSQL Set Session Authorization Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Coffee shop WiFi for dummies
By Scott Granneman
The average user has no idea of the risks associated with public WiFi hotspots. Here are some very simple tips for them to keep their network access secure.
http://www.securityfocus.com/columnists/385
2. Sebek 3: tracking the attackers, part two
By Raul Siles, GSE
The second article in this honeypot series discusses best practices for deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek to watch all the attacker's activities in real-time.
http://www.securityfocus.com/infocus/1858
3. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are difficult to achieve. Here are some of the the current issues we face, along with a few suggestions on how we can become a little more anonymous on the Web.
http://www.securityfocus.com/columnists/386
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
BugTraq ID: 16532
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16532
Summary:
Linux kernel is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this vulnerability to crash affected kernels, effectively denying service to legitimate users.
Linux kernel versions 2.6.15.2 and prior in the 2.6 series are vulnerable to this issue.
2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
BugTraq ID: 16535
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16535
Summary:
ProFTPD's mod_radius is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Remote code execution may be possible, but it depends on an attacker's ability to brute-force the resulting output of an MD5 hash to place useful information into critical memory regions that are adjacent to the overrun stack buffer.
3. OProfile OPControl Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16536
Remote: No
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16536
Summary:
OProfile is prone to a privilege-escalation vulnerability. The application attempts to execute commands without properly specifying the executable's location.
This issue allows local attackers to execute arbitrary commands. If the vulnerable script is executable via privilege-escalation utilities such as 'sudo', attackers may exploit this issue to execute arbitrary code with superuser privileges.
4. Sun Java Web Start Untrusted Application Unauthorized Access Vulnerability
BugTraq ID: 16540
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16540
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote attackers to gain unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows untrusted applications to gain read/write privileges to local files on a vulnerable computer.
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 Update 5 and earlier 5.0 releases for Windows, Solaris, and Linux are vulnerable.
5. Sun ONE Directory Server Remote Denial Of Service Vulnerability
BugTraq ID: 16550
Remote: Yes
Date Published: 2006-02-08
Relevant URL: http://www.securityfocus.com/bid/16550
Summary:
Sun ONE Directory Server is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to handle malformed network traffic.
This issue allows remote attackers to crash the application, denying service to legitimate users.
6. Adzapper Squid_Redirect URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 16558
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16558
Summary:
Adzapper is prone to a remote denial-of-service vulnerability when installed as a plugin in squid.
The vulnerability presents itself when a specially crafted URI is handled.
Adzapper versions prior to 2006-01-29 are vulnerable.
7. GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities
BugTraq ID: 16568
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
Libtasn1 is prone to multiple denial-of-service vulnerabilities. A remote attacker can send specifically crafted data to trigger these flaws, leading to denial-of-service condition.
These issues have been addressed in Libtasn1 versions 0.2.18; earlier versions are vulnerable.
8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
BugTraq ID: 16570
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is susceptible to a remote access-control-bypass vulnerability. This issue is due to a failure to validate the privileges of remote users before setting ACLs.
This issue allows remote attackers to improperly alter ACLs on NFS filesystems, allowing them to bypass access controls. Disclosure of sensitive information, modification of arbitrary files, and other attacks are possible.
Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are vulnerable to this issue.
9. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 16579
Remote: Yes
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16579
Summary:
ELOG Web Logbook is prone to multiple remote vulnerabilities.
These issues include boundary-condition errors, denial-of-service attacks, and information disclosure.
An attacker can exploit these issues to facilitate a compromise of the application and the underlying computer. This includes crashing the application, executing arbitrary code, and retrieving information that may aid in further attacks.
10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution Vulnerability
BugTraq ID: 16581
Remote: No
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16581
Summary:
SUSE LD is susceptible to an insecure RPATH / RUNPATH vulnerability.
This issue can allow attackers to place malicious libraries in a directory and to trick users to execute an application from that directory, which would be dynamically linked at run time when the application is executed. This would result in the execution of arbitrary code with the privileges of a user that executes the application.
Note that this issue is specific to SUSE.
11. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption Vulnerability
BugTraq ID: 16593
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16593
Summary:
IBM Tivoli Directory Server is prone to an unspecified memory corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
The vulnerability was reported for version 6.0 on the Linux platform. Other versions or platforms are not known to be affected.
This vulnerability will be updated as further information is made available.
12. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
BugTraq ID: 16595
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16595
Summary:
Honeyd is prone to a virtual host-detection vulnerability.
The vulnerability presents itself in the IP reassembly code.
A successful attack may allow remote attackers to enumerate the existence of simulated Honeyd hosts and then either target specific attacks against these hosts or avoid them altogether.
This issue affects all versions of Honeyd prior to 1.5.
13. Noweb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16610
Remote: No
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
14. Valve Software Half-Life CSTRIKE Server Remote Denial of Service Vulnerability
BugTraq ID: 16619
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16619
Summary:
Valve Software Half-Life CSTRIKE Dedicated Server is reportedly prone to a remote denial-of-service vulnerability.
Half-Life CSTRIKE 1.6 Dedicated Server for Windows and Linux are prone to this vulnerability. Earlier versions may also be affected.
15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
BugTraq ID: 16626
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16626
Summary:
LibPNG is reported susceptible to a buffer-overflow vulnerability. The library fails to perform proper bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied code in the context of an application that relies on the affected library.
16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
The vulnerability was reported for version 11.3 on the Linux platform; other versions and platforms may also be affected.
This vulnerability will be updated as further information is made available.
17. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation vulnerability. This issue is due to a flaw in the error path of the 'SET ROLE' function.
This issue allows remote attackers with database access to gain administrative access to affected database servers. As administrative access to the database allows filesystem access, other attacks against the underlying operating system may also be possible.
18. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively denying service to legitimate users.
Successful exploitation of this issue requires that the application is compiled with 'Asserts' enabled; this is not the default setting.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f
7
------------------------------------------------------------------
I. FRONT AND CENTER
1. Coffee shop WiFi for dummies
2. Sebek 3: tracking the attackers, part two
3. Privacy and anonymity
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
3. OProfile OPControl Path Specification Local Privilege Escalation Vulnerability
4. Sun Java Web Start Untrusted Application Unauthorized Access Vulnerability
5. Sun ONE Directory Server Remote Denial Of Service Vulnerability
6. Adzapper Squid_Redirect URI Handling Remote Denial of Service Vulnerability
7. GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities
8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
9. ELOG Web Logbook Multiple Remote Vulnerabilities
10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution Vulnerability
11. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption Vulnerability
12. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
13. Noweb Insecure Temporary File Creation Vulnerability
14. Valve Software Half-Life CSTRIKE Server Remote Denial of Service Vulnerability
15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
17. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
18. PostgreSQL Set Session Authorization Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Coffee shop WiFi for dummies
By Scott Granneman
The average user has no idea of the risks associated with public WiFi hotspots. Here are some very simple tips for them to keep their network access secure.
http://www.securityfocus.com/columnists/385
2. Sebek 3: tracking the attackers, part two
By Raul Siles, GSE
The second article in this honeypot series discusses best practices for deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek to watch all the attacker's activities in real-time.
http://www.securityfocus.com/infocus/1858
3. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are difficult to achieve. Here are some of the the current issues we face, along with a few suggestions on how we can become a little more anonymous on the Web.
http://www.securityfocus.com/columnists/386
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
BugTraq ID: 16532
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16532
Summary:
Linux kernel is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this vulnerability to crash affected kernels, effectively denying service to legitimate users.
Linux kernel versions 2.6.15.2 and prior in the 2.6 series are vulnerable to this issue.
2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
BugTraq ID: 16535
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16535
Summary:
ProFTPD's mod_radius is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Remote code execution may be possible, but it depends on an attacker's ability to brute-force the resulting output of an MD5 hash to place useful information into critical memory regions that are adjacent to the overrun stack buffer.
3. OProfile OPControl Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16536
Remote: No
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16536
Summary:
OProfile is prone to a privilege-escalation vulnerability. The application attempts to execute commands without properly specifying the executable's location.
This issue allows local attackers to execute arbitrary commands. If the vulnerable script is executable via privilege-escalation utilities such as 'sudo', attackers may exploit this issue to execute arbitrary code with superuser privileges.
4. Sun Java Web Start Untrusted Application Unauthorized Access Vulnerability
BugTraq ID: 16540
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16540
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote attackers to gain unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows untrusted applications to gain read/write privileges to local files on a vulnerable computer.
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 Update 5 and earlier 5.0 releases for Windows, Solaris, and Linux are vulnerable.
5. Sun ONE Directory Server Remote Denial Of Service Vulnerability
BugTraq ID: 16550
Remote: Yes
Date Published: 2006-02-08
Relevant URL: http://www.securityfocus.com/bid/16550
Summary:
Sun ONE Directory Server is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to handle malformed network traffic.
This issue allows remote attackers to crash the application, denying service to legitimate users.
6. Adzapper Squid_Redirect URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 16558
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16558
Summary:
Adzapper is prone to a remote denial-of-service vulnerability when installed as a plugin in squid.
The vulnerability presents itself when a specially crafted URI is handled.
Adzapper versions prior to 2006-01-29 are vulnerable.
7. GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities
BugTraq ID: 16568
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
Libtasn1 is prone to multiple denial-of-service vulnerabilities. A remote attacker can send specifically crafted data to trigger these flaws, leading to denial-of-service condition.
These issues have been addressed in Libtasn1 versions 0.2.18; earlier versions are vulnerable.
8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
BugTraq ID: 16570
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is susceptible to a remote access-control-bypass vulnerability. This issue is due to a failure to validate the privileges of remote users before setting ACLs.
This issue allows remote attackers to improperly alter ACLs on NFS filesystems, allowing them to bypass access controls. Disclosure of sensitive information, modification of arbitrary files, and other attacks are possible.
Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are vulnerable to this issue.
9. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 16579
Remote: Yes
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16579
Summary:
ELOG Web Logbook is prone to multiple remote vulnerabilities.
These issues include boundary-condition errors, denial-of-service attacks, and information disclosure.
An attacker can exploit these issues to facilitate a compromise of the application and the underlying computer. This includes crashing the application, executing arbitrary code, and retrieving information that may aid in further attacks.
10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution Vulnerability
BugTraq ID: 16581
Remote: No
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16581
Summary:
SUSE LD is susceptible to an insecure RPATH / RUNPATH vulnerability.
This issue can allow attackers to place malicious libraries in a directory and to trick users to execute an application from that directory, which would be dynamically linked at run time when the application is executed. This would result in the execution of arbitrary code with the privileges of a user that executes the application.
Note that this issue is specific to SUSE.
11. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption Vulnerability
BugTraq ID: 16593
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16593
Summary:
IBM Tivoli Directory Server is prone to an unspecified memory corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
The vulnerability was reported for version 6.0 on the Linux platform. Other versions or platforms are not known to be affected.
This vulnerability will be updated as further information is made available.
12. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
BugTraq ID: 16595
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16595
Summary:
Honeyd is prone to a virtual host-detection vulnerability.
The vulnerability presents itself in the IP reassembly code.
A successful attack may allow remote attackers to enumerate the existence of simulated Honeyd hosts and then either target specific attacks against these hosts or avoid them altogether.
This issue affects all versions of Honeyd prior to 1.5.
13. Noweb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16610
Remote: No
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
14. Valve Software Half-Life CSTRIKE Server Remote Denial of Service Vulnerability
BugTraq ID: 16619
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16619
Summary:
Valve Software Half-Life CSTRIKE Dedicated Server is reportedly prone to a remote denial-of-service vulnerability.
Half-Life CSTRIKE 1.6 Dedicated Server for Windows and Linux are prone to this vulnerability. Earlier versions may also be affected.
15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
BugTraq ID: 16626
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16626
Summary:
LibPNG is reported susceptible to a buffer-overflow vulnerability. The library fails to perform proper bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied code in the context of an application that relies on the affected library.
16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
The vulnerability was reported for version 11.3 on the Linux platform; other versions and platforms may also be affected.
This vulnerability will be updated as further information is made available.
17. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation vulnerability. This issue is due to a flaw in the error path of the 'SET ROLE' function.
This issue allows remote attackers with database access to gain administrative access to affected database servers. As administrative access to the database allows filesystem access, other attacks against the underlying operating system may also be possible.
18. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively denying service to legitimate users.
Successful exploitation of this issue requires that the application is compiled with 'Asserts' enabled; this is not the default setting.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f
7
[ reply ]