SecurityFocus Linux Newsletter #306
----------------------------------------
This Issue is Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? See for
yourself. Download this Whitepaper today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Recent Security Enhancements in NetBSD
2. Beginner's guide to wireless auditing
II. LINUX VULNERABILITY SUMMARY
1. CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
2. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
3. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
4. Portable OpenSSH GSSAPI Authentication Abort Information
Disclosure Weakness
5. OpenSSL SSLv2 Null Pointer Dereference Client Denial of
Service Vulnerability
6. OpenSSL Public Key Processing Denial of Service Vulnerability
7. OpenSSL ASN.1 Structures Denial of Service Vulnerability
8. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
9. DokuWiki With ImageMagick Remote Command Execution and Denial
of Service Vulnerabilities
10. PHProjekt Include Path Multiple Remote File Include
Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Recent Security Enhancements in NetBSD
By Elad Efrat
NetBSD is renowned for its focus on portability, but great care is also
given to security. This paper presents the NetBSD philosophy on
security, major design decisions, and its current security features.
Following the discussion, current and future research is presented to
provide a good look at NetBSD's direction.
http://www.securityfocus.com/infocus/1878
2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless
device drivers, starting with how to build an auditing environment, how
to construct fuzzing tools and finally, how to interpret the results.
This auditing environment can be used for WiFi as well as Bluetooth and
infrared devices.
http://www.securityfocus.com/infocus/1877
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
BugTraq ID: 20163
Remote: Yes
Date Published: 2006-09-24
Relevant URL: http://www.securityfocus.com/bid/20163
Summary:
cPanel is prone to a remote privilege-escalation vulnerability.
A remote attacker can exploit this issue to gain administrative access
to the affected application. This may lead to other attacks.
2. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it
fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH Version
One traffic.
3. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Date Published: 2006-09-27
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The
issue derives from a race condition in a vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible to
execute code remotely prior to authentication when GSSAPI authentication
is enabled. This has not been confirmed; the chance of a successful
exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition can be
exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured to
accept GSSAPI authentication.
4. Portable OpenSSH GSSAPI Authentication Abort Information Disclosure
Weakness
BugTraq ID: 20245
Remote: Yes
Date Published: 2006-09-27
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
Portable OpenSSH is prone to an information-disclosure weakness. The
issue stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to
determine the presence and validity of usernames on unspecified platforms.
This issue occurs when Portable OpenSSH is configured to accept GSSAPI
authentication.
Portable OpenSSH 4.3p1 and prior versions exhibit this weakness.
5. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service
Vulnerability
BugTraq ID: 20246
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to crash,
effectively denying service.
6. OpenSSL Public Key Processing Denial of Service Vulnerability
BugTraq ID: 20247
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability. This issue is due
to a lack of validation of the lengths of public keys being used.
An attacker can exploit this issue to crash an affected server using
OpenSSL.
7. OpenSSL ASN.1 Structures Denial of Service Vulnerability
BugTraq ID: 20248
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause applications that use the
vulnerable library to consume excessive CPU and memory resources and
crash, denying further service to legitimate users.
8. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
BugTraq ID: 20249
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the library
fails to properly bounds-check user-supplied input before copying it to
an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
9. DokuWiki With ImageMagick Remote Command Execution and Denial of
Service Vulnerabilities
BugTraq ID: 20257
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20257
Summary:
DokuWiki is prone to these vulnerabilities:
- A denial-of-service issue
- An arbitrary-command-execution issue
These issues present themselves when DocuWiki is configured to use
ImageMagick.
The denial-of-service issue allows remote attackers to consume excessive
CPU resources, denying service to legitimate users. The
command-execution issue allows remote attackers to execute arbitrary
shell commands with the privileges of the hosting webserver,
facilitating a remote compromise of affected computers.
DokuWiki version 2006-03-09 is vulnerable to these issues; other
versions may also be affected.
10. PHProjekt Include Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 20268
Remote: Yes
Date Published: 2006-09-29
Relevant URL: http://www.securityfocus.com/bid/20268
Summary:
Multiple remote file-include vulnerabilities affect PHProjekt because
the application fails to properly sanitize user-supplied input before
using it in a PHP 'include()' function call.
An attacker may leverage these issues to execute arbitrary server-side
script code on an affected computer with the privileges of the webserver
process.
Version 5.1.1 of PHProjekt is vulnerable to these issues; previous
versions may be affected as well.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address.
The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? See for
yourself. Download this Whitepaper today!
----------------------------------------
This Issue is Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? See for
yourself. Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSf
------------------------------------------------------------------
I. FRONT AND CENTER
1. Recent Security Enhancements in NetBSD
2. Beginner's guide to wireless auditing
II. LINUX VULNERABILITY SUMMARY
1. CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
2. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
3. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
4. Portable OpenSSH GSSAPI Authentication Abort Information
Disclosure Weakness
5. OpenSSL SSLv2 Null Pointer Dereference Client Denial of
Service Vulnerability
6. OpenSSL Public Key Processing Denial of Service Vulnerability
7. OpenSSL ASN.1 Structures Denial of Service Vulnerability
8. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
9. DokuWiki With ImageMagick Remote Command Execution and Denial
of Service Vulnerabilities
10. PHProjekt Include Path Multiple Remote File Include
Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Recent Security Enhancements in NetBSD
By Elad Efrat
NetBSD is renowned for its focus on portability, but great care is also
given to security. This paper presents the NetBSD philosophy on
security, major design decisions, and its current security features.
Following the discussion, current and future research is presented to
provide a good look at NetBSD's direction.
http://www.securityfocus.com/infocus/1878
2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless
device drivers, starting with how to build an auditing environment, how
to construct fuzzing tools and finally, how to interpret the results.
This auditing environment can be used for WiFi as well as Bluetooth and
infrared devices.
http://www.securityfocus.com/infocus/1877
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
BugTraq ID: 20163
Remote: Yes
Date Published: 2006-09-24
Relevant URL: http://www.securityfocus.com/bid/20163
Summary:
cPanel is prone to a remote privilege-escalation vulnerability.
A remote attacker can exploit this issue to gain administrative access
to the affected application. This may lead to other attacks.
2. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it
fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH Version
One traffic.
3. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Date Published: 2006-09-27
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The
issue derives from a race condition in a vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible to
execute code remotely prior to authentication when GSSAPI authentication
is enabled. This has not been confirmed; the chance of a successful
exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition can be
exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured to
accept GSSAPI authentication.
4. Portable OpenSSH GSSAPI Authentication Abort Information Disclosure
Weakness
BugTraq ID: 20245
Remote: Yes
Date Published: 2006-09-27
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
Portable OpenSSH is prone to an information-disclosure weakness. The
issue stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to
determine the presence and validity of usernames on unspecified platforms.
This issue occurs when Portable OpenSSH is configured to accept GSSAPI
authentication.
Portable OpenSSH 4.3p1 and prior versions exhibit this weakness.
5. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service
Vulnerability
BugTraq ID: 20246
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to crash,
effectively denying service.
6. OpenSSL Public Key Processing Denial of Service Vulnerability
BugTraq ID: 20247
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability. This issue is due
to a lack of validation of the lengths of public keys being used.
An attacker can exploit this issue to crash an affected server using
OpenSSL.
7. OpenSSL ASN.1 Structures Denial of Service Vulnerability
BugTraq ID: 20248
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause applications that use the
vulnerable library to consume excessive CPU and memory resources and
crash, denying further service to legitimate users.
8. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
BugTraq ID: 20249
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the library
fails to properly bounds-check user-supplied input before copying it to
an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
9. DokuWiki With ImageMagick Remote Command Execution and Denial of
Service Vulnerabilities
BugTraq ID: 20257
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20257
Summary:
DokuWiki is prone to these vulnerabilities:
- A denial-of-service issue
- An arbitrary-command-execution issue
These issues present themselves when DocuWiki is configured to use
ImageMagick.
The denial-of-service issue allows remote attackers to consume excessive
CPU resources, denying service to legitimate users. The
command-execution issue allows remote attackers to execute arbitrary
shell commands with the privileges of the hosting webserver,
facilitating a remote compromise of affected computers.
DokuWiki version 2006-03-09 is vulnerable to these issues; other
versions may also be affected.
10. PHProjekt Include Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 20268
Remote: Yes
Date Published: 2006-09-29
Relevant URL: http://www.securityfocus.com/bid/20268
Summary:
Multiple remote file-include vulnerabilities affect PHProjekt because
the application fails to properly sanitize user-supplied input before
using it in a PHP 'include()' function call.
An attacker may leverage these issues to execute arbitrary server-side
script code on an affected computer with the privileges of the webserver
process.
Version 5.1.1 of PHProjekt is vulnerable to these issues; previous
versions may be affected as well.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address.
The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? See for
yourself. Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSf
[ reply ]