Linux Security News
SecurityFocus Linux Newsletter #422 Jan 15 2009 05:21PM
sfa securityfocus com
SecurityFocus Linux Newsletter #422
----------------------------------------

This issue is sponsored by the Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Drew Verdict Makes Us All Hackers
2.MD5 Hack Interesting, But Not Threatening
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
2. Samba Registry Share Name Unauthorized Access Vulnerability
3. Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability
4. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
5. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
6. Linux Kernel 'sys_remap_file_pages()' Local Privilege Escalation Vulnerability
7. Git gitweb Unspecified Remote Command Execution Vulnerability
8. libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
9. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
10. libmikmod '.XM' File Remote Denial of Service Vulnerability
11. HP Linux Imaging and Printing System 'hplip.postinst' Local Privilege Escalation Vulnerability
12. Sun Java System Access Manager Information Disclosure Vulnerability
13. Sun Java System Access Manager 'sub-realm' Privilege Escalation Vulnerability
14. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CfP DIMVA 2009
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Drew Verdict Makes Us All Hackers
Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

2.MD5 Hack Interesting, But Not Threatening
By Tim Callan
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
http://www.securityfocus.com/columnists/488

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Date Published: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

2. Samba Registry Share Name Unauthorized Access Vulnerability
BugTraq ID: 33118
Remote: Yes
Date Published: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33118
Summary:
Samba is prone to an unauthorized-access vulnerability that occurs when registry shares are enabled.

An attacker who has authenticated access to the affected application can exploit this issue to gain access to the root filesystem.

3. Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability
BugTraq ID: 33137
Remote: Yes
Date Published: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33137
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because the browser fails to properly validate the 'mime-type' of files before calling the 'xdg-open' utility, as defined in '/etc/mailcap'.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser.

This issue affects Firefox running on Slackware Linux 12.2. Other versions may also be vulnerable.

UPDATE (January 8, 2009): The exact fault for this issue is currently unclear. This could be a configuration problem in Slackware Linux, a failure to sanitize input in Firefox, or a problem in 'xdg-open'. We will update this BID pending further investigation.

4. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Date Published: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

5. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Date Published: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

6. Linux Kernel 'sys_remap_file_pages()' Local Privilege Escalation Vulnerability
BugTraq ID: 33211
Remote: No
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33211
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Linux kernel 2.6.24.1 are vulnerable.

7. Git gitweb Unspecified Remote Command Execution Vulnerability
BugTraq ID: 33215
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33215
Summary:
Git gitweb is prone to a remote command-execution vulnerability.

An attacker may exploit this issue to execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Git 1.5.2.4 and 1.5.6.6 are vulnerable to this issue; other versions may also be affected

8. libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
BugTraq ID: 33235
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33235
Summary:
The 'libmikmod' library is prone to a remote denial-of-service vulnerability because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting victim to open multiple specially crafted media files.

Successfully exploiting this issue will cause an affected application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects libmikmod 3.1.9 through 3.2.0; other versions or applications that use the library may also be affected.

9. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
BugTraq ID: 33237
Remote: No
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33237
Summary:
The Linux kernel is prone to a local race-condition vulnerability because it fails to properly handle POSIX locks.

A local attacker may exploit this issue to crash the computer or gain elevated privileges.

10. libmikmod '.XM' File Remote Denial of Service Vulnerability
BugTraq ID: 33240
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33240
Summary:
The 'libmikmod' library is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.XM' file.

Successfully exploiting this issue will cause an affected application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects libmikmod 3.1.9 through 3.2.0; other versions or applications that use the library may also be affected.

11. HP Linux Imaging and Printing System 'hplip.postinst' Local Privilege Escalation Vulnerability
BugTraq ID: 33249
Remote: No
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33249
Summary:
HP Linux Image and Printing System (HPLIP) is prone to a local privilege-escalation vulnerability because an installation script changes ownership and permission on certain files in users' home directories.

Local attackers can exploit this issue to gain elevated privileges on the affected computer. Successful exploits may completely compromise the computer.

12. Sun Java System Access Manager Information Disclosure Vulnerability
BugTraq ID: 33265
Remote: Yes
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33265
Summary:
Sun Java System Access Manager is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

13. Sun Java System Access Manager 'sub-realm' Privilege Escalation Vulnerability
BugTraq ID: 33266
Remote: Yes
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33266
Summary:
Sun Java System Access Manager is prone to a privilege-escalation vulnerability.

Attackers can exploit this issue to elevate their privileges. Successfully exploiting this issue may result in the complete compromise of affected applications.

14. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects Linux 2.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CfP DIMVA 2009
http://www.securityfocus.com/archive/91/499756

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by the Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus