Linux Security News
SecurityFocus Linux Newsletter #425 Feb 04 2009 11:53PM
sfa securityfocus com
SecurityFocus Linux Newsletter #425
----------------------------------------

Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.

http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a
7c

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
2. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
3. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
4. XChat 'PySys_SetArgv' Remote Command Execution Vulnerability
5. gedit 'PySys_SetArgv' Remote Command Execution Vulnerability
6. Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
7. Vim 'PySys_SetArgv' Remote Command Execution Vulnerability
8. Dia 'PySys_SetArgv' Remote Command Execution Vulnerability
9. RETIRED: Linux Kernel 'irda-usb.c' Remote Buffer Overflow Vulnerability
10. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
11. Computer Associates Anti-Virus Engine 'arclib.dll' Multiple Scan Evasion Vulnerabilities
12. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
13. Zinf Multiple Playlist Files Buffer Overflow Vulnerability
14. Sun Java System Access Manager Username Enumeration Weakness
15. RETIRED: PHP 'dba_replace() ' File Corruption Vulnerability
16. Todd Miller Sudo 'Runas_Alias' Supplementary Group Local Privilege Escalation Vulnerability
17. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability
18. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
19. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
20. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
21. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
22. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
23. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
24. Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

2. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33441
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33441
Summary:
Epiphany is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

3. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33443
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33443
Summary:
The 'eog' (Eye of GNOME) program is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

4. XChat 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33444
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33444
Summary:
XChat is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

5. gedit 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33445
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33445
Summary:
The 'gedit' program is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

6. Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33446
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33446
Summary:
Csound is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

7. Vim 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33447
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33447
Summary:
Vim is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

Versions prior to Vim 7.2.045 are vulnerable.

8. Dia 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33448
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33448
Summary:
Dia is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-in user.

9. RETIRED: Linux Kernel 'irda-usb.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 33449
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33449
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to prevent firmware uploading. This may result in a denial-of-service condition. Given the nature of this issue, the attacker may be able to execute arbitrary code with kernel-level privileges, but this has not been confirmed.

Linux Kernel 2.6.18 up to 2.6.28.2 are vulnerable.

UPDATE (January 27, 2009): This BID is being retired because there is no discernable security implication.

10. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
BugTraq ID: 33450
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33450
Summary:
Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

11. Computer Associates Anti-Virus Engine 'arclib.dll' Multiple Scan Evasion Vulnerabilities
BugTraq ID: 33464
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33464
Summary:
Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect.

Products with 'arclib.dll' prior to version 7.3.0.15 are vulnerable.

12. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33479
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33479
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

MoinMoin 1.7.3 and 1.8.1 are vulnerable; other versions may also be affected

13. Zinf Multiple Playlist Files Buffer Overflow Vulnerability
BugTraq ID: 33482
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33482
Summary:
Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts will likely crash the application.

Zinf 2.2.1 is vulnerable; other versions may also be affected.

14. Sun Java System Access Manager Username Enumeration Weakness
BugTraq ID: 33489
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33489
Summary:
Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects the following versions:

Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1

15. RETIRED: PHP 'dba_replace() ' File Corruption Vulnerability
BugTraq ID: 33498
Remote: Yes
Date Published: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33498
Summary:
PHP is prone to a vulnerability that may allow attackers to corrupt a database file. This issue occurs because the application fails to validate user-supplied input.

Attackers can exploit this issue to corrupt the database file. Successfully exploiting this issue may result in a denial-of-service condition and the loss of data.

PHP 5.2.6 is vulnerable; prior versions may also be affected.

NOTE: This BID is being retired. To exploit this issue, an attacker would need to control components that they should not be able to control under normal circumstances.

16. Todd Miller Sudo 'Runas_Alias' Supplementary Group Local Privilege Escalation Vulnerability
BugTraq ID: 33517
Remote: No
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33517
Summary:
Todd Miller 'sudo' is prone to a local privilege-escalation vulnerability because it fails to correctly validate certain nondefault rules in the 'sudoer' configuration file.

Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

This issue affects 'sudo' 1.6.9 p17 to 1.6.9 p19; other versions may also be affected.

17. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33560
Remote: Yes
Date Published: 2009-01-30
Relevant URL: http://www.securityfocus.com/bid/33560
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.

18. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
BugTraq ID: 33579
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33579
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

This BID is being retired as an attacker requires administrative access to an affected application to exploit this issue. An attacker with that access would not need to exploit any issue in order to compromise the application in this manner.

19. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
BugTraq ID: 33580
Remote: Yes
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33580
Summary:
Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.

20. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
BugTraq ID: 33581
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33581
Summary:
Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl.

An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible.

This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl.

21. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33583
Remote: No
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33583
Summary:
sblim-sfcb creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

sblim-sfcb 1.3.2 is vulnerable; other versions may also be affected.

22. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
BugTraq ID: 33595
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33595
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

We don't know which versions of Simple Machines Forum are affected. We will update this BID when more information is available.

23. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
BugTraq ID: 33598
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33598
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, bypass certain security settings, and execute arbitrary script code with elevated privileges; other attacks are also possible.

24. Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
BugTraq ID: 33624
Remote: No
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33624
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an oops condition in the Linux kernel, which may cause a denial-of-service condition.

Versions prior to the Linux kernel 2.6.28.3 are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.

http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a
7c

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus