Linux Security News
SecurityFocus Linux Newsletter #427 Feb 19 2009 11:43PM
sfa securityfocus com
SecurityFocus Linux Newsletter #427
----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

http://www.purewire.com/lp/sec/

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Free Market Filtering
2. Don't Blame the Browser
II. LINUX VULNERABILITY SUMMARY
1. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
2. Trend Micro Interscan Web Security HTTP Proxy Authentication Information Disclosure Vulnerability
3. ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
4. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
5. GNOME Evolution S/MIME Email Signature Verification Vulnerability
6. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
7. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
8. pam-krb5 Local Privilege Escalation Vulnerability
9. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
10. Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
11. Linux Kernel Kprobe Memory Corruption Vulnerability
12. SUSE blinux Buffer Overflow Vulnerability
13. Ubuntu xorg-driver-fglrx 'LD_LIBRARY_PATH' Remote Command Execution Vulnerability
14. Yaws Multiple Header Request Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CanSecWest 2009 Speakers and Dojo courses (Mar 14-20)
2. DEFCON 17 CFP now open
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

2.Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
BugTraq ID: 33679
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33679
Summary:
Trend Micro InterScan Web Security Suite is prone to multiple security-bypass vulnerabilities.

Successful exploits may allow attackers to access sensitive areas and to elevate privileges to perform certain restricted actions, such as modifying system configuration.

These issues affect InterScan Web Security Suite 3.1 for Windows. Reportedly, Linux versions of the application are also affected.

2. Trend Micro Interscan Web Security HTTP Proxy Authentication Information Disclosure Vulnerability
BugTraq ID: 33687
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33687
Summary:
Trend Micro Interscan Web Security Suite is prone to an information-disclosure vulnerability when handling HTTP Proxy-Authentication headers.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

3. ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
BugTraq ID: 33702
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33702
Summary:
ZeroShell is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

ZeroShell 1.0beta11 is vulnerable; other versions may also be affected.

4. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 33714
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33714
Summary:
TYPO3 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

5. GNOME Evolution S/MIME Email Signature Verification Vulnerability
BugTraq ID: 33720
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33720
Summary:
GNOME Evolution is prone to a signature-verification vulnerability.

Attackers can exploit this issue through man-in-the-middle attacks to modify signed messages undetected.

6. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
BugTraq ID: 33722
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33722
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

ProFTPD 1.3.1 through 1.3.2 rc 2 are vulnerable.

7. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
BugTraq ID: 33724
Remote: No
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33724
Summary:
The 'libvirt' library is prone to a local privilege-escalation vulnerability because it fails perform adequate boundary checks on user-supplied data.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects libvirt 0.5.1; other versions may also be affected.

8. pam-krb5 Local Privilege Escalation Vulnerability
BugTraq ID: 33740
Remote: No
Date Published: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33740
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects pam-krb5 as shipped with Debian, Ubuntu, and Gentoo Linux releases; other versions may also be vulnerable.

9. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 33741
Remote: No
Date Published: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33741
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

A local attacker may exploit this to corrupt the credential cache. This may allow the attacker to gain elevated privileges or to create a denial-of-service condition.

Versions prior to pam-krb5 3.13 are vulnerable.

10. Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
BugTraq ID: 33755
Remote: Yes
Date Published: 2009-02-12
Relevant URL: http://www.securityfocus.com/bid/33755
Summary:
Net-SNMP is prone to a remote information-disclosure vulnerability because it fails to properly handle TCP Wrapper authorization rules.

Exploiting this issue will allow attackers to obtain sensitive information that can help them further attacks.

Net-SNMP 5.4.2.1 is vulnerable; other versions are also likely affected.

11. Linux Kernel Kprobe Memory Corruption Vulnerability
BugTraq ID: 33758
Remote: No
Date Published: 2009-02-12
Relevant URL: http://www.securityfocus.com/bid/33758
Summary:
The Linux kernel is prone to a memory-corruption vulnerability because of a design flaw in the Kprobe system.

Local attackers could exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with kernel-level privileges, but this has not been confirmed.

Versions prior to Linux kernel 2.6.28.5 are vulnerable.

12. SUSE blinux Buffer Overflow Vulnerability
BugTraq ID: 33794
Remote: No
Date Published: 2009-02-17
Relevant URL: http://www.securityfocus.com/bid/33794
Summary:
The SUSE 'blinux' (sbl) package is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code as the affected process, possibly resulting in elevated privileges. Failed exploit attempts are likely to result in denial-of-service conditions.

13. Ubuntu xorg-driver-fglrx 'LD_LIBRARY_PATH' Remote Command Execution Vulnerability
BugTraq ID: 33801
Remote: Yes
Date Published: 2009-02-17
Relevant URL: http://www.securityfocus.com/bid/33801
Summary:
Ubuntu 'xorg-driver-fglrx' is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to run an application in a directory containing a malicious library file with a specific name. A successful exploit will allow arbitrary code to run within the privileges of the currently logged-in user.

Ubuntu 8.10 is vulnerable.

14. Yaws Multiple Header Request Denial of Service Vulnerability
BugTraq ID: 33834
Remote: Yes
Date Published: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33834
Summary:
Yaws is prone to a remote denial-of-service vulnerability because it fails to handle infinite header requests.

Successfully exploiting this issue will allow attackers to cause the affected application to consume memory, eventually denying service to legitimate users.

Versions prior to Yaws 1.80 are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CanSecWest 2009 Speakers and Dojo courses (Mar 14-20)
http://www.securityfocus.com/archive/91/500979

2. DEFCON 17 CFP now open
http://www.securityfocus.com/archive/91/500978

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

http://www.purewire.com/lp/sec/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus