Linux Security News
SecurityFocus Linux Newsletter #430 Mar 11 2009 10:40PM
sfa securityfocus com
SecurityFocus Linux Newsletter #430
----------------------------------------

This issue is sponsored by Sophos

Laws, regulations and compliance: Top tips for keeping your data under your control

http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445
a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Contracting For Secure Code
2. Free Market Filtering
II. LINUX VULNERABILITY SUMMARY
1. MPFR Library 'printf.c' Multiple Buffer Overflow Vulnerabilities
2. Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
3. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
4. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
5. NovaStor NovaNET 'DtbClsLogin()' Remote Stack Buffer Overflow Vulnerability
6. cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability
7. libsndfile CAF Processing Buffer Overflow Vulnerability
8. ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability
9. NetworkManager Permission Enforcement Multiple Local Vulnrabilities
10. Arno's IPTables Firewall Script Restart Security Bypass Vulnerability
11. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
12. Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability
13. IBM Director CIM Server Consumer Name Remote Denial of Service Vulnerability
14. Mahara Multiple Cross Site Scripting Vulnerabilities
15. IBM Director CIM Server Privilege Escalation Vulnerability
16. openSUSE Linux gtk2 Package Search Path Remote Command Execution Vulnerability
17. PostgreSQL Low Cost Function Information Disclosure Vulnerability
18. Asterisk Pedantic Mode SIP Channel Driver INVITE Header Remote Denial of Service Vulnerability
19. Sun xVM VirtualBox Local Privilege Escalation Vulnerability
20. Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
21. Wesnoth Compressed Data Remote Denial of Service Vulnerability
22. Mandriva perl-MDK-Common Unspecified Privilege Escalation Vulnerability
23. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
24. DASH '.profile' Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab.
http://www.securityfocus.com/columnists/494

2. Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MPFR Library 'printf.c' Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33945
Remote: Yes
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33945
Summary:
The MPFR library is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to MPFR 2.4.1 are vulnerable.

2. Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
BugTraq ID: 33946
Remote: Yes
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33946
Summary:
Avahi is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to crash the affected application, denying further service to legitimate users.

Avahi 0.6.23 is vulnerable; other versions may also be affected.

3. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
BugTraq ID: 33948
Remote: No
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33948
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass access control and make restricted system calls, which may result in an elevation of privileges.

4. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.

5. NovaStor NovaNET 'DtbClsLogin()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33954
Remote: Yes
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33954
Summary:
NovaStor NovaNET is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

NovaNET 12 is vulnerable; other versions may also be affected.

6. cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability
BugTraq ID: 33962
Remote: Yes
Date Published: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33962
Summary:
cURL/libcURL is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks.

This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may also be vulnerable.

7. libsndfile CAF Processing Buffer Overflow Vulnerability
BugTraq ID: 33963
Remote: Yes
Date Published: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33963
Summary:
The 'libsndfile' library is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of an application using the library. This can compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue affects libsndfile 1.0.18; previous versions may also be vulnerable.

8. ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability
BugTraq ID: 33965
Remote: Yes
Date Published: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33965
Summary:
ZABBIX is prone to multiple local file-include vulnerabilities and a remote code-execution vulnerability that occur in the front-end web interface.

Attackers can exploit these issues to execute arbitrary code within the context of the webserver or obtain sensitive information. Other attacks are also possible.

ZABBIX 1.6.2 is vulnerable; prior versions may also be affected.

9. NetworkManager Permission Enforcement Multiple Local Vulnrabilities
BugTraq ID: 33966
Remote: No
Date Published: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33966
Summary:
NetworkManager is prone to multiple local vulnerabilities because the software fails to properly enforce permissions.

Local attackers can exploit these issue to perform dbus queries to view network connection passwords and pre-shared keys and to modify or delete network connections. Other attacks may also be possible.

10. Arno's IPTables Firewall Script Restart Security Bypass Vulnerability
BugTraq ID: 33981
Remote: Yes
Date Published: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33981
Summary:
Arno's IPTables Firewall Script is prone to a security-bypass vulnerability because it fails to properly restrict network traffic following a restart of the application.

An attacker can exploit this issue to bypass intended security restrictions and send network packets to an affected computer.

Versions prior to Arno's IPTables Firewall Script 1.9.0b are vulnerable.

11. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
BugTraq ID: 33990
Remote: Yes
Date Published: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33990
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

12. Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability
BugTraq ID: 34010
Remote: No
Date Published: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34010
Summary:
Linux-PAM is prone to a vulnerability related to the parsing of user names containing non-ASCII characters from PAM configuration files. Specifically, this issue is caused by an error in the '_pam_StrTok()' function, which may strip a single trailing non-ASCII character from user names before returning them as 'arg3'.

Note that root access is required to modify the affected configuration files.

A local attacker may exploit this issue to authenticate as additional users. The attacker may be able to create a denial-of-service condition or possibly to execute arbitrary code as the affected process, but this has not been confirmed.

Versions prior to Linux-PAM 1.0.4 are vulnerable.

13. IBM Director CIM Server Consumer Name Remote Denial of Service Vulnerability
BugTraq ID: 34061
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34061
Summary:
The CIM Server of IBM Director is prone to a remote denial-of-service vulnerability because the application fails to properly handle specially crafted requests.

Successfully exploiting this issue allows remote attackers to trigger crashes, which would deny further service to legitimate users.

This issue affects versions prior to IBM Director 5.20.3 Service Update 2.

14. Mahara Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34064
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34064
Summary:
Mahara is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.

Versions prior to Mahara 1.0.10 and 1.1.2 are vulnerable.

15. IBM Director CIM Server Privilege Escalation Vulnerability
BugTraq ID: 34065
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34065
Summary:
IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server.

Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process.

Versions prior to IBM Director 5.20.3 Service Update 2 are affected.

16. openSUSE Linux gtk2 Package Search Path Remote Command Execution Vulnerability
BugTraq ID: 34068
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34068
Summary:
The openSUSE gtk2 package is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to run a vulnerable application in a directory containing a malicious module file with a specific name. A successful exploit will allow arbitrary commands to run with the privileges of the currently logged-in user.

openSUSE 11.0 and 11.1 are vulnerable.

17. PostgreSQL Low Cost Function Information Disclosure Vulnerability
BugTraq ID: 34069
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34069
Summary:
PostgreSQL is prone to an information-disclosure vulnerability.

Local attackers can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks.

PostgreSQL 8.3.6 is vulnerable; other versions may also be affected.

18. Asterisk Pedantic Mode SIP Channel Driver INVITE Header Remote Denial of Service Vulnerability
BugTraq ID: 34070
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34070
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because it fails to adequately validate INVITE headers in pedantic mode.

Successful exploits can crash the SIP channel driver, resulting in denial-of-service conditions for legitimate users.

19. Sun xVM VirtualBox Local Privilege Escalation Vulnerability
BugTraq ID: 34080
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34080
Summary:
Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability.

An attacker can exploit this vulnerability to run arbitrary code with superuser privileges.

The following versions for the Linux platform are vulnerable:

Sun xVM VirtualBox 2.0
Sun xVM VirtualBox 2.1

20. Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
BugTraq ID: 34084
Remote: Yes
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34084
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly flush the '/proc/net/rt_cache' file under some conditions.

Attackers can exploit this issue to cause the kernel to fail to respond to network traffic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25 are vulnerable.

21. Wesnoth Compressed Data Remote Denial of Service Vulnerability
BugTraq ID: 34085
Remote: Yes
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34085
Summary:
Wesnoth is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash, denying service to legitimate users.

22. Mandriva perl-MDK-Common Unspecified Privilege Escalation Vulnerability
BugTraq ID: 34089
Remote: No
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34089
Summary:
Mandriva perl-MDK-Common is prone to an unspecified privilege-escalation vulnerability due to a failure to properly validate user supplied input.

An attacker may exploit this issue to gain elevated privileges.

23. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
BugTraq ID: 34090
Remote: Yes
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users.

24. DASH '.profile' Local Privilege Escalation Vulnerability
BugTraq ID: 34092
Remote: No
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34092
Summary:
DASH is prone to a local vulnerability that results in code execution with elevated privileges.

Successful exploits may allow attackers to execute arbitrary code within the context of the user running the affected application. This may allow local attackers to gain root-level privileges, resulting in a complete compromise of an affected computer.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos

Laws, regulations and compliance: Top tips for keeping your data under your control

http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445
a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus