Linux Security News
SecurityFocus Linux Newsletter #433 Apr 06 2009 03:52PM
sfa securityfocus com
SecurityFocus Linux Newsletter #433
----------------------------------------

This issue is sponsored by Tripwire

Configuration and Change Management for IT Compliance and Risk Management

Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these organizations are applying the resulting processes to enhance security and improve operational efficiency in order to increase their level of service delivery.

http://dinclinx.com/Redirect.aspx?36;1864;32;189;0;4;259;4d333dbf312ae38
9

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Act Locally, Pwn Globally
2. Time to Shield Researchers
II. LINUX VULNERABILITY SUMMARY
1. Moodle TeX Filter Remote File Disclosure Vulnerability
2. Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
3. Openswan and strongSwan DPD Packet Remote Denial Of Service Vulnerability
4. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
5. IBM DB2 Content Manager eClient Unspecified Security Vulnerability
6. Xfig Multiple Insecure Temporary File Creation Vulnerabilities
7. Linux Kernel '/proc/net/udp' Local Denial of Service Vulnerability
8. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
9. BibTeX '.bib' File Handling Memory Corruption Vulnerability
10. pam_ssh Existing/Non-Existing Username Enumeration Weakness
11. XBMC Multiple Remote Buffer Overflow Vulnerabilities
12. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
13. VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
14. mpg123 'store_id3_text()' Memory Corruption Vulnerability
15. xine-lib STTS Quicktime Atom Remote Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
2. [tool] Unix auditing, Lynis 1.2.5
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure, the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: .Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)..
http://www.securityfocus.com/columnists/496

2. Time to Shield Researchers
By Oliver Day
Research is the backbone of the security industry but the legal climate has become so adverse that researchers have had to worry about injunctions, FBI visits, and even arrest.
http://www.securityfocus.com/columnists/495

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Moodle TeX Filter Remote File Disclosure Vulnerability
BugTraq ID: 34278
Remote: Yes
Date Published: 2009-03-27
Relevant URL: http://www.securityfocus.com/bid/34278
Summary:
Moodle is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files in the context of the webserver process. This may aid in further attacks.

Versions prior to the following are vulnerable:

Moodle 1.6.9+
Moodle 1.7.7+
Moodle 1.8.9
Moodle 1.9.5

2. Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34286
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34286
Summary:
Check Point FireWall-1 PKI web service is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

3. Openswan and strongSwan DPD Packet Remote Denial Of Service Vulnerability
BugTraq ID: 34296
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34296
Summary:
Openswan and strongSwan are prone to a remote denial-of-service vulnerability because they fail to properly handle certain Dead Peer Detection (DPD) packets.

Attackers can exploit this issue to crash the pluto IKE daemon, denying access to legitimate users.

Versions *prior to* the following are affected:

Openswan 2.6.21
Openswan 2.4.14
strongSwan 4.2.14
strongSwan 2.8.9

4. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
BugTraq ID: 34308
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34308
Summary:
Bugzilla is prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to submit attachments in the context of the logged-in user.

This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.

5. IBM DB2 Content Manager eClient Unspecified Security Vulnerability
BugTraq ID: 34326
Remote: Yes
Date Published: 2009-03-31
Relevant URL: http://www.securityfocus.com/bid/34326
Summary:
IBM DB2 Content Manager is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

IBM DB2 Content Manager 8.4.1 is vulnerable; other versions may be affected as well.

6. Xfig Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 34328
Remote: No
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34328
Summary:
Xfig creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

7. Linux Kernel '/proc/net/udp' Local Denial of Service Vulnerability
BugTraq ID: 34329
Remote: No
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34329
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to crash.

8. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
BugTraq ID: 34331
Remote: No
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34331
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger a kernel oops, resulting in a denial-of-service condition.

This issue affects Linux kernel 2.6.19 through 2.6.29.

9. BibTeX '.bib' File Handling Memory Corruption Vulnerability
BugTraq ID: 34332
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34332
Summary:
BibTeX is prone to a memory-corruption vulnerability because it fails to properly handle excessively large '.bib' files.

Remote attackers may leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

NOTE: BibTeX may be shipped with various packages, such as TeTeX or TexLive, that may also be vulnerable.

10. pam_ssh Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 34333
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34333
Summary:
The 'pam_ssh' module is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects pam_ssh 1.92; other versions may also be affected.

11. XBMC Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34334
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34334
Summary:
XBMC is prone to multiple buffer-overflow vulnerabilities that occur because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

XBMC 8.10 Atlantis is vulnerable; other versions may also be affected.

12. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
BugTraq ID: 34337
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34337
Summary:
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

13. VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
BugTraq ID: 34373
Remote: Yes
Date Published: 2009-04-04
Relevant URL: http://www.securityfocus.com/bid/34373
Summary:
VMware hosted products are prone to multiple remote vulnerabilities:

- Multiple denial-of-service vulnerabilities
- A privilege-escalation vulnerability
- Multiple heap-based buffer-overflow vulnerabilities
- An unauthorized-access vulnerability
- An information-disclosure vulnerability

An attacker can exploit these issues to crash the affected applications, execute arbitrary code, compromise the affected applications, gain unauthorized access, and obtain sensitive information. Other attacks are also possible.

14. mpg123 'store_id3_text()' Memory Corruption Vulnerability
BugTraq ID: 34381
Remote: Yes
Date Published: 2009-04-05
Relevant URL: http://www.securityfocus.com/bid/34381
Summary:
mpg123 is prone to a memory-corruption vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

mpg123 1.7.1 and prior are vulnerable.

15. xine-lib STTS Quicktime Atom Remote Buffer Overflow Vulnerability
BugTraq ID: 34384
Remote: Yes
Date Published: 2009-04-04
Relevant URL: http://www.securityfocus.com/bid/34384
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.16.2 and prior.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
http://www.securityfocus.com/archive/91/502340

2. [tool] Unix auditing, Lynis 1.2.5
http://www.securityfocus.com/archive/91/502245

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Tripwire

Configuration and Change Management for IT Compliance and Risk Management

Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these organizations are applying the resulting processes to enhance security and improve operational efficiency in order to increase their level of service delivery.

http://dinclinx.com/Redirect.aspx?36;1864;32;189;0;4;259;4d333dbf312ae38
9

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus