Linux Security News
SecurityFocus Linux Newsletter #435 Apr 17 2009 05:02PM
sfa securityfocus com
SecurityFocus Linux Newsletter #435
----------------------------------------

This issue is sponsored by Cisco

Five Ways to Know Your Wireless Security

A wireless network can help your employees stay productive as they move around your company. But to take advantage of the benefits of wireless networking, you need to be sure that your network is safe from hackers and unauthorized users. Every device in a wireless network is important to security. Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to safeguard traffic.

http://dinclinx.com/Redirect.aspx?36;4328;50;189;0;5;259;b3682945b0c3f7c
4

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Facebook, Privacy and Contracts
2. Act Locally, Pwn Globally
II. LINUX VULNERABILITY SUMMARY
1. Xpdf Search Path Local Privilege Escalation Vulnerability
2. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
3. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
4. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
5. MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
6. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
7. Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
8. Tunapie Insecure Temporary File Creation Vulnerability
9. Tunapie Stream URI Remote Command Execution Vulnerability
10. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
11. ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
12. NTP 'ntpq' Stack Buffer Overflow Vulnerability
13. Zervit 'http.c' Remote Buffer Overflow Vulnerability
14. udev Netlink Message Validation Local Privilege Escalation Vulnerability
15. udev Path Encoding Local Denial of Service Vulnerability
16. MiniWeb Remote Buffer Overflow Vulnerability
17. MiniWeb Source Code Information Disclosure Vulnerability
18. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
19. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
20. Multiple ESET Antivirus Products RAR File Scan Evasion Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Facebook, Privacy and Contracts
On February 4, the social networking site Facebook made a minor change to its terms of service - the online contract that every user must agree to when they create an account.
Facebook was trying to solve a legitimate problem: People who deleted their accounts did not realize that information that they shared with other users would persist on their Facebook friends' accounts. Thus, they needed some way of telling users that the information might remain.
http://www.securityfocus.com/columnists/497

2. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure, the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: "Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)."
http://www.securityfocus.com/columnists/496

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Xpdf Search Path Local Privilege Escalation Vulnerability
BugTraq ID: 34401
Remote: No
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34401
Summary:
Xpdf is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with elevated privileges, resulting in the complete compromise of affected computers.

Xpdf 3.02 is vulnerable; other versions may be affected as well.

2. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
BugTraq ID: 34404
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34404
Summary:
OpenAFS file server is prone to a denial-of-service vulnerability that occurs on computers running the Linux kernel.

Successfully exploiting this issue allows attackers to cause a kernel panic, denying service to legitimate users.

The issue affects these versions:

OpenAFS 1.0 through 1.4.8
OpenAFS 1.5.0 through 1.5.58

3. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Versions prior to Linux kernel 2.6.29-git14 are vulnerable.

4. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34407
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34407
Summary:
OpenAFS is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer in the Unix cache manager. The issue occurs when the application processes RX packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the Unix cache manager, resulting in a complete compromise of the affected computer. Failed exploit attempts will likely result in a denial of service.

The issue affects these versions:

OpenAFS Unix clients 1.0 through 1.4.8
OpenAFS Unix clients 1.5.0 through 1.5.58

Note that Mac OS X clients are not affected.

5. MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 34408
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34408
Summary:
MIT Kerberos is prone to multiple remote denial-of-service vulnerabilities.

An attacker may exploit these issues to crash vulnerable servers, resulting in denial-of-service conditions. Some of these issues may allow attackers to obtain sensitive information.

MIT Kerberos 5 1.6.3 is vulnerable; other versions may also be affected.

6. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
BugTraq ID: 34409
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34409
Summary:
MIT Kerberos is prone to a memory-corruption vulnerability because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to crash Kerberos servers, including the 'kadmind' administration daemon. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level or superuser privileges, but this has not been confirmed.

Versions prior to Kerberos 5.17 and 5.1.6.4 are vulnerable.

7. Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 34411
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34411
Summary:
Little CMS is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by tricking a victim into opening a specially crafted image file.

Successful attacks will cause the application using the affected engine to crash.

NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are likely vulnerable to this issue as well.

8. Tunapie Insecure Temporary File Creation Vulnerability
BugTraq ID: 34417
Remote: No
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34417
Summary:
Tunapie creates a temporary file in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Tunapie 2.1; other versions may also be affected.

9. Tunapie Stream URI Remote Command Execution Vulnerability
BugTraq ID: 34418
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34418
Summary:
Tunapie is prone to a remote command-execution vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary commands in the context of the application. This may aid in further attacks.

Tunapie 2.1 is vulnerable; other versions may also be affected.

10. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
BugTraq ID: 34445
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34445
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Ghostscript 8.64 is vulnerable; other versions may also be affected.

11. ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34446
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34446
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities when handling malformed files or specially crafted URIs.

Successfully exploiting these issues allows remote attackers to deny service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to ClamAV 0.95.1 are vulnerable.

12. NTP 'ntpq' Stack Buffer Overflow Vulnerability
BugTraq ID: 34481
Remote: Yes
Date Published: 2009-04-12
Relevant URL: http://www.securityfocus.com/bid/34481
Summary:
The 'ntpq' command is prone to a stack-based buffer-overflow vulnerability.

Successful exploits will result in the crash of the affected utility. Code-execution may also be possible, but this has not been confirmed.

13. Zervit 'http.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 34530
Remote: Yes
Date Published: 2009-04-15
Relevant URL: http://www.securityfocus.com/bid/34530
Summary:
Zervit is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Zervit 0.2 is vulnerable; other versions may also be affected.

14. udev Netlink Message Validation Local Privilege Escalation Vulnerability
BugTraq ID: 34536
Remote: No
Date Published: 2009-04-15
Relevant URL: http://www.securityfocus.com/bid/34536
Summary:
The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects udev as shipped with Ubuntu Linux releases; other versions may also be vulnerable.

15. udev Path Encoding Local Denial of Service Vulnerability
BugTraq ID: 34539
Remote: No
Date Published: 2009-04-15
Relevant URL: http://www.securityfocus.com/bid/34539
Summary:
The 'udev' Linux application is prone to a local denial-of-service vulnerability.

Exploiting this issue allows local attackers to crash the application. Attackers may also be able to execute code with elevated privileges, but this has not been confirmed.

This issue affects udev as shipped with Ubuntu Linux releases; other versions may also be vulnerable.

16. MiniWeb Remote Buffer Overflow Vulnerability
BugTraq ID: 34563
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34563
Summary:
MiniWeb is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

17. MiniWeb Source Code Information Disclosure Vulnerability
BugTraq ID: 34565
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34565
Summary:
MiniWeb is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects unknown versions of MiniWeb. We will update this BID when further details are available.

18. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
BugTraq ID: 34568
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34568
Summary:
Xpdf is prone to multiple security vulnerabilities.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect multiple applications on multiple platforms that utilize the affected library.

19. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
BugTraq ID: 34571
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34571
Summary:
CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied TIFF image sizes before using them to allocate memory buffers.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to CUPS 1.3.10 are vulnerable.

20. Multiple ESET Antivirus Products RAR File Scan Evasion Vulnerability
BugTraq ID: 34582
Remote: Yes
Date Published: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34582
Summary:
Multiple ESET products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

The following are vulnerable:

ESET Smart Security 4
ESET NOD32 Antivirus 4
ESET Smart Security 4 Business Edition
ESET NOD32 Antivirus 4 Business Edition
ESET NOD32 Antivirus for Exchange Server
ESET Mail Security
ESET NOD32 Antivirus for Lotus Domino Server
ESET File Security
ESET Novell Netware
ESET DELL STORAGE SERVERS
ESET NOD32 Antivirus for Linux gateway devices

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Cisco

Five Ways to Know Your Wireless Security

A wireless network can help your employees stay productive as they move around your company. But to take advantage of the benefits of wireless networking, you need to be sure that your network is safe from hackers and unauthorized users. Every device in a wireless network is important to security. Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to safeguard traffic.

http://dinclinx.com/Redirect.aspx?36;4328;50;189;0;5;259;b3682945b0c3f7c
4

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus