Linux Security News
SecurityFocus Linux Newsletter #437 Apr 30 2009 10:20PM
sfa securityfocus com
SecurityFocus Linux Newsletter #437
----------------------------------------

This issue is sponsored by Thawte

Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.

http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Projecting Borders into Cyberspace
2. Celebrity Viruses Improve Security
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
2. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
3. Linux Kernel CIFS 'serverDomain' Remote Buffer Overflow Vulnerability
4. Debian apt Repository Signature Verification Vulnerability
5. Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability
6. SLURM 'sbcast' and 'strigger' Group Permissions Local Privilege Escalation Vulnerability
7. Debian git-core DEC Alpha & MIPS Local Privilege Escalation Vulnerability
8. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
9. CUPS Insufficient 'Host' Header Validation Weakness
10. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
11. Mahara User Profile Cross Site Scripting Vulnerability
12. aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
13. acpid Local Denial of Service Vulnerability
14. iodine 'iodined' Remote Denial of Service Vulnerability
15. Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability
16. Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
17. Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
18. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
19. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
20. Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
21. Multiple ESET Products CAB File Scan Evasion Vulnerability
22. IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
23. Ubuntu Apport Local Arbitrary File Deletion Vulnerability
24. McAfee Products RAR/ZIP Files Scan Evasion Vulnerability
25. GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. curuncula dbr rootkit detection tool
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions but stop short.
http://www.securityfocus.com/columnists/500

2. Celebrity Viruses Improve Security
By Adam O'Donnell
Every so often, a computer virus becomes more than just a novelty for anti-virus researchers and moves into the consciousness of the mass media, even if it's not a grave threat.
http://www.securityfocus.com/columnists/499

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 34602
Remote: No
Date Published: 2009-04-20
Relevant URL: http://www.securityfocus.com/bid/34602
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue was introduced in Linux kernel 2.6.27 and fixed in 2.6.29.

2. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34612
Remote: Yes
Date Published: 2009-04-20
Relevant URL: http://www.securityfocus.com/bid/34612
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

3. Linux Kernel CIFS 'serverDomain' Remote Buffer Overflow Vulnerability
BugTraq ID: 34615
Remote: Yes
Date Published: 2009-04-20
Relevant URL: http://www.securityfocus.com/bid/34615
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

4. Debian apt Repository Signature Verification Vulnerability
BugTraq ID: 34630
Remote: Yes
Date Published: 2009-04-20
Relevant URL: http://www.securityfocus.com/bid/34630
Summary:
Debian 'apt' is prone to a signature-verification vulnerability.

An attacker may exploit this issue by first compromising a repository server or through man-in-the-middle attacks after gaining access to revoked or expired keys. Successful attacks may allow the attacker to execute arbitrary code on a vulnerable computer.

Versions prior to 'apt' 0.7.21 are affected.

5. Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability
BugTraq ID: 34637
Remote: Yes
Date Published: 2009-04-21
Relevant URL: http://www.securityfocus.com/bid/34637
Summary:
Zervit HTTP server is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Zervit 0.3 is vulnerable; other versions may also be affected.

6. SLURM 'sbcast' and 'strigger' Group Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 34638
Remote: No
Date Published: 2009-04-21
Relevant URL: http://www.securityfocus.com/bid/34638
Summary:
SLURM (Simple Linux Utility for Resource Management) is prone to a privilege-escalation vulnerability because it fails to properly drop group privileges.

A local attacker with sufficient privileges to interact with SLURM may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the affected computer.

Versions prior to SLURM 1.3.14 are vulnerable.

7. Debian git-core DEC Alpha & MIPS Local Privilege Escalation Vulnerability
BugTraq ID: 34644
Remote: No
Date Published: 2009-04-21
Relevant URL: http://www.securityfocus.com/bid/34644
Summary:
The Debian 'git-core' package is prone to a local privilege-escalation vulnerability because it fails to sufficiently validate user-supplied data.

An attacker can exploit this issue to execute arbitrary commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects only DEC Alpha and MIPS architectures.

8. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
BugTraq ID: 34656
Remote: Yes
Date Published: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34656
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

9. CUPS Insufficient 'Host' Header Validation Weakness
BugTraq ID: 34665
Remote: Yes
Date Published: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34665
Summary:
CUPS is prone to an insufficient 'Host' header validation weakness.

An attacker can use this weakness to carry out certain attacks such as DNS rebinding against the vulnerable server.

10. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Date Published: 2009-04-20
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.

11. Mahara User Profile Cross Site Scripting Vulnerability
BugTraq ID: 34677
Remote: Yes
Date Published: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34677
Summary:
Mahara is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

12. aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
BugTraq ID: 34683
Remote: Yes
Date Published: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34683
Summary:
aMule is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application.

This issue affects aMule 2.2.4; other versions may also be vulnerable.

13. acpid Local Denial of Service Vulnerability
BugTraq ID: 34692
Remote: No
Date Published: 2009-04-21
Relevant URL: http://www.securityfocus.com/bid/34692
Summary:
The 'acpid' daemon is prone to a local denial-of-service vulnerability.

Successful exploits will allow attackers to make the daemon unresponsive, resulting in denial-of-service conditions.

The issue affects versions prior to acpid 1.0.10.

14. iodine 'iodined' Remote Denial of Service Vulnerability
BugTraq ID: 34731
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34731
Summary:
The 'iodine' program is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

An attacker can exploit this issue to crash the application, denying service to legitimate users.

This issue affects iodine 0.4.2; other versions may also be affected.

15. Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability
BugTraq ID: 34736
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34736
Summary:
Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.

UPDATE (April 28, 2009): The vendor is investigating this issue. We will update this BID as more information emerges.

16. Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
BugTraq ID: 34740
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34740
Summary:
Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 for Linux is vulnerable; other versions or platforms may also be affected.

UPDATE (April 30, 2009): Further information from the reporter states that the issue does not affect Reader 9.1; only 8.1.4 is affected.

17. Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
BugTraq ID: 34743
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34743
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected browser or crash the browser, denying service to legitimate users.

18. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
BugTraq ID: 34755
Remote: Yes
Date Published: 2009-04-28
Relevant URL: http://www.securityfocus.com/bid/34755
Summary:
DBD::Pg is prone to multiple heap-based buffer-overflow vulnerabilities that occur because the application fails to perform adequate boundary checks on user-supplied data.

Attackers may be able to exploit these issues to execute arbitrary code within the context of an application that uses the vulnerable module. Failed exploit attempts will result in a denial-of-service condition.

DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other versions may also be affected.

19. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
BugTraq ID: 34757
Remote: Yes
Date Published: 2009-04-28
Relevant URL: http://www.securityfocus.com/bid/34757
Summary:
DBD::Pg is prone to a denial-of-service vulnerability caused by a memory leak when handling BYTEA data.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected software.

DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other versions may also be affected.

20. Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
BugTraq ID: 34763
Remote: Yes
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34763
Summary:
Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

ServerProtect for Microsoft Windows/Novell NetWare
ServerProtect for EMC Celerra
ServerProtect for NetApp
ServerProtect for Linux
ServerProtect for Network Appliance Filers
Internet Security Pro Internet Security
OfficeScan Component
Worry Free Business Security - Standard
Worry Free Business Security - Advanced
Worry Free Business Security Hosted
Housecall
InterScan Web Security Suite
InterScan Web Protect for ISA
InterScan Messaging Security Appliance
Neatsuite Advanced
ScanMail for Exchange
ScanMail for Domino Suites

21. Multiple ESET Products CAB File Scan Evasion Vulnerability
BugTraq ID: 34764
Remote: Yes
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34764
Summary:
Multiple ESET products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

ESET products prior to Update 4036 are vulnerable.

22. IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 34765
Remote: Yes
Date Published: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34765
Summary:
IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.

A successful attack allows a remote attacker to cause the application to crash or to consume excessive memory, denying further service to legitimate users.

Versions prior to IPsec-Tools 0.7.2 are vulnerable.

23. Ubuntu Apport Local Arbitrary File Deletion Vulnerability
BugTraq ID: 34776
Remote: No
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34776
Summary:
Ubuntu Apport deletes crash-report files in an unsafe manner.

A local attacker may exploit this issue to delete arbitrary files, resulting in a denial-of-service condition. Other attacks may also be possible.

24. McAfee Products RAR/ZIP Files Scan Evasion Vulnerability
BugTraq ID: 34780
Remote: Yes
Date Published: 2009-04-30
Relevant URL: http://www.securityfocus.com/bid/34780
Summary:
Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

The issue affects all McAfee software that uses DAT files.

25. GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
BugTraq ID: 34783
Remote: Yes
Date Published: 2009-04-30
Relevant URL: http://www.securityfocus.com/bid/34783
Summary:
GnuTLS is prone to multiple remote vulnerabilities:

- A remote code-execution vulnerability.
- A denial-of-service vulnerability
- A signature-generation vulnerability.
- A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.

Versions prior to GnuTLS 2.6.6 are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. curuncula dbr rootkit detection tool
http://www.securityfocus.com/archive/91/502934

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte

Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.

http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus