Linux Security News
SecurityFocus Linux Newsletter #438 May 07 2009 11:02PM
sfa securityfocus com
SecurityFocus Linux Newsletter #438
----------------------------------------

This issue is sponsored by Thawte

Extended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. A Botnet by Any Other Name
2. Projecting Borders into Cyberspace
II. LINUX VULNERABILITY SUMMARY
1. iodine 'iodined' Remote Denial of Service Vulnerability
2. Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability
3. Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
4. Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
5. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
6. Memcached and MemcacheDB ASLR Information Disclosure Weakness
7. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
8. Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
9. Multiple ESET Products CAB File Scan Evasion Vulnerability
10. Ubuntu Apport Local Arbitrary File Deletion Vulnerability
11. Drupal HTML Injection and Information Disclosure Vulnerabilities
12. McAfee Products RAR/ZIP Files Scan Evasion Vulnerability
13. GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
14. libwmf WMF Image File Remote Code Execution Vulnerability
15. Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability
16. Quagga Autonomous System Number Remote Denial Of Service Vulnerability
17. ClamAV 'clamav-milter' Initscript File Permission Vulnerability
18. IceWarp Merak Mail Server 'Forgot Password' Input Validation Vulnerability
19. xvfb-run Insecure Magic Cookie Local Information Disclosure Vulnerability
20. Coccinelle Insecure Temporary File Creation Vulnerability
21. Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501

2. Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions but stop short.
http://www.securityfocus.com/columnists/500

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. iodine 'iodined' Remote Denial of Service Vulnerability
BugTraq ID: 34731
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34731
Summary:
The 'iodine' program is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

An attacker can exploit this issue to crash the application, denying service to legitimate users.

This issue affects iodine 0.4.2; other versions may also be affected.

2. Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability
BugTraq ID: 34736
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34736
Summary:
Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.

UPDATE (April 28, 2009): The vendor is investigating this issue. We will update this BID as more information emerges.

UPDATE (May 1, 2009): The vendor indicates that fixes will be available by May 12, 2009. Please see the referenced advisory for more information.

3. Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
BugTraq ID: 34740
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34740
Summary:
Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 for Linux is vulnerable; other versions or platforms may also be affected.

UPDATE (April 30, 2009): Further information from the reporter states that the issue does not affect Reader 9.1; only 8.1.4 is affected.

UPDATE (May 1, 2009): The vendor indicates that fixes will be available by May 12, 2009. Please see the referenced advisory for more information.

4. Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
BugTraq ID: 34743
Remote: Yes
Date Published: 2009-04-27
Relevant URL: http://www.securityfocus.com/bid/34743
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected browser or crash the browser, denying service to legitimate users.

5. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
BugTraq ID: 34755
Remote: Yes
Date Published: 2009-04-28
Relevant URL: http://www.securityfocus.com/bid/34755
Summary:
DBD::Pg is prone to multiple heap-based buffer-overflow vulnerabilities that occur because the application fails to perform adequate boundary checks on user-supplied data.

Attackers may be able to exploit these issues to execute arbitrary code within the context of an application that uses the vulnerable module. Failed exploit attempts will result in a denial-of-service condition.

DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other versions may also be affected.

6. Memcached and MemcacheDB ASLR Information Disclosure Weakness
BugTraq ID: 34756
Remote: Yes
Date Published: 2009-04-28
Relevant URL: http://www.securityfocus.com/bid/34756
Summary:
Memcached and MemcacheDB are prone to an information-disclosure weakness that may aid attackers in bypassing Address Space Layout Randomization (ASLR) protections.

Attackers can exploit this weakness to gain access to sensitive information such as stack, heap, and shared-library memory locations. Information obtained may aid in other attacks.

memcached v1.2.7 and MemcacheDB v1.2.0 are vulnerable.

7. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
BugTraq ID: 34757
Remote: Yes
Date Published: 2009-04-28
Relevant URL: http://www.securityfocus.com/bid/34757
Summary:
DBD::Pg is prone to a denial-of-service vulnerability caused by a memory leak when handling BYTEA data.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected software.

DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other versions may also be affected.

8. Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
BugTraq ID: 34763
Remote: Yes
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34763
Summary:
Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

ServerProtect for Microsoft Windows/Novell NetWare
ServerProtect for EMC Celerra
ServerProtect for NetApp
ServerProtect for Linux
ServerProtect for Network Appliance Filers
Internet Security Pro Internet Security
OfficeScan Component
Worry Free Business Security - Standard
Worry Free Business Security - Advanced
Worry Free Business Security Hosted
Housecall
InterScan Web Security Suite
InterScan Web Protect for ISA
InterScan Messaging Security Appliance
Neatsuite Advanced
ScanMail for Exchange
ScanMail for Domino Suites

9. Multiple ESET Products CAB File Scan Evasion Vulnerability
BugTraq ID: 34764
Remote: Yes
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34764
Summary:
Multiple ESET products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

ESET products prior to Update 4036 are vulnerable.

10. Ubuntu Apport Local Arbitrary File Deletion Vulnerability
BugTraq ID: 34776
Remote: No
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34776
Summary:
Ubuntu Apport deletes crash-report files in an unsafe manner.

A local attacker may exploit this issue to delete arbitrary files, resulting in a denial-of-service condition. Other attacks may also be possible.

11. Drupal HTML Injection and Information Disclosure Vulnerabilities
BugTraq ID: 34779
Remote: Yes
Date Published: 2009-04-29
Relevant URL: http://www.securityfocus.com/bid/34779
Summary:
Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.

An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.

These issues affect the following:

Drupal 5.x (prior to 5.17)
Drupal 6.x (prior to 6.11)

12. McAfee Products RAR/ZIP Files Scan Evasion Vulnerability
BugTraq ID: 34780
Remote: Yes
Date Published: 2009-04-30
Relevant URL: http://www.securityfocus.com/bid/34780
Summary:
Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

The issue affects all McAfee software that uses DAT files.

13. GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
BugTraq ID: 34783
Remote: Yes
Date Published: 2009-04-30
Relevant URL: http://www.securityfocus.com/bid/34783
Summary:
GnuTLS is prone to multiple remote vulnerabilities:

- A remote code-execution vulnerability.
- A denial-of-service vulnerability
- A signature-generation vulnerability.
- A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.

Versions prior to GnuTLS 2.6.6 are vulnerable.

14. libwmf WMF Image File Remote Code Execution Vulnerability
BugTraq ID: 34792
Remote: Yes
Date Published: 2009-04-30
Relevant URL: http://www.securityfocus.com/bid/34792
Summary:
The 'libwmf' library is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

15. Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability
BugTraq ID: 34799
Remote: No
Date Published: 2009-05-04
Relevant URL: http://www.securityfocus.com/bid/34799
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

This issue affects Linux kernel 2.6.29; other versions may also be affected.

16. Quagga Autonomous System Number Remote Denial Of Service Vulnerability
BugTraq ID: 34817
Remote: Yes
Date Published: 2009-04-30
Relevant URL: http://www.securityfocus.com/bid/34817
Summary:
Quagga is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users.

Quagga 0.99.11 is vulnerable; other versions may also be affected.

17. ClamAV 'clamav-milter' Initscript File Permission Vulnerability
BugTraq ID: 34818
Remote: No
Date Published: 2009-05-04
Relevant URL: http://www.securityfocus.com/bid/34818
Summary:
ClamAV is prone to a file-permission security issue.

An attacker can exploit this issue to modify files in certain directories, which could affect system integrity and lead to other attacks.

ClamAV 0.95.1 is vulnerable; other versions may also be affected.

18. IceWarp Merak Mail Server 'Forgot Password' Input Validation Vulnerability
BugTraq ID: 34827
Remote: Yes
Date Published: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34827
Summary:
IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function.

Attackers can exploit this issue via social-engineering techniques to obtain valid users' login credentials; other attacks may also be possible.

19. xvfb-run Insecure Magic Cookie Local Information Disclosure Vulnerability
BugTraq ID: 34828
Remote: No
Date Published: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34828
Summary:
The 'xvfb-run' command is prone to an information-disclosure vulnerability.

Exploiting this issue may allow a local attacker to obtain sensitive information that may lead to further attacks.

20. Coccinelle Insecure Temporary File Creation Vulnerability
BugTraq ID: 34848
Remote: No
Date Published: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34848
Summary:
Coccinelle creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files.

Versions prior to Coccinelle 0.1.7 are vulnerable.

21. Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability
BugTraq ID: 34849
Remote: Yes
Date Published: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34849
Summary:
Multiple F-Secure products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
http://www.securityfocus.com/archive/91/503313

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte

Extended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus