Linux Security News
SecurityFocus Linux Newsletter #445 Aug 12 2009 11:19PM
sfa securityfocus com
SecurityFocus Linux Newsletter #445
----------------------------------------

This issue is sponsored by SC World Congress

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October 13-14 in New York City. The Congress features a comprehensive, two-day program presented in four tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality content, innovative formats and sessions, global perspectives and ROI, this is the one event you can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. LINUX VULNERABILITY SUMMARY
1. Sun Java SE Multiple Security Vulnerabilities
2. Palm WebOS Email Notification System 'FROM' Field Arbitrary Script Code Injection Vulnerability
3. Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
4. Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
5. Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
6. Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
7. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
8. JNLPAppletLauncher Arbitrary File Creation Vulnerability
9. Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10. Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
11. GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
12. Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
13. Sun Java System Access Manager CDCServlet Component Information Disclosure Vulnerability
14. Sun Java System Access Manager Debug Files Local Information Disclosure Vulnerability
15. Sun Solaris XScreenSaver Popup Windows Local Information Disclosure Vulnerability
16. Linux Kernel 'posix-timers.c' NULL Pointer Dereference Denial of Service Vulnerability
17. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
18. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
19. Debian Mantis Package 'config_db.php' Insecure File Permissions Vulnerability
20. libxml2 Multiple Memory Corruption Vulnerabilities
21. Asterisk SIP Channel Driver 'scanf' Multiple Remote Denial of Service Vulnerabilities
22. Linux Kernel 'fs/proc/base.c' Local Information Disclosure Vulnerability
23. Sun Solaris XScreenSaver and Assistive Technology Support Security Bypass Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Sun Java SE Multiple Security Vulnerabilities
BugTraq ID: 35922
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35922
Summary:
Sun has released updates to address multiple vulnerabilities in Java SE.

Very little technical information is currently available on these issues. This BID will be updated as the vendor advisories are released.

These issues are addressed in the following releases:

JDK and JRE 6 Update 15
JDK and JRE 5.0 Update 20
SDK and JRE 1.4.2_22
SDK and JRE 1.3.1_26

2. Palm WebOS Email Notification System 'FROM' Field Arbitrary Script Code Injection Vulnerability
BugTraq ID: 35932
Remote: Yes
Date Published: 2009-08-04
Relevant URL: http://www.securityfocus.com/bid/35932
Summary:
Palm WebOS is prone to an arbitrary script code injection vulnerability that exists in the Email Notification System because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

The attacker's malicious script code would run in the context of the webserver process. This may facilitate a compromise of the application and the underlying device; other attacks are also possible.

Palm WebOS 1.0.4 is vulnerable; prior versions may also be affected.

3. Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
BugTraq ID: 35939
Remote: Yes
Date Published: 2009-08-04
Relevant URL: http://www.securityfocus.com/bid/35939
Summary:
Sun Java Runtime Environment (JRE) is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to access the 'java.lang.System' properties and perform actions with elevated privileges on affected computers.

This issue affects the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

4. Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
BugTraq ID: 35942
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35942
Summary:
Sun Java Runtime Environment (JRE) is prone to an integer-overflow vulnerability.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected application. Failed attempts may result in denial-of-service conditions.

This issue affects the following:

JDK and JRE 6 Update 14 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

5. Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
BugTraq ID: 35943
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35943
Summary:
Sun Java Runtime Environment (JRE) is prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to perform actions with elevated privileges and gain access to sensitive information, hijack sessions, and violate the same-origin policy.

These issues affect the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: These issues were previously covered in BID 35922 (Sun Java SE Multiple Security Vulnerabilities), but have been assigned their own record to better document them.

6. Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
BugTraq ID: 35944
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35944
Summary:
Sun Java Runtime Environment (JRE) is prone to an integer-overflow vulnerability.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected application. Failed attempts may result in denial-of-service conditions.

This issue affects the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

7. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
BugTraq ID: 35945
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35945
Summary:
Java Web Start ActiveX Control included in Sun JRE and JDK is prone to a remote code-execution vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage. If successful, the attacker can run arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue is caused by the vulnerabilities described in Microsoft security advisory 973883 and is related to the following BIDs:
35828 Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
35830 Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
35832 Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

This issue affects the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

8. JNLPAppletLauncher Arbitrary File Creation Vulnerability
BugTraq ID: 35946
Remote: Yes
Date Published: 2009-08-04
Relevant URL: http://www.securityfocus.com/bid/35946
Summary:
JNLPAppletLauncher is prone to a vulnerability that allows attackers to write arbitrary files on the vulnerable system.

An attacker may exploit this issue to create arbitrary files on the system running the affected application. This may aid in further attacks.

9. Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35949
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35949
Summary:
Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

10. Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35951
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35951
Summary:
Fetchmail is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Versions prior to Fetchmail 6.3.11 are vulnerable.

11. GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35952
Remote: Yes
Date Published: 2009-08-04
Relevant URL: http://www.securityfocus.com/bid/35952
Summary:
GnuTLS is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

GnuTLS 2.8.1 is vulnerable; other versions may also be affected.

12. Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
BugTraq ID: 35958
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35958
Summary:
Sun Java Runtime Environment (JRE) is prone to a denial-of-service vulnerability.

Attackers may exploit this issue to cause denial-of-service conditions in applications that use the vulnerable environment.

This issue affects the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

13. Sun Java System Access Manager CDCServlet Component Information Disclosure Vulnerability
BugTraq ID: 35961
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35961
Summary:
Sun Java System Access Manager is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

This issue affects Sun Java System Access Manager 7.1 and Sun Java System Access Manager 7 2005Q4 (7.0).

14. Sun Java System Access Manager Debug Files Local Information Disclosure Vulnerability
BugTraq ID: 35963
Remote: No
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35963
Summary:
Sun Java System Access Manager is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

This issue affects Sun Java System Access Manager 6 2005Q1, Sun Java System Access Manager 7 2005Q4, Sun Java System Access Manager 7.1, and OpenSSO Enterprise 8.0.

15. Sun Solaris XScreenSaver Popup Windows Local Information Disclosure Vulnerability
BugTraq ID: 35964
Remote: No
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35964
Summary:
Solaris XScreenSaver is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

NOTE: This issue may be related to the vulnerability described in BID 34421 but this could not be confirmed. We will update this BID when more information becomes available.

This issue affects the following on both SPARC and x86 platforms:

Solaris 8
Solaris 9
Solaris 10
OpenSolaris builds snv_01 through snv_119

16. Linux Kernel 'posix-timers.c' NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 35976
Remote: No
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35976
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue was introduced in Linux kernel 2.6.28-rc1 and fixed in 2.6.31-rc5-git3.

17. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
BugTraq ID: 35977
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35977
Summary:
Sun OpenSSO Enterprise (formerly Sun Java System Access Manager and Sun Java System Identity Server) is prone to a memory-corruption vulnerability because it fails to properly handle specially crafted XML documents.

Very few details are available regarding this issue. We will update this BID as more information emerges.

An attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

18. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35983
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35983
Summary:
Subversion is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of Subversion clients and servers. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

The issues affect the following:
Subversion clients and servers versions 1.5.6 and prior.
Subversion clients and servers versions 1.6.0 through 1.6.3.

19. Debian Mantis Package 'config_db.php' Insecure File Permissions Vulnerability
BugTraq ID: 36000
Remote: No
Date Published: 2009-08-08
Relevant URL: http://www.securityfocus.com/bid/36000
Summary:
The Debian Mantis package is prone to an insecure file-permission security vulnerability.

An attacker can exploit this issue to gain access to sensitive information such as database credentials to Mantis database. This may aid in further attacks.

20. libxml2 Multiple Memory Corruption Vulnerabilities
BugTraq ID: 36010
Remote: Yes
Date Published: 2009-08-10
Relevant URL: http://www.securityfocus.com/bid/36010
Summary:
libxml2 is prone to multiple memory-corruption vulnerabilities.

An attacker can exploit these issues by tricking a victim into opening a specially crafted XML file.

A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or cause a denial-of-service condition.

21. Asterisk SIP Channel Driver 'scanf' Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 36015
Remote: Yes
Date Published: 2009-08-10
Relevant URL: http://www.securityfocus.com/bid/36015
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.

Successful exploits can crash the SIP channel driver, resulting in denial-of-service conditions for legitimate users.

The issues affect the Asterisk 1.6.1.

Please note that other versions may also include the affected code but may not be exploitable as they do not allow SIP packets to exceed 1500 bytes total.

22. Linux Kernel 'fs/proc/base.c' Local Information Disclosure Vulnerability
BugTraq ID: 36019
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36019
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

23. Sun Solaris XScreenSaver and Assistive Technology Support Security Bypass Vulnerability
BugTraq ID: 36030
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36030
Summary:
Sun Solaris is prone to a security-bypass vulnerability that affects XScreenSaver and Assistive Technology Support.

A local attacker can exploit this issue to gain unauthorized access to the system that may lead to further attacks.

This issue affects the following on both SPARC and x86 platforms:

Solaris 10
OpenSolaris builds snv_01 through snv_110

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by SC World Congress

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October 13-14 in New York City. The Congress features a comprehensive, two-day program presented in four tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality content, innovative formats and sessions, global perspectives and ROI, this is the one event you can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus