Linux Security News
SecurityFocus Linux Newsletter #447 Sep 25 2009 05:19PM
sfa securityfocus com
SecurityFocus Linux Newsletter #447
----------------------------------------

This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet Protect here: https://www.immunet.com/user/new

------------------------------------------------------------------
I. FRONT AND CENTER
1.Lazy Workers May Be Deemed Hackers
2.The Scale of Security
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel Intel 32bit Emulation Mode Local Denial of Service Vulnerability
2. Changetrack Local Privilege Escalation Vulnerability
3. Linux Kernel 'find_ie()' Function Remote Denial of Service Vulnerability
4. Linux Kernel 'perf_counter_open()' Local Buffer Overflow Vulnerability
5. GNU glibc 'strfmon()' Function Integer Overflow Weakness
6. Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
7. Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
8. Snort Unified1 Output Remote Denial Of Service Vulnerability
9. Sun Solaris XScreenSaver X Resize and Rotate Local Information Disclosure Vulnerability
10. Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
11. OpenSAML URI Handling Remote Buffer Overflow Vulnerability
12. Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
13. OpenSAML 'use' Key Certificate Validation Security Bypass Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Lazy Workers May Be Deemed Hackers
By Mark Rasch
From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504

2.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel Intel 32bit Emulation Mode Local Denial of Service Vulnerability
BugTraq ID: 36393
Remote: No
Date Published: 2009-09-15
Relevant URL: http://www.securityfocus.com/bid/36393
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, resulting in a denial-of-service condition.

2. Changetrack Local Privilege Escalation Vulnerability
BugTraq ID: 36420
Remote: No
Date Published: 2009-09-16
Relevant URL: http://www.securityfocus.com/bid/36420
Summary:
Changetrack is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with root privileges.

Changetrack 4.3 is vulnerable; other versions may also be affected.

3. Linux Kernel 'find_ie()' Function Remote Denial of Service Vulnerability
BugTraq ID: 36421
Remote: Yes
Date Published: 2009-09-16
Relevant URL: http://www.securityfocus.com/bid/36421
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the kernel to end up in an infinite loop, denying service to legitimate users.

4. Linux Kernel 'perf_counter_open()' Local Buffer Overflow Vulnerability
BugTraq ID: 36423
Remote: No
Date Published: 2009-09-16
Relevant URL: http://www.securityfocus.com/bid/36423
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Local attackers may be able to exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts may crash the affected kernel, denying service to legitimate users.

The Linux Kernel 2.6.31-rc1 through 2.6.31 are vulnerable.

5. GNU glibc 'strfmon()' Function Integer Overflow Weakness
BugTraq ID: 36443
Remote: Yes
Date Published: 2009-09-17
Relevant URL: http://www.securityfocus.com/bid/36443
Summary:
GNU glibc is prone to an integer-overflow weakness.

An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

GNU glibc 2.10.1 and prior are vulnerable.

6. Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
BugTraq ID: 36469
Remote: No
Date Published: 2009-09-21
Relevant URL: http://www.securityfocus.com/bid/36469
Summary:
Postfix on Debian and Ubuntu creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects the following:

Postfix 2.5.5 on Debian 4.0 (and later)
Postfix 2.5.5 on Ubuntu 6.06 LTS (and later)

Other versions may also be affected.

7. Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
BugTraq ID: 36472
Remote: No
Date Published: 2009-09-21
Relevant URL: http://www.securityfocus.com/bid/36472
Summary:
The Linux kernel is prone to a privilege-escalation vulnerability.

Local attackers may be able to exploit this issue to execute arbitrary code with the privileges of another user and compromise the affected computer.

Versions prior to Linux kernel 2.6.19-rc6 are vulnerable.

8. Snort Unified1 Output Remote Denial Of Service Vulnerability
BugTraq ID: 36473
Remote: Yes
Date Published: 2009-09-21
Relevant URL: http://www.securityfocus.com/bid/36473
Summary:
Snort is affected by a denial-of-service vulnerability because the application fails to properly process unified1 output.

Attackers can leverage this issue by sending malformed network packets that will produce corrupted logs and alerts, causing denial-of-service conditions.

Snort 2.8.1 through 2.8.4 are affected.

9. Sun Solaris XScreenSaver X Resize and Rotate Local Information Disclosure Vulnerability
BugTraq ID: 36488
Remote: No
Date Published: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36488
Summary:
Solaris XScreenSaver is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects the following on both SPARC and x86 platforms:

Solaris 10
OpenSolaris based on builds snv_01 through snv_111

10. Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
BugTraq ID: 36512
Remote: No
Date Published: 2009-09-17
Relevant URL: http://www.securityfocus.com/bid/36512
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM).

Attackers can exploit this issue to crash a guest kernel or potentially gain read or write access to guest kernel memory.

Linux kernel 2.6.25-rc1 through 2.6.30 are affected. Kernel 2.6.31 is not affected by this issue.

11. OpenSAML URI Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 36514
Remote: Yes
Date Published: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36514
Summary:
OpenSAML is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks may cause denial-of-service conditions.

Versions prior to OpenSAML 1.1.3 are vulnerable.

12. Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 36515
Remote: Yes
Date Published: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36515
Summary:
The Newt library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

13. OpenSAML 'use' Key Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36516
Remote: Yes
Date Published: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36516
Summary:
OpenSAML is prone to a security-bypass vulnerability because of an error in verifying website certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet Protect here: https://www.immunet.com/user/new

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus