Linux Security News
SecurityFocus Linux Newsletter #448 Nov 02 2009 11:51PM
sfa securityfocus com
SecurityFocus Linux Newsletter #448
----------------------------------------

This issue is sponsored by Entrust

Go Green for Less Green
Give your customers the highest level of assurance
Give your customers the green address bar
Entrust EV SSL Certificates - Now from only $199 per year

http://www.entrust.net/securityfocus-ev

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time to Squish SQL Injection
2. Lazy Workers May Be Deemed Hackers
II. LINUX VULNERABILITY SUMMARY
1. MapServer HTTP Request Processing Integer Overflow Vulnerability
2. Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
3. ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
4. Linux Kernel KVM 'update_cr8_intercept()' Local Denial of Service Vulnerability
5. Linux Kernel 'proc' World Writeable File Security Bypass Vulnerability
6. HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
7. nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
8. RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
9. McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
10. Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
11. Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
12. Mozilla Firefox Form History Information Disclosure Vulnerability
13. Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
14. Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
15. Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
16. Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
17. Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
18. Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
19. Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
20. F-Secure Products PDF Files Scan Evasion Vulnerability
21. Sun Java SE Advance Notification of Multiple Security Vulnerabilities
22. SUSE Linux 'scsi_discovery tool' Insecure Temporary File Creation Vulnerability
23. Sun Solaris 'xscreensaver(1)' From JDS Local Information Disclosure Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Smart-Card Open Test Toolkit
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Squish SQL Injection
by Gunter Ollmann
Heartland Payment Systems and Hannaford Bros. both fell prey to botnets wielding SQL injection flaws. Corporate IT managers need to place a priority on fixing Web site vulnerabilities, argues Gunter Ollmann, vice president of research for Damballa.
http://www.securityfocus.com/columnists/505

2. Lazy Workers May Be Deemed Hackers
By Mark Rasch
From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MapServer HTTP Request Processing Integer Overflow Vulnerability
BugTraq ID: 36802
Remote: Yes
Date Published: 2009-10-23
Relevant URL: http://www.securityfocus.com/bid/36802
Summary:
MapServer is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code. Successful exploits will compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

This issue affects MapServer 4.10.x; other versions may be vulnerable as well.

NOTE: This issue reportedly stems from an incomplete fix for CVE-2009-0840, which was discussed in BID 34306 (MapServer Multiple Security Vulnerabilities).

2. Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
BugTraq ID: 36803
Remote: No
Date Published: 2009-10-23
Relevant URL: http://www.securityfocus.com/bid/36803
Summary:
The Linux kernel is prone to an integer-overflow vulnerability that affects the Kernel-based Virtual Machine (KVM).

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers.

Versions prior to Linux kernel 2.6.32-rc4 are vulnerable.

3. ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36804
Remote: Yes
Date Published: 2009-10-23
Relevant URL: http://www.securityfocus.com/bid/36804
Summary:
ProFTPD is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Versions prior to ProFTPD 1.3.2b are vulnerable.

4. Linux Kernel KVM 'update_cr8_intercept()' Local Denial of Service Vulnerability
BugTraq ID: 36805
Remote: No
Date Published: 2009-10-23
Relevant URL: http://www.securityfocus.com/bid/36805
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM).

Attackers can exploit this issue to crash the affected computer, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to 2.6.32-rc1 are vulnerable.

5. Linux Kernel 'proc' World Writeable File Security Bypass Vulnerability
BugTraq ID: 36806
Remote: No
Date Published: 2009-10-23
Relevant URL: http://www.securityfocus.com/bid/36806
Summary:
The Linux kernel is prone to a security-bypass vulnerability.

Local attackers can exploit this issue to write to world-writable files that are located in directories that they don't have access to. Successful exploits may lead to other attacks.

6. HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
BugTraq ID: 36807
Remote: Yes
Date Published: 2009-10-23
Relevant URL: http://www.securityfocus.com/bid/36807
Summary:
HTML-Parser is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected application that uses the module to fall into an infinite loop, denying service to legitimate users.

Versions prior to HTML-Parser 3.63 are vulnerable.

7. nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
BugTraq ID: 36839
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36839
Summary:
The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

8. RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
BugTraq ID: 36843
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36843
Summary:
The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox and SeaMonkey.

This BID is being retired; the following individual records now document these issues:

36875 Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
36873 Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
36866 Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
36872 Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
36871 Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
36870 Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
36869 Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
36867 Mozilla Firefox and Seamonkey Download Filename Spoofing Vulnerability
36852 Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
36854 Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
36858 Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
36857 Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
36855 Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
36853 Mozilla Firefox Form History Information Disclosure Vulnerability
36851 Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
36856 Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability

9. McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
BugTraq ID: 36848
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36848
Summary:
Multiple McAfee products are prone to vulnerabilities that may allow certain files to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application on a gateway device will fail to detect.

10. Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
BugTraq ID: 36851
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36851
Summary:
Mozilla Firefox is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by tricking a victim into visiting a malicious webpage to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

11. Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
BugTraq ID: 36852
Remote: No
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36852
Summary:
Mozilla Firefox is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will compromise the affected application and possibly the computer.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

12. Mozilla Firefox Form History Information Disclosure Vulnerability
BugTraq ID: 36853
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36853
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

13. Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
BugTraq ID: 36855
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36855
Summary:
Mozilla Firefox and SeaMonkey are prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code and to cause denial-of-service conditions by tricking a victim into visiting a malicious webpage.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

14. Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
BugTraq ID: 36856
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36856
Summary:
Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

15. Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
BugTraq ID: 36857
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36857
Summary:
Mozilla Firefox and SeaMonkey are prone to a privilege-escalation vulnerability in the browser's sidebar and FeedWriter.

Attackers can exploit this issue to execute arbitrary code with the object's chrome privileges.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

16. Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
BugTraq ID: 36858
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36858
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

17. Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
BugTraq ID: 36866
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36866
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

18. Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
BugTraq ID: 36867
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36867
Summary:
Mozilla Firefox and SeaMonkey are prone to a spoofing vulnerability.

Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

19. Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 36871
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36871
Summary:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: These issues were previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but have been assigned their own record to better document them.

20. F-Secure Products PDF Files Scan Evasion Vulnerability
BugTraq ID: 36876
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36876
Summary:
Multiple F-Secure products are prone to a vulnerability that may allow certain files to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application on a gateway device will fail to detect.

21. Sun Java SE Advance Notification of Multiple Security Vulnerabilities
BugTraq ID: 36881
Remote: Yes
Date Published: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36881
Summary:
Sun has released advance notification that the vendor will be addressing multiple security vulnerabilities in Java SE on November 3, 2009.

These issues will be addressed in the following releases:

JDK and JRE 6 Update 17
JDK and JRE 5.0 Update 22
SDK and JRE 1.4.2_24
SDK and JRE 1.3.1_27

22. SUSE Linux 'scsi_discovery tool' Insecure Temporary File Creation Vulnerability
BugTraq ID: 36887
Remote: No
Date Published: 2009-10-30
Relevant URL: http://www.securityfocus.com/bid/36887
Summary:
SUSE Linux creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks to overwrite arbitrary attacker-specified files.

The following versions are affected:

openSUSE 10.3 through 11.1
SUSE Linux Enterprise (SLE) 10 SP2 and 11

23. Sun Solaris 'xscreensaver(1)' From JDS Local Information Disclosure Vulnerability
BugTraq ID: 36891
Remote: No
Date Published: 2009-10-30
Relevant URL: http://www.securityfocus.com/bid/36891
Summary:
Solaris 'xscreensaver(1)' is prone to a local information-disclosure vulnerability that occurs in Solaris Trusted Extensions.

A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Smart-Card Open Test Toolkit
http://www.securityfocus.com/archive/91/507540

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Go Green for Less Green
Give your customers the highest level of assurance
Give your customers the green address bar
Entrust EV SSL Certificates - Now from only $199 per year

http://www.entrust.net/securityfocus-ev

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus