+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 24th 2006 Volume 7, Number 48a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for imagemagick, phpmyadmin, gv, xine-lib, flexbackup, linux-ftpd, proftpd, libpng, TikiWiki, Ruby, netlink, qmailAdmin, Texinfo, fvwm, libpng, syslinux, pxelinux, doxygen, chromium, xorg, avahi, links, openldap, apache-mod_auth_kerb, asterisk, powerdns, and libpng. The distributors include Debian, Gentoo, Mandriva, SuSE, and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.10 Now Available Guardian Digital is pleased to announce the release of EnGarde Secure Community 3.0.10 (Version 3.0, Release 10). This release includes our new SELinux Control Console and our new context-sensitive Guardian Digital help system, along with bug fixes and upgrades to major applications including Apache, Postfix, and Snort. http://www.engardelinux.org/modules/index/releases/3.0.10.cgi --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New imagemagick packages fix several vulnerabilities 19th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125816 * Debian: New phpmyadmin packages fix regression 19th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125817 * Debian: New gv packages fix arbitrary code execution 20th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125838 * Debian: New xine-lib packages fix execution of arbitrary code 20th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125839 * Debian: New flexbackup packages fix denial of service 20th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125840 * Debian: New linux-ftpd packages fix access control bypass 20th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125841 * Debian: New proftpd packages fix denial of service 21st, November, 2006 It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service. CVEID CVE-2006-5815 is addressed by this vulnerability. http://www.linuxsecurity.com/content/view/125858 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: libpng Denial of Service 17th, November, 2006 A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. http://www.linuxsecurity.com/content/view/125808 * Gentoo: WordPress Multiple vulnerabilities 17th, November, 2006 Flaws in WordPress allow a Denial of Service, the disclosure of user metadata and the overwriting of restricted files. http://www.linuxsecurity.com/content/view/125809 * Gentoo: TikiWiki Multiple vulnerabilities 20th, November, 2006 TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks. http://www.linuxsecurity.com/content/view/125834 * Gentoo: Ruby Denial of Service vulnerability 20th, November, 2006 The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack. http://www.linuxsecurity.com/content/view/125835 * Gentoo: Avahi "netlink" message vulnerability 20th, November, 2006 Avahi fails to verify the origin of netlink messages, which could allow local users to spoof network changes. http://www.linuxsecurity.com/content/view/125836 * Gentoo: TORQUE Insecure temproary file creation 20th, November, 2006 TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges. http://www.linuxsecurity.com/content/view/125837 * Gentoo: qmailAdmin Buffer overflow 21st, November, 2006 qmailAdmin is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/125854 * Gentoo: TORQUE Insecure temporary file creation 21st, November, 2006 TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges. http://www.linuxsecurity.com/content/view/125855 * Gentoo: Texinfo Buffer overflow 21st, November, 2006 Texinfo is vulnerable to a buffer overflow that could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/125856 * Gentoo: fvwm fvwm-menu-directory fvwm command injection 23rd, November, 2006 A flaw in fvwm-menu-directory may permit a local attacker to execute arbitrary commands with the privileges of another user. http://www.linuxsecurity.com/content/view/125886 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated libpng packages fix vulnerabilities 16th, November, 2006 Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". http://www.linuxsecurity.com/content/view/125794 * Mandriva: Updated syslinux packages to fix embedded libpng vulnerabilities 16th, November, 2006 SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. http://www.linuxsecurity.com/content/view/125795 * Mandriva: Updated pxelinux packages to fix embedded libpng vulnerabilities 16th, November, 2006 PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. http://www.linuxsecurity.com/content/view/125796 * Mandriva: Updated doxygen packages to fix embedded libpng vulnerabilities 16th, November, 2006 Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. http://www.linuxsecurity.com/content/view/125803 * Mandriva: Updated chromium packages to fix embedded libpng vulnerabilities 16th, November, 2006 Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. http://www.linuxsecurity.com/content/view/125804 * Mandriva: Updated gv packages fix buffer overflow vulnerability 17th, November, 2006 Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header. http://www.linuxsecurity.com/content/view/125814 * Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities 18th, November, 2006 Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). http://www.linuxsecurity.com/content/view/125815 * Mandriva: Updated avahi packages fix netlink vulnerability 20th, November, 2006 Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service. http://www.linuxsecurity.com/content/view/125842 * Mandriva: Updated links packages fix smb vulnerability 20th, November, 2006 The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. http://www.linuxsecurity.com/content/view/125843 * Mandriva: Updated proftpd packages fix vulnerabilities 20th, November, 2006 As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD. http://www.linuxsecurity.com/content/view/125848 * Mandriva: Updated openldap packages fixes Bind vulnerability 21st, November, 2006 An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue. Packages for Corp4 were built from the wrong src.rpm, breaking Heimdal Kerboros and possibly other support. Updated packages are being provided to correct this issue. http://www.linuxsecurity.com/content/view/125867 * Mandriva: Updated apache-mod_auth_kerb packages fixes DoS vulnerability 23rd, November, 2006 An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. Packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/125887 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Mozilla Firefox, Thunderbird, 16th, November, 2006 The following CVEIDs are addresed by this vulnerability: CVE-2006-5464 CVE-2006-5747 CVE-2006-5748 CVE-2006-5462 CVE-2006-5463 http://www.linuxsecurity.com/content/view/125790 * SuSE: asterisk (SUSE-SA:2006:069) 16th, November, 2006 Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. http://www.linuxsecurity.com/content/view/125791 * SuSE: powerdns denial of service 16th, November, 2006 Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash. http://www.linuxsecurity.com/content/view/125792 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: libpng vulnerability 17th, November, 2006 Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library. http://www.linuxsecurity.com/content/view/125806 * Ubuntu: OpenLDAP vulnerability 20th, November, 2006 Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service. http://www.linuxsecurity.com/content/view/125849 * Ubuntu: Thunderbird vulnerabilities 21st, November, 2006 USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748) http://www.linuxsecurity.com/content/view/125860 * Ubuntu: Firefox vulnerabilities 21st, November, 2006 USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748) http://www.linuxsecurity.com/content/view/125861 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Nov 26 2006 - 23:36:06 PST