+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| May 18th 2007 Volume 8, Number 20a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for squirrelmail, samba, qt4-x11,
samba, php, postgresql, ImageMagick, Xscreensaver, phpwiki, mod_security,
free radius, tomcat, bluez-utils, ipsec tools, vixie-cron, evolution,
libpng, and pptpd. The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.
---
Vyatta Open-Source Router, Firewall & VPN
Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of open-source solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.
>> Free Webinars & Vyatta Community Edition 2 Software
>> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28
---
* EnGarde Secure Linux v3.0.13 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New Linux 2.6.18 packages fix several vulnerabilities
13th, May, 2007
Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. We recommend that you upgrade your kernel package immediately
and reboot the machine. If you have built a custom kernel from the kernel
source package, you will need to rebuild to take advantage of these
fixes.
http://www.linuxsecurity.com/content/view/128165
* Debian: New squirrelmail packages fix cross-site scripting
13th, May, 2007
It was discovered that the webmail package Squirrelmail performs
insufficient sanitising inside the HTML filter, which allows the
injection of arbitrary web script code during the display of HTML
email messages.
http://www.linuxsecurity.com/content/view/128166
* Debian: New samba packages fix multiple vulnerabilities
15th, May, 2007
Several issues have been identified in Samba, the SMB/CIFS file and
print-server implementation for GNU/Linux. When translating SIDs
to/from names using Samba local list of user and group accounts, a
logic error in the smbd daemon's internal security stack may result
in a transition to the root user id rather than the
non-root user.
http://www.linuxsecurity.com/content/view/128207
* Debian: New qt4-x11 packages fix cross-site scripting vulnerability
15th, May, 2007
ndreas Nolden discovered a bug in the UTF8 decoding routines in
qt4-x11, a C++ GUI library framework, that could allow remote
attackers to conduct cross-site scripting (XSS) and directory
traversal attacks via long sequences that decode to dangerous
metacharacters.
http://www.linuxsecurity.com/content/view/128209
* Debian: New samba packages fix multiple vulnerabilities
17th, May, 2007
Various bugs in Samba's NDR parsing can allow a user to send
specially crafted MS-RPC requests that will overwrite the heap space
with user defined data.
http://www.linuxsecurity.com/content/view/128228
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 6 Update: php-5.1.6-3.6.fc6
14th, May, 2007
This update fixes a number of security issues in PHP. A heap buffer
overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script
which implements an XML-RPC server using this extension could allow a
remote attacker to execute arbitrary code as the 'apache' user. Note
that this flaw does not affect PHP applications using the pure-PHP
XML_RPC class provided in /usr/share/pear.
http://www.linuxsecurity.com/content/view/128184
* Fedora Core 5 Update: samba-3.0.24-5.fc5
14th, May, 2007
This release of Samba fixes some Serious security bugs,
CVE-2007-2444, CVE-2007-2446 and CVE-2007-2447. Fixes the security
bugs which causes a Samba smbd denial of service.
http://www.linuxsecurity.com/content/view/128189
* Fedora Core 6 Update: samba-3.0.24-5.fc6
14th, May, 2007
This release of Samba fixes some Serious security bugs CVE-2007-2444,
CVE-2007-2446, and CVE-2007-2447
http://www.linuxsecurity.com/content/view/128192
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: PostgreSQL Privilege escalation
10th, May, 2007
An error involving insecure search_path settings in the SECURITY
DEFINER functions has been reported in PostgreSQL. This error
contains a vulnerability that could result in SQL privilege
escalation.
http://www.linuxsecurity.com/content/view/128148
* Gentoo: ImageMagick Multiple buffer overflows
10th, May, 2007
iDefense Labs has discovered multiple integer overflows in
ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are
used to process DCM and XWD files. It can allow for the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/128149
* Gentoo: XScreenSaver Privilege escalation
13th, May, 2007
XScreenSaver allows local users to bypass authentication under
certain configurations. XScreenSaver incorrectly handles the results of
the getpwuid() function in drivers/lock.c when using directory servers
during a network outage.
http://www.linuxsecurity.com/content/view/128167
* Gentoo: ImageMagick Multiple buffer overflows
14th, May, 2007
Multiple integer overflows have been discovered in ImageMagick
allowing for the execution of arbitrary code. iDefense Labs has discovered
integer overflows in ImageMagick in the functions ReadDCMImage() and
ReadXWDImage(), that are used to process DCM and XWD files.
http://www.linuxsecurity.com/content/view/128177
* Gentoo: Samba Multiple vulnerabilities
15th, May, 2007
Samba contains multiple vulnerabilities potentially resulting in the
execution of arbitrary code with root privileges. A remote attacker
could exploit these vulnerabilities to gain root privileges via
various vectors.
http://www.linuxsecurity.com/content/view/128202
* Gentoo: PhpWiki Remote execution of arbitrary code
17th, May, 2007
A vulnerability has been discovered in PhpWiki allowing for the
remote execution of arbitrary code. A remote attacker could upload a
specially crafted PHP file to the vulnerable server, resulting in the
execution of arbitrary PHP code with the privileges of the user running
PhpWiki.
http://www.linuxsecurity.com/content/view/128229
* Gentoo: Apache mod_security Rule bypass
17th, May, 2007
A vulnerability has been discovered in mod_security, allowing a
remote attacker to bypass rules.A remote attacker could send a specially
crafted POST request, possibly bypassing the module ruleset and
leading to the execution of arbitrary code in the scope of the web
server with the rights of the user running
the web server.
http://www.linuxsecurity.com/content/view/128230
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated php packages fix multiple vulnerabilities
10th, May, 2007
A heap buffer overflow flaw was found in the xmlrpc extension for
PHP. A script that implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the apache user.
This flaw does not, however, affect PHP applications using the
pure-PHP XML_RPC class provided via PEAR.
http://www.linuxsecurity.com/content/view/128153
* Mandriva: Updated php packages fix multiple vulnerabilities
10th, May, 2007
A heap buffer overflow flaw was found in the xmlrpc extension for
PHP. A script that implements an XML-RPC server using this extension
could allow a remote attacker to execute arbitrary code as the apache
user. This flaw does not, however, affect PHP applications using the
pure-PHP XML_RPC class provided via PEAR
http://www.linuxsecurity.com/content/view/128154
* Mandriva: Updated samba packages fix multiple vulnerabilities
14th, May, 2007
A number of bugs were discovered in the NDR parsing support in Samba
that is used to decode MS-RPC requests. A remote attacker could
send a carefully crafted request that would cause a heap overflow,
possibly leading to the ability to execute arbitrary code on the
server
http://www.linuxsecurity.com/content/view/128199
* RedHat: Important: php security update
10th, May, 2007
Updated PHP packages that fix several security issues are now
available for Red Hat Application Stack.This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128144
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: freeradius security update
10th, May, 2007
Updated freeradius packages that fix a memory leak flaw are now
available for Red Hat Enterprise Linux 3, 4, and 5. A remote attacker
could send a specially crafted authentication request which could cause
FreeRADIUS to leak a small amount of memory. If enough of these requests
are sent, the FreeRADIUS daemon would consume a vast quantity of
system memory leading to a possible denial of service.
http://www.linuxsecurity.com/content/view/128146
* RedHat: Critical: samba security update
14th, May, 2007
Updated samba packages that fix several security flaws are now
available.Various bugs were found in NDR parsing, used to decode
MS-RPC requests in Samba. A remote attacker could have sent
carefully crafted requests causing a heap overflow, which may have
led to the ability to execute arbitrary code on the server.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128174
* RedHat: Important: tomcat security update
14th, May, 2007
Updated tomcat packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5. Tomcat was found to accept
multiple content-length headers in a request. This could allow attackers
to poison a web-cache, bypass web application firewall protection, or conduct
cross-site scripting attacks. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128175
* RedHat: Moderate: bluez-utils security update
14th, May, 2007
Updated bluez-utils packages that fix a security flaw are now
available for Red Hat Enterprise Linux 4. A flaw was found in the
Bluetooth HID daemon (hidd). A remote attacker would have been able
to inject keyboard and mouse events via a Bluetooth connection without
any authorization. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128176
* RedHat: Important: kernel security and bug fix update
16th, May, 2007
Updated kernel packages that fix security issues and bugs in the Red
Hat Enterprise Linux 5 kernel are now available.One of the flaws is in
the handling of IPv6 type 0 routing headers that allowed remote users
to cause a denial of service that led to a network amplification between
two routers. This update has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128219
* RedHat: Moderate: ipsec-tools security update
17th, May, 2007
Updated ipsec-tools packages that fix a denial of service flaw in
racoon are now available for Red Hat Enterprise Linux 5. A denial of
service flaw was found in the ipsec-tools racoon daemon. It was possible
for a remote attacker, with knowledge of an existing ipsec tunnel, to
terminate the ipsec connection between two machines. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/128231
* RedHat: Moderate: vixie-cron security update
17th, May, 2007
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way
vixie-cron verifies crontab file integrity. A local user with the ability
to create a hardlink to /etc/crontab can prevent vixie-cron from executing
certain system cron jobs.
http://www.linuxsecurity.com/content/view/128232
* RedHat: Moderate: evolution security update
17th, May, 2007
Updated evolution packages that fix a security bug are now available
for Red Hat Enterprise Linux 3 and 4. A flaw was found in the way
Evolution processed certain APOP authentication requests. A remote
attacker could potentially acquire certain portions of a user's
authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP
server.
http://www.linuxsecurity.com/content/view/128233
* RedHat: Moderate: squirrelmail security update
17th, May, 2007
A new squirrelmail package that fixes security issues is now
available for Red Hat Enterprise Linux 3, 4 and 5.Several HTML
filtering bugs were discovered in SquirrelMail. An attacker
could inject arbitrary JavaScript leading to cross-site scripting
attacks by sending an e-mail viewed by a user within SquirrelMail.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128234
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
* Slackware: samba
15th, May, 2007
New samba packages are available for Slackware 10.0, 10.1, 10.2,
11.0, and current to fix security issues. The security fixes local SID/Name
translation bug can result in user privilege elevation, multiple heap
overflows allow remote code execution, and Unescaped user input
parameters are passed as arguments to /bin/sh allowing for remote
command execution. Vulnerabilities and Exposures (CVE) database:
http://www.linuxsecurity.com/content/view/128200
* Slackware: libpng
16th, May, 2007
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1,10.2, 11.0, and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database.
http://www.linuxsecurity.com/content/view/128222
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: Linux kernel (SUSE-SA:2007:030)
10th, May, 2007
This kernel update is for SUSE Linux 9.3 which fixes the some
security problems. The ftdi_sio driver allowed local users to cause
a denial of service (memory consumption) by writing more data to the
serial port than the hardware can handle, which causes the data to be
queued. This requires this driver to be loaded, which only happens if
such a device is plugged in.
http://www.linuxsecurity.com/content/view/128140
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: pptpd vulnerability
14th, May, 2007
A flaw was discovered in the PPTP tunnel server. Remote attackers
could send a specially crafted packet and disrupt established PPTP tunnels,
leading to a denial of service.
http://www.linuxsecurity.com/content/view/128198
* Ubuntu: Samba vulnerabilities
15th, May, 2007
Paul Griffith and Andrew Hogue discovered that Samba did not fully
drop root privileges while translating SIDs. A remote authenticated user
could issue SMB operations during a small window of opportunity and
gain root privileges.
http://www.linuxsecurity.com/content/view/128212
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun May 20 2007 - 23:38:03 PDT