+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| May 25th 2007 Volume 8, Number 21a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for samba, xfree86, php5,
clamav, gforge-plugin-scmcvs, tomcat5, phpwiki, mod_security,
pptpd, fetchmail, squirrelmail, evolution, tetex, ipsec-tools,
vixie-cron, libpng, gimp, Quagga, and vim. The distributors
include Debian, Fedora, Gentoo, Mandriva, Red Hat, SuSE,
and Ubuntu.
---
Vyatta - Linux-based Router, Firewall & VPN
Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.
Free Vyatta Software & Live Webinars
>> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28
---
* EnGarde Secure Linux v3.0.13 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New samba packages fix multiple vulnerabilities
17th, May, 2007
Various bugs in Samba's NDR parsing can allow a user to send
specially crafted MS-RPC requests that will overwrite the heap space
with user defined data.
http://www.linuxsecurity.com/content/view/128228
* Debian: New xfree86 packages fix several vulnerabilities
17th, May, 2007
Several vulnerabilities have been discovered in the X Window System,
which may lead to privilege escalation. Sean Larsson discovered an
integer overflow in the XC-MISC extension, which might lead to denial
of service or local privilege escalation.
http://www.linuxsecurity.com/content/view/128235
* Debian: New php5 packages fix several vulnerabilities
19th, May, 2007
Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:
http://www.linuxsecurity.com/content/view/128251
* Debian: New clamav packages fix denial of service vulnerability
21st, May, 2007
On 25 April, the Debian Security Team released clamav 0.90.1-3etch1,
an update to the Clam anti-virus toolkit, to address several
vulnerabilities. Unfortunately, there was an error in the updated
packages and CVE-2007-2029, a file descriptor leak in the PDF document
handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing
distribution (lenny). This problem has been fixed in version 0.90.1-3etch2
for Debian 4.0 (etch).
http://www.linuxsecurity.com/content/view/128262
* Debian: New php4 packages fix privilege escalation
21st, May, 2007
It was discovered that the ftp extension of PHP, a server-side,
HTML-embedded scripting language performs insufficient input
sanitising, which permits an attacker to execute arbitrary FTP commands.
This requires the attacker to already have access to the FTP server.
http://www.linuxsecurity.com/content/view/128263
* Debian: New gforge-plugin-scmcvs packages fix arbitrary shell command execution
24th, May, 2007
Bernhard R. Link discovered that the CVS browsing interface of
Gforge, a collaborative development tool, performs insufficient escaping
of URLs, which allows the execution of arbitrary shell commands with the
privileges of the www-data user.
http://www.linuxsecurity.com/content/view/128325
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 6 Update: tomcat5-5.5.23-0jpp.2.fc6
21st, May, 2007
Several security issues were reported to be fixed in releases prior
to tomcat5.5.23. Tomcat was found to accept multiple content-length
headers in a request. This could allow attackers to poison a web-cache,
bypass web application firewall protection, or conduct cross-site
scripting attacks.
http://www.linuxsecurity.com/content/view/128271
* Fedora Core 6 Update: jakarta-commons-modeler-1.1-8jpp.2.fc6
21st, May, 2007
Several security issues were reported to be fixed in
releases prior to tomcat5.5.23 Tomcat was found to accept multiple
content-length headers in a request. This could allow attackers to
poison a web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/128272
* Fedora Core 5 Update: samba-3.0.24-6.fc5
21st, May, 2007
Security bugs where found in samba-3.0.24-6.fc5. This update fixes
nmbd segfault in some rare conditions. Also fixes a bug introduced
with CVE-2007-2444 in some configurations. fixes CVE-2007-0452 Samba
smbd denial of service
http://www.linuxsecurity.com/content/view/128278
* Fedora Core 5 Update: php-5.1.6-1.6
24th, May, 2007
This update fixes a number of security issues in PHP.
A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user.
http://www.linuxsecurity.com/content/view/128317
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: PhpWiki Remote execution of arbitrary code
17th, May, 2007
A vulnerability has been discovered in PhpWiki allowing for the
remote execution of arbitrary code. A remote attacker could upload a
specially crafted PHP file to the vulnerable server, resulting in the
execution of arbitrary PHP code
with the privileges of the user running PhpWiki.
http://www.linuxsecurity.com/content/view/128229
* Gentoo: Apache mod_security Rule bypass
17th, May, 2007
A vulnerability has been discovered in mod_security, allowing a
remote attacker to bypass rules.A remote attacker could send a specially
crafted POST request, possibly bypassing the module ruleset and
leading to the execution of arbitrary code in the scope of the web
server with the rights of the user running
the web server.
http://www.linuxsecurity.com/content/view/128230
* Gentoo: PPTPD Denial of Service attack
20th, May, 2007
PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. A
vulnerability has been reported in PPTPD which could lead to a Denial
of Service.
http://www.linuxsecurity.com/content/view/128254
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated fetchmail packages fix potential APOP vulnerabilities
17th, May, 2007
The APOP functionality in fetchmail's POP3 client implementation was
validating the APOP challenge too lightly, accepting random garbage as a
POP3 server's APOP challenge, rather than insisting it conform to
RFC-822 specifications. Updated packages have been patched to prevent
these issues, however it should be noted that the APOP MD5-based
authentication scheme should no longer be considered secure.
http://www.linuxsecurity.com/content/view/128238
* Mandriva: Updated squirrelmailpackages fix vulnerabilities
19th, May, 2007
A number of HTML filtering bugs were found in SquirrelMail that could
allow an attacker to inject arbitrary JavaScript leading to cross-site
scripting attacks by sending an email viewed by a user within
SquirrelMail (CVE-2007-1262).
http://www.linuxsecurity.com/content/view/128252
* Mandriva: Updated evolution packages fix APOP weakness
20th, May, 2007
A weakness in the way Evolution processed certain APOP authentication
requests was discovered. A remote attacker could potentially obtain
certain portions of a user's authentication credentials by sending
certain responses when evolution-data-server attempted to authenticate
against an APOP server. The updated packages have been patched to
prevent this issue.
http://www.linuxsecurity.com/content/view/128253
* Mandriva: Updated tetex packages fix vulnerabilities
23rd, May, 2007
Buffer overflow in the gdImageStringFTEx function in gdft.c in the
GD Graphics Library 2.0.33 and earlier allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font.
Tetex 3.x uses an embedded copy of the gd source and may also be
affected by this issue.
http://www.linuxsecurity.com/content/view/128312
* Mandriva: Updated samba packages fix multiple
24th, May, 2007
A number of bugs were discovered in the NDR parsing support in Samba
that is used to decode MS-RPC requests. A remote attacker could send a
carefully crafted request that would cause a heap overflow, possibly
leading to the ability to execute arbitrary code on the server.
http://www.linuxsecurity.com/content/view/128313
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: ipsec-tools security update
17th, May, 2007
Updated ipsec-tools packages that fix a denial of service flaw in
racoon are now available for Red Hat Enterprise Linux 5. A denial of
service flaw was found in the ipsec-tools racoon daemon. It was possible
for a remote attacker, with knowledge of an existing ipsec tunnel, to
terminate the ipsec connection between two machines. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/128231
* RedHat: Moderate: vixie-cron security update
17th, May, 2007
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way
vixie-cron verifies crontab file integrity. A local user with the ability to
create a hardlink to /etc/crontab can prevent vixie-cron from executing
certain system cron jobs.
http://www.linuxsecurity.com/content/view/128232
* RedHat: Moderate: evolution security update
17th, May, 2007
Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4. A flaw was found in the way Evolution
processed certain APOP authentication requests. A remote attacker could
potentially acquire certain portions of a user's authentication
credentials by sending certain responses when evolution-data-server
attempted to authenticate against an APOP server.
http://www.linuxsecurity.com/content/view/128233
* RedHat: Moderate: squirrelmail security update
17th, May, 2007
A new squirrelmail package that fixes security issues is now
available for Red Hat Enterprise Linux 3, 4 and 5.Several HTML
filtering bugs were discovered in SquirrelMail. An attacker could
inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128234
* RedHat: Moderate: libpng security update
17th, May, 2007
Updated libpng packages that fix security issues are now available
for Red Hat Enterprise Linux.A flaw was found in the handling of
malformed images in libpng. An attacker could create a carefully
crafted PNG image file in such a way that it could cause an application
linked with libpng to crash when the file was manipulated. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/128236
* RedHat: Moderate: gimp security update
21st, May, 2007
Updated gimp packages that fix a security issue are now available for
Red Hat Enterprise Linux.Marsu discovered a stack overflow bug in The
GIMP RAS file loader. An attacker could create a carefully crafted
file that could cause The GIMP to crash or possibly execute arbitrary
code if the file was opened by a victim. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128256
* RedHat: Important: tomcat security update
21st, May, 2007
Updated tomcat packages that fix multiple security issues are now
available for Red Hat Application Server v2.Tomcat was found to accept
multiple content-length headers in a request. This could allow attackers
to poison a web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks. This update has been rated as
having important security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128257
* RedHat: Important: tomcat security update
24th, May, 2007
Updated tomcat packages that fix multiple security issues and a bug
are now available for Red Hat Developer Suite 3. Tomcat was found to
accept multiple content-length headers in a request. This could allow
attackers to poison a web-cache, bypass web application firewall
protection, or conduct cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/128320
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: samba security problems
22nd, May, 2007
The Samba server was affected by several security problems which have
been fixed. Specially crafted MS-RPC packets could overwrite heap
memory and therefore could potentially be exploited to execute code.
Authenticated users could leverage specially crafted MS-RPC packets
to pass arguments unfiltered to /bin/sh.
http://www.linuxsecurity.com/content/view/128283
* SuSE: php4,php5 security problems
23rd, May, 2007
Numerous numerous vulnerabilities have been fixed in PHP. Most of
them were made public during the "Month of PHP Bugs" project by
Stefan Esser and we thank Stefan for his reports. The vulnerabilities
potentially lead to crashes, information leaks
or even execution of malicious code.
http://www.linuxsecurity.com/content/view/128300
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Ubuntu: Quagga vulnerability
17th, May, 2007
It was discovered that Quagga did not correctly verify length
information sent from configured peers. Remote malicious peers could
send a specially crafted UPDATE message which would cause bgpd to
abort, leading to a denial of service.
http://www.linuxsecurity.com/content/view/128237
* Ubuntu: pptpd regression
21st, May, 2007
USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the
fix caused a regression in session establishment under Dapper for certain
PPTP clients. This update fixes the problem. We apologize for the
inconvenience.
http://www.linuxsecurity.com/content/view/128267
* Ubuntu: Samba regression
22nd, May, 2007
USN-460-1 fixed several vulnerabilities in Samba. The upstream changes
for CVE-2007-2444 had an unexpected side-effect in Feisty. Paul Griffith
and Andrew Hogue discovered that Samba did not fully drop root
privileges while translating SIDs. A remote authenticated user could
issue SMB operations during a small window of opportunity and gain root
privileges. (CVE-2007-2444)
http://www.linuxsecurity.com/content/view/128291
* Ubuntu: PHP vulnerabilities
22nd, May, 2007
A flaw was discovered in the FTP command handler in PHP. Commands
were not correctly filtered for control characters. An attacker
could issue arbitrary FTP commands using specially crafted arguments.
http://www.linuxsecurity.com/content/view/128293
* Ubuntu: vim vulnerability
22nd, May, 2007
Tomas Golembiovsky discovered that some vim commands were
accidentally allowed in modelines. By tricking a user into opening a
specially crafted file in vim, an attacker could execute arbitrary code
with user privileges.
http://www.linuxsecurity.com/content/view/128294
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon May 28 2007 - 23:10:41 PDT