[ISN] Linux Advisory Watch - May 25th 2007

From: InfoSec News (alerts@private)
Date: Mon May 28 2007 - 23:02:57 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  May 25th 2007                                 Volume 8, Number 21a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. 
It includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for samba, xfree86, php5,
clamav, gforge-plugin-scmcvs, tomcat5, phpwiki, mod_security,
pptpd, fetchmail, squirrelmail, evolution, tetex, ipsec-tools,
vixie-cron, libpng, gimp, Quagga, and vim.  The distributors
include Debian, Fedora, Gentoo, Mandriva, Red Hat, SuSE,
and Ubuntu.

---

Vyatta - Linux-based Router, Firewall & VPN

Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.

    Free Vyatta Software & Live Webinars
 >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---


Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New samba packages fix multiple vulnerabilities
  17th, May, 2007

Various bugs in Samba's NDR parsing can allow a user to send
specially crafted MS-RPC requests that will overwrite the heap space
with user defined data.

http://www.linuxsecurity.com/content/view/128228


* Debian: New xfree86 packages fix several vulnerabilities
  17th, May, 2007

Several vulnerabilities have been discovered in the X Window System,
which may lead to privilege escalation. Sean Larsson discovered an
integer overflow in the XC-MISC extension, which might lead to denial
of service or local privilege escalation.

http://www.linuxsecurity.com/content/view/128235


* Debian: New php5 packages fix several vulnerabilities
  19th, May, 2007

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

http://www.linuxsecurity.com/content/view/128251


* Debian: New clamav packages fix denial of service vulnerability
  21st, May, 2007

On 25 April, the Debian Security Team released clamav 0.90.1-3etch1,
an update to the Clam anti-virus toolkit, to address several
vulnerabilities. Unfortunately, there was an error in the updated
packages and CVE-2007-2029, a file descriptor leak in the PDF document
handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing
distribution (lenny). This problem has been fixed in version 0.90.1-3etch2
for Debian 4.0 (etch).

http://www.linuxsecurity.com/content/view/128262


* Debian: New php4 packages fix privilege escalation
  21st, May, 2007

It was discovered that the ftp extension of PHP, a server-side,
HTML-embedded scripting language performs insufficient input
sanitising, which permits an attacker to execute arbitrary FTP commands.
This requires the attacker to already have access to the FTP server.

http://www.linuxsecurity.com/content/view/128263


* Debian: New gforge-plugin-scmcvs packages fix arbitrary shell command execution
  24th, May, 2007

Bernhard R. Link discovered that the CVS browsing interface of
Gforge, a collaborative development tool, performs insufficient escaping
of URLs, which allows the execution of arbitrary shell commands with the
privileges of the www-data user.

http://www.linuxsecurity.com/content/view/128325



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: tomcat5-5.5.23-0jpp.2.fc6
  21st, May, 2007

Several security issues were reported to be fixed in releases prior
to tomcat5.5.23. Tomcat was found to accept multiple content-length
headers in a request. This could allow attackers to poison a web-cache,
bypass web application firewall protection, or conduct cross-site
scripting attacks.

http://www.linuxsecurity.com/content/view/128271


* Fedora Core 6 Update: jakarta-commons-modeler-1.1-8jpp.2.fc6
  21st, May, 2007

Several security issues were reported to be fixed in
releases prior to tomcat5.5.23 Tomcat was found to accept multiple
content-length headers in a request. This could allow attackers to
poison a web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/128272


* Fedora Core 5 Update: samba-3.0.24-6.fc5
  21st, May, 2007

Security bugs where found in samba-3.0.24-6.fc5. This update fixes
nmbd segfault in some rare conditions. Also fixes a bug introduced
with CVE-2007-2444 in some configurations.  fixes CVE-2007-0452 Samba
smbd denial of service

http://www.linuxsecurity.com/content/view/128278


* Fedora Core 5 Update: php-5.1.6-1.6
  24th, May, 2007

This update fixes a number of security issues in PHP.
A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user.

http://www.linuxsecurity.com/content/view/128317


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: PhpWiki Remote execution of arbitrary code
  17th, May, 2007

A vulnerability has been discovered in PhpWiki allowing for the
remote execution of arbitrary code. A remote attacker could upload a
specially crafted PHP file to the vulnerable server, resulting in the
execution of arbitrary PHP code
with the privileges of the user running PhpWiki.

http://www.linuxsecurity.com/content/view/128229


* Gentoo: Apache mod_security Rule bypass
  17th, May, 2007

A vulnerability has been discovered in mod_security, allowing a
remote attacker to bypass rules.A remote attacker could send a specially
crafted POST request, possibly bypassing the module ruleset and
leading to the execution of arbitrary code in the scope of the web
server with the rights of the user running
the web server.

http://www.linuxsecurity.com/content/view/128230


* Gentoo: PPTPD Denial of Service attack
  20th, May, 2007

PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. A
vulnerability has been reported in PPTPD which could lead to a Denial
of Service.

http://www.linuxsecurity.com/content/view/128254



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated fetchmail packages fix potential APOP vulnerabilities
  17th, May, 2007

The APOP functionality in fetchmail's POP3 client implementation was 
validating the APOP challenge too lightly, accepting random garbage as a 
POP3 server's APOP challenge, rather than insisting it conform to 
RFC-822 specifications. Updated packages have been patched to prevent 
these issues, however it should be noted that the APOP MD5-based 
authentication scheme should no longer be considered secure.

http://www.linuxsecurity.com/content/view/128238


* Mandriva: Updated squirrelmailpackages fix vulnerabilities
  19th, May, 2007

A number of HTML filtering bugs were found in SquirrelMail that could 
allow an attacker to inject arbitrary JavaScript leading to cross-site 
scripting attacks by sending an email viewed by a user within 
SquirrelMail (CVE-2007-1262).

http://www.linuxsecurity.com/content/view/128252


* Mandriva: Updated evolution packages fix APOP weakness
  20th, May, 2007

A weakness in the way Evolution processed certain APOP authentication 
requests was discovered.  A remote attacker could potentially obtain 
certain portions of a user's authentication credentials by sending 
certain responses when evolution-data-server attempted to authenticate 
against an APOP server. The updated packages have been patched to 
prevent this issue.

http://www.linuxsecurity.com/content/view/128253


* Mandriva: Updated tetex packages fix vulnerabilities
  23rd, May, 2007

Buffer overflow in the gdImageStringFTEx function in gdft.c in the
GD Graphics Library 2.0.33 and earlier allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font.
Tetex 3.x uses an embedded copy of the gd source and may also be
affected by this issue.

http://www.linuxsecurity.com/content/view/128312


* Mandriva: Updated samba packages fix multiple
  24th, May, 2007

A number of bugs were discovered in the NDR parsing support in Samba 
that is used to decode MS-RPC requests.  A remote attacker could send a 
carefully crafted request that would cause a heap overflow, possibly 
leading to the ability to execute arbitrary code on the server.

http://www.linuxsecurity.com/content/view/128313


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: ipsec-tools security update
  17th, May, 2007

Updated ipsec-tools packages that fix a denial of service flaw in
racoon are now available for Red Hat Enterprise Linux 5. A denial of
service flaw was found in the ipsec-tools racoon daemon. It was possible
for a remote attacker, with knowledge of an existing ipsec tunnel, to
terminate the ipsec connection between two machines. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/128231


* RedHat: Moderate: vixie-cron security update
  17th, May, 2007

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way
vixie-cron verifies crontab file integrity. A local user with the ability to
create a hardlink to /etc/crontab can prevent vixie-cron from executing
certain system cron jobs.

http://www.linuxsecurity.com/content/view/128232


* RedHat: Moderate: evolution security update
  17th, May, 2007

Updated evolution packages that fix a security bug are now available for 
Red Hat Enterprise Linux 3 and 4. A flaw was found in the way Evolution 
processed certain APOP authentication requests. A remote attacker could 
potentially acquire certain portions of a user's authentication 
credentials by sending certain responses when evolution-data-server 
attempted to authenticate against an APOP server.

http://www.linuxsecurity.com/content/view/128233


* RedHat: Moderate: squirrelmail security update
  17th, May, 2007

A new squirrelmail package that fixes security issues is now
available for Red Hat Enterprise Linux 3, 4 and 5.Several HTML
filtering bugs were discovered in SquirrelMail.  An attacker could
inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128234


* RedHat: Moderate: libpng security update
  17th, May, 2007

Updated libpng packages that fix security issues are now available
for Red Hat Enterprise Linux.A flaw was found in the handling of
malformed images in libpng. An attacker could create a carefully
crafted PNG image file in such a way that it could cause an application
linked with libpng to crash when the file was manipulated. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.

http://www.linuxsecurity.com/content/view/128236


* RedHat: Moderate: gimp security update
  21st, May, 2007

Updated gimp packages that fix a security issue are now available for
Red Hat Enterprise Linux.Marsu discovered a stack overflow bug in The
GIMP RAS file loader.  An attacker could create a carefully crafted
file that could cause The GIMP to crash or possibly execute arbitrary
code if the file was opened by a victim. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128256


* RedHat: Important: tomcat security update
  21st, May, 2007

Updated tomcat packages that fix multiple security issues are now
available for Red Hat Application Server v2.Tomcat was found to accept
multiple content-length headers in a request. This could allow attackers
to poison a web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks. This update has been rated as
having important security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128257


* RedHat: Important: tomcat security update
  24th, May, 2007

Updated tomcat packages that fix multiple security issues and a bug
are now available for Red Hat Developer Suite 3. Tomcat was found to
accept multiple content-length headers in a request. This could allow
attackers to poison a web-cache, bypass web application firewall
protection, or conduct cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/128320


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: samba security problems
  22nd, May, 2007

The Samba server was affected by several security problems which have
been fixed. Specially crafted MS-RPC packets could overwrite heap
memory and therefore could potentially be exploited to execute code.
Authenticated users could leverage specially crafted MS-RPC packets
to pass arguments unfiltered to /bin/sh.

http://www.linuxsecurity.com/content/view/128283


* SuSE: php4,php5 security problems
  23rd, May, 2007

Numerous numerous vulnerabilities have been fixed in PHP. Most of
them were made public during the "Month of PHP Bugs" project by
Stefan Esser and we thank Stefan for his reports. The vulnerabilities
potentially lead to crashes, information leaks
or even execution of malicious code.

http://www.linuxsecurity.com/content/view/128300


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Ubuntu:  Quagga vulnerability
  17th, May, 2007

It was discovered that Quagga did not correctly verify length
information sent from configured peers. Remote malicious peers could
send a specially crafted UPDATE message which would cause bgpd to
abort, leading to a denial of service.

http://www.linuxsecurity.com/content/view/128237


* Ubuntu:  pptpd regression
  21st, May, 2007

USN-459-1 fixed vulnerabilities in pptpd.  However, a portion of the
fix caused a regression in session establishment under Dapper for certain
PPTP clients.  This update fixes the problem. We apologize for the
inconvenience.

http://www.linuxsecurity.com/content/view/128267


* Ubuntu:  Samba regression
  22nd, May, 2007

USN-460-1 fixed several vulnerabilities in Samba.  The upstream changes 
for CVE-2007-2444 had an unexpected side-effect in Feisty. Paul Griffith 
and Andrew Hogue discovered that Samba did not fully drop root 
privileges while translating SIDs. A remote authenticated user could 
issue SMB operations during a small window of opportunity and gain root 
privileges.  (CVE-2007-2444)

http://www.linuxsecurity.com/content/view/128291


* Ubuntu:  PHP vulnerabilities
  22nd, May, 2007

A flaw was discovered in the FTP command handler in PHP.  Commands
were not correctly filtered for control characters.  An attacker
could issue arbitrary FTP commands using specially crafted arguments.

http://www.linuxsecurity.com/content/view/128293


* Ubuntu:  vim vulnerability
  22nd, May, 2007

Tomas Golembiovsky discovered that some vim commands were
accidentally allowed in modelines.  By tricking a user into opening a
specially crafted file in vim, an attacker could execute arbitrary code
with user privileges.

http://www.linuxsecurity.com/content/view/128294


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 28 2007 - 23:10:41 PDT