[ISN] Linux Advisory Watch: December 7th, 2007

From: InfoSec News (alerts@private)
Date: Mon Dec 10 2007 - 23:02:09 PST


+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| December 7th, 2007                                 Volume 8, Number 50 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski@private> |
|                         Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for sitebar, e2fsprog, wesnoth,
zabbix, asterisk, heimdal, liblcms, openssh, openssl, vixie-cron, apache,
openoffice, cairo, samba, mono, perl, and php.	The distributors include
Debian, Mandriva, Red Hat, SuSE, Slackware, Ubuntu.

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP)
------------------------------------------------------
Secret knocks have been used for purposes as simple and childish as
identifying friend or foe during a schoolyard fort war.  Fraternities
teach these knocks as a rite of passage into their society, and in our
security world we can implement this layer of security to lock down an
SSH server.

With this guide on FWKNOP by Eckie S. (one of our own), you are taken on
an easy-to-follow process of securing your platform with your own client
and server port knocking set-up.

Installation, iptable Rules setup, configuring access for the client and
server, and everything in between.  Check it out!

http://www.linuxsecurity.com/content/view/131846

---

Master's Student: Social Engineering is not just a definition!
--------------------------------------------------------------
We are happy to announce a new addition to the Linux Security
Contributing Team: Gian G. Spicuzza.  Currently a Graduate Student
pursuing a Masters Degree in Computer Security (MSIA), Gian is a
certified Linux/Unix administrator, the lead developer for the
OSCAR-Backup System (at Sourceforge.com) and has experience in a variety
of CSO, Management and consulting positions.

His first topic is a quick foray into the world and psychology of Social
Engineering:

All the security in the world isn't going to stop one of your employees
or coworkers from giving up information.  Just how easy is it?

 Craig never worked for Linda's company, nor did he call from IT. Craig
was an unethical hacker who just gained unauthorized access to her
account. <b>Why? Because a phone call is simple.</b>

Read on to see just how easy businesses can be exploited.

http://www.linuxsecurity.com/content/view/131036

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

--------------------------------------------------------------------------

* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.18 (Version 3.0, Release 18). This release includes the
  brand new Health Center, new packages for FWKNP and PSAD, updated
  packages and bug fixes, some feature enhancements to Guardian Digital
  WebTool and the SELinux policy, as well as other new features.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source, and
  has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database
  and e-mail security, integrated intrusion detection and SELinux
  policies and more.

  http://www.linuxsecurity.com/content/view/131851

--------------------------------------------------------------------------

* Debian: New sitebar packages fix several vulnerabilities (Dec 7)
  ----------------------------------------------------------------
  A directory traversal vulnerability in the translation module allows
  remote authenticated users to chmod arbitrary files to 0777 via ".."
  sequences in the lang parameter.

  http://www.linuxsecurity.com/content/view/132012

* Debian: New e2fsprogs packages fix arbitrary code execution (Dec 7)
  -------------------------------------------------------------------
  Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2
  file system utilities and libraries, contained multiple integer
  overflows in memory allocations, based on sizes taken directly from
  filesystem information.  These could result in heap-based overflows
  potentially allowing the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/131871

* Debian: New wesnoth packages fix arbitrary file disclosure (Dec 6)
  ------------------------------------------------------------------
  A vulnerability has been discovered in Battle for Wesnoth that allows
  remote attackers to read arbitrary files the user running the client
  has access to on the machine running the game client.

  http://www.linuxsecurity.com/content/view/131866

* Debian: New zabbix packages fix privilege escalation (Dec 5)
  ------------------------------------------------------------
  Bas van Schaik discovered that the agentd process of Zabbix, a network
  monitor system, may run user-supplied commands as group id root, not
  zabbix, which may lead to a privilege escalation.

  http://www.linuxsecurity.com/content/view/131865

* Debian: New OpenOffice.org packages fix arbitrary Java code execution (Dec 5)
  -----------------------------------------------------------------------------
  ulnerability has been discovered in HSQLDB, the default database engine
  shipped with OpenOffice.org.	This could result in the execution of
  arbitrary Java code embedded in a OpenOffice.org database document with
  the user's privilege.  This update requires an update of both
  openoffice.org and hsqldb.

  http://www.linuxsecurity.com/content/view/131864

* Debian: New asterisk packages fix SQL injection (Dec 2)
  -------------------------------------------------------
  Tilghman Lesher discovered that the logging engine of Asterisk, a free
  software PBX and telephony toolkit performs insufficient sanitising of
  call-related data, which may lead to SQL injection.

  http://www.linuxsecurity.com/content/view/131725

--------------------------------------------------------------------------

* Mandriva: Updated heimdal packages fix potential (Dec 6)
  --------------------------------------------------------
  It was found that the gss_userok() function in Heimdal 0.7.2 did not
  allocate memory for the ticketfile pointer before calling free(), which
  could possibly allow remote attackers to have an unknown impact via an
  invalid username.  It is uncertain whether or not this is exploitable,
  however packages are being provided regardless. The updated packages
  have been patched to correct these issues.

  http://www.linuxsecurity.com/content/view/131870

* Mandriva: Updated liblcms package fixes buffer overflow (Dec 6)
  ---------------------------------------------------------------
  Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows
  remote attackers to execute arbitrary code or cause a denial of service
  (application crash) via a crafted ICC profile in a JPG file. Updated
  package fixes this issue.

  http://www.linuxsecurity.com/content/view/131869

* Mandriva: Updated openssh packages fix X11 cookie (Dec 4)
  ---------------------------------------------------------
  A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling
  when an untrusted cookie could not be created and used a trusted X11
  cookie instead, which could allow attackers to violate intended policy
  and gain privileges by causing an X client to be treated as trusted.
  The updated packages have been patched to correct these issue.

  http://www.linuxsecurity.com/content/view/131858

* Mandriva: Updated openssl packages fix DTLS vulnerability (Dec 4)
  -----------------------------------------------------------------
  A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be
  exploited by attackers to potentially execute arbitrary code. It is
  questionable as to whether the DTLS support even worked or is used in
  any applications; as a result this flaw most likely does not affect
  most Mandriva users. The updated packages have been patched to correct
  these issue.

  http://www.linuxsecurity.com/content/view/131859

* Mandriva: Updated vixie-cron packages fix DoS vulnerability (Dec 3)
  -------------------------------------------------------------------
  Raphael Marichez discovered a denial of service bug in how vixie-cron
  verifies crontab file integrity.  A local user with the ability to
  create a hardlink to /etc/crontab could prevent vixie-cron from
  executing certain system cron jobs. The updated packages have been
  patched to correct this issue.

  http://www.linuxsecurity.com/content/view/131847

* Mandriva: Updated apache packages fix vulnerabilities (Dec 3)
  -------------------------------------------------------------
  A flaw in the Apache mod_proxy module was found that could potentially
  lead to a denial of service is using a threaded Multi-Processing
  Module.  On sites where a reverse proxy is configured, a remote
  attacker could send a special reequest that would cause the Apache
  child process handling the request to crash.	Likewise, a similar crash
  could occur on sites with a forward proxy configured if a user could be
  persuaded to visit a malicious site using the proxy (CVE-2007-3847).

  http://www.linuxsecurity.com/content/view/131848

--------------------------------------------------------------------------

* RedHat: Moderate: openoffice.org, hsqldb security update (Dec 5)
  ----------------------------------------------------------------
  Updated openoffice.org and hsqldb packages that fix security flaws are
  now available for Red Hat Enterprise Linux 5. It was discovered that
  HSQLDB could allow the execution of arbitrary public static Java
  methods. A carefully crafted odb file opened in OpenOffice.org Base
  could execute arbitrary commands with the permissions of the user
  running OpenOffice.org. This update has been rated as having moderate
  security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/131861

* RedHat: Moderate: openoffice.org2 security update (Dec 5)
  ---------------------------------------------------------
  Updated openoffice.org2 packages that fix a security issue are now
  available for Red Hat Enterprise Linux 4.It was discovered that HSQLDB
  could allow the execution of arbitrary public static Java methods.  A
  carefully crafted odb file opened in OpenOffice.org Base could execute
  arbitrary commands with the permissions of the user running
  OpenOffice.org. This update has been rated as having moderate security
  impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/131862

--------------------------------------------------------------------------

* Slackware:   cairo (Dec 4)
  --------------------------
  New cairo packages are available for Slackware 11.0, 12.0, and -current
  to fix security issues. More details about this issue may be found in
  the Common Vulnerabilities and Exposures (CVE) database:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503

  http://www.linuxsecurity.com/content/view/131850

--------------------------------------------------------------------------

* SuSE: samba (SUSE-SA:2007:065) (Dec 5)
  --------------------------------------
  Secunia Research has reported a bug in function reply_netbios_packet()
    that allowed remote attackers to execute arbitrary code    by sending
  specially crafted WINS "Name Registration" requests followed	  by a
  WINS "Name Query" request packet.    The exploitable code in samba can
  only be reached if the option "wins	 support" was enabled.

  http://www.linuxsecurity.com/content/view/131863

--------------------------------------------------------------------------

* Ubuntu:  Mono vulnerability (Dec 4)
  -----------------------------------
  It was discovered that Mono did not correctly bounds check certain
  BigInteger actions.  Remote attackers could exploit this to crash a
  Mono application or possibly execute arbitrary code with user
  privileges.

  http://www.linuxsecurity.com/content/view/131854

* Ubuntu:  Perl vulnerability (Dec 4)
  -----------------------------------
  It was discovered that Perl's regular expression library did not
  correctly handle certain UTF sequences.  If a user or automated system
  were tricked into running a specially crafted regular expression, a
  remote attacker could crash the application or possibly execute
  arbitrary code with user privileges.

  http://www.linuxsecurity.com/content/view/131855

* Ubuntu:  Firefox regression (Dec 4)
  -----------------------------------
  Gregory Fleischer discovered that it was possible to use JavaScript to
  manipulate Firefox's Referer header.	A malicious web site could
  exploit  this to conduct cross-site request forgeries against sites
  that relied  only on Referer headers for protection from such attacks.
  (CVE-2007-5960)

  http://www.linuxsecurity.com/content/view/131853

* Ubuntu:  PHP regression (Dec 3)
  -------------------------------
  It was discovered that the wordwrap function did not correctly  check
  lengths.  Remote attackers could exploit this to cause  a crash or
  monopolize CPU resources, resulting in a denial of  service.
  (CVE-2007-3998)

  http://www.linuxsecurity.com/content/view/131849

* Ubuntu:  Cairo vulnerability (Dec 3)
  ------------------------------------
  Peter Valchev discovered that Cairo did not correctly decode PNG image
  data. By tricking a user or automated system into processing a
  specially crafted PNG with Cairo, a remote attacker could execute
  arbitrary code with user privileges.

  http://www.linuxsecurity.com/content/view/131845

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Mon Dec 10 2007 - 23:08:35 PST