+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 7th, 2007 Volume 8, Number 50 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for sitebar, e2fsprog, wesnoth,
zabbix, asterisk, heimdal, liblcms, openssh, openssl, vixie-cron, apache,
openoffice, cairo, samba, mono, perl, and php. The distributors include
Debian, Mandriva, Red Hat, SuSE, Slackware, Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP)
------------------------------------------------------
Secret knocks have been used for purposes as simple and childish as
identifying friend or foe during a schoolyard fort war. Fraternities
teach these knocks as a rite of passage into their society, and in our
security world we can implement this layer of security to lock down an
SSH server.
With this guide on FWKNOP by Eckie S. (one of our own), you are taken on
an easy-to-follow process of securing your platform with your own client
and server port knocking set-up.
Installation, iptable Rules setup, configuring access for the client and
server, and everything in between. Check it out!
http://www.linuxsecurity.com/content/view/131846
---
Master's Student: Social Engineering is not just a definition!
--------------------------------------------------------------
We are happy to announce a new addition to the Linux Security
Contributing Team: Gian G. Spicuzza. Currently a Graduate Student
pursuing a Masters Degree in Computer Security (MSIA), Gian is a
certified Linux/Unix administrator, the lead developer for the
OSCAR-Backup System (at Sourceforge.com) and has experience in a variety
of CSO, Management and consulting positions.
His first topic is a quick foray into the world and psychology of Social
Engineering:
All the security in the world isn't going to stop one of your employees
or coworkers from giving up information. Just how easy is it?
Craig never worked for Linda's company, nor did he call from IT. Craig
was an unethical hacker who just gained unauthorized access to her
account. <b>Why? Because a phone call is simple.</b>
Read on to see just how easy businesses can be exploited.
http://www.linuxsecurity.com/content/view/131036
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.18 (Version 3.0, Release 18). This release includes the
brand new Health Center, new packages for FWKNP and PSAD, updated
packages and bug fixes, some feature enhancements to Guardian Digital
WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database
and e-mail security, integrated intrusion detection and SELinux
policies and more.
http://www.linuxsecurity.com/content/view/131851
--------------------------------------------------------------------------
* Debian: New sitebar packages fix several vulnerabilities (Dec 7)
----------------------------------------------------------------
A directory traversal vulnerability in the translation module allows
remote authenticated users to chmod arbitrary files to 0777 via ".."
sequences in the lang parameter.
http://www.linuxsecurity.com/content/view/132012
* Debian: New e2fsprogs packages fix arbitrary code execution (Dec 7)
-------------------------------------------------------------------
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2
file system utilities and libraries, contained multiple integer
overflows in memory allocations, based on sizes taken directly from
filesystem information. These could result in heap-based overflows
potentially allowing the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/131871
* Debian: New wesnoth packages fix arbitrary file disclosure (Dec 6)
------------------------------------------------------------------
A vulnerability has been discovered in Battle for Wesnoth that allows
remote attackers to read arbitrary files the user running the client
has access to on the machine running the game client.
http://www.linuxsecurity.com/content/view/131866
* Debian: New zabbix packages fix privilege escalation (Dec 5)
------------------------------------------------------------
Bas van Schaik discovered that the agentd process of Zabbix, a network
monitor system, may run user-supplied commands as group id root, not
zabbix, which may lead to a privilege escalation.
http://www.linuxsecurity.com/content/view/131865
* Debian: New OpenOffice.org packages fix arbitrary Java code execution (Dec 5)
-----------------------------------------------------------------------------
ulnerability has been discovered in HSQLDB, the default database engine
shipped with OpenOffice.org. This could result in the execution of
arbitrary Java code embedded in a OpenOffice.org database document with
the user's privilege. This update requires an update of both
openoffice.org and hsqldb.
http://www.linuxsecurity.com/content/view/131864
* Debian: New asterisk packages fix SQL injection (Dec 2)
-------------------------------------------------------
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit performs insufficient sanitising of
call-related data, which may lead to SQL injection.
http://www.linuxsecurity.com/content/view/131725
--------------------------------------------------------------------------
* Mandriva: Updated heimdal packages fix potential (Dec 6)
--------------------------------------------------------
It was found that the gss_userok() function in Heimdal 0.7.2 did not
allocate memory for the ticketfile pointer before calling free(), which
could possibly allow remote attackers to have an unknown impact via an
invalid username. It is uncertain whether or not this is exploitable,
however packages are being provided regardless. The updated packages
have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/131870
* Mandriva: Updated liblcms package fixes buffer overflow (Dec 6)
---------------------------------------------------------------
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. Updated
package fixes this issue.
http://www.linuxsecurity.com/content/view/131869
* Mandriva: Updated openssh packages fix X11 cookie (Dec 4)
---------------------------------------------------------
A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling
when an untrusted cookie could not be created and used a trusted X11
cookie instead, which could allow attackers to violate intended policy
and gain privileges by causing an X client to be treated as trusted.
The updated packages have been patched to correct these issue.
http://www.linuxsecurity.com/content/view/131858
* Mandriva: Updated openssl packages fix DTLS vulnerability (Dec 4)
-----------------------------------------------------------------
A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be
exploited by attackers to potentially execute arbitrary code. It is
questionable as to whether the DTLS support even worked or is used in
any applications; as a result this flaw most likely does not affect
most Mandriva users. The updated packages have been patched to correct
these issue.
http://www.linuxsecurity.com/content/view/131859
* Mandriva: Updated vixie-cron packages fix DoS vulnerability (Dec 3)
-------------------------------------------------------------------
Raphael Marichez discovered a denial of service bug in how vixie-cron
verifies crontab file integrity. A local user with the ability to
create a hardlink to /etc/crontab could prevent vixie-cron from
executing certain system cron jobs. The updated packages have been
patched to correct this issue.
http://www.linuxsecurity.com/content/view/131847
* Mandriva: Updated apache packages fix vulnerabilities (Dec 3)
-------------------------------------------------------------
A flaw in the Apache mod_proxy module was found that could potentially
lead to a denial of service is using a threaded Multi-Processing
Module. On sites where a reverse proxy is configured, a remote
attacker could send a special reequest that would cause the Apache
child process handling the request to crash. Likewise, a similar crash
could occur on sites with a forward proxy configured if a user could be
persuaded to visit a malicious site using the proxy (CVE-2007-3847).
http://www.linuxsecurity.com/content/view/131848
--------------------------------------------------------------------------
* RedHat: Moderate: openoffice.org, hsqldb security update (Dec 5)
----------------------------------------------------------------
Updated openoffice.org and hsqldb packages that fix security flaws are
now available for Red Hat Enterprise Linux 5. It was discovered that
HSQLDB could allow the execution of arbitrary public static Java
methods. A carefully crafted odb file opened in OpenOffice.org Base
could execute arbitrary commands with the permissions of the user
running OpenOffice.org. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131861
* RedHat: Moderate: openoffice.org2 security update (Dec 5)
---------------------------------------------------------
Updated openoffice.org2 packages that fix a security issue are now
available for Red Hat Enterprise Linux 4.It was discovered that HSQLDB
could allow the execution of arbitrary public static Java methods. A
carefully crafted odb file opened in OpenOffice.org Base could execute
arbitrary commands with the permissions of the user running
OpenOffice.org. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131862
--------------------------------------------------------------------------
* Slackware: cairo (Dec 4)
--------------------------
New cairo packages are available for Slackware 11.0, 12.0, and -current
to fix security issues. More details about this issue may be found in
the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503
http://www.linuxsecurity.com/content/view/131850
--------------------------------------------------------------------------
* SuSE: samba (SUSE-SA:2007:065) (Dec 5)
--------------------------------------
Secunia Research has reported a bug in function reply_netbios_packet()
that allowed remote attackers to execute arbitrary code by sending
specially crafted WINS "Name Registration" requests followed by a
WINS "Name Query" request packet. The exploitable code in samba can
only be reached if the option "wins support" was enabled.
http://www.linuxsecurity.com/content/view/131863
--------------------------------------------------------------------------
* Ubuntu: Mono vulnerability (Dec 4)
-----------------------------------
It was discovered that Mono did not correctly bounds check certain
BigInteger actions. Remote attackers could exploit this to crash a
Mono application or possibly execute arbitrary code with user
privileges.
http://www.linuxsecurity.com/content/view/131854
* Ubuntu: Perl vulnerability (Dec 4)
-----------------------------------
It was discovered that Perl's regular expression library did not
correctly handle certain UTF sequences. If a user or automated system
were tricked into running a specially crafted regular expression, a
remote attacker could crash the application or possibly execute
arbitrary code with user privileges.
http://www.linuxsecurity.com/content/view/131855
* Ubuntu: Firefox regression (Dec 4)
-----------------------------------
Gregory Fleischer discovered that it was possible to use JavaScript to
manipulate Firefox's Referer header. A malicious web site could
exploit this to conduct cross-site request forgeries against sites
that relied only on Referer headers for protection from such attacks.
(CVE-2007-5960)
http://www.linuxsecurity.com/content/view/131853
* Ubuntu: PHP regression (Dec 3)
-------------------------------
It was discovered that the wordwrap function did not correctly check
lengths. Remote attackers could exploit this to cause a crash or
monopolize CPU resources, resulting in a denial of service.
(CVE-2007-3998)
http://www.linuxsecurity.com/content/view/131849
* Ubuntu: Cairo vulnerability (Dec 3)
------------------------------------
Peter Valchev discovered that Cairo did not correctly decode PNG image
data. By tricking a user or automated system into processing a
specially crafted PNG with Cairo, a remote attacker could execute
arbitrary code with user privileges.
http://www.linuxsecurity.com/content/view/131845
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Mon Dec 10 2007 - 23:08:35 PST