Date: Tue, 30 Aug 2005 16:48:25 -0600
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #249
SecurityFocus Linux Newsletter #249
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. The great firewall of China
II.  LINUX VULNERABILITY SUMMARY
       1. Elm Expires Header Remote Buffer Overflow Vulnerability
       2. PCRE Regular Expression Heap Overflow Vulnerability
       3. LM_sensors PWMConfig Insecure Temporary File Creation 
Vulnerability
       4. SLocate Local Database Corruption Vulnerability
       5. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow 
Vulnerability
       6. PADL Software PAM_LDAP Authentication Bypass Vulnerability
       7. PAFileDB Auth.PHP SQL Injection Vulnerability
       8. Tor Cryptographic Handshake Remote Information Disclosure 
Vulnerability
       9. Apache CGI Byterange Request Denial of Service Vulnerability
       10. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local 
Denial Of Service Vulnerability
       11. Astaro Security Linux HTTP CONNECT Unauthorized Access 
Weakness
       12. Simpleproxy Remote Syslog() Format String Vulnerability
       13. Nokia Affix BTSRV Device Name Remote Command Execution 
Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. POC /dev/input/event*  keylogger
       2. Cracking bigcrypt/crypt16 password hashes
       3. Re[2]: Linux hardening
       4. Xvfb Question
       5. linux password cracking tools
       6. Linux hardening
       7. one time passwords
       8. SMB : TCP/445 impossible to sniff a document sent to be 
printed to a MS Spooler Server
       9. OPIE
       10. Content Filtering Firewall in Linux..
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. The great firewall of China
By Scott Granneman
When a barrage of attacks and hacking attempts come from IP addresses 
traced back to China, and you don't do any business in China, do you 
block their entire IP address range and call it a day?
http://www.securityfocus.com/columnists/350


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an 
attacker to execute malicious code.  This issue is due to a failure in 
the application to perform proper bounds checking on user-supplied data.

A successful attack can result in overflowing a finite sized buffer and 
may ultimately lead to arbitrary code execution in the context of the 
affected application.

2. PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability.  This issue is due to a 
failure of the library to properly bounds check user-supplied input 
prior to copying data to an internal memory buffer. 

The impact of successful exploitation of this vulnerability depends on 
the application and the user credentials utilizing the vulnerable 
library.  Successful attack may ultimately permit an attacker to control the 
contents of critical memory control structures and write arbitrary data 
to arbitrary memory locations.

3. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
BugTraq ID: 14624
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14624
Summary:
lm_sensors creates temporary files in an insecure manner. The issue 
exists in the 'pwmconfig' script.

Exploitation would most likely result in loss of data or a denial of 
service if critical files are overwritten in the attack. Other attacks 
may be possible as well.

lm_sensors version 2.9.1 is reportedly affected, however, other 
versions may be vulnerable as well.

4. SLocate Local Database Corruption Vulnerability
BugTraq ID: 14640
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14640
Summary:
slocate is susceptible to a local database corruption vulnerability. 
This issue is due to a failure of the application to handle unexpected 
directory and filename input.

This issue presents itself when the affected utility attempts to index 
specially crafted directory structures. The utility fails to handle the 
directory structure, and fails to complete the indexing process.

This vulnerability allows local attackers to cause the premature 
failure of the index process, resulting in an incomplete database. If the 
database is used in further security, backup, or other critical functions, 
incomplete data may result in the failure of services dependent on it.

This issue is reported in version 2.7 of slocate, but other versions 
may also be affected.

5. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow 
Vulnerability
BugTraq ID: 14647
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14647
Summary:
HAURI Anti-Virus is affected by a remote buffer overflow vulnerability 
when handling ACE archives.

An attacker can exploit this issue by crafting a malicious ACE archive 
containing a specially crafted file name and sending this archive to a 
vulnerable computer.

The attacker may exploit this vulnerability to gain unauthorized remote 
access in the context of the superuser.

6. PADL Software PAM_LDAP Authentication Bypass Vulnerability
BugTraq ID: 14649
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14649
Summary:
PAM_LDAP is prone to an authentication bypass vulnerability when 
handling new password policy control.  This could allow an unauthorized user 
to bypass authentication.

This vulnerability was reported to affect PAM_LDAP builds 169 through 
179.


7. PAFileDB Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14654
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14654
Summary:
paFileDB is prone to an SQL injection vulnerability.  This issue is due 
to a failure in the application to properly sanitize user-supplied 
input before using it in an SQL query.

Exploitation of this issue may allow for compromise of the software, 
session hijacking, or attacks against the underlying database. Other 
attacks are also possible.


8. Tor Cryptographic Handshake Remote Information Disclosure 
Vulnerability
BugTraq ID: 14659
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14659
Summary:
Tor is susceptible to a remote information disclosure vulnerability. 
This issue is due to a flaw in the implementation of the Diffie-Hellman 
key exchange protocol.

Specifically, certain values used during the Diffie-Hellman key 
exchange protocol are insecure, and when used, lead to the ability of 
attackers to access the negotiated encryption keys.

This vulnerability allows attackers to gain access to the negotiated 
keys used to encrypt the communications between Tor servers and clients. 
This allows attackers to read or modify all the traffic that is sent 
from the targeted user over the Tor network. The anonymity, 
confidentiality, and integrity guarantees of the network are lost through the 
exploitation of this issue.

9. Apache CGI Byterange Request Denial of Service Vulnerability
BugTraq ID: 14660
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14660
Summary:
Apache is prone to a denial of service when handling large CGI 
byterange requests.  

10. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial 
Of Service Vulnerability
BugTraq ID: 14661
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14661
Summary:
A local denial of service vulnerability affects the Linux kernel's ELF 
header processing functionality on 64 bit x86 platforms.

A successful attack can allow a local attacker to trigger a denial of 
service condition in the kernel.

This issue may be related to BID 11846 (Linux Kernel 64 Bit ELF Header 
Local Denial Of Service Vulnerability).  Due to a lack of information, 
this cannot be confirmed at the moment.  This BID will be retired if 
further analysis reveals that the issues are identical.


11. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
BugTraq ID: 14665
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14665
Summary:
Astaro Security Linux is prone to a weakness that may allow remote 
attackers to connect to arbitrary ports on a vulnerable computer.

This weakness may be combined with other attacks to exploit latent 
vulnerabilities.  An attacker can bypass access controls implemented by the 
application through this attack.

Astaro Security Linux 6.001 is prone to this weakness.


12. Simpleproxy Remote Syslog() Format String Vulnerability
BugTraq ID: 14666
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14666
Summary:
It is reported that simpleproxy contains a format string vulnerability. 
This issue is due to a failure of the applications to properly sanitize 
user-supplied input before using it as the format specifier in a 
formatted printing function.

Successful exploitation of this issue will allow an attacker to execute 
arbitrary code on the affected computer with the privileges of the 
affected package. This application may be run as the superuser in order to 
proxy privileged TCP ports.

Versions of simpleproxy prior to 3.4 are reported susceptible to this 
vulnerability.

13. Nokia Affix BTSRV Device Name Remote Command Execution 
Vulnerability
BugTraq ID: 14672
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14672
Summary:
Nokia Affix BTSRV is affected by a remote command execution 
vulnerability.

An attacker can supply arbitrary commands through a device name and 
have them executed in the context of the service.  This can lead to a 
complete compromise.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. POC /dev/input/event*  keylogger
http://www.securityfocus.com/archive/91/409017

2. Cracking bigcrypt/crypt16 password hashes
http://www.securityfocus.com/archive/91/409016

3. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012

4. Xvfb Question
http://www.securityfocus.com/archive/91/409023

5. linux password cracking tools
http://www.securityfocus.com/archive/91/408915

6. Linux hardening
http://www.securityfocus.com/archive/91/408758

7. one time passwords
http://www.securityfocus.com/archive/91/408796

8. SMB : TCP/445 impossible to sniff a document sent to be printed to a 
MS Spooler Server
http://www.securityfocus.com/archive/91/408574

9. OPIE
http://www.securityfocus.com/archive/91/408479

10. Content Filtering Firewall in Linux..
http://www.securityfocus.com/archive/91/408476

If your email address has changed email listadmin@securityfocus.com and 
ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130