| Date: | Wed, 23 Nov 2005 16:19:13 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #261 |
SecurityFocus Linux Newsletter #261
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sony-baloney
II. LINUX VULNERABILITY SUMMARY
1. Horde Unspecified Error Message Cross-Site Scripting
Vulnerability
2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir
Restriction Bypass Vulnerabilities
3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction
Bypass Vulnerability
4. PHPsysInfo Multiple Input Validation Vulnerabilities
5. Openswan IKE Traffic Denial Of Service Vulnerabilities
6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service
Vulnerability
9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
10. Opera Web Browser HTML Form Status Bar Misrepresentation
Vulnerability
11. GNU gnump3d CGI And Cookie Parameter Directory Traversal
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Kryptor for Linux released
2. Automatic Password Generator Tools on Unix Platform
3. SF new column announcement: Linux worm overrated
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sony-baloney
By Scott Granneman
The Sony story brings up dozens of questions about where we are headed
with DRM issues and security, and what's really at stake.
http://www.securityfocus.com/columnists/370
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15409
Summary:
Horde is prone to an unspecified cross-site scripting vulnerability.
This issue is related to how Horde renders error messages.
Successful exploitation could let an attacker inject hostile HTML and
script code into the browser session of another user in the context of
the site hosting Horde. This could allow for theft of cookie-based
authentication credentials or other attacks.
2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction
Bypass Vulnerabilities
BugTraq ID: 15411
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15411
Summary:
PHP cURL and GD are prone to multiple safe_mode and open_basedir
restriction bypass vulnerabilities. Successful exploitation could lead to
disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other
versions may also be vulnerable.
3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass
Vulnerability
BugTraq ID: 15413
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15413
Summary:
PHP on Apache 2 is prone to a restriction bypass vulnerability when
calling 'virtual()'. Successful exploitation could lead to disclosure of
sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other
versions may also be vulnerable.
4. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15414
Summary:
phpSysinfo is prone to multiple input validation vulnerabilities. These
are due to a lack of proper sanitization of user-supplied input.
phpSysinfo is prone to a local file include vulnerability, an HTTP
response splitting vulnerability, and cross-site scripting attacks.
An attacker may exploit these vulnerabilities to access files within
the context of the Web server application, poison Web proxy server
caches, and execute arbitrary HTML and script code within the context of the
victim's Web browser.
Other attacks are also possible.
It should be noted that the cross-site scripting issues are not
exploitable on Debian systems.
5. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial of service vulnerabilities in
their ISAKMP implementation.
These issues were discovered with the PROTOS ISAKMP Test Suite and are
related to handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x releases prior
to 2.4.2.
6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue
is due to a failure of the application to properly bounds check
user-supplied data prior to copying it to an insufficiently sized memory
buffer. This issue reportedly only occurs when the '-alpha' command line
option is utilized.
This issue allows attackers to create malicious PNM files, that when
parsed by the affected utility, allow arbitrary machine code to be
executed. This occurs in the context of the user running the affected
utility.
7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
BugTraq ID: 15428
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15428
Summary:
A remote integer overflow vulnerability affects gdk-pixbuf.
When an application that uses the vulnerable library processes a
malformed XPM file, the application will crash, denying service to legitimate
users. It may also be possible for the attacker to exploit this issue
to execute arbitrary code with the privileges of the application
utilizing the vulnerable library.
8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service
Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability.
This issue occurs when an application utilizing one of the affected
libraries handles a malformed XPM image file.
Exploitation could cause an application utilizing a vulnerable library
to enter an infinite loop, resulting in a denial of service.
9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.
When an application that utilizes a vulnerable library processes a
malformed XPM image file, it results in a heap-based buffer overflow. An
attacker can exploit this vulnerability to execute arbitrary code in the
context of the victim user.
10. Opera Web Browser HTML Form Status Bar Misrepresentation
Vulnerability
BugTraq ID: 15472
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15472
Summary:
A vulnerability has been identified in Opera Web browser that allows an
attacker to misrepresent the status bar in the browser, allowing
vulnerable users to be mislead into following a link to a malicious site.
This vulnerability would most likely be exploited through HTML e-mail,
though other attack vectors exist such as HTML injection attacks in
third-party Web applications.
11. GNU gnump3d CGI And Cookie Parameter Directory Traversal
Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.
Very little information is available on this issue. It is conjectured
an attacker can exploit this vulnerability to retrieve or corrupt
arbitrary files, this may aid in further attacks against the underlying
system; other attacks are also possible.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236
2. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235
3. SF new column announcement: Linux worm overrated
http://www.securityfocus.com/archive/91/416253
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130