Date: Tue, 27 Dec 2005 15:53:06 -0700
From:"Conrad Schilbe" <cschilbe@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #266
SecurityFocus Linux Newsletter #266
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Tracked by cellphone
II.  LINUX VULNERABILITY SUMMARY
       1. Dropbear SSH Server Remote Buffer Overflow Vulnerability
       2. ELOG Web Logbook Multiple Remote Buffer Overflow 
Vulnerabilities
       3. Extensis Portfolio Netpublish Server Server.NP Directory 
Traversal Vulnerability
       4. Blender BlenLoader File Processing Integer Overflow 
Vulnerability 
       5. RedHat Enterprise Linux UDEV Insecure Permissions 
Vulnerability
       6. VMWare Remote Arbitrary Code Execution Vulnerability
       7. Network Block Device Server Buffer Overflow Vulnerability
       8. Httprint HTTP Response Handling Multiple Vulnerabilities
       9. Linux Kernel Local Socket Buffer Memory Exhaustion Denial of 
Service Vulnerability
       10. Linux Kernel IP6_Input_Finish Remote Denial Of Service 
Vulnerability
       11. Linux Kernel ICMP_Push_Reply Remote Denial Of Service 
Vulnerability
       12. Mantis Multiple Unspecified Remote Vulnerabilities
       13. RSSH RSSH_CHROOT_HELPER Local Privilege Escalation 
Vulnerability
       14. SCPOnly Multiple Local Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
       1. Obsidis n°1 released!
       2. SF new article announcement: OpenSSH cutting edge
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Tracked by cellphone
By Mark Rasch
We know that technology can be used to track people's location via a 
cellphone, but how difficult is it for law enforcement to get a court 
order and do this legally?
http://www.securityfocus.com/columnists/376


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Dropbear SSH Server Remote Buffer Overflow Vulnerability
BugTraq ID: 15923
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15923
Summary:
Dropbear SSH Server is prone to a remote buffer overflow vulnerability.

Specifically, the vulnerability presents itself when the application 
handles excessive string data supplied by an authenticated user.

A successful attack may facilitate arbitrary code execution. 
Exploitation of this vulnerability may allow an attacker to gain superuser access 
to the computer. 

Dropbear SSH Server versions prior to 0.47 are affected.

2. ELOG Web Logbook Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15932
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15932
Summary:
ELOG Web Logbook is prone to two remote buffer overflow 
vulnerabilities. These issues exist due to a lack of sufficient boundary checks 
performed on user-supplied data.

These issues allow remote attackers to execute arbitrary machine code 
in the context of the vulnerable server process.

This issue affects version 2.6.0. Prior versions may also be affected.

3. Extensis Portfolio Netpublish Server Server.NP Directory Traversal 
Vulnerability
BugTraq ID: 15974
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15974
Summary:
Portfolio Netpublish Server is prone to a directory traversal 
vulnerability.  This issue is due to a failure in the application to properly 
sanitize user-supplied input.

An attacker can exploit this issue to retrieve arbitrary files in the 
context of the affected application.  Information obtained may aid in 
further attacks against the underlying system; other attacks are also 
possible.

Netpublish Server 7 is vulnerable; other versions may also be affected.


4. Blender BlenLoader File Processing Integer Overflow Vulnerability 
BugTraq ID: 15981
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15981
Summary:
Blender is susceptible to an integer overflow vulnerability. This issue 
is due to a failure of the application to properly sanitize 
user-supplied input prior to using it in a memory allocation and copy operation.

This issue allows attackers to execute arbitrary machine code in the 
context of the user running the affected application.

5. RedHat Enterprise Linux UDEV Insecure Permissions Vulnerability
BugTraq ID: 15994
Remote: No
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15994
Summary:
RedHat Enterprise Linux is susceptible to an insecure permissions 
vulnerability. This issue is due to a flaw in the udev package that 
improperly creates '/dev/input' files.

This issue allows local attackers to improperly access files in 
'/dev/input'. This allows them to sniff user-supplied keyboard and mouse 
input. Information gathered through this issue, such as passwords, will aid 
malicious users in further attacks.

6. VMWare Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 15998
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/15998
Summary:
Multiple VMWare products are affected by a remote arbitrary code 
execution vulnerability.

Successful exploitation can allow an attacker to execute arbitrary code 
on the vulnerable computer hosting VMWare.  This may result in a 
complete compromise.

This issue affects VMWare Workstation, VMWare GSX Server, VMWare ACE, 
and VMWare Player.


7. Network Block Device Server Buffer Overflow Vulnerability
BugTraq ID: 16029
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/16029
Summary:
NBD is prone to a remote buffer overflow vulnerability. This issue is 
due to a failure in the server to do proper bounds checking on 
user-supplied data before using it in finite sized buffers.

An attacker can exploit this issue to execute arbitrary code in the 
context of the affected application. This may facilitate a compromise of 
the underlying system.

8. Httprint HTTP Response Handling Multiple Vulnerabilities
BugTraq ID: 16031
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16031
Summary:
httprint is prone to multiple remote vulnerabilities.

The first issue may allow remote attackers to execute arbitrary HTML 
and script code in a user's browser. 

The second issue may allow remote attackers to crash an instance of the 
application.

httprint version 202 is vulnerable to these issues.

9. Linux Kernel Local Socket Buffer Memory Exhaustion Denial of Service 
Vulnerability
BugTraq ID: 16041
Remote: No
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16041
Summary:
Linux kernel is susceptible to a local denial of service vulnerability. 
This issue is due to a failure of the kernel to properly check and 
enforce memory resource constraints.

This issue is triggered by consuming excessive kernel memory by 
creating multiple sockets with large kernel buffers.

This issue allows local attackers to consume excessive kernel memory, 
eventually leading to an out-of-memory condition, and a denial of 
service for legitimate users.

Although only kernel versions 2.4.22, and 2.6.12 are reported 
vulnerable to this issue, all 2.4 and 2.6 versions of the Linux kernel are 
considered to be affected at this time.

10. Linux Kernel IP6_Input_Finish Remote Denial Of Service 
Vulnerability
BugTraq ID: 16043
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16043
Summary:
Linux kernel is prone to a remote denial of service vulnerability.

Remote attackers can exploit this to leak kernel memory.  Successful 
exploitation will result in a crash of the kernel, effectively denying 
service to legitimate users.

Linux kernel versions 2.6.12.5 and prior in the 2.6 series are 
vulnerable to this issue.

11. Linux Kernel ICMP_Push_Reply Remote Denial Of Service Vulnerability
BugTraq ID: 16044
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16044
Summary:
Linux kernel is prone to a remote denial of service vulnerability.

Remote attackers can exploit this to leak kernel memory.  Successful 
exploitation will result in a crash of the kernel, effectively denying 
service to legitimate users.

Linux kernel versions 2.6.12.5 and prior in the 2.6 series are 
vulnerable to this issue.

12. Mantis Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 16046
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16046
Summary:
Mantis is prone to multiple remote vulnerabilities.

These issues arise in Mantis versions prior to 0.19.4, and 1.0.0rc4.

These issues can allow attackers to disclose sensitive information, 
carry out cross-site scripting, HTML injection, SQL injection attacks. 
Arbitrary PHP script code execution may be possible, as well as other 
attacks.

This BID will be updated or split into individual records as further 
information is disclosed.

13. RSSH RSSH_CHROOT_HELPER Local Privilege Escalation Vulnerability
BugTraq ID: 16050
Remote: No
Date Published: 2005-12-23
Relevant URL: http://www.securityfocus.com/bid/16050
Summary:
rssh is prone to a local privilege escalation vulnerability. 

Local attackers can gain superuser privileges due to having the ability 
to chroot to arbitrary locations as the application facilitates 
subverting the chroot location.

rssh versions 2.0.0 to 2.2.3 are vulnerable to this issue.

14. SCPOnly Multiple Local Vulnerabilities
BugTraq ID: 16051
Remote: No
Date Published: 2005-12-23
Relevant URL: http://www.securityfocus.com/bid/16051
Summary:
scponly is prone to multiple local vulnerabilities.  These issues can 
allow local attackers to gain elevated privileges.

The application is affected by a design error affecting the 'scponlyc' 
binary.  

An attacker can also issue malicious command line arguments to rsync or 
scp to execute arbitrary applications with elevated privileges.

Successful exploitation of these issues can facilitate a complete 
compromise.


III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Obsidis n°1 released!
http://www.securityfocus.com/archive/91/420151

2. SF new article announcement: OpenSSH cutting edge
http://www.securityfocus.com/archive/91/419888

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130