Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: December 8th 2006
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for libgsf, proftpd, thhpd, tar, proftpd,
Mozilla, links, ProFTPD, wv, gnupg, koffice, ImageMagick, clamav, gv, xine-lib,
ruby, mod_auth_kerb, libpng, and evince. The distributors include Debian, Gentoo,
Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.
RFID
with Bio-Smart Card in Linux - In this paper, we describe the integration
of fingerprint template and RF smart card for clustered network, which is
designed on Linux platform and Open source technology to obtain biometrics
security. Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a Personal Identification
Number (PIN) and the card holder is authenticated using the biometrics template
stored in the smart card that is based on the fingerprint verification.
The fingerprint verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire parameters
of smart security controller like PIN options, Reader delay, real-time clock,
alarm option and cardholder access conditions.
Linux
File & Directory Permissions Mistakes - One common mistake Linux
administrators make is having file and directory permissions that are far
too liberal and allow access beyond that which is needed for proper system
operations. A full explanation of unix file permissions is beyond the scope
of this article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one is available
right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Debian
Debian: New libgsf packages fix arbitrary
code execution
Debian: New proftpd packages fix several
vulnerabilities
30th, November, 2006
Several remote vulnerabilities have been discovered in the proftpd
FTP daemon, which may lead to the execution of arbitrary code or denial
of service. The Common Vulnerabilities and Exposures project identifies
the following problems: CVE-2006-5815 It was discovered that a buffer
overflow in the sreplace() function may lead to denial of service and
possibly the execution of arbitrary code. CVE-2006-6170 It was discovered
that a buffer overflow in the mod_tls addon module may lead to the execution
of arbitrary code. CVE-2006-6171 It was discovered that insufficient validation
of FTP command buffer size limits may lead to denial of service. Due to
unclear information this issue was already fixed in DSA-1218 as CVE-2006-5815.
http://www.linuxsecurity.com/content/view/125994
Debian: New thttpd packages fix insecure
temporary file creation
1st, December, 2006
Marco d'Itri discovered that thttpd, a small, fast and secure
webserver, makes use of insecure temporary files when its logfiles are
rotated, which might lead to a denial of service through a symlink attack.
The original advisory for this issue didn't contain fixed packages for
all supported architectures which are corrected in this update.
http://www.linuxsecurity.com/content/view/126008
Debian: New tar packages fix arbitrary
file overwrite
1st, December, 2006
Teemu Salmela discovered a vulnerability in GNU tar that could
allow a malicious user to overwrite arbitrary files by inducing the victim
to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES
record with a symbolic link.
http://www.linuxsecurity.com/content/view/126009
Debian: New proftpd packages fix several
vulnerabilities
Debian: New Asterisk packages fix arbitrary
code execution
6th, December, 2006
Adam Boileau discovered an integer overflow in the Skinny channel
driver in Asterisk, an Open Source Private Branch Exchange or telephone
system, as used by Cisco SCCP phones, which allows remote attackers to
execute arbitrary code.
http://www.linuxsecurity.com/content/view/126080
Gentoo
Gentoo: ProFTPD Remote execution of arbitrary
code
A stack-based buffer overflow in the sreplace function in ProFTPD
1.3.0 and earlier, allows remote attackers to cause a denial of service,
as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." (CVE-2006-5815)
"infamous41md" discovered a heap buffer overflow vulnerability
in libgsf, a GNOME library for reading and writing structured file formats,
which could lead to the execution of arbitrary code. The updated packages
have been patched to correct this problem.
http://www.linuxsecurity.com/content/view/126005
Buffer overflow in the ask_outfile_name function in openfile.c
for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers
to execute arbitrary code via messages that cause the make_printable_string
function to return a longer string than expected while constructing a
prompt. Updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/126006
An integer overflow was discovered in KOffice's filtering code.
By tricking a user into opening a specially crafted PPT file, attackers
could crash KOffice or possibly execute arbitrary code with the user's
privileges. The updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/126024
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2,
and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors
via a crafted SGI image. Updated packages have been patched to correct
this issue.
http://www.linuxsecurity.com/content/view/126025
Mandriva: Updated clamav packages to
sync with upstream release
1st, December, 2006
There are no known security issues with clamav-0.88.5, which
was included in the last update (MDKSA-2006:184). Upstream has released
a new stable 0.88.6, with some bugfixes. This update is to address user
reports with regards to clamav's behavior of producing output.
Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the DocumentMedia
header. Packages have been patched to correct this issue. Update: The
patch used in the previous update still left the possibility of causing
X to consume unusual amounts of memory if gv is used to view a carefully
crafted image designed to exploit CVE-2006-5864. This update uses an improved
patch to address this issue.
http://www.linuxsecurity.com/content/view/126056
Buffer overflow in the asmrp_eval function for the Real Media
input plugin allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a rulebook with a large number of
rulematches.
http://www.linuxsecurity.com/content/view/126076
Mandriva: Updated ruby packages fix DoS
vulnerability
6th, December, 2006
Another vulnerability has been discovered in the CGI library
(cgi.rb) that ships with Ruby which could be used by a malicious user
to create a denial of service attack (DoS). Updated packages have been
patched to correct this issue.
http://www.linuxsecurity.com/content/view/126083
Red
Hat
RedHat: Low: mod_auth_kerb security update
6th, December, 2006
Updated mod_auth_kerb packages that fix a security flaw and
a bug in multiple realm handling are now available for Red Hat Enterprise
Linux 4. This update has been rated as having low security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/126081
RedHat: Important: gnupg security update
6th, December, 2006
Updated GnuPG packages that fix two security issues are now
available. This update has been rated as having important security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/126082
Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization
class contained a /tmp race which potentially allows local attackers to
execute code as the user using the Serialization method. This is tracked
by the Mitre CVE ID CVE-2006-5072.
http://www.linuxsecurity.com/content/view/126007
Ubuntu
Ubuntu: evince vulnerability
30th, November, 2006
A buffer overflow was discovered in the PostScript processor
included in evince. By tricking a user into opening a specially crafted
PS file, an attacker could crash evince or execute arbitrary code with
the user's privileges.
http://www.linuxsecurity.com/content/view/126000
Ubuntu: libgsf vulnerability
4th, December, 2006
A heap overflow was discovered in the OLE processing code in
libgsf. If a user were tricked into opening a specially crafted OLE document,
an attacker could execute arbitrary code with the user's privileges.
http://www.linuxsecurity.com/content/view/126061
Ubuntu: xine-lib vulnerability
4th, December, 2006
A buffer overflow was discovered in the Real Media input plugin
in xine-lib. If a user were tricked into loading a specially crafted stream
from a malicious server, the attacker could execute arbitrary code with
the user's privileges.
http://www.linuxsecurity.com/content/view/126062
Ubuntu: evince vulnerability
5th, December, 2006
USN-390-1 fixed a vulnerability in evince. The original fix
did not fully solve the problem, allowing for a denial of service in certain
situations.
http://www.linuxsecurity.com/content/view/126075
Tavis Ormandy discovered that gnupg was incorrectly using the
stack. If a user were tricked into processing a specially crafted message,
an attacker could execute arbitrary code with the user's privileges.
http://www.linuxsecurity.com/content/view/126098
Only registered users can write comments. Please login or register.
