Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: December 7th, 2007
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for sitebar, e2fsprog, wesnoth, zabbix, asterisk, heimdal, liblcms, openssh, openssl, vixie-cron, apache, openoffice, cairo, samba, mono, perl, and php. The distributors include Debian, Mandriva, Red Hat, SuSE, Slackware, Ubuntu.
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP) - Secret knocks have been used for purposes as simple and childish as identifying friend or foe during a schoolyard fort war. Fraternities teach these knocks as a rite of passage into their society, and in our security world we can implement this layer of security to lock down an SSH server.
With this guide on FWKNOP by Eckie S. (one of our own), you are taken on an easy-to-follow process of securing your platform with your own client and server port knocking set-up.
Installation, iptable Rules setup, configuring access for the client and server, and everything in between. Check it out!
Master's Student: Social Engineering is not just a definition! - We are happy to announce a new addition to the Linux Security Contributing Team: Gian G. Spicuzza. Currently a Graduate Student pursuing a Masters Degree in Computer Security (MSIA), Gian is a certified Linux/Unix administrator, the lead developer for the OSCAR-Backup System (at Sourceforge.com) and has experience in a variety of CSO, Management and consulting positions.
His first topic is a quick foray into the world and psychology of Social Engineering:
All the security in the world isn't going to stop one of your employees or coworkers from giving up information. Just how easy is it?
Craig never worked for Linda's company, nor did he call from IT. Craig was an unethical hacker who just gained unauthorized access to her account. Why? Because a phone call is simple.
Read on to see just how easy businesses can be exploited.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
Debian: New sitebar packages fix several vulnerabilities (Dec 7)
A directory traversal vulnerability in the translation module allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.
Debian: New e2fsprogs packages fix arbitrary code execution (Dec 7)
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
Debian: New wesnoth packages fix arbitrary file disclosure (Dec 6)
A vulnerability has been discovered in Battle for Wesnoth that allows remote attackers to read arbitrary files the user running the client has access to on the machine running the game client.
Debian: New zabbix packages fix privilege escalation (Dec 5)
Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.
ulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.
Debian: New asterisk packages fix SQL injection (Dec 2)
Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit performs insufficient sanitising of call-related data, which may lead to SQL injection.
It was found that the gss_userok() function in Heimdal 0.7.2 did not allocate memory for the ticketfile pointer before calling free(), which could possibly allow remote attackers to have an unknown impact via an invalid username. It is uncertain whether or not this is exploitable, however packages are being provided regardless. The updated packages have been patched to correct these issues.
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. Updated package fixes this issue.
A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. The updated packages have been patched to correct these issue.
A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users. The updated packages have been patched to correct these issue.
Mandriva: Updated vixie-cron packages fix DoS vulnerability (Dec 3)
Raphael Marichez discovered a denial of service bug in how vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could prevent vixie-cron from executing certain system cron jobs. The updated packages have been patched to correct this issue.
A flaw in the Apache mod_proxy module was found that could potentially lead to a denial of service is using a threaded Multi-Processing Module. On sites where a reverse proxy is configured, a remote attacker could send a special reequest that would cause the Apache child process handling the request to crash. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847).
Updated openoffice.org and hsqldb packages that fix security flaws are now available for Red Hat Enterprise Linux 5. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Updated openoffice.org2 packages that fix a security issue are now available for Red Hat Enterprise Linux 4.It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
New cairo packages are available for Slackware 11.0, 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503
Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled.
It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks. (CVE-2007-5960)
It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998)
Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
