#275

SecurityFocus Linux Newsletter #275
----------------------------------------

This Issue is Sponsored By: SpiDynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"-  SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com ... _ID=70130000000C543

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. John the Ripper 1.7, by Solar Designer
       2. Zero to IPSec in 4 minutes
       3. Spreading security awareness for OS X
II.  LINUX VULNERABILITY SUMMARY
       1. Bugzilla Whinedays SQL Injection Vulnerability
       2. Bugzilla User Credentials Information Disclosure Vulnerability
       3. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities
       4. Linux Kernel SDLA_XFER Kernel Memory Disclosure Vulnerability
       5. GNU Tar Invalid Headers Buffer Overflow Vulnerability
       6. ViRobot Linux Server Authentication Bypass Vulnerability
       7. Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability
       8. SUSE CASA Pam_Micasa Remote Buffer Overflow Vulnerability
       9. Zoo Misc.c Buffer Overflow Vulnerability
       10. PHPWebSite Topics.PHP SQL Injection Vulnerability
       11. Simple Machines X-Forwarded-For HTML Injection Vulnerability
       12. MySQL Query Logging Bypass Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. Kryptor Whitepaper released
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. John the Ripper 1.7, by Solar Designer
By Federico Biancuzzi
Federico Biancuzzi interviews Solar Designer, creator of the popular John the Ripper password cracker. Solar Designer discusses what's new in version 1.7, the advantages of popular cryptographic hashes, the relative speed at which many passwords can now be cracked, and how one can choose strong passphrases (forget passwords) that are harder to break.
http://www.securityfocus.com/columnists/388

2. Zero to IPSec in 4 minutes
By Dragos Ruiu
This short article looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat.
http://www.securityfocus.com/infocus/1859

3. Spreading security awareness for OS X
By Robert Lemos
Robert Lemos interviews Kevin Finisterre, founder of security startup Digital Munition, who created the three recent versions of the InqTana worm to raise awareness of security in Apple's OS X. Finisterre discusses his reasons for creating the worms, the problems with Mac OS X security, and why he does not fear prosecution.
http://www.securityfocus.com/columnists/389


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Bugzilla Whinedays SQL Injection Vulnerability
BugTraq ID: 16738
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16738
Summary:
Bugzilla is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Exploitation of this issue requires the attacker to have administrative access to the affected application.

2. Bugzilla User Credentials Information Disclosure Vulnerability
BugTraq ID: 16745
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16745
Summary:
Bugzilla is prone to an information-disclosure vulnerability. This issue is due to a design error in the application.

An attacker can exploit this issue by tricking a victim user into following a malicious URI and then retrieving the victim user's login credentials.

To successfully exploit this issue, the attacker requires the name of the path where the login page resides and resolves to a computer on the local network of the victim user.

3. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities
BugTraq ID: 16756
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16756
Summary:
SquirrelMail is susceptible to multiple cross-site scripting and IMAP-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input.

An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

An attacker may leverage the IMAP-injection issue to execute arbitrary IMAP commands on the configured IMAP server. This may aid attackers in further attacks as well as allow them to exploit latent vulnerabilities in the IMAP server.

4. Linux Kernel SDLA_XFER Kernel Memory Disclosure Vulnerability
BugTraq ID: 16759
Remote: No
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16759
Summary:
The Linux kernel is affected by a local memory-disclosure vulnerability.

This issue allows an attacker to read kernel memory. Information gathered via exploitation may aid malicious users in further attacks.

This issue affects kernel versions 2.4.x up to 2.4.29-rc1, and 2.6.x up to 2.6.5.

5. GNU Tar Invalid Headers Buffer Overflow Vulnerability
BugTraq ID: 16764
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers.  Successful exploitation could potentially lead to arbitrary code execution, though this has not been confirmed.

Tar versions 1.14 and above are vulnerable.

6. ViRobot Linux Server Authentication Bypass Vulnerability
BugTraq ID: 16768
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16768
Summary:
ViRobot Linux Server is prone to an authentication-bypass vulnerability.

Remote attackers can exploit this issue to gain access to the application's file-scanning functionality.

Presumably, the exploitation of this issue may allow attackers to carry out other attacks, such as triggering denial-of-service conditions by scanning a large number of large files. Other attacks due to latent vulnerabilities in the application are possible.

ViRobot Linux Server 2.0 (20050817) is reportedly vulnerable. Other versions may be affected as well.

7. Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability
BugTraq ID: 16770
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Mozilla Thunderbird is prone to a script-execution vulnerability.

The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client.

Mozilla Thunderbird 1.0.7 and prior versions are reportedly affected.

8. SUSE CASA Pam_Micasa Remote Buffer Overflow Vulnerability
BugTraq ID: 16779
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16779
Summary:
SUSE CASA is prone to a remote buffer-overflow vulnerability.

This issue can allow remote attackers to gain superuser privileges to a vulnerable computer by executing arbitrary code.

The 'pam_micasa' module is affected.

9. Zoo Misc.c Buffer Overflow Vulnerability
BugTraq ID: 16790
Remote: Yes
Date Published: 2006-02-23
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
Zoo is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application.

10. PHPWebSite Topics.PHP SQL Injection Vulnerability
BugTraq ID: 16825
Remote: Yes
Date Published: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16825
Summary:
phpWebSite is prone to an SQL injection vulnerability.  This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

11. Simple Machines X-Forwarded-For HTML Injection Vulnerability
BugTraq ID: 16841
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16841
Summary:
Simple Machines is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.


This issue is reported to affect Simple Machines version 1.0.6 and earlier.

12. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query logging bypass vulnerability. This issue is due to a discrepency between the handling of NULL bytes in input data.

This issue allows attackers to bypass the query logging functionality of the database, so they can cause malicious SQL queries to be improperly logged. This may aid them in hiding the traces of malicious activity from administrators.

This issue affects MySQL version 5.0.18; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor Whitepaper released
http://www.securityfocus.com/archive/91/425067

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"-  SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com ... _ID=70130000000C543　　　　　　

#276

SecurityFocus Linux Newsletter #276
----------------------------------------

This Issue is Sponsored By: Cambia

Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT policy compliance by as much as 90%, while improving your security posture. Cambia.s agentless software continuously discovers all changes to network assets, intelligently determines which changes pose a risk to security and compliance and works with administrators to fix breaches quickly.

http://a.gklmedia.com/sfln/nl/125

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. The big DRM mistake
       2. The value of vulnerabilities
II.  LINUX VULNERABILITY SUMMARY
       1. PHPWebSite Topics.PHP SQL Injection Vulnerability
       2. MySQL Query Logging Bypass Vulnerability
       3. Mozilla Thunderbird Multiple Remote Information Disclosure Vulnerabilities
       4. OpenSSH Remote PAM Denial Of Service Vulnerability
       5. Flex Multiple Unspecified Vulnerabilities
       6. NCP Secure Client Multiple Vulnerabilities
       7. IRSSI DCC ACCEPT Denial of Service Vulnerability
       8. Apache mod_python FileSession Code Execution Vulnerability
       9. Linux Kernel XFS File System Local Information Disclosure Vulnerability
       10. Linux Kernel NFS Client Denial of Service Vulnerability
       11. Linux Kernel sys_mbind System Call Local Denial of Service Vulnerability
       12. Linux Kernel ELF File Entry Point Denial of Service Vulnerability
       13. Kaspersky Anti-Virus Unspecified Denial Of Service Vulnerability
       14. WordPress User-Agent SQL Injection Vulnerability
       15. Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
       16. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. IPS HLBR 1.0 released (off-topic)
       2. New SecurityFocus article published.
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. The big DRM mistake
By Scott Granneman
Digital Rights Managements hurts paying customers, destroys Fair Use rights, renders customers' investments worthless, and can always be defeated. Why are consumers and publishers being forced to use DRM?
http://www.securityfocus.com/columnists/390

2. The value of vulnerabilities
By Jason Miller
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?
http://www.securityfocus.com/columnists/391


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. PHPWebSite Topics.PHP SQL Injection Vulnerability
BugTraq ID: 16825
Remote: Yes
Date Published: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16825
Summary:
phpWebSite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

2. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This issue is due to a discrepency between the handling of NULL bytes in input data.

This issue allows attackers to bypass the query-logging functionality of the database so they can cause malicious SQL queries to be improperly logged. This may help them hide the traces of malicious activity from administrators.

This issue affects MySQL version 5.0.18; other versions may also be affected.

3. Mozilla Thunderbird Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 16881
Remote: Yes
Date Published: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages.

These issues allow remote attackers to gain access to potentially sensitive information, aiding them in further attacks. Attackers may also exploit these issues to know whether and when users read email messages.

Mozilla Thunderbird version 1.5 is vulnerable to these issues; other versions may also be affected.

4. OpenSSH Remote PAM Denial Of Service Vulnerability
BugTraq ID: 16892
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16892
Summary:
OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a design flaw when handling connections when configured to use OpenPAM authentication system.

This issue may be exploited by remote attackers to deny SSH service to legitimate users.

OpenSSH in conjunction with OpenPAM on FreeBSD versions 5.3 and 5.4 are affected by this issue. Other operating systems and versions may also be affected.

5. Flex Multiple Unspecified Vulnerabilities
BugTraq ID: 16896
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16896
Summary:
Flex is reportedly prone to multiple unspecified security vulnerabilities. The cause and impact of these issues are currently unknown.

Flex versions 2.5.31 and prior are vulnerable.

6. NCP Secure Client Multiple Vulnerabilities
BugTraq ID: 16906
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16906
Summary:
NCP Secure Client is susceptible to multiple vulnerabilities.

The following issues have been identified:
- Firewall rules designed to allow only specific applications to access the network may be bypassed.
- Some applications are prone to local command-line-argument buffer-overflow vulnerabilities.
- The VPN client is susceptible to a remote denial-of-service vulnerability.
- The VPN client is susceptible to a local privilege-escalation vulnerability.

These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users.

NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected.

7. IRSSI DCC ACCEPT Denial of Service Vulnerability
BugTraq ID: 16913
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16913
Summary:
The irssi client is prone to a denial-of-service vulnerability. The issue occurs when handling malicious DCC transfers.

Versions 0.8.9 and 0.8.10rc5 of irssi are vulnerable; other versions may also be affected.

8. Apache mod_python FileSession Code Execution Vulnerability
BugTraq ID: 16916
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16916
Summary:
Apache mod_python is prone to a code-execution vulnerability.

Presumably, this issue can be exploited remotely through a specially crafted session cookie. However, conflicting details also suggest that only local attackers can exploit this vulnerability. This information will be updated when more details become available.

A successful attack may facilitate a remote compromise in the context of the server. Local attacks may be possible as well.

9. Linux Kernel XFS File System Local Information Disclosure Vulnerability
BugTraq ID: 16921
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16921
Summary:
The Linux kernel's XFS filesystem is susceptible to a local information-disclosure vulnerablity. This issue is due to a flaw in the filesystem that may result in previously written data being returned to local users.

This issue allows local malicious users to gain access to potentially sensitive data, aiding them in further attacks.

Linux kernel versions prior to 2.6.15.5 are affected by this issue.

10. Linux Kernel NFS Client Denial of Service Vulnerability
BugTraq ID: 16922
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16922
Summary:
Linux kernel NFS client is prone to a denial of service vulnerability.  An unprivileged local user can cause panic the NFS client and cause it to fail.

This issue was addressed in Linux kernel 2.6.15.5; earlier versions are vulnerable.

11. Linux Kernel sys_mbind System Call Local Denial of Service Vulnerability
BugTraq ID: 16924
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16924
Summary:
The Linux kernel 'sys_mbind' system call is prone to a local denial-of-service vulnerability. This issue is due to a lack of proper input sanitization in the system call's arguments.

This issue allows local users to panic the kernel, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.15.5.

12. Linux Kernel ELF File Entry Point Denial of Service Vulnerability
BugTraq ID: 16925
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
Linux kernel is prone to a denial of service vulnerability when processing a malformed ELF file. This issue only occurs on Intel EM64T processors.

Linux kernel versions prior to 2.6.15.5 are affected by this issue.

13. Kaspersky Anti-Virus Unspecified Denial Of Service Vulnerability
BugTraq ID: 16942
Remote: Yes
Date Published: 2006-03-03
Relevant URL: http://www.securityfocus.com/bid/16942
Summary:
Kaspersky Anti-Virus is prone to a denial of service vulnerability. This is due to a failure in the application to handle unspecified files.

Attackers could cause the application to consume excessive CPU and memory resources, resulting in a denial of service.

Versions 5.0.5, and 5.5.3 of Kaspersky Anti-Virus for Unix are vulnerable to this issue; other versions and platforms may also be affected.

Further details about this vulnerability are currently unavailable. This BID will be updated as more information is disclosed.

14. WordPress User-Agent SQL Injection Vulnerability
BugTraq ID: 16950
Remote: Yes
Date Published: 2006-03-04
Relevant URL: http://www.securityfocus.com/bid/16950
Summary:
WordPress is prone to an SQL injection vulnerability.  This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

This issue affects WordPress version 1.5.2; prior versions may also be affected.

15. Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
BugTraq ID: 16954
Remote: Yes
Date Published: 2006-03-04
Relevant URL: http://www.securityfocus.com/bid/16954
Summary:
Linksys and Netgear routers are susceptible to a remote IRC denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.

This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users.

Linksys WRT54G routers are vulnerable to this issue. Routers running with the vxWorks-based operating system, and not the Linux-based operating systems are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed.

16. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
BugTraq ID: 16993
Remote: No
Date Published: 2006-03-05
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error and arises in the 'die_if_kernel()' function.

This vulnerability allows local users to panic the kernel, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.15.6 running on Itanium systems.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPS HLBR 1.0 released (off-topic)
http://www.securityfocus.com/archive/91/426920

2. New SecurityFocus article published.
http://www.securityfocus.com/archive/91/426453

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia

Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT policy compliance by as much as 90%, while improving your security posture. Cambia.s agentless software continuously discovers all changes to network assets, intelligently determines which changes pose a risk to security and compliance and works with administrators to fix breaches quickly.

http://a.gklmedia.com/sfln/nl/125　　　　　　

SecurityFocus Linux Newsletter #277

SecurityFocus Linux Newsletter #277
----------------------------------------

ALERT: "How a Hacker Launches a SQL Injection Attack!" - SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com ... _ID=70130000000C543

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Human rights and wrongs online
       2. Social engineering reloaded
II.  LINUX VULNERABILITY SUMMARY
       1. Freeciv Remote Denial Of Service Vulnerability
       2. Sauerbraten Multiple Remote Vulnerabilities
       3. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
       4. Lurker Multiple Input Validation Vulnerabilities
       5. Red Hat Initscripts Local Privilege Escalation Vulnerability
       6. Retired - KPDF Multiple Unspecified Vulnerabilities
       7. Peercast.org PeerCast Remote Buffer Overflow Vulnerability
       8. Kerio MailServer Remote Denial of Service Vulnerability
       9. GnuPG Incorrect Non-Detached Signature Verification Vulnerability
       10. Firebird Local Inet_Server Buffer Overflow Vulnerability
       11. Linux Kernel ATM Module Inconsistent Reference Counts Denial of Service Vulnerability
       12. Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
       13. Ubuntu Linux Local Installation Password Disclosure Vulnerability
       14. Drupal Multiple Input Validation Vulnerabilities
       15. Linux Kernel IP ID Information Disclosure Weakness
III. LINUX FOCUS LIST SUMMARY
       1. IPS HLBR 1.0 released (off-topic)
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Human rights and wrongs online
By Mark Rasch
A government's position on censorship used to protect its citizenry is dictated by who they are. The well-popularized censorship of Internet content in China by Google and other big players, and criticism of this by the U.S. government, is really just the tip of the iceburg.
http://www.securityfocus.com/columnists/392

2. Social engineering reloaded
By Sarah Granger
The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years. A case study of a typical Fortune 1000 company will be discussed, putting emphasis on the importance of education about social engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Freeciv Remote Denial Of Service Vulnerability
BugTraq ID: 16975
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16975
Summary:
The Freeciv game server is reported prone to a remote denial-of-service vulnerability.

A remote attacker may exploit this issue to deny service for legitimate users.

2. Sauerbraten Multiple Remote Vulnerabilities
BugTraq ID: 16986
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16986
Summary:
Sauerbraten is susceptible to multiple remote vulnerabilities:

- A buffer-overflow issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects servers.
- An invalid map-file-processing, denial-of-service issue that affects clients.

These issues allow remote attackers to execute arbitrary machine code in the context of an affected application. Attackers may also crash both clients and servers, denying service to legitimate users.

3. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
BugTraq ID: 16993
Remote: No
Date Published: 2006-03-05
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error and arises in the 'die_if_kernel()' function.

This vulnerability allows local users to panic the kernel, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.15.6 running on Itanium systems.

4. Lurker Multiple Input Validation Vulnerabilities
BugTraq ID: 17003
Remote: Yes
Date Published: 2006-03-07
Relevant URL: http://www.securityfocus.com/bid/17003
Summary:
Lurker is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to retrieve arbitrary files, overwrite arbitrary files, and have arbitrary script code executed in the browser of an unsuspecting user, all in the context of the affected site. This may facilitate a compromise of the application and the theft of cookie-based authentication credentials as well as other attacks.

5. Red Hat Initscripts Local Privilege Escalation Vulnerability
BugTraq ID: 17038
Remote: No
Date Published: 2006-03-08
Relevant URL: http://www.securityfocus.com/bid/17038
Summary:
The 'initscripts' package is prone to a local privilege-escalation vulnerability.

The vulnerability presents itself because the application fails to properly sanitize malicious data supplied through environment variables.

An attacker may exploit this issue to execute arbitrary commands with superuser privileges.

6. Retired - KPDF Multiple Unspecified Vulnerabilities
BugTraq ID: 17039
Remote: Yes
Date Published: 2006-03-08
Relevant URL: http://www.securityfocus.com/bid/17039
Summary:
The 'kpdf' utility is prone to multiple unspecified security vulnerabilities. The cause and impact of these issues are currently unknown.

All versions of kpdf are considered vulnerable at the moment. This BID will update when more information becomes available.

These issues may be related to previously addressed issues in xpdf, an application sharing a common codebase with kpdf, but were missed in previous updates.

This issue is an extension of the issue discussed in BID 16143 (KPdf and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities) and is therefore being retired.

7. Peercast.org PeerCast Remote Buffer Overflow Vulnerability
BugTraq ID: 17040
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17040
Summary:
PeerCast is prone to a remote buffer-overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution.

PeerCast 0.1215 and prior versions are vulnerable.

8. Kerio MailServer Remote Denial of Service Vulnerability
BugTraq ID: 17043
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17043
Summary:
Kerio MailServer is prone to a remote denial-of-service vulnerability. This issue affects Kerio MailServer versions 6.1.3 and prior.

9. GnuPG Incorrect Non-Detached Signature Verification Vulnerability
BugTraq ID: 17058
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17058
Summary:
GnuPG is prone to a vulnerability involving incorrect verification of non-detached signatures.

A successful attack can allow an attacker to simply take a signed message and inject arbitrary data into it and bypass verification.

Note that this issue also affects verification of signatures embedded in encrypted messages. Scripts and applications using gpg are affected, as are applications using the GPGME library.

GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.

10. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:
Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary machine code with elevated privileges, because the affected binaries are often installed with setuid privileges.

11. Linux Kernel ATM Module Inconsistent Reference Counts Denial of Service Vulnerability
BugTraq ID: 17078
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

This vulnerability affects the ATM module and allows local users to panic the kernel by creating inconsistent reference counts, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.14.

12. Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
BugTraq ID: 17084
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition vulnerability in its security-key functionality. This issue is due to a race condition that allows attackers to modify an argument of a copy operation after is has been validated, but before it is used.

This vulnerability allows local attackers to crash the kernel, denying service to legitimate users. It may also allow attackers to read portions of kernel memory, and thus gain access to potentially sensitive information. This may aid them in further attacks.

13. Ubuntu Linux Local Installation Password Disclosure Vulnerability
BugTraq ID: 17086
Remote: No
Date Published: 2006-03-12
Relevant URL: http://www.securityfocus.com/bid/17086
Summary:
Ubuntu Linux is susceptible to a local password-disclosure vulnerability. This issue is due to the installation system improperly storing cleartext passwords in world-readable files.

This issue allows local attackers to gain access to the user account that was created during the initial installation of Ubuntu. Since this user is granted 'sudo' access to the superuser account, this potentially allows local attackers to completely compromise affected computers.

14. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:
Drupal is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site, disclose sensitive information, hijack user sessions and utilize a vulnerable Drupal installation as an email relay.

15. Linux Kernel IP ID Information Disclosure Weakness
BugTraq ID: 17109
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is susceptible to a remote information disclosure weakness. This issue is due to an implementation flaw of a zero IP ID information disclosure countermeasure.

This issue allows remote attackers to utilize affected computers in stealth network port and trust scans.

The Linux kernel 2.6 series, as well as some kernels in the 2.4 series are affected by this weakness.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPS HLBR 1.0 released (off-topic)
http://www.securityfocus.com/archive/91/426920

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com ... _ID=70130000000C543　　　　　　

SecurityFocus Linux Newsletter #278
----------------------------------------

This Issue is Sponsored By: Cambia

Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual, time-consuming project-based compliance using continuous security

compliance software. Save time leveraging this FREE white paper.

http://a.gklmedia.com/sfln/nl/125

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Encryption for the masses
       2. Social engineering reloaded
II.  LINUX VULNERABILITY SUMMARY
       1. Firebird Local Inet_Server Buffer Overflow Vulnerability
       2. Linux Kernel ATM Module Inconsistent Reference Counts Denial of Service Vulnerability
       3. Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
       4. Ubuntu Linux Local Installation Password Disclosure Vulnerability
       5. CrossFire SetUp Remote Buffer Overflow Vulnerability
       6. Veritas Backup Exec Multiple Remote Denial of Service Vulnerabilities
       7. Drupal Multiple Input Validation Vulnerabilities
       8. Macromedia Flash Multiple Unspecified Security Vulnerabilities
       9. Linux Kernel IP ID Information Disclosure Weakness
       10. Debian GNU/Linux Local Information Disclosure Vulnerability
       11. Zoo Parse.c Local Buffer Overflow Vulnerability
       12. PHPWebSite Multiple SQL Injection Vulnerabilities
       13. cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability
       14. X.Org X Window Server Local Privilege Escalation Vulnerability
       15. FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
       16. Linux Kernel Netfilter Do_Replace Remote Buffer Overflow Vulnerability
       17. RunIt CHPST Privilege Escalation Vulnerability
       18. Util-VServer Unknown Linux Capabilities Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. Libnids
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Encryption for the masses
By Kelly Martin
File and disk encryption needs to be simple and easy if it's going to be used. This article looks at Apple's FileVault and takes a

sneak peak at what's coming in Windows Vista.
http://www.securityfocus.com/columnists/393

2. Social engineering reloaded
By Sarah Granger
The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved

over the past few years. A case study of a typical Fortune 1000 company will be discussed, putting emphasis on the importance of

education about social engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:
Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check

boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary machine code with elevated privileges, because the affected binaries are

often installed with setuid privileges.

2. Linux Kernel ATM Module Inconsistent Reference Counts Denial of Service Vulnerability
BugTraq ID: 17078
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

This vulnerability affects the ATM module and allows local users to panic the kernel by creating inconsistent reference counts,

denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.14.

3. Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
BugTraq ID: 17084
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition vulnerability in its security-key functionality. This issue is due to a

race condition that allows attackers to modify an argument of a copy operation after is has been validated, but before it is used.

This vulnerability allows local attackers to crash the kernel, denying service to legitimate users. It may also allow attackers to

read portions of kernel memory, and thus gain access to potentially sensitive information. This may aid them in further attacks.

4. Ubuntu Linux Local Installation Password Disclosure Vulnerability
BugTraq ID: 17086
Remote: No
Date Published: 2006-03-12
Relevant URL: http://www.securityfocus.com/bid/17086
Summary:
Ubuntu Linux is susceptible to a local password-disclosure vulnerability. This issue is due to the installation system improperly

storing cleartext passwords in world-readable files.

This issue allows local attackers to gain access to the user account that was created during the initial installation of Ubuntu.

Since this user is granted 'sudo' access to the superuser account, this potentially allows local attackers to completely

compromise affected computers.

5. CrossFire SetUp Remote Buffer Overflow Vulnerability
BugTraq ID: 17093
Remote: Yes
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17093
Summary:
CrossFire is prone to a remote buffer-overflow vulnerability. This can facilitate a remote compromise due to arbitrary code

execution.

CrossFire 1.9.0 and prior versions are vulnerable.

6. Veritas Backup Exec Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 17098
Remote: Yes
Date Published: 2006-03-17
Relevant URL: http://www.securityfocus.com/bid/17098
Summary:
Veritas Backup Exec is prone to multiple remote denial-of-service vulnerabilities.

These issues result in memory violations and memory exhaustion and lead to denial-of-service conditions in the affected

applications. A restart is required to regain normal functionality in most cases.

Various versions of Backup Exec for Windows, Linux, and Netware are vulnerable.

7. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:
Drupal is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly

sanitize user-supplied input.

An attacker may leverage these issues to:

-  have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site
- access sensitive information
- hijack user sessions
- use a vulnerable Drupal installation as an email relay.

8. Macromedia Flash Multiple Unspecified Security Vulnerabilities
BugTraq ID: 17106
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17106
Summary:
The Macromedia Flash plug-in is susceptible to multiple unspecified vulnerabilities.

An attacker can potentially exploit these vulnerabilities to execute arbitrary code. The most likely vector of attack is through a

malicious SWF file that has been designed to trigger the vulnerability and has been placed on a website. A denial-of-service

condition may also occur.

Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are vulnerable to these issues.

9. Linux Kernel IP ID Information Disclosure Weakness
BugTraq ID: 17109
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is susceptible to a remote information-disclosure weakness. This issue is due to an implementation flaw of a zero

'ip_id' information-disclosure countermeasure.

This issue allows remote attackers to use affected computers in stealth network port and trust scans.

The Linux kernel 2.6 series, as well as some kernels in the 2.4 series, are affected by this weakness.

10. Debian GNU/Linux Local Information Disclosure Vulnerability
BugTraq ID: 17122
Remote: No
Date Published: 2006-03-15
Relevant URL: http://www.securityfocus.com/bid/17122
Summary:
Debian GNU/Linux is susceptible to a local information-disclosure vulnerability. This issue is due to the installation system

improperly storing sensitive information in world-readable files.

This issue allows local users to gain access to sensitive information that may aid them in further attacks. If the affected

computer was installed using an automated installation process, the pre-seeded superuser password may be available to attackers,

facilitating the complete compromise of the computer.

11. Zoo Parse.c Local Buffer Overflow Vulnerability
BugTraq ID: 17126
Remote: No
Date Published: 2006-03-16
Relevant URL: http://www.securityfocus.com/bid/17126
Summary:
Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds

checking on user-supplied data before using it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application to

potentially gain elevated privileges.

12. PHPWebSite Multiple SQL Injection Vulnerabilities
BugTraq ID: 17150
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17150
Summary:
phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly

sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in

the underlying database implementation.

13. cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability
BugTraq ID: 17154
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17154
Summary:
cURL and libcURL are prone to a buffer-overflow vulnerability. This issue is due to a failure in the library to perform proper

bounds checks on user-supplied data before using it in a finite-sized buffer.

The issue occurs when the URL parser handles an excessively long URL string with a TFTP protocol prefix 'tftp://'.


An attacker can exploit this issue to crash the affected library, effectively denying service. Arbitrary code execution may also

be possible, which may facilitate a compromise of the underlying system.

14. X.Org X Window Server Local Privilege Escalation Vulnerability
BugTraq ID: 17169
Remote: No
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17169
Summary:
The X.Org X Window server is prone to a privilege-escalation vulnerability.

A local attacker can exploit this issue to load arbitrary modules and execute them or overwrite arbitrary files with superuser

privileges. This may facilitate a complete compromise of the affected computer.

15. FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
BugTraq ID: 17171
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17171
Summary:
FreeRADIUS is prone to an authentication-bypass vulnerability. The issue exists in the EAP-MSCHAPv2 state machine. Bypassing

authentication could also cause the server to crash.

FreeRADIUS versions from 1.0.0 to 1.1.0 are vulnerable.

16. Linux Kernel Netfilter Do_Replace Remote Buffer Overflow Vulnerability
BugTraq ID: 17178
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
The Linux kernel is susceptible to a remote buffer-overflow vulnerability. This issue is due to the kernel's failure to properly

bounds-check user-supplied input before using it in a memory copy operation.

This issue allows remote attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious

machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.

Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue.

17. RunIt CHPST Privilege Escalation Vulnerability
BugTraq ID: 17179
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17179
Summary:
Runit is susceptible to a local privilege-escalation vulnerability. This issue is due to a flaw in the 'chpst' utility that

results in programs gaining unintended, elevated group privileges.

This issue will have varying consequences depending on the nature of programs executed by the affected utility. Attackers

exploiting latent vulnerabilities in applications may gain access to elevated group privileges.

Runit versions prior to 1.4.1 are affected by this issue. This affects only packages that are compiled with 16-bit gid_t types

(such as when compiled with dietlibc).

18. Util-VServer Unknown Linux Capabilities Vulnerability
BugTraq ID: 17180
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17180
Summary:
The util-vserver package for the Linux-VServer project is susceptible to an unknown Linux capability vulnerability. The package

fails to properly handle unknown Linux capabilities.

The exact consequences of this issue are currently unknown. They depend on the nature of the unknown capabilities and on the

nature of the applications that use them. Hosted virtual servers may possibly gain inappropriate access to the hosting operating

system.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Libnids
http://www.securityfocus.com/archive/91/428026

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of

the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer.

Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia

Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual, time-consuming project-based compliance using continuous security

compliance software. Save time leveraging this FREE white paper.

http://a.gklmedia.com/sfln/nl/125　　　　　　

SecurityFocus Linux Newsletter #280

SecurityFocus Linux Newsletter #280
----------------------------------------

Test your Network Security Free with QualysGuard
Requiring NO software, QualysGuard will safely and accurately test your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation.

http://www.securityfocus.com/cgi-bin/ib.pl

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Two attacks against VoIP
       2. Open source security testing methodology
       3. This Means Warcraft!
II.  LINUX VULNERABILITY SUMMARY
       1. Vavoom Multiple Denial of Service Vulnerabilities
       2. MediaWiki Encoded Page Link HTML Injection Vulnerability
       3. Noah Grey Greymatter Arbitrary File Upload Vulnerability
       4. Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability
       5. Horde Help Viewer Remote PHP Code Execution Vulnerability
       6. FreeRadius RLM_SQLCounter SQL Injection Vulnerability
       7. Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability
       8. DIA XFIG File Import Multiple Remote Buffer Overflow Vulnerabilities
       9. GNU Mailman Attachment Scrubber Malformed MIME Message Denial Of Service Vulnerability
       10. Samba Machine Trust Account Local Information Disclosure Vulnerability
       11. BusyBox Insecure Password Hash Weakness
       12. Util-VServer SUEXEC Privilege Escalation Weakness
       13. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
       14. MPG123 Malformed MP3 File Memory Corruption Vulnerability
       15. HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability
       16. Kaffeine Remote HTTP_Peek Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. IPtables and C programming??
       2. Systrace 1.6: Phoenix Release for Linux
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Two attacks against VoIP
By Peter Thermos
This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications.
http://www.securityfocus.com/infocus/1862

2. Open source security testing methodology
By Federico Biancuzzi
Truth is made of numbers. Following this golden rule, Federico Biancuzzi interviewed Pete Herzog, founder of ISECOM and creator of the OSSTMM, to talk about the upcoming revision 3.0 of the Open Source Security Testing Methodology Manual. He discusses why we need a testing methodology, why use open source, the value of certifications, and plans for a new vulnerability scanner developed with a different approach than Nessus.
http://www.securityfocus.com/columnists/395

3. This Means Warcraft!
By Mark Rasch
A recent World of Warcraft case involved a WoW book by Brian Knopp that was being sold on eBay. It resulted in automated takedown notices by "lawyerbots" and shows how the legal process today can end up silencing legitimate uses of trademarks and copyrights.
http://www.securityfocus.com/columnists/396


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Vavoom Multiple Denial of Service Vulnerabilities
BugTraq ID: 17261
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17261
Summary:
Vavoom is prone to two denial-of-service vulnerabilities. These issues can cause the application to stop responding or fail.

Vavoom 1.19.1 and earlier are affected.

2. MediaWiki Encoded Page Link HTML Injection Vulnerability
BugTraq ID: 17269
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17269
Summary:
MediaWiki is prone to an HTML-injection vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

3. Noah Grey Greymatter Arbitrary File Upload Vulnerability
BugTraq ID: 17271
Remote: Yes
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17271
Summary:
Greymatter is prone to an arbitrary file-upload vulnerability.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

4. Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 17288
Remote: No
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17288
Summary:
Multiple packages in Debian GNU/Linux are susceptible to an insecure RUNPATH vulnerability. This issue is due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries.

This vulnerability may result in arbitrary code being executed in the context of users who run the vulnerable executables. This may facilitate privilege escalation.

5. Horde Help Viewer Remote PHP Code Execution Vulnerability
BugTraq ID: 17292
Remote: Yes
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17292
Summary:
Horde is prone to a remote PHP code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary malicious PHP code and in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

Horde versions 3.0 up to 3.0.9 and 3.1.0 are vulnerable; other versions may also be affected.

6. FreeRadius RLM_SQLCounter SQL Injection Vulnerability
BugTraq ID: 17294
Remote: Yes
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17294
Summary:
FreeRADIUS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

7. Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability
BugTraq ID: 17308
Remote: No
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17308
Summary:
Tetris-BSD is prone to a local privilege-escalation vulnerability. The issue results from a design error.

A local attacker can leverage this issue to exploit latent vulnerabilities in applications by overwriting shared game data files.

8. DIA XFIG File Import Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 17310
Remote: Yes
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17310
Summary:
Dia is affected by multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers.

These issues allow remote attackers to execute arbitrary machine code in the context of the user running the affected application to open attacker-supplied malicious XFig files.

9. GNU Mailman Attachment Scrubber Malformed MIME Message Denial Of Service Vulnerability
BugTraq ID: 17311
Remote: Yes
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17311
Summary:
GNU Mailman is prone to denial-of-service attacks. This issue affects the attachment-scrubber utility.

The vulnerability could be triggered by mailing-list posts and will affect the availability of mailing lists hosted by the application.

This issue presents itself only when Mailman is used in conjunction with Python email version 2.5.

10. Samba Machine Trust Account Local Information Disclosure Vulnerability
BugTraq ID: 17314
Remote: No
Date Published: 2006-03-30
Relevant URL: http://www.securityfocus.com/bid/17314
Summary:
Samba is susceptible to a local information-disclosure vulnerability. This issue is due to a design error that potentially leads to sensitive information being written to log files. This occurs when the debugging level has been set to 5 or higher.

This issue allows local attackers to gain access to the machine trust account of affected computers. Attackers may then impersonate the affected server in the domain. By impersonating the member server, attackers may gain access to further sensitive information, including the users and groups in the domain; other information may also be available. This may aid attackers in further attacks.

Samba versions 3.0.21 through to 3.0.21c that use the 'winbindd' daemon are susceptible to this issue.

11. BusyBox Insecure Password Hash Weakness
BugTraq ID: 17330
Remote: Yes
Date Published: 2006-03-31
Relevant URL: http://www.securityfocus.com/bid/17330
Summary:
BusyBox is susceptible to an insecure password-hash weakness. This issue is due to a design flaw that results in password hashes being created in an insecure manner.

This issue allows attackers to use precomputed password hashes in brute-force attacks if they can gain access to password hashes by some means (such as exploiting another vulnerability).

12. Util-VServer SUEXEC Privilege Escalation Weakness
BugTraq ID: 17361
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17361
Summary:
The util-vserver package for the Linux-VServer project is susceptible to a privilege-escalation weakness.

This issue allows remote attackers that exploit latent vulnerabilities in services to potentially gain superuser privileges in a guest virtual server. This may aid them in further attacks.

13. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
BugTraq ID: 17362
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17362
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

14. MPG123 Malformed MP3 File Memory Corruption Vulnerability
BugTraq ID: 17365
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17365
Summary:
The mpg123 application is prone to a memory-corruption vulnerability related to the handling of MP3 streams.

An attacker may be able to exploit this vulnerability to execute arbitrary code in the context of the user running the player, but this has not been confirmed.

This issue may be related to the one described in BID 12218 (MPG123 Layer 2 Frame Header Heap Overflow Vulnerability).

15. HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability
BugTraq ID: 17367
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17367
Summary:
The HP Color LaserJet 2500/4600 Toolbox is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

16. Kaffeine Remote HTTP_Peek Buffer Overflow Vulnerability
BugTraq ID: 17372
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17372
Summary:
Kaffiene is reportedly affected by a remote buffer overflow vulnerability.  The problem presents itself due to insufficient boundary checks on user-supplied strings prior to copying them into finite stack-based buffers.

An attacker can leverage this issue remotely to execute arbitrary code on an affected computer with the privileges of an unsuspecting user that executed the vulnerable software.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPtables and C programming??
http://www.securityfocus.com/archive/91/429848

2. Systrace 1.6: Phoenix Release for Linux
http://www.securityfocus.com/archive/91/428672

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
Test your Network Security Free with QualysGuard
Requiring NO software, QualysGuard will safely and accurately test your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation.

http://www.securityfocus.com/cgi-bin/ib.pl