Date: Tue, 29 Nov 2005 16:37:51 -0700
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #262
SecurityFocus Linux Newsletter #262
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Tenable discusses the Nessus 3 release
       2. Regaining control
II.  LINUX VULNERABILITY SUMMARY
       1. Inkscape SVG Image Buffer Overflow Vulnerability
       2. NetPBM PNMToPNG Long Text Line Buffer Overflow Vulnerability
       3. Opera Web Browser Arbitrary Command Execution Vulnerability
       4. IPSec-Tools IKE Message Handling Denial of Service 
Vulnerability
       5. FUSE Mount Options Corruption Vulnerability
       6. Horde MIME Viewer Inline Attachment HTML Injection 
Vulnerability
       7. EIX Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. Security, Distributed firewalling application...long  ;-) 
       2. Kryptor for Linux released
       3. Automatic Password Generator Tools on Unix Platform
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Tenable discusses the Nessus 3 release
By Federico Biancuzzi
SecurityFocus interviews Ron Gula to get a glimpse of Tenable's 
upcoming free (but closed-source) Nessus 3 vulnerability scanner. The 
discussion looks at license changes, community involvement, daemon security, 
new features, GPL open-source versus free, NASL, and more.
http://www.securityfocus.com/columnists/371

2. Regaining control
By Kelly Martin
Securing endpoint systems by locking them down using complex software 
brings back memories of another era, where business computers were once 
used for business applications only - and businesses retained control 
over their assets and data.
http://www.securityfocus.com/columnists/372


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Inkscape SVG Image Buffer Overflow Vulnerability
BugTraq ID: 15507
Remote: Yes
Date Published: 2005-11-21
Relevant URL: http://www.securityfocus.com/bid/15507
Summary:
Inkscape is prone to a buffer overflow vulnerability.  This issue is 
due to a failure in the application to do proper bounds checking on 
user-supplied data before copying it into a finite sized buffer.

When the application processes a malformed SVG image file, it results 
in a buffer overflow.  An attacker can exploit this vulnerability to 
execute arbitrary code in the context of the victim user.

2. NetPBM PNMToPNG Long Text Line Buffer Overflow Vulnerability
BugTraq ID: 15514
Remote: Yes
Date Published: 2005-11-21
Relevant URL: http://www.securityfocus.com/bid/15514
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue 
is due to a failure of the application to properly bounds check 
user-supplied data prior to copying it to an insufficiently sized memory 
buffer. This issue reportedly only occurs when the '-text' command line 
option is utilized.

This issue allows attackers to create malicious PNM files that, when 
parsed by the affected utility, allow arbitrary machine code to be 
executed. This occurs in the context of the user running the affected 
utility.

This vulnerability was reported in versions 9.20 and 10.0 of NetPBM. 
Other versions may also be affected.

3. Opera Web Browser Arbitrary Command Execution Vulnerability
BugTraq ID: 15521
Remote: Yes
Date Published: 2005-11-22
Relevant URL: http://www.securityfocus.com/bid/15521
Summary:
Opera Web Browser is affected by an arbitrary command execution 
vulnerability.

User-supplied data passed through a URI is not properly sanitized, 
allowing an attacker to use a specially crafted URI and enticing a user to 
follow it to execute arbitrary commands through the shell. 

This attack may facilitate unauthorized remote access.

Opera 8.50 and prior versions running on Unix and Linux platforms are 
vulnerable to this issue.  This vulnerability is identical to BID 14888 
(Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability).

4. IPSec-Tools IKE Message Handling Denial of Service Vulnerability
BugTraq ID: 15523
Remote: Yes
Date Published: 2005-11-22
Relevant URL: http://www.securityfocus.com/bid/15523
Summary:
IPsec-Tools is prone to a denial of service vulnerability.  This issue 
is due to a failure in the application to handle exceptional conditions 
when in 'AGGRESSIVE' mode.

An attacker can exploit this issue to crash the application denying 
service to legitimate users.

These vulnerabilities were discovered by and may be reproduced by the 
University of Oulu Secure Programming Group PROTOS IPSec Test Suite.

5. FUSE Mount Options Corruption Vulnerability
BugTraq ID: 15529
Remote: No
Date Published: 2005-11-22
Relevant URL: http://www.securityfocus.com/bid/15529
Summary:
FUSE is prone to a vulnerability that could change or corrupt current 
mount options.

Successful exploitation could result in a denial of service if mount 
options become unusable.  An attacker can also exploit this issue to add 
arbitrary mount points that could grant the attacker read and possibly 
write access to otherwise restricted or privileged mount points.  Other 
attacks are also possible..

6. Horde MIME Viewer Inline Attachment HTML Injection Vulnerability
BugTraq ID: 15535
Remote: Yes
Date Published: 2005-11-22
Relevant URL: http://www.securityfocus.com/bid/15535
Summary:
Horde MIME Viewer is prone to an HTML injection vulnerability.  This 
issue is due to a failure in the application to properly sanitize 
user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context 
of the affected Web site, potentially allowing for theft of 
cookie-based authentication credentials. An attacker could also exploit this issue 
to control how the site is rendered to the user; other attacks are also 
possible.

7. EIX Insecure Temporary File Creation Vulnerability
BugTraq ID: 15541
Remote: No
Date Published: 2005-11-23
Relevant URL: http://www.securityfocus.com/bid/15541
Summary:
eix creates temporary files in an insecure manner. An attacker with 
local access could potentially exploit this issue to obtain sensitive 
information in the context of the user running the application.

Exploitation would most likely result in loss of confidentiality, data 
or a denial of service if critical files are overwritten in the attack. 
Other attacks may be possible as well.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Security, Distributed firewalling application...long  ;-) 
http://www.securityfocus.com/archive/91/418029

2. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236

3. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130