Date: Tue, 14 Feb 2006 16:53:30 -0700
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #273
SecurityFocus Linux Newsletter #273
----------------------------------------

This Issue is Sponsored By: SpiDynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack 
Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your 
server to a hacker giving them the ability to read, write and 
manipulate all data stored in your backend systems! Download this *FREE* white 
paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f7

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Coffee shop WiFi for dummies
        2. Sebek 3: tracking the attackers, part two
        3. Privacy and anonymity
II.  LINUX VULNERABILITY SUMMARY
        1. Linux Kernel ICMP_Send Remote Denial Of Service 
Vulnerability
        2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
        3. OProfile OPControl Path Specification Local Privilege 
Escalation Vulnerability
        4. Sun Java Web Start Untrusted Application Unauthorized Access 
Vulnerability
        5. Sun ONE Directory Server Remote Denial Of Service 
Vulnerability
        6. Adzapper Squid_Redirect URI Handling Remote Denial of 
Service Vulnerability
        7. GNUTLS LibTASN1 DER Decoding Denial of Service 
Vulnerabilities
        8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
        9. ELOG Web Logbook Multiple Remote Vulnerabilities
        10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution 
Vulnerability
        11. IBM Tivoli Directory Server Unspecified LDAP Memory 
Corruption Vulnerability
        12. Honeyd IP Reassembly Remote Virtual Host Detection 
Vulnerability
        13. Noweb Insecure Temporary File Creation Vulnerability
        14. Valve Software Half-Life CSTRIKE Server Remote Denial of 
Service Vulnerability
        15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow 
Vulnerability
        16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
        17. PostgreSQL Remote SET ROLE Privilege Escalation 
Vulnerability
        18. PostgreSQL Set Session Authorization Denial of Service 
Vulnerability
III. LINUX FOCUS LIST SUMMARY
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Coffee shop WiFi for dummies
By Scott Granneman
The average user has no idea of the risks associated with public WiFi 
hotspots. Here are some very simple tips for them to keep their network 
access secure.
http://www.securityfocus.com/columnists/385

2. Sebek 3: tracking the attackers, part two
By Raul Siles, GSE
The second article in this honeypot series discusses best practices for 
deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek 
to watch all the attacker's activities in real-time.
http://www.securityfocus.com/infocus/1858

3. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are 
difficult to achieve. Here are some of the the current issues we face, 
along with a few suggestions on how we can become a little more anonymous 
on the Web.
http://www.securityfocus.com/columnists/386


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
BugTraq ID: 16532
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16532
Summary:
Linux kernel is prone to a remote denial-of-service vulnerability.

Remote attackers can exploit this vulnerability to crash affected 
kernels, effectively denying service to legitimate users.

Linux kernel versions 2.6.15.2 and prior in the 2.6 series are 
vulnerable to this issue.

2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
BugTraq ID: 16535
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16535
Summary:
ProFTPD's mod_radius is prone to a buffer-overflow vulnerability. This 
issue is due to a failure in the application to properly bounds-check 
user-supplied data before copying it to an insufficiently sized buffer.

Remote code execution may be possible, but it depends on an attacker's 
ability to brute-force the resulting output of an MD5 hash to place 
useful information into critical memory regions that are adjacent to the 
overrun stack buffer.

3. OProfile OPControl Path Specification Local Privilege Escalation 
Vulnerability
BugTraq ID: 16536
Remote: No
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16536
Summary:
OProfile is prone to a privilege-escalation vulnerability. The 
application attempts to execute commands without properly specifying the 
executable's location.

This issue allows local attackers to execute arbitrary commands. If the 
vulnerable script is executable via privilege-escalation utilities such 
as 'sudo', attackers may exploit this issue to execute arbitrary code 
with superuser privileges.

4. Sun Java Web Start Untrusted Application Unauthorized Access 
Vulnerability
BugTraq ID: 16540
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16540
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote 
attackers to gain unauthorized access to a vulnerable computer.

The vendor has reported that this vulnerability allows untrusted 
applications to gain read/write privileges to local files on a vulnerable 
computer.

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 Update 5 
and earlier 5.0 releases for Windows, Solaris, and Linux are 
vulnerable.

5. Sun ONE Directory Server Remote Denial Of Service Vulnerability
BugTraq ID: 16550
Remote: Yes
Date Published: 2006-02-08
Relevant URL: http://www.securityfocus.com/bid/16550
Summary:
Sun ONE Directory Server is prone to a remote denial-of-service 
vulnerability. This issue is due to the application's failure to handle 
malformed network traffic.

This issue allows remote attackers to crash the application, denying 
service to legitimate users.

6. Adzapper Squid_Redirect URI Handling Remote Denial of Service 
Vulnerability
BugTraq ID: 16558
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16558
Summary:
Adzapper is prone to a remote denial-of-service vulnerability when 
installed as a plugin in squid.

The vulnerability presents itself when a specially crafted URI is 
handled.

Adzapper versions prior to 2006-01-29 are vulnerable.

7. GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities
BugTraq ID: 16568
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
Libtasn1 is prone to multiple denial-of-service vulnerabilities. A 
remote attacker can send specifically crafted data to trigger these flaws, 
leading to denial-of-service condition.

These issues have been addressed in Libtasn1 versions 0.2.18; earlier 
versions are vulnerable.

8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
BugTraq ID: 16570
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is susceptible to a remote 
access-control-bypass vulnerability. This issue is due to a failure to 
validate the privileges of remote users before setting ACLs.

This issue allows remote attackers to improperly alter ACLs on NFS 
filesystems, allowing them to bypass access controls. Disclosure of 
sensitive information, modification of arbitrary files, and other attacks are 
possible.

Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are 
vulnerable to this issue.

9. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 16579
Remote: Yes
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16579
Summary:
ELOG Web Logbook is prone to multiple remote vulnerabilities.

These issues include boundary-condition errors, denial-of-service 
attacks, and information disclosure.

An attacker can exploit these issues to facilitate a compromise of the 
application and the underlying computer. This includes crashing the 
application, executing arbitrary code, and retrieving information that may 
aid in further attacks.

10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution 
Vulnerability
BugTraq ID: 16581
Remote: No
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16581
Summary:
SUSE LD is susceptible to an insecure RPATH / RUNPATH vulnerability.

This issue can allow attackers to place malicious libraries in a 
directory and to trick users to execute an application from that directory, 
which would be dynamically linked at run time when the application is 
executed. This would result in the execution of arbitrary code with the 
privileges of a user that executes the application.

Note that this issue is specific to SUSE.

11. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption 
Vulnerability
BugTraq ID: 16593
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16593
Summary:
IBM Tivoli Directory Server is prone to an unspecified memory 
corruption. This issue may be triggered by malformed LDAP data.

The exact impact of this vulnerability is not known at this time. 
Although the issue is known to crash the server, the possibility of remote 
code execution is unconfirmed.

The vulnerability was reported for version 6.0 on the Linux platform. 
Other versions or platforms are not known to be affected.

This vulnerability will be updated as further information is made 
available.

12. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
BugTraq ID: 16595
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16595
Summary:
Honeyd is prone to a virtual host-detection vulnerability.

The vulnerability presents itself in the IP reassembly code.

A successful attack may allow remote attackers to enumerate the 
existence of simulated Honeyd hosts and then either target specific attacks 
against these hosts or avoid them altogether.

This issue affects all versions of Honeyd prior to 1.5.

13. Noweb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16610
Remote: No
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of 
service if critical files are overwritten in the attack. Other attacks 
may be possible as well.

14. Valve Software Half-Life CSTRIKE Server Remote Denial of Service 
Vulnerability
BugTraq ID: 16619
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16619
Summary:
Valve Software Half-Life CSTRIKE Dedicated Server is reportedly prone 
to a remote denial-of-service vulnerability.

Half-Life CSTRIKE 1.6 Dedicated Server for Windows and Linux are prone 
to this vulnerability. Earlier versions may also be affected.

15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow 
Vulnerability
BugTraq ID: 16626
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16626
Summary:
LibPNG is reported susceptible to a buffer-overflow vulnerability. The 
library fails to perform proper bounds-checking of user-supplied input 
before copying it to an insufficiently sized memory buffer.

This vulnerability may be exploited to execute attacker-supplied code 
in the context of an application that relies on the affected library.

16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be 
triggered by malformed LDAP data.

The exact impact of this vulnerability is not known at this time. 
Although the issue is known to crash the server, the possibility of remote 
code execution is unconfirmed.

The vulnerability was reported for version 11.3 on the Linux platform; 
other versions and platforms may also be affected.

This vulnerability will be updated as further information is made 
available.

17. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation 
vulnerability. This issue is due to a flaw in the error path of the 'SET ROLE' 
function.

  This issue allows remote attackers with database access to gain 
administrative access to affected database servers. As administrative access 
to the database allows filesystem access, other attacks against the 
underlying operating system may also be possible.

18. PostgreSQL Set Session Authorization Denial of Service 
Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the application, 
effectively denying service to legitimate users.

Successful exploitation of this issue requires that the application is 
compiled with  'Asserts' enabled; this is not the default setting.

III. LINUX FOCUS LIST SUMMARY
---------------------------------

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack 
Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your 
server to a hacker giving them the ability to read, write and 
manipulate all data stored in your backend systems! Download this *FREE* white 
paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f7