| Date: | Tue, 28 Feb 2006 15:09:21 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #275 |
SecurityFocus Linux Newsletter #275
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics
White Paper It's as simple as placing additional SQL commands into a Web
Form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because SQL Injections
are NOT seen as intruders. Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543
------------------------------------------------------------------
I. FRONT AND CENTER
1. John the Ripper 1.7, by Solar Designer
2. Zero to IPSec in 4 minutes
3. Spreading security awareness for OS X
II. LINUX VULNERABILITY SUMMARY
1. Bugzilla Whinedays SQL Injection Vulnerability
2. Bugzilla User Credentials Information Disclosure
Vulnerability
3. SquirrelMail Multiple Cross-Site Scripting and IMAP
Injection Vulnerabilities
4. Linux Kernel SDLA_XFER Kernel Memory Disclosure
Vulnerability
5. GNU Tar Invalid Headers Buffer Overflow Vulnerability
6. ViRobot Linux Server Authentication Bypass Vulnerability
7. Mozilla Thunderbird IFRAME JavaScript Execution
Vulnerability
8. SUSE CASA Pam_Micasa Remote Buffer Overflow Vulnerability
9. Zoo Misc.c Buffer Overflow Vulnerability
10. PHPWebSite Topics.PHP SQL Injection Vulnerability
11. Simple Machines X-Forwarded-For HTML Injection
Vulnerability
12. MySQL Query Logging Bypass Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Kryptor Whitepaper released
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. John the Ripper 1.7, by Solar Designer
By Federico Biancuzzi
Federico Biancuzzi interviews Solar Designer, creator of the popular
John the Ripper password cracker. Solar Designer discusses what's new in
version 1.7, the advantages of popular cryptographic hashes, the
relative speed at which many passwords can now be cracked, and how one can
choose strong passphrases (forget passwords) that are harder to break.
http://www.securityfocus.com/columnists/388
2. Zero to IPSec in 4 minutes
By Dragos Ruiu
This short article looks at how to get a fully functional IPSec VPN up
and running between two fresh OpenBSD installations in about four
minutes flat.
http://www.securityfocus.com/infocus/1859
3. Spreading security awareness for OS X
By Robert Lemos
Robert Lemos interviews Kevin Finisterre, founder of security startup
Digital Munition, who created the three recent versions of the InqTana
worm to raise awareness of security in Apple's OS X. Finisterre
discusses his reasons for creating the worms, the problems with Mac OS X
security, and why he does not fear prosecution.
http://www.securityfocus.com/columnists/389
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Bugzilla Whinedays SQL Injection Vulnerability
BugTraq ID: 16738
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16738
Summary:
Bugzilla is prone to an SQL-injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
Exploitation of this issue requires the attacker to have administrative
access to the affected application.
2. Bugzilla User Credentials Information Disclosure Vulnerability
BugTraq ID: 16745
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16745
Summary:
Bugzilla is prone to an information-disclosure vulnerability. This
issue is due to a design error in the application.
An attacker can exploit this issue by tricking a victim user into
following a malicious URI and then retrieving the victim user's login
credentials.
To successfully exploit this issue, the attacker requires the name of
the path where the login page resides and resolves to a computer on the
local network of the victim user.
3. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection
Vulnerabilities
BugTraq ID: 16756
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16756
Summary:
SquirrelMail is susceptible to multiple cross-site scripting and
IMAP-injection vulnerabilities. These issues are due to the application's
failure to properly sanitize user-supplied input.
An attacker may leverage any of the cross-site scripting issues to have
arbitrary script code executed in the browser of an unsuspecting user
in the context of the affected site. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.
An attacker may leverage the IMAP-injection issue to execute arbitrary
IMAP commands on the configured IMAP server. This may aid attackers in
further attacks as well as allow them to exploit latent vulnerabilities
in the IMAP server.
4. Linux Kernel SDLA_XFER Kernel Memory Disclosure Vulnerability
BugTraq ID: 16759
Remote: No
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16759
Summary:
The Linux kernel is affected by a local memory-disclosure
vulnerability.
This issue allows an attacker to read kernel memory. Information
gathered via exploitation may aid malicious users in further attacks.
This issue affects kernel versions 2.4.x up to 2.4.29-rc1, and 2.6.x up
to 2.6.5.
5. GNU Tar Invalid Headers Buffer Overflow Vulnerability
BugTraq ID: 16764
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers.
Successful exploitation could potentially lead to arbitrary code
execution, though this has not been confirmed.
Tar versions 1.14 and above are vulnerable.
6. ViRobot Linux Server Authentication Bypass Vulnerability
BugTraq ID: 16768
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16768
Summary:
ViRobot Linux Server is prone to an authentication-bypass
vulnerability.
Remote attackers can exploit this issue to gain access to the
application's file-scanning functionality.
Presumably, the exploitation of this issue may allow attackers to carry
out other attacks, such as triggering denial-of-service conditions by
scanning a large number of large files. Other attacks due to latent
vulnerabilities in the application are possible.
ViRobot Linux Server 2.0 (20050817) is reportedly vulnerable. Other
versions may be affected as well.
7. Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability
BugTraq ID: 16770
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Mozilla Thunderbird is prone to a script-execution vulnerability.
The vulnerability presents itself when an attacker supplies a specially
crafted email to a user containing malicious script code in an IFRAME
and the user tries to reply to the mail. Arbitrary JavaScript can be
executed even if the user has disabled JavaScript execution in the client.
Mozilla Thunderbird 1.0.7 and prior versions are reportedly affected.
8. SUSE CASA Pam_Micasa Remote Buffer Overflow Vulnerability
BugTraq ID: 16779
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16779
Summary:
SUSE CASA is prone to a remote buffer-overflow vulnerability.
This issue can allow remote attackers to gain superuser privileges to a
vulnerable computer by executing arbitrary code.
The 'pam_micasa' module is affected.
9. Zoo Misc.c Buffer Overflow Vulnerability
BugTraq ID: 16790
Remote: Yes
Date Published: 2006-02-23
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
Zoo is prone to a buffer-overflow vulnerability. This issue is due to a
failure in the application to do proper bounds checking on
user-supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the
context of the victim user running the affected application.
10. PHPWebSite Topics.PHP SQL Injection Vulnerability
BugTraq ID: 16825
Remote: Yes
Date Published: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16825
Summary:
phpWebSite is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
11. Simple Machines X-Forwarded-For HTML Injection Vulnerability
BugTraq ID: 16841
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16841
Summary:
Simple Machines is prone to an HTML injection vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input.
Attacker-supplied HTML and script code would be executed in the context
of the affected website, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue
to control how the site is rendered to the user; other attacks are also
possible.
This issue is reported to affect Simple Machines version 1.0.6 and
earlier.
12. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query logging bypass vulnerability. This
issue is due to a discrepency between the handling of NULL bytes in input
data.
This issue allows attackers to bypass the query logging functionality
of the database, so they can cause malicious SQL queries to be
improperly logged. This may aid them in hiding the traces of malicious activity
from administrators.
This issue affects MySQL version 5.0.18; other versions may also be
affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor Whitepaper released
http://www.securityfocus.com/archive/91/425067
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics
White Paper It's as simple as placing additional SQL commands into a Web
Form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because SQL Injections
are NOT seen as intruders. Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543