LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-21-2002, 02:08 AM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
LQ weekly security rep - monday may 21st


This week's report starts off with 15 vulnerabilities as reported on SF's list. This is the index, content follows RSN(tm).
- Phorum Reply Email Address Script Injection Vulnerability
- Opera Frame Location Same Origin Policy Circumvention Vulnerability
- SonicWall SOHO3 Content Blocking Script Injection Vulnerability
- NOCC Webmail Script Injection Vulnerability
- GNU SharUtils UUDecode Symbolic Link Attack Vulnerability
- SuSE AAA_Base_Clean_Core Script RM Race Condition Vulnerability
- tinyproxy HTTP Proxy Memory Corruption Vulnerability
- SuSE Shadow File Truncation Vulnerability
- CGIScript.net Information Disclosure Vulnerability
- LevCGI NetPad Unauthorized File Access Vulnerability
- Swatch Throttled Event Reporting Vulnerability
- Phorum Remote Command Execution Vulnerability
- GRSecurity Linux Kernel Memory Protection Weakness
- Gaim Sensitive World Readable Temporary File Vulnerability
- NetWin DNews Remote Access Vulnerability

Please only add security bulletin news to this thread, no discussions.
 
Old 05-21-2002, 11:06 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Original Poster
Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
LQ weekly security rep - monday may 21st pt 1

------------------------------
SecurityFocus Newsletter

2. Phorum Reply Email Address Script Injection Vulnerability
BugTraq ID: 4739
Remote: Yes
Date Published: May 13 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4739
Summary: Phorum is a PHP based web forums package.
A script injection issue has been reported in Phorum.
Attackers may potentially exploit this issue to hijack web content or to
steal cookie-based authentication credentials. It may be possible to take
arbitrary actions as the victim user, including posting or deleting
content.


4. Opera Frame Location Same Origin Policy Circumvention Vulnerability
BugTraq ID: 4745
Remote: Yes
Date Published: May 15 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4745
Summary: Opera is a web browser product created by Opera Software,
and is available for a range of operating systems including Windows and Linux.
A vulnerability has been reported in some versions of the Opera Browser.

Exploitation of this vulnerability results in arbitrary Javascript code
executing within an arbitrary context. The consequences can be severe. It
may be possible to access cookie data, including auhentication
credentials, or to take actions as an authenticated user.


5. SonicWall SOHO3 Content Blocking Script Injection Vulnerability
BugTraq ID: 4755
Remote: No
Date Published: May 17 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4755
Summary: The Sonicwall SOHO3 is an Internet security appliance that provides
firewall security solutions.
Reportedly, a vulnerability exists in the product that allows for a script
injection attack to be launched from a malicious user within the internal
LAN. The vulnerability has been reported in Sonicwall SOHO3 firmware
revision 6.3.0.0 and ROM version 5.0.1.0.

A malicious user may be able to inject script code
as part of a URL of a blocked domain. Attempts to access blocked domains
will be entered into the log files of Sonicwall. An administrator viewing
the log files will automatically cause the malicious script code execute.


8. NOCC Webmail Script Injection Vulnerability
BugTraq ID: 4740
Remote: Yes
Date Published: May 14 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4740
Summary: NOCC is a web based email client implemented in PHP4. It includes support
for POP3, SMTP and IMAP servers, MIME attachments and multiple languages.

NOCC webmail displays all email, including text only email, as HTML. NOCC
does not make any attempt to escape potentially harmful data in email
messages. As a result, a malicious user may be able to craft an email
containing script code and then send it to any NOCC webmail user.
This attack may result in the adversary gaining access to the victim's mailbox.


9. GNU SharUtils UUDecode Symbolic Link Attack Vulnerability
BugTraq ID: 4742
Remote: No
Date Published: May 14 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4742
Summary: Sharutils is a freely available, open source suite of tools maintained by
the GNU.
A problem with sharutils may make it possible to exploit symbolic link
attacks. The problem is in the uudecode program.

In the event of the temporary file being a symbolic link, the file at the end of the symbolic
link would be overwritten. This could result in a corruption or loss of
data.
This problem makes it possible to exploit a symbolic link attack, and
potentially overwrite files. It could additionally lead to elevated
privileges.


10. SuSE AAA_Base_Clean_Core Script RM Race Condition Vulnerability
BugTraq ID: 4758
Remote: No
Date Published: May 16 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4758
Summary: SuSE Linux is a freely available, open source operating system. It is
maintained by SuSE.
A problem in the operating system could result in a denial of service.
The problem is in the creation of temporary directories.

This problem could make it possible for a local user to deny service to
legitimate users of the system. This vulnerability based on the problem
described in Bugtraq ID 4266, though the problem in this case is insecure
creation of a temporary directory by the aaa_base_clean_core script.


12. tinyproxy HTTP Proxy Memory Corruption Vulnerability
BugTraq ID: 4731
Remote: Yes
Date Published: May 13 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4731
Summary: tinyproxy HTTP Proxy is a small HTTP proxy.
A vulnerability has been reported in the handling of some invalid proxy
requests by TinyProxy. Under some circumstances, an invalid request may
result in allocated memory being freed twice.

Arbitrary code may be executed if critical values such as function return addresses,
GOT entries, etc., are overwritten.


14. SuSE Shadow File Truncation Vulnerability
BugTraq ID: 4757
Remote: No
Date Published: May 16 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4757
Summary: SuSE Linux is a freely available, open source distribution of the Linux
operating system. It is maintained by SuSE. shadow is a set of utilities
for maintaining entries in the /etc/passwd and /etc/shadow files.

A vulnerability has been discovered in the shadow package that ships with
SuSE Linux. It has been reported that a local attacker may be able to
cause data in /etc/passwd and /etc/shadow to be truncated or possibly even
appended to with attacker-supplied data.

At the very least, local users can corrupt vital files. This may result
in a denial of service. Under some circumstances successful exploitation
of this vulnerability may enable a local attacker to elevate privileges,
possibly even gaining root privileges. SuSE has stated that it is not
possible for local attackers to obtain root privileges with the default
configuration of SuSE Linux.
 
Old 05-21-2002, 11:07 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Original Poster
Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
LQ weekly security rep - monday may 21st pt 2

15. CGIScript.net Information Disclosure Vulnerability
BugTraq ID: 4764
Remote: Yes
Date Published: May 17 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4764
Summary: CGIScript.net provides various webmaster related tools and is maintained
by Mike Barone and Andy Angrick.
It is possible to cause numerous scripts provided by CGIScript.net to
disclose sensitive system information.
A malformed POST request will cause the host to display debug data in an
error page. As a result, server path information, form input, and
environment variables could be revealed to remote users.
Other types of malformed web requests may also cause this condition to occur.

Path, form input, and environment variable information may aid the
attacker in making further attacks against the host.

16. LevCGI NetPad Unauthorized File Access Vulnerability
BugTraq ID: 4741
Remote: Yes
Date Published: May 14 2002 12:00A
Relevant URL: http://www.securityfocus.com/bid/4741
Summary: LevCGI NetPad is a web-based text editor. It is available for Linux and
Unix variants as well as Microsoft Windows operating systems.

Write access to NetPad documents is password-protected. However,
authentication is not required to read the contents of NetPad documents.
Arbitrary web users may request existing documents and view their
contents, causing sensitive information in the documents to be disclosed.


17. Swatch Throttled Event Reporting Vulnerability
BugTraq ID: 4746
Remote: Yes
Date Published: May 15 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4746
Summary: Swatch is a freely available, open source log watching utility.
It is available for the Unix and Linux platforms.
Swatch may fail to report activities. The problem is in the design of the
program.

This problem could allow an attacker with knowledge of an event that has
previously occurred and been throttled on a system to reproduce the event
without being noticed by swatch.


22. Phorum Remote Command Execution Vulnerability
BugTraq ID: 4763
Remote: Yes
Date Published: May 17 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4763
Summary: Phorum is a PHP based web forums package designed for most UNIX variants,
Linux, and Microsoft Windows operating systems.

A vulnerability has been reported in Phorum that will allow remote
attackers to specify external PHP scripts and potentially execute
commands.

The vulnerability exists in 'plugin.php', 'admin.php' and 'del.php' files
found in the distribution of Phorum version 3.3.2a.
As a consequence, the vulnerable system will interpret the arbitrary
attacker-supplied remote file (such as a PHP script). The remote file may
potentially contain destructive commands that will be executed by the
vulnerable system.


25. GRSecurity Linux Kernel Memory Protection Weakness
BugTraq ID: 4762
Remote: No
Date Published: May 17 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4762
Summary: The grsecurity Linux Kernel patch is a source-code patch developed and
maintained by the grsecurity development team.
A design error may allow for attackers to bypass the protection of the
patch.

The patch operates by redirecting the write() system call when it is being
used to write to a memory device. Unfortunately, there are other methods
that can be used to write to system memory (such as mapping the device to
memory using mmap()).
Local attackers with root access may exploit this weakness to modify
kernel data structures or inject backdoor code, evading the protection of
the patch.


26. Gaim Sensitive World Readable Temporary File Vulnerability
BugTraq ID: 4730
Remote: No
Date Published: May 13 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4730
Summary: Gaim is a chat client which supports AOL Instant Messenger, ICQ, MSN
Instant Messenger, Yahoo Instant Messenger, Jabber and IRC. Gaim runs on a
number of Unix-based platforms, including Linux.
An issue has been reported in versions of Gaim, which could enable an
unauthorized user to gain access to sensitive files.

A feature exists which enables a user to configure Gaim to check for new
email messages from configured web mail services. This feature runs when
Gaim is started, and creates two /tmp files which are world readable.

Reportedly, these temporary files may include sensitive information,
including authentication credentials for the specified mail service.
This issue has been known to specifically affect Hotmail accounts,
although other configured email web services may be affected. There may be
a limited time window in which this information may be used to
authenticate to Hotmail, possibly based on timeout mechanisms inherent in
Hotmail.


27. NetWin DNews Remote Access Vulnerability
BugTraq ID: 4737
Remote: Yes
Date Published: May 14 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4737
Summary: DNews is a commercially available NNTP server. It is available for
various operating systems, including Linux, Unix, and Microsoft Windows.

A vulnerability has been announced by the distributors of DNews.
Information concerning this vulnerability is not readily available. It
is, however, possible that this vulnerability is remotely exploitable, as
the distributors of DNews recommend the placement of access control
entries in dnews.conf configuration file.

Successful exploitation may allow for remote attackers to gain access to
target servers. It has been suggested that this vulnerability affects the
management interface on port 7119, and could result in DNews system
reconfiguration. This is yet unconfirmed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ weekly security rep - Sep 10th 2003 unSpawn Linux - Security 3 09-10-2003 12:07 PM
LQ weekly security rep - May 26th 2003 unSpawn Linux - Security 6 06-02-2003 04:56 PM
LQ weekly security rep - May 19th 2003 unSpawn Linux - Security 3 05-19-2003 08:23 PM
LQ weekly security rep - wed may 29th unSpawn Linux - Security 4 06-01-2002 04:46 AM
LQ weekly security rep unSpawn Linux - Security 4 05-17-2002 05:00 PM


All times are GMT -5. The time now is 06:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration