HackFest Series: US-CERT Vulnerabilities for Week Ending March 2, 2009

Tue Mar 10 17:55:09 MST 2009

This Week's Security Issues

In case you love OpenSolaris and laughing at all the new SSH issues:  http://en.securitylab.ru/notification/369202.php

And of course the best reading for exploits and honeypot trap fodder: 

http://www.us-cert.gov/cas/bulletins/SB09-068.html

There are a great number of "High Level" security issues currently announced/addressed including:

linux kernel holes [x64 syscall and secure computing], php/mysql CMS (of course), 3Com Wireless dual radio, avahi daemon unicode byte order, Cisco session border controller 7600 DoS, IBM AIX 5.3 and 6.1 input string user escalation, Firefox before 3.0.7 (same origin XML and XUL) execute arbitrary code/crash/DoS, SmoothWall SmoothGuardian, SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008 (bypass access controls).

The "Medium Level" security issues include:

curl and libcurl 5.11 through 7.19.3 (CURLOPT_FOLLOWLOCATION) accepts arbitrary Location
values, which might allow remote HTTP servers to (1) trigger arbitrary
requests to intranet servers, (2) read or overwrite arbitrary files via
a redirect to a file: URL, or (3) execute arbitrary commands via a
redirect to an scp [Scripts and Examples: This is the facebook exploit:  http://www.lifedork.com/facebook-bruteforce-exploit.html] [This is awstats: http://www.securiteam.com/exploits/5JP010KPFE.html].

dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a
denial of service (crash) by signing a message with a key that has been
revoked in DNS, which triggers an assertion error.  [Script not required.]

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing
JFS2 filesystems on concurrent volume groups spread across multiple
nodes, which allows local users of one node to cause a denial of
service (remote node crash) by using chfs or lreducelv to reduce a
filesystem's size.  [Require shell access and permissions to invoke chfs or lreducelv.]

And LINUX-kernel: (check your distro) 

The clone system call in the Linux kernel 2.6.28 and earlier allows
local users to send arbitrary signals to a parent process from an
unprivileged child process by launching an additional child process
with the CLONE_PARENT flag, and then letting this new process exit.

2009-02-27
		6.3
		CVE-2009-0028
CONFIRM
MISC
MISC
SUSE

linux -- kernel

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel
2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
the superblock configuration, which allows local users to cause a
denial of service (NULL pointer dereference and OOPS) by attempting to
mount a crafted ext4 filesystem.
Why this works:  http://www.scribd.com/doc/7357524/LinuxKernal

Proof of concept:  http://root.cern.ch/root/html/TObject.html

Not to be confused with Shared Directory Instantiation (2006): http://doc.coker.com.au/page/2/

Check your versions: http://web.nvd.nist.gov/view/vuln/search

Nosis| Obnosis | (503)754-4452

PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM

_________________________________________________________________
Hotmail® is up to 70% faster. Now good news travels really fast. 
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090311/e032b386/attachment.htm 