This Week's Security Issues

In case you love OpenSolaris and laughing at all the new SSH issues:  http://en.securitylab.ru/notification/369202.php

And of course the best reading for exploits and honeypot trap fodder:
http://www.us-cert.gov/cas/bulletins/SB09-068.html

There are a great number of "High Level" security issues currently announced/addressed including:

linux kernel holes [x64 syscall and secure computing], php/mysql CMS (of course), 3Com Wireless dual radio, avahi daemon unicode byte order, Cisco session border controller 7600 DoS, IBM AIX 5.3 and 6.1 input string user escalation, Firefox before 3.0.7 (same origin XML and XUL) execute arbitrary code/crash/DoS, SmoothWall SmoothGuardian, SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008 (bypass access controls).

The "Medium Level" security issues include:

curl and libcurl 5.11 through 7.19.3 (CURLOPT_FOLLOWLOCATION) accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp [Scripts and Examples: This is the facebook exploit:  http://www.lifedork.com/facebook-bruteforce-exploit.html] [This is awstats: http://www.securiteam.com/exploits/5JP010KPFE.html].

dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error.  [Script not required.]

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.  [Require shell access and permissions to invoke chfs or lreducelv.]

And LINUX-kernel: (check your distro)


The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. 2009-02-27 6.3 CVE-2009-0028
CONFIRM
MISC
MISC
SUSE
linux -- kernel
 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.

Why this works:  http://www.scribd.com/doc/7357524/LinuxKernal

Proof of concept:  http://root.cern.ch/root/html/TObject.html

Not to be confused with Shared Directory Instantiation (2006): http://doc.coker.com.au/page/2/

Check your versions: http://web.nvd.nist.gov/view/vuln/search

Nosis| Obnosis | (503)754-4452
PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM


HotmailŪ is up to 70% faster. Now good news travels really fast. Find out more.