LWN.net Logo

Security

ITU getting serious about botnets

By Jake Edge
November 28, 2007

Botnets are an increasing problem in today's internet. They can do much harm in the way of spam propagation and distributed denial of service attacks, but they also tend to evolve much more quickly than preventative measures. The International Telecommunication Union, an organization that predates the internet by more than 100 years, wants to do something about that. To that end, they are creating a Botnet Mitigation Toolkit.

The ITU is now an agency of the United Nations, which puts it in the right place to assist with botnet mitigation. Much like the internet, botnets do not respect political boundaries; it is often the case that a botnet is attacking a target in one country, from hosts in multiple countries, using a command and control (C&C) infrastructure in yet another country. It will take an international response to thwart an attack of that sort.

The toolkit is primarily focused at developing countries; it is meant to provide guidelines and best practice information to entities that need it. There are three types of information in the toolkit: legal, technical, and social. Each has a role to play in successfully handling botnets and their effects.

From a legal standpoint, many developing countries do not have laws governing "cybercrime" that could be used to shut down or redirect botnet traffic. The toolkit will contain recommendations for how such legislation might be structured, what kind of jurisdiction requirements make sense, as well as the kinds of evidence that are likely to be available. One of the more serious difficulties is rectifying the needs of botnet fighters with the privacy of internet users. A country's privacy laws may cover what information can be gathered. A paper describing the toolkit (PDF), which is still in draft form, has some information about the intersection of privacy rights and internet security, but this is clearly an area that will need to be handled carefully.

Another policy area that will be covered by the toolkit is in establishing a framework for handling incidents that occur. How to establish monitoring, putting together a collaboration between the government and internet service providers, along with deterring internet criminals from setting up shop in the country are all facets of a national "cybersecurity" policy. If a country is starting from a point where none of this kind of organization exists, which is true for much of the developing world, the toolkit will provide the government with the right questions to ask and areas that need a decision. At a minimum, it will also make recommendations that may be followed or ignored.

From a technical standpoint, internet service providers may need information on best practices for securing their networks from external threats. They also may need information on handling malicious traffic originating in their networks. The toolkit intends to provide information on both. The contents of the paper contain a great deal of good information for those that are interested. Even for ISPs in developed countries, there is much that could be learned.

The social aspect of dealing with botnets is perhaps the most difficult part, but, if successful, may provide the best defense. Like the technical measures, this is by no means a problem only in developing countries. Users everywhere need to learn good habits when using the internet. Free software is specifically called out as part of the solution in the social section of the paper, not because it is more resistant to malware (which is unclear), but because it can always be upgraded to fix security flaws. Many users in developing countries use unlicensed software from proprietary vendors that is difficult or impossible to upgrade.

The ITU toolkit is a worthy project, which will hopefully be well received by countries around the world. Due care needs to be taken so that it is not seen as something being imposed by the developed world. Even if botnets are not currently causing any major pain for a country, they certainly will some day. Getting out ahead of that curve would be of great benefit, hopefully most countries will see it that way.

A pilot project is planned for Malaysia, in cooperation with the government there, in 2008 that will allow the ITU to fine tune its message and the toolkit. After that, it can start rolling it out in other interested countries. It may be a few years off, but bot herders may start feeling the heat.

Comments (19 posted)

Security news

Insecurity Blues: Jeremy Allison reflects on Samba security flaws

Jeremy Allison, of the Samba project, reflects on the recent security flaws in Samba, how responses (and response times) have changed over time, and how they try to avoid new security problems. "What we do now on seeing a security bug is immediately audit the entire code-base to discover if there are any similar problems, or even similar coding practices that might cause future problems, and re-write or remove all such code. It takes longer, but is much safer in the long run. If you examine parts of the Samba code you'll find common functions that are known to be insecure simply won't compile if added to our code. A set of automated macros warns of any use of known bad functions." (thanks to Richard Hillesley)

Comments (79 posted)

EFF's IP interference detection toolkit

The Electronic Frontier Foundation has announced the release of a set of reports on ISP manipulation of IP traffic and some comprehensive documentation on how to detect that manipulation for yourself. The document on detecting packet injection appears to mostly be a set of detailed instructions on using Wireshark to compare TCP streams at both ends.

Full Story (comments: none)

New vulnerabilities

cacti: SQL injection vulnerability

Package(s):cacti CVE #(s):CVE-2007-6035
Created:November 22, 2007 Updated:February 18, 2008
Description: Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability. Remote attackers can execute arbitrary SQL commands via unspecified vectors.
Alerts:
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2008-1699 2008-02-15
Debian DSA-1418-1 2007-12-02
Mandriva MDKSA-2007:231 2007-11-22
Fedora FEDORA-2007-3683 2007-11-22
Gentoo 200712-02:02 2007-12-05
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-3667 2007-11-22

Comments (none posted)

CSTeX: multiple vulnerabilities

Package(s):CSTeX CVE #(s):
Created:November 26, 2007 Updated:November 28, 2007
Description:

From the Gentoo advisory:

Remote attackers could possibly execute arbitrary code and local attackers could possibly overwrite arbitrary files with the privileges of the user running CSTeX via multiple vectors.

Alerts:
Gentoo 200711-34 2007-11-25

Comments (none posted)

feynmf: symlink vulnerability

Package(s):feynmf CVE #(s):CVE-2007-5940
Created:November 28, 2007 Updated:November 28, 2007
Description: The feynmf drawing package suffers from a symbolic link vulnerability.
Alerts:
Gentoo 200711-32 2007-11-20

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox seamonkey CVE #(s):CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
Created:November 27, 2007 Updated:March 3, 2008
Description: A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Alerts:
rPath rPSA-2008-0093-1 2008-02-29
Foresight FLEA-2008-0001-1 2008-02-11
Gentoo 200712-21 2007-12-29
Red Hat RHSA-2007:1083-01 2007-12-19
Mandriva MDKSA-2007:246 2007-12-13
Fedora FEDORA-2007-4098 2007-12-06
Debian DSA-1425-1 2007-12-08
Fedora FEDORA-2007-4106 2007-12-06
rPath rPSA-2007-0260-1 2007-12-06
Fedora FEDORA-2007-756 2007-12-03
Slackware SSA:2007-333-01 2007-11-30
Fedora FEDORA-2007-3962 2007-11-29
Fedora FEDORA-2007-3952 2007-11-29
Red Hat RHSA-2007:1082-01 2007-11-26
Debian DSA-1424-1 2007-12-08
Ubuntu USN-546-2 2007-12-04
SuSE SUSE-SA:2007:066 2007-12-05
Slackware SSA:2007-331-01 2007-11-28
Ubuntu USN-546-1 2007-11-26
Red Hat RHSA-2007:1084-01 2007-11-26

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5500
Created:November 28, 2007 Updated:July 8, 2008
Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Alerts:
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-578-1 2008-02-14
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Mandriva MDVSA-2008:008 2008-01-11
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5501
Created:November 28, 2007 Updated:March 7, 2008
Description: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Alerts:
SuSE SUSE-SA:2008:013 2008-03-06
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Ubuntu USN-558-1 2007-12-19
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

lcms: stack-based buffer overflow

Package(s):lcms CVE #(s):CVE-2007-2741
Created:November 23, 2007 Updated:December 7, 2007
Description: Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Alerts:
Mandriva MDKSA-2007:238 2007-12-06
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

mysql-dfsg: multiple vulnerabilities

Package(s):mysql-dfsg CVE #(s):CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3782
Created:November 27, 2007 Updated:July 30, 2008
Description: The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691)

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (CVE-2007-2692)

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. (CVE-2007-3782)

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Debian DSA-1413-1 2007-11-26

Comments (none posted)

nss_ldap: credential or other information disclosure

Package(s):nss_ldap CVE #(s):CVE-2007-5794
Created:November 26, 2007 Updated:July 30, 2008
Description:

From the Gentoo advisory:

Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process.

Alerts:
Red Hat RHSA-2008:0715-01 2008-07-24
Red Hat RHSA-2008:0389-02 2008-05-21
Mandriva MDVSA-2008:049 2007-02-25
Foresight FLEA-2008-0003-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Debian DSA-1430-1 2007-12-11
rPath rPSA-2007-0255-1 2007-11-30
Gentoo 200711-33 2007-11-25

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5708
Created:November 23, 2007 Updated:April 9, 2008
Description: slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Mandriva MDVSA-2008:058 2007-03-05
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

pcre: buffer overflows in library

Package(s):pcre CVE #(s):CVE-2006-7228 CVE-2006-7230 CVE-2007-1661 CVE-2007-4766 CVE-2007-4767
Created:November 23, 2007 Updated:July 16, 2008
Description: Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Gentoo 200802-10 2008-02-23
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1077-01 2007-12-10
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Red Hat RHSA-2007:1059-01 2007-11-29
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Gentoo 200711-30 2007-11-20

Comments (1 posted)

pcre: buffer overflows

Package(s):pcre3 CVE #(s):CVE-2007-1662 CVE-2007-4768
Created:November 27, 2007 Updated:May 7, 2008
Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. (CVE-2007-1662)

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. (CVE-2007-4768)

Alerts:
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Debian DSA-1399-1 2007-11-05
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27

Comments (none posted)

phpMyAdmin: SQL injection

Package(s):phpMyAdmin CVE #(s):CVE-2007-5976 CVE-2007-5977
Created:November 22, 2007 Updated:November 28, 2007
Description: phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.

db_create.php also has a related cross-site scripting vulnerability. Remote authenticated users can inject arbitrary web scripts or HTML using a hex-encoded IMG element in the db parameter in a POST request.

Alerts:
Mandriva MDKSA-2007:229 2007-11-20
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3636 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Fedora FEDORA-2007-3627 2007-11-22

Comments (none posted)

Tk: buffer overflow

Package(s):tk8.3 CVE #(s):CVE-2007-5378
Created:November 28, 2007 Updated:February 22, 2008
Description: The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
Alerts:
Red Hat RHSA-2008:0134-01 2008-02-21
Red Hat RHSA-2008:0135-02 2008-02-22
Red Hat RHSA-2008:0135-01 2008-02-21
Debian DSA-1415-1 2007-11-27
Debian DSA-1416-1 2007-11-27

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121
Created:November 27, 2007 Updated:December 24, 2007
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code.
Alerts:
Fedora FEDORA-2007-4690 2007-12-21
Fedora FEDORA-2007-4590 2007-12-20
Debian DSA-1414-1 2007-11-27

Comments (none posted)

zaptel: possible privilege escalation

Package(s):zaptel CVE #(s):CVE-2007-5690
Created:November 28, 2007 Updated:November 28, 2007
Description: Asterisk Zaptel 1.4.5.1 contains a buffer overflow which might be exploitable by local users - though the actual exploitability of this problem is disputed.
Alerts:
Fedora FEDORA-2007-2860 2007-11-20
Fedora FEDORA-2007-3094 2007-11-20

Comments (none posted)

Updated vulnerabilities

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Fedora FEDORA-2008-1711 2008-02-15
Fedora FEDORA-2007-0704 2007-06-26
Mandriva MDKSA-2007:127 2007-06-19

Comments (2 posted)

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-3304 CVE-2006-5752
Created:June 27, 2007 Updated:February 18, 2008
Description: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)

A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2007-2214 2007-09-18
rPath rPSA-2007-0182-1 2007-09-14
Ubuntu USN-499-1 2007-08-16
Red Hat RHSA-2007:0662-01 2007-07-13
Red Hat RHSA-2007:0557-01 2007-07-13
Fedora FEDORA-2007-615 2007-07-12
Mandriva MDKSA-2007:142 2007-07-04
Mandriva MDKSA-2007:141 2007-07-04
Mandriva MDKSA-2007:140 2007-07-04
Fedora FEDORA-2007-617 2007-07-02
rPath rPSA-2007-0136-1 2007-06-27
Red Hat RHSA-2007:0556-01 2007-06-26
Red Hat RHSA-2007:0534-01 2007-06-26
Red Hat RHSA-2007:0533-01 2007-06-27
Red Hat RHSA-2007:0532-01 2007-06-26

Comments (1 posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

apache2: denial of service

Package(s):apache2 CVE #(s):CVE-2007-1863
Created:November 19, 2007 Updated:February 18, 2008
Description:

From the CVE entry:

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19

Comments (1 posted)

httpd: denial of service, cross-site scripting

Package(s):apache httpd CVE #(s):CVE-2007-3847 CVE-2007-4465
Created:September 25, 2007 Updated:February 15, 2008
Description: A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465)

Alerts:
Slackware SSA:2008-045-02 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0008-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0004-01 2008-01-15
Mandriva MDKSA-2007:235 2007-12-03
SuSE SUSE-SA:2007:061 2007-11-19
Red Hat RHSA-2007:0747-02 2007-11-15
Gentoo 200711-06 2007-11-07
Red Hat RHSA-2007:0746-04 2007-11-07
Red Hat RHSA-2007:0911-01 2007-10-25
Fedora FEDORA-2007-707 2007-09-24

Comments (none posted)

bochs: denial of service

Package(s):bochs CVE #(s):CVE-2007-2894
Created:November 19, 2007 Updated:November 20, 2007
Description:

From the CVE entry:

The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.

Alerts:
Gentoo 200711-21 2007-11-17

Comments (none posted)

cacti: denial of service

Package(s):cacti CVE #(s):CVE-2007-3112 CVE-2007-3113
Created:September 18, 2007 Updated:February 18, 2008
Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2007-3683 2007-11-22
Fedora FEDORA-2007-2199 2007-09-18
Mandriva MDKSA-2007:184 2007-09-17

Comments (none posted)

centericq: buffer overflows

Package(s):centericq CVE #(s):CVE-2007-3713
Created:July 20, 2007 Updated:December 17, 2007
Description: Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
Alerts:
Debian DSA-1433-1 2007-12-16
Debian-Testing DTSA-55-1 2007-09-03
Fedora FEDORA-2007-1160 2007-07-19

Comments (none posted)

clamav: denial of service

Package(s):clamav CVE #(s):CVE-2007-3725
Created:July 24, 2007 Updated:February 27, 2008
Description: A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200708-04 2007-08-09
Mandriva MDKSA-2007:150 2007-07-25
Debian DSA-1340-1 2007-07-24

Comments (none posted)

clamav: multiple vulnerabilities

Package(s):clamav CVE #(s):CVE-2007-4510 CVE-2007-4560
Created:September 3, 2007 Updated:February 13, 2008
Description: Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-4510: It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560: It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.

Alerts:
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0170 2008-01-22
Gentoo 200709-14 2007-09-20
Fedora FEDORA-2007-2050 2007-09-07
Mandriva MDKSA-2007:172 2007-08-31
Debian DSA-1366-1 2007-09-01

Comments (none posted)

conga: denial of service

Package(s):conga CVE #(s):CVE-2007-4136
Created:November 7, 2007 Updated:November 22, 2007
Description: A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service (CVE-2007-4136).
Alerts:
Red Hat RHSA-2007:0983-01 2007-11-21
Red Hat RHSA-2007:0640-04 2007-11-07

Comments (none posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Mandriva MDVSA-2008:036 2007-02-06
Mandriva MDKSA-2007:086 2007-04-16
Red Hat RHSA-2007:0123-01 2007-04-16
Gentoo 200703-28 2007-03-31
Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

gpdf: integer overflow

Package(s):cups poppler xpdf CVE #(s):CVE-2007-3387
Created:July 31, 2007 Updated:November 28, 2007
Description: The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more.
Alerts:
Fedora FEDORA-2007-3390 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Gentoo 200710-20 2007-10-18
Gentoo 200710-08 2007-10-09
Gentoo 200709-12 2007-09-19
Fedora FEDORA-2007-685 2007-08-30
Debian-Testing DTSA-54-1 2007-08-22
Fedora FEDORA-2007-669 2007-08-13
Fedora FEDORA-2007-644 2007-08-13
Debian DSA-1357-1 2007-08-19
Mandriva MDKSA-2007:162 2007-08-14
Mandriva MDKSA-2007:165 2007-08-15
Foresight FLEA-2007-0046-1 2007-08-14
Fedora FEDORA-2007-1614 2007-08-15
Mandriva MDKSA-2007:164 2007-08-14
Mandriva MDKSA-2007:163 2007-08-14
Foresight FLEA-2007-0045-1 2007-08-14
Foresight FLEA-2007-0044-1 2007-08-14
Mandriva MDKSA-2007:158 2007-08-13
Mandriva MDKSA-2007:160 2007-08-13
Mandriva MDKSA-2007:161 2007-08-13
Mandriva MDKSA-2007:159 2007-08-13
Fedora FEDORA-2007-1594 2007-08-13
Debian DSA-1355-1 2007-08-13
Slackware SSA:2007-222-05 2007-08-13
Slackware SSA:2007-222-02 2007-08-13
Fedora FEDORA-2007-1547 2007-08-10
Fedora FEDORA-2007-1541 2007-08-10
Debian DSA-1354-1 2007-08-13
rPath rPSA-2007-0154-1 2007-08-10
SuSE SUSE-SR:2007:016 2007-08-10
Ubuntu USN-496-2 2007-08-07
Debian DSA-1352-1 2007-08-07
Debian DSA-1350-1 2007-08-06
Debian DSA-1349-1 2007-08-05
Debian DSA-1348-1 2007-08-04
Debian DSA-1347-1 2007-08-04
SuSE SUSE-SR:2007:015 2007-08-03
Ubuntu USN-496-1 2007-08-03
Red Hat RHSA-2007:0731-01 2007-08-01
Red Hat RHSA-2007:0735-01 2007-07-30
Red Hat RHSA-2007:0732-01 2007-07-30
Red Hat RHSA-2007:0729-01 2007-07-30
Red Hat RHSA-2007:0730-01 2007-07-30
Red Hat RHSA-2007:0720-01 2007-07-30

Comments (1 posted)

debian-goodies: privilege escalation

Package(s):debian-goodies CVE #(s):CVE-2007-3912
Created:October 5, 2007 Updated:March 24, 2008
Description: Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
Alerts:
Debian DSA-1527-1 2008-03-24
Ubuntu USN-526-1 2007-10-04

Comments (none posted)

Django: denial of service

Package(s):Django CVE #(s):CVE-2007-5712
Created:November 12, 2007 Updated:May 21, 2008
Description:

From the CVE notice:

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Alerts:
Fedora FEDORA-2007-2788 2007-11-09
Fedora FEDORA-2007-3157 2007-11-09

Comments (none posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Fedora FEDORA-2007-664 2007-08-20
rPath rPSA-2007-0161-1 2007-08-14

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

drupal: multiple vulnerabilities

Package(s):drupal CVE #(s):CVE-2007-5593 CVE-2007-5594 CVE-2007-5595 CVE-2007-5596 CVE-2007-5597
Created:October 24, 2007 Updated:December 7, 2007
Description: From the Fedora advisory:

- Upgrade to 5.3, fixes:
- HTTP response splitting.
- Arbitrary code execution.
- Cross-site scripting.
- Cross-site request forgery.
- Access bypass.
Alerts:
Fedora FEDORA-2007-4163 2007-12-06
Fedora FEDORA-2007-4136 2007-12-06
Fedora FEDORA-2007-2649 2007-10-24

Comments (none posted)

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:January 7, 2008
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Alerts:
Debian DSA-1448-1 2008-01-05
Fedora FEDORA-2007-4325 2007-12-10
Fedora FEDORA-2007-4305 2007-12-10
Gentoo 200709-07 2007-09-15
Mandriva MDKSA-2007:175 2007-09-06

Comments (none posted)

emacs: command execution via local variables

Package(s):emacs CVE #(s):CVE-2007-5795
Created:November 14, 2007 Updated:February 5, 2008
Description: From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables' function does not behave correctly when `enable-local-variables' is set to :safe. The documentation of `enable-local-variables' states that the value :safe means to set only safe variables, as determined by `safe-local-variable-p' and `risky-local-variable-p' (and the data driving them), but Emacs ignores this and instead sets all the local variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands.
Alerts:
Mandriva MDVSA-2008:034 2007-02-04
Gentoo 200712-03 2007-12-09
Ubuntu USN-541-1 2007-11-13
Fedora FEDORA-2007-2946 2007-11-17
Fedora FEDORA-2007-3056 2007-11-17

Comments (1 posted)

evolution: format string error

Package(s):evolution CVE #(s):CVE-2007-1002
Created:March 27, 2007 Updated:February 27, 2008
Description: A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200706-02 2007-06-06
Red Hat RHSA-2007:0158-01 2007-05-03
Foresight FLEA-2007-0010-1 2007-04-05
Fedora FEDORA-2007-404 2007-04-04
Fedora FEDORA-2007-393 2007-04-04
Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

firebird: buffer overflow

Package(s):firebird CVE #(s):CVE-2007-3181
Created:July 2, 2007 Updated:March 27, 2008
Description: The Firebird DBMS has a buffer overflow vulnerability involving the processing of connect requests with an overly large p_cnct_count value. Remote attackers can send a specially crafted request to the server in order to potentially execute arbitrary code with the permissions of the Firebird user.
Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200707-01 2007-07-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2007-3844 CVE-2007-3845
Created:August 1, 2007 Updated:February 20, 2008
Description:

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845)

Alerts:
Mandriva MDVSA-2007:047 2007-02-19
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Red Hat RHSA-2007:0981-01 2007-10-19
Red Hat RHSA-2007:0980-01 2007-10-19
Red Hat RHSA-2007:0979-01 2007-10-19
Debian DSA-1391-1 2007-10-19
Gentoo 200708-09 2007-08-14
rPath rPSA-2007-0157-1 2007-08-10
Slackware SSA:2007-215-01 2007-08-06
Debian DSA-1346-1 2007-08-04
Debian DSA-1345-1 2007-08-04
Debian DSA-1344-1 2007-08-03
Foresight FLEA-2007-0040-1 2007-08-03
Slackware SSA:2007-213-01 2007-08-02
Mandriva MDKSA-2007:152 2007-08-01
Foresight FLEA-2007-0039-1 2007-08-01
Ubuntu USN-493-1 2007-07-31

Comments (none posted)

firefox, thunderbird, seamonkey: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2007-3738 CVE-2007-3656 CVE-2007-3670 CVE-2007-3285 CVE-2007-3737 CVE-2007-3089 CVE-2007-3736 CVE-2007-3734 CVE-2007-3735
Created:July 18, 2007 Updated:May 12, 2008
Description: shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code. (CVE-2007-3738)

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++). (CVE-2007-3656)

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. (CVE-2007-3670)

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally. (CVE-2007-3285)

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges. (CVE-2007-3737)

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading. (CVE-2007-3089)

Mozilla contributor moz_bug_r_a4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (CVE-2007-3736)

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
Ubuntu USN-503-1 2007-08-24
Slackware SSA:2007-222-04 2007-08-13
SuSE SUSE-SA:2007:049 2007-08-02
Slackware SSA:2007-205-02 2007-07-25
Slackware SSA:2007-205-01 2007-07-25
Foresight FLEA-2007-0033-1 2007-07-24
Debian DSA-1339-1 2007-07-23
Debian DSA-1338-1 2007-07-23
Fedora FEDORA-2007-1181 2007-07-20
Fedora FEDORA-2007-1180 2007-07-20
Debian DSA-1337-1 2007-07-22
Fedora FEDORA-2007-642 2007-07-20
Fedora FEDORA-2007-641 2007-07-20
rPath rPSA-2007-0148-1 2007-07-20
Ubuntu USN-490-1 2007-07-19
Slackware SSA:2007-200-01 2007-07-20
Fedora FEDORA-2007-1159 2007-07-19
Fedora FEDORA-2007-1157 2007-07-19
Fedora FEDORA-2007-1155 2007-07-19
Red Hat RHSA-2007:0724-01 2007-07-18
Red Hat RHSA-2007:0723-01 2007-07-18
Red Hat RHSA-2007:0722-01 2007-07-18
Fedora FEDORA-2007-1143 2007-07-18
Fedora FEDORA-2007-1144 2007-07-18
Fedora FEDORA-2007-1142 2007-07-18
Fedora FEDORA-2007-1138 2007-07-18

Comments (none posted)

flac: arbitrary code execution

Package(s):flac CVE #(s):CVE-2007-4619
Created:October 22, 2007 Updated:January 21, 2008
Description: From the Red Hat advisory:

A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619)

Alerts:
Debian DSA-1469-1 2008-01-20
rPath rPSA-2007-0243-1 2007-11-21
Ubuntu USN-540-1 2007-11-13
Gentoo 200711-15 2007-11-12
Mandriva MDKSA-2007:214 2007-11-08
Fedora FEDORA-2007-730 2007-11-05
Fedora FEDORA-2007-2596 2007-11-01
Red Hat RHSA-2007:0975-02 2007-10-22

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:February 28, 2008
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gd: multiple vulnerabilities

Package(s):gd CVE #(s):CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Created:August 6, 2007 Updated:July 22, 2008
Description: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)

Alerts:
Debian DSA-1613-1 2008-07-22
Red Hat RHSA-2008:0146-01 2008-02-28
SuSE SUSE-SR:2007:015 2007-08-03
Fedora FEDORA-2007-692 2007-09-18
Fedora FEDORA-2007-2055 2007-09-07
Foresight FLEA-2007-0052-1 2007-09-06