User: Password:
|
|
Subscribe / Log in / New account

Security

All the malware that's fit to print

By Jake Edge
September 16, 2009

Some readers of the New York Times (NYT) web site were recently surprised to "learn" that their computers were infected with viruses. As it turns out, a rogue ad was responsible for the warning, and, as one would guess, anyone who downloaded the suggested fix for the virus problems was, instead, infected with malware. While the problem was fairly short-lived—and targeted Windows, not Linux or Mac OS X—it does point to a general problem for those who run web sites: how can one ensure that the ads running on the site don't contain anything objectionable, either because of the actual ad content, or because it contains malware?

Ad content is typically served by ad networks, and a web site operator includes a little blob of Javascript into the proper place in a web page. That Javascript is responsible for retrieving the ad content and adding it into the page. But there is nothing stopping it from doing other things, such as downloading Javascript from other sites. Because the script code was served with the page, it has all the rights that any other Javascript has in the context of that page. Essentially, the site owner has given their ad network a "free pass" to do whatever is needed to put up the ad.

In general, ad networks are careful to screen the ads they send to their partners—at least for malicious content—otherwise, those partners would switch to a different network. But, it is certainly possible, and has probably happened in the past, that a dodgy ad gets put into an ad network's rotation. That was the first guess for where the NYT problem was. But, as the paper itself reported, the ad actually came from elsewhere.

In addition to running ads from ad networks, web sites often directly sell ads to customers. In this case, the NYT believed it was selling an ad to VoIP provider Vonage. When the ads were placed, they at first displayed normal Vonage ads. At some point, though, whoever placed the ads (and provided the Javascript to the NYT) switched to serving virus warnings.

Obviously, in retrospect, the NYT should have been more careful to ensure that whoever they were dealing with was, in fact, representing Vonage. The ad content was not being served by vonage.com, but that's hardly surprising as many advertisers use other sites to serve their ads. Vetting advertisers can be rather difficult, though. There are multiple levels of both technical and administrative verification that need to be done, some of which is likely beyond the abilities of ad salespeople.

It is, in some ways, like the kind of vetting that needs to be—and often isn't—done for SSL certificates. There needs to be a real organization behind the ad, though what constitutes "real" is an open question. The code to be inserted needs to be inspected as well. An excellent dissection of the NYT malware gives a good view of just how the attack worked. Without somehow figuring out that tradenton.com was not a legitimate ad serving network, there is nothing particularly suspicious about the top-level code.

This is a problem we are likely to see more of over time. Because the ad networks want to be able to run code on the client, for geotargeting and other information gathering, sites must generally be willing to insert fairly opaque Javascript into their site. As the dissection shows, that can lead to bouncing around to multiple sites, grabbing code from each—even legitimate ad serving networks often have their own partners to whom the redirect requests. There is a sort of implicit web of trust that exists, but one that has the potential to be subverted.

Another aspect of the problem is that site owners often cannot see all of the ads that are currently being displayed on their site. If some small percentage of the ads—or those targeted at a different region—contain objectionable content of any sort, the site owner may very well be completely unaware of it until users complain. It's not just malware ads that are a problem, here, but any kind of ad that the owner might prefer not to run.

The NYT article mentions other similar incidents that have occurred in the past, but this attack, on a high-profile site, has, at least, served to raise the profile of the problem. Other than eliminating ad networks and customer-supplied Javascript from a site, there is very little defense against this type of subversion. By running other people's code in a site, one has, for all intents and purposes, turned over control of the site's content to third parties. It shouldn't be too surprising that attackers are taking advantage of that.

Comments (15 posted)

New vulnerabilities

firefox: web content processing vulnerabilities

Package(s):firefox CVE #(s):CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075
Created:September 10, 2009 Updated:June 14, 2010
Description: From the Red Hat alert:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2010:071 mozilla-thunderbird 2010-04-23
Fedora FEDORA-2010-7100 seamonkey 2010-04-21
SuSE SUSE-SR:2010:013 apache2-mod_php5/php5, bytefx-data-mysql/mono, flash-player, fuse, java-1_4_2-ibm, krb5, libcmpiutil/libvirt, libmozhelper-1_0-0/mozilla-xulrunner190, libopenssl-devel, libpng12-0, libpython2_6-1_0, libtheora, memcached, ncpfs, pango, puppet, python, seamonkey, te_ams, texlive 2010-06-14
Debian DSA-2025-1 icedove 2010-03-31
CentOS CESA-2010:0153 thunderbird 2010-03-26
Ubuntu USN-915-1 thunderbird 2010-03-18
CentOS CESA-2010:0154 thunderbird 2010-03-17
Red Hat RHSA-2010:0153-02 thunderbird 2010-03-17
Red Hat RHSA-2010:0154-02 thunderbird 2010-03-17
Mandriva MDVSA-2009:236 firefox 2009-09-20
Fedora FEDORA-2009-9494 Miro 2009-09-11
Fedora FEDORA-2009-9505 Miro 2009-09-11
Fedora FEDORA-2009-9494 mugshot 2009-09-11
Fedora FEDORA-2009-9494 mozvoikko 2009-09-11
Fedora FEDORA-2009-9505 mozvoikko 2009-09-11
Fedora FEDORA-2009-9494 gecko-sharp2 2009-09-11
Fedora FEDORA-2009-9494 kazehakase 2009-09-11
Fedora FEDORA-2009-9505 kazehakase 2009-09-11
Fedora FEDORA-2009-9494 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9505 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9494 epiphany 2009-09-11
Fedora FEDORA-2009-9505 epiphany 2009-09-11
Fedora FEDORA-2009-9494 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9505 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9494 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9505 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9494 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9505 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9494 blam 2009-09-11
Fedora FEDORA-2009-9505 blam 2009-09-11
Fedora FEDORA-2009-9494 yelp 2009-09-11
Fedora FEDORA-2009-9505 yelp 2009-09-11
Fedora FEDORA-2009-9494 google-gadgets 2009-09-11
Fedora FEDORA-2009-9505 google-gadgets 2009-09-11
Fedora FEDORA-2009-9494 xulrunner 2009-09-11
Fedora FEDORA-2009-9505 xulrunner 2009-09-11
Fedora FEDORA-2009-9494 evolution-rss 2009-09-11
Fedora FEDORA-2009-9505 evolution-rss 2009-09-11
Fedora FEDORA-2009-9494 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9505 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9494 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 eclipse 2009-09-11
Fedora FEDORA-2009-9505 chmsee 2009-09-11
Fedora FEDORA-2009-9505 monodevelop 2009-09-11
Fedora FEDORA-2009-9505 galeon 2009-09-11
Fedora FEDORA-2009-9505 hulahop 2009-09-11
Slackware SSA:2009-257-01 mozilla 2009-09-14
Fedora FEDORA-2009-9505 seahorse-plugins 2009-09-11
Fedora FEDORA-2009-9505 firefox 2009-09-11
Fedora FEDORA-2009-9494 firefox 2009-09-11
Debian DSA-1885-1 xulrunner 2009-09-14
CentOS CESA-2009:1431 seamonkey 2009-09-10
CentOS CESA-2009:1430 firefox 2009-09-10
Ubuntu USN-821-1 firefox-3.0, xulrunner-1.9 2009-09-10
CentOS CESA-2009:1432 seamonkey 2009-09-10
Red Hat RHSA-2009:1432-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1431-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1430-01 firefox 2009-09-09
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20

Comments (none posted)

firefox: use-after-free flaw

Package(s):firefox CVE #(s):CVE-2009-3077
Created:September 10, 2009 Updated:June 14, 2010
Description: From the Red Hat alert:

A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3077)

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2010:071 mozilla-thunderbird 2010-04-23
Fedora FEDORA-2010-7100 seamonkey 2010-04-21
SuSE SUSE-SR:2010:013 apache2-mod_php5/php5, bytefx-data-mysql/mono, flash-player, fuse, java-1_4_2-ibm, krb5, libcmpiutil/libvirt, libmozhelper-1_0-0/mozilla-xulrunner190, libopenssl-devel, libpng12-0, libpython2_6-1_0, libtheora, memcached, ncpfs, pango, puppet, python, seamonkey, te_ams, texlive 2010-06-14
CentOS CESA-2010:0153 thunderbird 2010-03-26
Ubuntu USN-915-1 thunderbird 2010-03-18
CentOS CESA-2010:0154 thunderbird 2010-03-17
Red Hat RHSA-2010:0153-02 thunderbird 2010-03-17
Red Hat RHSA-2010:0154-02 thunderbird 2010-03-17
Mandriva MDVSA-2009:236 firefox 2009-09-20
Fedora FEDORA-2009-9494 Miro 2009-09-11
Fedora FEDORA-2009-9505 Miro 2009-09-11
Fedora FEDORA-2009-9494 mugshot 2009-09-11
Fedora FEDORA-2009-9494 mozvoikko 2009-09-11
Fedora FEDORA-2009-9505 mozvoikko 2009-09-11
Fedora FEDORA-2009-9494 gecko-sharp2 2009-09-11
Fedora FEDORA-2009-9494 kazehakase 2009-09-11
Fedora FEDORA-2009-9505 kazehakase 2009-09-11
Fedora FEDORA-2009-9494 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9505 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9494 epiphany 2009-09-11
Fedora FEDORA-2009-9505 epiphany 2009-09-11
Fedora FEDORA-2009-9494 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9505 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9494 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9505 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9494 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9505 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9494 blam 2009-09-11
Fedora FEDORA-2009-9505 blam 2009-09-11
Fedora FEDORA-2009-9494 yelp 2009-09-11
Fedora FEDORA-2009-9505 yelp 2009-09-11
Fedora FEDORA-2009-9494 google-gadgets 2009-09-11
Fedora FEDORA-2009-9505 google-gadgets 2009-09-11
Fedora FEDORA-2009-9494 xulrunner 2009-09-11
Fedora FEDORA-2009-9505 xulrunner 2009-09-11
Fedora FEDORA-2009-9494 evolution-rss 2009-09-11
Fedora FEDORA-2009-9505 evolution-rss 2009-09-11
Fedora FEDORA-2009-9494 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9505 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9494 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 eclipse 2009-09-11
Fedora FEDORA-2009-9505 chmsee 2009-09-11
Fedora FEDORA-2009-9505 monodevelop 2009-09-11
Fedora FEDORA-2009-9505 galeon 2009-09-11
Fedora FEDORA-2009-9505 hulahop 2009-09-11
Fedora FEDORA-2009-9505 seahorse-plugins 2009-09-11
Fedora FEDORA-2009-9505 firefox 2009-09-11
Fedora FEDORA-2009-9494 firefox 2009-09-11
Debian DSA-1885-1 xulrunner 2009-09-14
CentOS CESA-2009:1431 seamonkey 2009-09-10
CentOS CESA-2009:1430 firefox 2009-09-10
Ubuntu USN-821-1 firefox-3.0, xulrunner-1.9 2009-09-10
CentOS CESA-2009:1432 seamonkey 2009-09-10
Red Hat RHSA-2009:1432-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1431-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1430-01 firefox 2009-09-09
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20

Comments (none posted)

firefox: URL concealment

Package(s):firefox CVE #(s):CVE-2009-3078
Created:September 10, 2009 Updated:October 20, 2009
Description: From the Red Hat alert:

A flaw was found in the way Firefox displays certain Unicode characters. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-3078)

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2009:236 firefox 2009-09-20
Fedora FEDORA-2009-9494 Miro 2009-09-11
Fedora FEDORA-2009-9505 Miro 2009-09-11
Fedora FEDORA-2009-9494 mugshot 2009-09-11
Fedora FEDORA-2009-9494 mozvoikko 2009-09-11
Fedora FEDORA-2009-9505 mozvoikko 2009-09-11
Fedora FEDORA-2009-9494 gecko-sharp2 2009-09-11
Fedora FEDORA-2009-9494 kazehakase 2009-09-11
Fedora FEDORA-2009-9505 kazehakase 2009-09-11
Fedora FEDORA-2009-9494 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9505 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9494 epiphany 2009-09-11
Fedora FEDORA-2009-9505 epiphany 2009-09-11
Fedora FEDORA-2009-9494 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9505 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9494 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9505 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9494 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9505 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9494 blam 2009-09-11
Fedora FEDORA-2009-9505 blam 2009-09-11
Fedora FEDORA-2009-9494 yelp 2009-09-11
Fedora FEDORA-2009-9505 yelp 2009-09-11
Fedora FEDORA-2009-9494 google-gadgets 2009-09-11
Fedora FEDORA-2009-9505 google-gadgets 2009-09-11
Fedora FEDORA-2009-9494 xulrunner 2009-09-11
Fedora FEDORA-2009-9505 xulrunner 2009-09-11
Fedora FEDORA-2009-9494 evolution-rss 2009-09-11
Fedora FEDORA-2009-9505 evolution-rss 2009-09-11
Fedora FEDORA-2009-9494 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9505 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9494 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 eclipse 2009-09-11
Fedora FEDORA-2009-9505 chmsee 2009-09-11
Fedora FEDORA-2009-9505 monodevelop 2009-09-11
Fedora FEDORA-2009-9505 galeon 2009-09-11
Fedora FEDORA-2009-9505 hulahop 2009-09-11
Fedora FEDORA-2009-9505 seahorse-plugins 2009-09-11
Fedora FEDORA-2009-9505 firefox 2009-09-11
Fedora FEDORA-2009-9494 firefox 2009-09-11
Debian DSA-1885-1 xulrunner 2009-09-14
CentOS CESA-2009:1430 firefox 2009-09-10
Ubuntu USN-821-1 firefox-3.0, xulrunner-1.9 2009-09-10
Red Hat RHSA-2009:1430-01 firefox 2009-09-09
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20

Comments (none posted)

firefox: JavaScript execution

Package(s):firefox CVE #(s):CVE-2009-3079
Created:September 10, 2009 Updated:October 20, 2009
Description: From the Red Hat alert:

A flaw was found in the way Firefox handles malformed JavaScript. A website with an object containing malicious JavaScript could execute that JavaScript with the privileges of the user running Firefox. (CVE-2009-3079)

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2009:236 firefox 2009-09-20
Fedora FEDORA-2009-9494 Miro 2009-09-11
Fedora FEDORA-2009-9505 Miro 2009-09-11
Fedora FEDORA-2009-9494 mugshot 2009-09-11
Fedora FEDORA-2009-9494 mozvoikko 2009-09-11
Fedora FEDORA-2009-9505 mozvoikko 2009-09-11
Fedora FEDORA-2009-9494 gecko-sharp2 2009-09-11
Fedora FEDORA-2009-9494 kazehakase 2009-09-11
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20
Fedora FEDORA-2009-9505 kazehakase 2009-09-11
Fedora FEDORA-2009-9494 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9505 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9494 epiphany 2009-09-11
Fedora FEDORA-2009-9505 epiphany 2009-09-11
Fedora FEDORA-2009-9494 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9505 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9494 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9505 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9494 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9505 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9494 blam 2009-09-11
Fedora FEDORA-2009-9505 blam 2009-09-11
Fedora FEDORA-2009-9494 yelp 2009-09-11
Fedora FEDORA-2009-9505 yelp 2009-09-11
Fedora FEDORA-2009-9494 google-gadgets 2009-09-11
Fedora FEDORA-2009-9505 google-gadgets 2009-09-11
Fedora FEDORA-2009-9494 xulrunner 2009-09-11
Fedora FEDORA-2009-9505 xulrunner 2009-09-11
Fedora FEDORA-2009-9494 evolution-rss 2009-09-11
Fedora FEDORA-2009-9505 evolution-rss 2009-09-11
Fedora FEDORA-2009-9494 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9505 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9494 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 eclipse 2009-09-11
Fedora FEDORA-2009-9505 chmsee 2009-09-11
Fedora FEDORA-2009-9505 monodevelop 2009-09-11
Fedora FEDORA-2009-9505 galeon 2009-09-11
Fedora FEDORA-2009-9505 hulahop 2009-09-11
Fedora FEDORA-2009-9505 seahorse-plugins 2009-09-11
Fedora FEDORA-2009-9505 firefox 2009-09-11
Fedora FEDORA-2009-9494 firefox 2009-09-11
Debian DSA-1886-1 iceweasel 2009-09-14
CentOS CESA-2009:1430 firefox 2009-09-10
Ubuntu USN-821-1 firefox-3.0, xulrunner-1.9 2009-09-10
Red Hat RHSA-2009:1430-01 firefox 2009-09-09

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2009-3069 CVE-2009-3073
Created:September 14, 2009 Updated:October 20, 2009
Description:

From the Red Hat bugzilla [1] [2]:

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2009:236 firefox 2009-09-20
Fedora FEDORA-2009-9505 Miro 2009-09-11
Fedora FEDORA-2009-9505 mozvoikko 2009-09-11
Fedora FEDORA-2009-9505 kazehakase 2009-09-11
Fedora FEDORA-2009-9505 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9505 epiphany 2009-09-11
Fedora FEDORA-2009-9505 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9505 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9505 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9505 blam 2009-09-11
Fedora FEDORA-2009-9505 yelp 2009-09-11
Fedora FEDORA-2009-9505 google-gadgets 2009-09-11
Fedora FEDORA-2009-9505 xulrunner 2009-09-11
Fedora FEDORA-2009-9505 evolution-rss 2009-09-11
Fedora FEDORA-2009-9505 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9505 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9505 eclipse 2009-09-11
Fedora FEDORA-2009-9505 chmsee 2009-09-11
Fedora FEDORA-2009-9505 monodevelop 2009-09-11
Fedora FEDORA-2009-9505 galeon 2009-09-11
Fedora FEDORA-2009-9505 hulahop 2009-09-11
Fedora FEDORA-2009-9505 seahorse-plugins 2009-09-11
Fedora FEDORA-2009-9505 firefox 2009-09-11
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20

Comments (none posted)

firefox: certificate vulnerability

Package(s):firefox CVE #(s):CVE-2009-3076
Created:September 10, 2009 Updated:April 23, 2010
Description: From the Red Hat alert:

Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3076)

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2010:071 mozilla-thunderbird 2010-04-23
CentOS CESA-2010:0153 thunderbird 2010-03-26
CentOS CESA-2010:0154 thunderbird 2010-03-17
Red Hat RHSA-2010:0153-02 thunderbird 2010-03-17
Red Hat RHSA-2010:0154-02 thunderbird 2010-03-17
Mandriva MDVSA-2009:236 firefox 2009-09-20
Fedora FEDORA-2009-9494 Miro 2009-09-11
Fedora FEDORA-2009-9494 mugshot 2009-09-11
Fedora FEDORA-2009-9494 mozvoikko 2009-09-11
Fedora FEDORA-2009-9494 gecko-sharp2 2009-09-11
Fedora FEDORA-2009-9494 kazehakase 2009-09-11
Fedora FEDORA-2009-9494 gnome-python2-extras 2009-09-11
Fedora FEDORA-2009-9494 epiphany 2009-09-11
Fedora FEDORA-2009-9494 epiphany-extensions 2009-09-11
Fedora FEDORA-2009-9494 pcmanx-gtk2 2009-09-11
Fedora FEDORA-2009-9494 gnome-web-photo 2009-09-11
Fedora FEDORA-2009-9494 blam 2009-09-11
Fedora FEDORA-2009-9494 yelp 2009-09-11
Fedora FEDORA-2009-9494 google-gadgets 2009-09-11
Fedora FEDORA-2009-9494 xulrunner 2009-09-11
Fedora FEDORA-2009-9494 evolution-rss 2009-09-11
Fedora FEDORA-2009-9494 perl-Gtk2-MozEmbed 2009-09-11
Fedora FEDORA-2009-9494 ruby-gnome2 2009-09-11
Fedora FEDORA-2009-9494 firefox 2009-09-11
Debian DSA-1885-1 xulrunner 2009-09-14
CentOS CESA-2009:1431 seamonkey 2009-09-10
CentOS CESA-2009:1430 firefox 2009-09-10
Ubuntu USN-821-1 firefox-3.0, xulrunner-1.9 2009-09-10
Red Hat RHSA-2009:1432-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1431-01 seamonkey 2009-09-09
CentOS CESA-2009:1432 seamonkey 2009-09-10
Red Hat RHSA-2009:1430-01 firefox 2009-09-09
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20

Comments (none posted)

freeradius: denial of service

Package(s):freeradius CVE #(s):CVE-2003-0967 CVE-2009-3111
Created:September 10, 2009 Updated:January 11, 2010
Description: From the Mandriva alert:

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111).

Alerts:
Mandriva MDVSA-2009:227-1 freeradius 2010-01-11
Ubuntu USN-832-1 freeradius 2009-09-16
Red Hat RHSA-2009:1451-01 freeradius 2009-09-17
SuSE SUSE-SR:2009:018 cyrus-imapd, neon/libneon, freeradius, strongswan, openldap2, apache2-mod_jk, expat, xpdf, mozilla-nspr 2009-11-10
Mandriva MDVSA-2009:226 freeradius 2009-09-10
CentOS CESA-2009:1451 freeradius 2009-10-30
SuSE SUSE-SR:2009:016 silc-toolkit, open-iscsi, strongswan,freeswan,openswan, mutt, openldap2, cyrus-imapd, java-1_6_0-openjdk, postgresql, IBMJava2-JRE/java-1_4_2-ibm, wireshark, freeradius, dovecot 2009-10-13

Comments (none posted)

horde: cross-site scripting

Package(s):horde CVE #(s):CVE-2009-0931
Created:September 14, 2009 Updated:April 1, 2010
Description:

From the Gentoo advisory:

Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931).

Alerts:
Fedora FEDORA-2010-5520 horde 2010-04-01
Fedora FEDORA-2010-5483 horde 2010-04-01
Gentoo 200909-14 horde 2009-09-12

Comments (none posted)

htmldoc: buffer overflow

Package(s):htmldoc CVE #(s):CVE-2009-3050
Created:September 11, 2009 Updated:January 12, 2010
Description: From the Mandriva advisory: Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.
Alerts:
SuSE SUSE-SR:2009:020 apache2-mod_jk, cacti, cups, expat, finch/pidgin, htmldoc, kdelibs3/kdelibs4, libpoppler/poppler, lighttpd, opera, perl-HTML-Parser, pyxml, seamonkey, wireshark/ethereal, xntp, zope/zope3 2010-01-12
Mandriva MDVSA-2009:231-1 htmldoc 2009-12-07
Gentoo 200909-12 htmldoc 2009-09-12
Mandriva MDVSA-2009:231 htmldoc 2009-09-11

Comments (none posted)

kde: man-in-the-middle attack

Package(s):kde CVE #(s):CVE-2009-2702
Created:September 15, 2009 Updated:April 8, 2011
Description: From the CVE entry: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Alerts:
Mandriva MDVSA-2011:162 kdelibs4 2011-11-01
Mandriva MDVSA-2011:071 kdelibs4 2011-04-08
Mandriva MDVSA-2010:027 kdelibs4 2010-01-27
Mandriva MDVSA-2010:028 kdelibs4 2010-01-27
Mandriva MDVSA-2009:346 kde 2009-12-29
Mandriva MDVSA-2009:330 kdelibs 2009-12-10
Ubuntu USN-833-1 kde4libs, kdelibs 2009-09-18
Fedora FEDORA-2009-9427 kdeutils 2009-09-09
Fedora FEDORA-2009-9397 kdeutils 2009-09-09
Fedora FEDORA-2009-9427 kdemultimedia 2009-09-09
Fedora FEDORA-2009-9397 kdemultimedia 2009-09-09
Fedora FEDORA-2009-9427 kdegraphics 2009-09-09
Fedora FEDORA-2009-9397 kdegraphics 2009-09-09
Fedora FEDORA-2009-9427 kdeadmin 2009-09-09
Fedora FEDORA-2009-9397 kdeadmin 2009-09-09
Fedora FEDORA-2009-9427 kdeartwork 2009-09-09
Fedora FEDORA-2009-9397 kdeartwork 2009-09-09
Fedora FEDORA-2009-9427 kde-l10n 2009-09-09
Fedora FEDORA-2009-9397 kde-l10n 2009-09-09
Fedora FEDORA-2009-9427 kdenetwork 2009-09-09
Fedora FEDORA-2009-9397 kdenetwork 2009-09-09
Fedora FEDORA-2009-9427 oxygen-icon-theme 2009-09-09
Fedora FEDORA-2009-9397 oxygen-icon-theme 2009-09-09
Fedora FEDORA-2009-9427 kdelibs 2009-09-09
Fedora FEDORA-2009-9397 kdelibs 2009-09-09
Fedora FEDORA-2009-9427 kdegames 2009-09-09
Fedora FEDORA-2009-9397 kdegames 2009-09-09
Fedora FEDORA-2009-9427 kdetoys 2009-09-09
Fedora FEDORA-2009-9397 kdetoys 2009-09-09
Fedora FEDORA-2009-9427 kdeplasma-addons 2009-09-09
Fedora FEDORA-2009-9397 kdeplasma-addons 2009-09-09
Fedora FEDORA-2009-9427 kdeedu 2009-09-09
Fedora FEDORA-2009-9397 kdeedu 2009-09-09
Fedora FEDORA-2009-9427 kdelibs-experimental 2009-09-09
Fedora FEDORA-2009-9397 kdelibs-experimental 2009-09-09
Fedora FEDORA-2009-9427 kdebindings 2009-09-09
Fedora FEDORA-2009-9397 kdebindings 2009-09-09
Fedora FEDORA-2009-9427 kdepimlibs 2009-09-09
Fedora FEDORA-2009-9397 kdepimlibs 2009-09-09
Fedora FEDORA-2009-9427 kdeaccessibility 2009-09-09
Fedora FEDORA-2009-9397 kdeaccessibility 2009-09-09
Fedora FEDORA-2009-9427 kdesdk 2009-09-09
Fedora FEDORA-2009-9397 kdesdk 2009-09-09
Fedora FEDORA-2009-9427 kdebase 2009-09-09
Fedora FEDORA-2009-9397 kdebase 2009-09-09
Fedora FEDORA-2009-9427 kdebase-workspace 2009-09-09
Fedora FEDORA-2009-9397 kdebase-workspace 2009-09-09
Fedora FEDORA-2009-9427 kdebase-runtime 2009-09-09
Fedora FEDORA-2009-9397 kdebase-runtime 2009-09-09
Fedora FEDORA-2009-9427 akonadi 2009-09-09
Fedora FEDORA-2009-9397 akonadi 2009-09-09
Fedora FEDORA-2009-9427 kdepim-runtime 2009-09-09
Fedora FEDORA-2009-9397 kdepim-runtime 2009-09-09
Fedora FEDORA-2009-9427 kdepim 2009-09-09
Fedora FEDORA-2009-9397 kdepim 2009-09-09
Debian DSA-1916-1 kdelibs 2009-10-23

Comments (none posted)

kernel: missing capability check

Package(s):kernel CVE #(s):CVE-2009-1883
Created:September 15, 2009 Updated:February 19, 2010
Description: From the Red Hat advisory: Solar Designer reported a missing capability check in the z90crypt driver in the Linux kernel. This missing check could allow a local user with an effective user ID (euid) of 0 to bypass intended capability restrictions.
Alerts:
SuSE SUSE-SA:2010:013 kernel 2010-02-18
CentOS CESA-2009:1438 kernel 2009-09-15
Red Hat RHSA-2009:1438-01 kernel 2009-09-15
Ubuntu USN-852-1 linux, linux-source-2.6.15 2009-10-22
Debian DSA-1929-1 linux-2.6 2009-11-05

Comments (none posted)

libsamplerate: denial of service

Package(s):libsamplerate CVE #(s):
Created:September 14, 2009 Updated:December 7, 2009
Description:

From the Mandriva advisory:

Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected.

Alerts:
Mandriva MDVSA-2009:232-1 libsamplerate 2009-12-05
Mandriva MDVSA-2009:232 libsamplerate 2009-09-11

Comments (none posted)

nginx: arbitrary code execution

Package(s):nginx CVE #(s):CVE-2009-2629
Created:September 14, 2009 Updated:December 7, 2009
Description:

From the Debian advisory:

Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.

Alerts:
Fedora FEDORA-2009-12750 nginx 2009-12-07
Fedora FEDORA-2009-12782 nginx 2009-12-07
Fedora FEDORA-2009-12775 nginx 2009-12-07
Gentoo 200909-18 nginx 2009-09-18
Fedora FEDORA-2009-9630 nginx 2009-09-15
Fedora FEDORA-2009-9652 nginx 2009-09-15
Debian DSA-1884-1 nginx 2009-09-14

Comments (none posted)

planet: missing input sanitizing

Package(s):planet CVE #(s):CVE-2009-2937
Created:September 15, 2009 Updated:September 17, 2009
Description: From the Debian bugzilla: The planet feed aggregator attempts to remove malicious content from user-submitted feeds. It does a great job, but fails to sanitize this input:

<img src="javascript:alert(1);" >

At least Opera will execute this code.

Alerts:
Fedora FEDORA-2009-9601 planet 2009-09-15
Fedora FEDORA-2009-9575 planet 2009-09-15

Comments (1 posted)

puppet: multiple vulnerabilities

Package(s):puppet CVE #(s):
Created:September 14, 2009 Updated:September 16, 2009
Description:

From the Fedora update:

This update fixes a number of bugs in both the packaging and upstream source. See the package changelog and bug reports for complete details.

References:

[ 1 ] Bug #475201 - puppetmasterd does not initialize supplementary groups https://bugzilla.redhat.com/show_bug.cgi?id=475201

[ 2 ] Bug #480600 - puppet initscript: condrestart should call status https://bugzilla.redhat.com/show_bug.cgi?id=480600

[ 3 ] Bug #495096 - puppet SPEC file defines improper modes for some directories https://bugzilla.redhat.com/show_bug.cgi?id=495096

[ 4 ] Bug #501577 - `/etc/init.d/puppet status` returns errors https://bugzilla.redhat.com/show_bug.cgi?id=501577

[ 5 ] Bug #515728 - Storeconfigs broken https://bugzilla.redhat.com/show_bug.cgi?id=515728

Alerts:
Fedora FEDORA-2009-8477 puppet 2009-08-11
Fedora FEDORA-2009-8494 puppet 2009-08-11

Comments (none posted)

rails: missing input sanitizing

Package(s):rails CVE #(s):CVE-2009-3009
Created:September 15, 2009 Updated:December 21, 2009
Description: From the Debian advisory: Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.
Alerts:
Gentoo 200912-02 rails 2009-12-20
Fedora FEDORA-2009-12966 rubygem-actionpack 2009-12-10
Fedora FEDORA-2009-9799 rubygem-actionpack 2009-09-24
Fedora FEDORA-2009-9922 rubygem-activesupport 2009-09-25
Fedora FEDORA-2009-9922 rubygem-actionpack 2009-09-25
Fedora FEDORA-2009-9799 rubygem-activesupport 2009-09-24
Debian DSA-1887-1 rails 2009-09-15
SuSE SUSE-SR:2009:017 php5, newt, rubygem-actionpack, rubygem-activesupport, java-1_4_2-ibm, postgresql, samba, phpMyAdmin, viewvc 2009-10-26
Fedora FEDORA-2009-10484 rubygem-rails 2009-10-14
Fedora FEDORA-2009-10484 rubygem-activeresource 2009-10-14
Fedora FEDORA-2009-10484 rubygem-activesupport 2009-10-14
Fedora FEDORA-2009-10484 rubygem-activerecord 2009-10-14
Fedora FEDORA-2009-10484 rubygem-actionpack 2009-10-14
Fedora FEDORA-2009-10484 rubygem-actionmailer 2009-10-14

Comments (none posted)

silc-toolkit: format string vulnerabilities

Package(s):silc-toolkit CVE #(s):CVE-2009-3163
Created:September 15, 2009 Updated:June 1, 2010
Description: From the Mandriva advisory: Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users
Alerts:
Gentoo 201006-07 silc-toolkit 2010-06-01
Mandriva MDVSA-2009:234-2 silc-toolkit 2009-12-05
Mandriva MDVSA-2009:235 silc-toolkit 2009-09-15
Mandriva MDVSA-2009:234-1 silc-toolkit 2009-09-15
Mandriva MDVSA-2009:234 silc-toolkit 2009-09-15

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2009-2559 CVE-2009-2561
Created:September 14, 2009 Updated:December 7, 2009
Description:

From the Gentoo advisory:

A buffer overflow in the IPMI dissector related to an array index error (CVE-2009-2559)

An unspecified vulnerability in the sFlow dissector (CVE-2009-2561).

Alerts:
Fedora FEDORA-2009-7998 wireshark 2009-07-24
Gentoo 200909-16 wireshark 2009-09-13
Fedora FEDORA-2009-9837 wireshark 2009-09-24

Comments (none posted)

xapian-omega: missing input sanitising

Package(s):xapian-omega CVE #(s):CVE-2009-2947
Created:September 10, 2009 Updated:September 16, 2009
Description: From the Debian alert:

It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.

Alerts:
Debian DSA-1882-1 xapian-omega 2009-09-09

Comments (none posted)

znc: arbitrary file overwrite

Package(s):znc CVE #(s):CVE-2009-2658
Created:September 14, 2009 Updated:September 16, 2009
Description:

From the Gentoo advisory:

he vendor reported a directory traversal vulnerability when processing DCC SEND requests.

A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user running ZNC, and possibly cause the execution of arbitrary code e.g. by uploading a malicious ZNC module.

Alerts:
Gentoo 200909-17 znc 2009-09-13

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds