|
|
Subscribe / Log in / New account

Security

Capsicum: practical capabilities for UNIX

By Jake Edge
February 22, 2012

The Capsicum capabilities framework has been around for a couple of years now, and support for it was added to the recent FreeBSD 9.0 release. Capsicum takes a very different approach from other capabilities systems (like Linux capabilities or POSIX capabilities), and is geared toward sandboxing applications to limit the damage that can be caused by buggy or misbehaving programs. While the FreeBSD support is "experimental", it is available for researchers and others to try out.

Capsicum came out of a collaboration between the University of Cambridge's Computer Laboratory and Google. That resulted in a prototype implementation for FreeBSD along with modification of several different programs to take advantage of Capsicum. One of the main applications of interest is the Chromium web browser, but several FreeBSD utilities (tcpdump, dhclient, and gzip) were also converted, as described in the Capsicum paper [PDF].

The idea behind Capsicum is to extend the standard Unix APIs by adding ways that applications can "self-compartmentalize". Essentially, applications can choose to restrict themselves to a sandbox that will disallow many "dangerous" operations, while still allowing them to get their job done via the capabilities they allow for themselves or those that are passed in using special file descriptors (which are also, perhaps unfortunately, called capabilities). It is, in some ways, conceptually similar to programs that drop their privileges using the setuid() call but, instead of being restricted to what a particular user is allowed to do (which is often far more than the application needs), Capsicum allows much finer-grained control over what restrictions are in place.

The starting point for a Capsicum-enabled process is the new cap_enter() system call. This is a one-way gate that puts a process and any subsequent children into "capability mode". It turns off "ambient authority", which is a term for the normal Unix process model where a process has all of the permissions of the UID it is running as. Capability mode restricts access to any of the global namespaces, like the filesystem namespace, PID namespace, network namespace, and others. Any system calls that operate on these global namespaces are either disallowed entirely, or their arguments are constrained.

For example, the sysctl() call is constrained to only allow around 30 (of a possible 3000) of the different system parameters to be examined via that call. The shared memory creation call, shm_open(), is only allowed to create anonymous memory objects, while the openat() family is restricted to allow access to files at or below the directory file descriptor passed in (by essentially disallowing "/" or ".." at the start of the path). There are some other miscellaneous restrictions that come with capability mode including disallowing the loading of kernel modules or the execution of setuid and setgid binaries.

Capsicum wraps normal file descriptors with additional capability information that restricts what can be done with the file. If a capability file descriptor has the CAP_READ capability, that's all that can be done to it, unlike a file descriptor for a file that is opened read-only which can still be used to make metadata changes (via fchmod() for example). In order to change positions in the file, the CAP_SEEK capability is required. A capability file descriptor can also wrap a directory file descriptor, which allows the capability set to be applied to all members of that directory. That would allow Apache to set up workers that only have access to a certain subset of the web directory hierarchy, or for a sandboxed application to access a library path, for example.

The capability file descriptors can be already open at the time that cap_enter() is called (and wrapped by a set of capabilities specified in an earlier cap_new() call) or passed to the process using Unix sockets. That means that a fairly simple program can decrease its ability to cause harm by setting up the file descriptors it needs and then calling cap_enter() before performing more "dangerous" operations. The tcpdump example given in the paper is instructive, as it simply enters capability mode after setting up the packet filter (which is a privileged operation), but before entering the processing loop. That way, errors in the packet decoding code are very limited in the kind of damage they can cause.

The simple two-line change to tcpdump() did expose a few problems, however. For example the glibc DNS resolver code requires access to the filesystem (/etc/resolv.conf) and to the network namespace (to talk to the DNS server), which led to reduced functionality. Switching tcpdump to use a lightweight local resolver restored that feature.

In addition to the "raw" Capsicum interface using cap_enter(), the framework provides a libcapsicum that can be used to more thoroughly isolate the sandboxed processes without each application having to do its own start-up management of a sandboxed process. It handles closing all undelegated file descriptors (those that are not meant for the sandbox), forking the new sandboxed process, flushing the address space using fexecve(), and setting up a Unix socket that can be used for communication between the privileged and unprivileged processes. None of the examples in the paper use libcapsicum as it generally requires major changes to the application in order to be used, so it may be more suitable for new development.

The examples do show that substantial improvements in the security of programs can be had with minimal code changes, though. Roughly 100 new lines of code were all that was required to use Capsicum in Chromium on FreeBSD, largely because the browser was written with privilege separation in mind. Chromium already uses various techniques, depending on the OS, to separate the rendering process from other renderers and the rest of the browser. That made it fairly straightforward to adapt Chromium and the paper says that switching to a libcapsicum-based implementation should not be significantly harder.

Capsicum is an interesting idea that bears watching as it rolls out in FreeBSD. The 9.0 release only contains the kernel changes required for Capsicum but doesn't ship any applications that use the facility. 9.1 is slated to have some of those, presumably starting with Chromium. Beyond this brief introduction, those interested should take a look at the paper, this article [PDF] from ;login: magazine, as well as the documentation page.

Comments (7 posted)

Brief items

Security quotes of the week

I used to provide detached GnuPG signatures alongside my uploaded source tarballs but nobody cared or even noticed if I inadvertently broke the signature. (This is for packages which regularly got downloaded for inclusion into Fedora, ArchLinux, Gentoo and numerous other distros other than Debian/Debian-based ones which get the source directly from me.)

Honestly, nobody cares.

-- Neil Williams

ICANN has plowed ahead with their extortive get-rich-quick gTLD expansion scheme. The U.S. has turned the DNS into a mechanism for unilaterial actions over entities in other countries, without such [niceties] as due process being required. The list goes on and on.

So no wonder the rest of the world pushes for changes -- and threatens network fragemention -- even as their proposed regulatory regimes could do enormous damage to the Net.

-- Lauren Weinstein

This book marks another chapter in my career’s endless series of generalizations. From mathematical security — cryptography — to computer and network security; from there to security technology in general; then to the economics of security and the psychology of security; and now to — I suppose — the sociology of security. The more I try to understand how security works, the more of the world I need to encompass within my model.
-- Bruce Schneier on his new book Liars and Outliers

While everyone else was focused on the normal patch specific vuln/update/forget cycle, our focus with these high-profile vulnerabilities has always been to look at tangential issues that are unlikely to be resolved upstream: exploitation techniques that either made certain strategies easier or possible in the first place. In the case of CVE-2012-0056, that issue revealed itself during a discussion on the full-disclosure mailing list on how to reliably exploit systems that changed the permission of the suid root binaries to deny reading. While such a permission change prevented the use of objdump in initial exploits, it was mentioned that a ptrace followed by an exec of the suid root binary allows one to effectively read the contents of the mapped binary. This might be surprising, as a ptrace of an existing suid root process would be denied. When execing a privileged binary while ptracing though, the binary is run without the extra privileges. When the goal is reading out the binary, however, this is irrelevant.
-- Brad Spengler on "How We Learn From Exploits"

Comments (1 posted)

RSA keys not as random as they should be (The H)

The H reports on research that found a significant number of RSA public keys are not secure. "Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners." Interestingly, OpenPGP keys generated by GPG do not seem to suffer from this problem.

Comments (16 posted)

Weekend Project: Get Started with Tahoe-LAFS Storage Grids (Linux.com)

Over at Linux.com, Nathan Willis describes how to set up Tahoe-LAFS grids for encrypted, distributed storage with strong access controls that disallow the storing node from accessing the data—only the owner (and those they share the location with) can assemble and decrypt it. "Beyond that, though, Tahoe offers peer-to-peer distributed data storage with adjustable levels of redundancy. You can tune your "grid" for performance, fault-tolerance, or strike a balance in between, and you can use heterogeneous hardware and service providers to make up your nodes, providing you with a second layer of protection. Furthermore, although you can use Tahoe-LAFS as a simple distributed filesystem, you can also run web and (S)FTP services directly from your Tahoe grid."

Comments (1 posted)

Mozilla's message to certificate authorities

Mozilla has announced that it has sent a message to all of its recognized certificate authorities about the practice of issuing subordinate root certificates for man-in-the-middle attacks. Such use, they say, is not acceptable. "In addition to this clarification, we have made several requests. We have requested that any such certificates be revoked, and their HSMs destroyed. We have requested the serial numbers of those certificates and fingerprints of their signing roots so that we, and other relying parties, can detect and distrust these subCA certificates if encountered. We have requested that any CAs who have issued subCA certificates fulfill these requests no later than April 27, 2012."

Comments (33 posted)

New vulnerabilities

busybox: code execution

Package(s):busybox CVE #(s):CVE-2011-2716
Created:February 21, 2012 Updated:July 19, 2012
Description: From the Red Hat advisory:

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages.

Alerts:
Gentoo 201312-02 busybox 2013-12-02
Mandriva MDVSA-2012:129-1 busybox 2012-08-10
Mandriva MDVSA-2012:129 busybox 2012-08-10
Mageia MGASA-2012-0172 busybox 2012-07-19
Mageia MGASA-2012-0171 busybox 2012-07-19
CentOS CESA-2012:0810 busybox 2012-07-10
Scientific Linux SL-busy-20120709 busybox 2012-07-09
Oracle ELSA-2012-0810 busybox 2012-07-02
Red Hat RHSA-2012:0810-04 busybox 2012-06-20
Scientific Linux SL-busy-20120321 busybox 2012-03-21
Oracle ELSA-2012-0308 busybox 2012-03-07
Red Hat RHSA-2012:0308-03 busybox 2012-02-21

Comments (none posted)

chromium: multiple vulnerabilities

Package(s):chromium CVE #(s):CVE-2011-3016 CVE-2011-3017 CVE-2011-3018 CVE-2011-3019 CVE-2011-3020 CVE-2011-3021 CVE-2011-3022 CVE-2011-3023 CVE-2011-3024 CVE-2011-3025 CVE-2011-3027 CVE-2011-3953 CVE-2011-3954 CVE-2011-3955 CVE-2011-3956 CVE-2011-3957 CVE-2011-3958 CVE-2011-3959 CVE-2011-3960 CVE-2011-3961 CVE-2011-3962 CVE-2011-3963 CVE-2011-3964 CVE-2011-3965 CVE-2011-3966 CVE-2011-3967 CVE-2011-3968 CVE-2011-3969 CVE-2011-3970 CVE-2011-3971 CVE-2011-3972
Created:February 20, 2012 Updated:February 22, 2012
Description: From the CVE entries:

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. (CVE-2011-3016)

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling. (CVE-2011-3017)

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. (CVE-2011-3018)

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. (CVE-2011-3019)

Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors. (CVE-2011-3020)

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. (CVE-2011-3021)

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. (CVE-2011-3022)

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations. (CVE-2011-3023)

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. (CVE-2011-3024)

Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3025)

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. (CVE-2011-3027)

Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors. (CVE-2011-3953)

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. (CVE-2011-3954)

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction. (CVE-2011-3955)

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. (CVE-2011-3956)

Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents. (CVE-2011-3957)

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. (CVE-2011-3958)

Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2011-3959)

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3960)

Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process. (CVE-2011-3961)

Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3962)

Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3963)

Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. (CVE-2011-3964)

Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. (CVE-2011-3965)

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. (CVE-2011-3966)

Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate. (CVE-2011-3967)

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. (CVE-2011-3968)

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. (CVE-2011-3969)

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3970)

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. (CVE-2011-3971)

The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3972)

Alerts:
Gentoo 201202-01 chromium 2012-02-18

Comments (none posted)

conga: cross-site scripting

Package(s):conga CVE #(s):CVE-2010-1104 CVE-2011-1948
Created:February 21, 2012 Updated:March 8, 2012
Description: From the Red Hat advisory:

Multiple cross-site scripting (XSS) flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. (CVE-2010-1104, CVE-2011-1948)

Alerts:
Oracle ELSA-2012-0151 conga 2012-03-07
Scientific Linux SL-cong-20120306 conga 2012-03-06
Red Hat RHSA-2012:0151-03 conga 2012-02-21

Comments (none posted)

drupal7-field_permissions: missing permissions

Package(s):drupal7-field_permissions CVE #(s):
Created:February 21, 2012 Updated:February 22, 2012
Description: Drupal field_permissions-7.x-1.0-beta2 adds an additional safe-guard for entities other than nodes when it comes to entity ownership. See the release announcement for details.
Alerts:
Fedora FEDORA-2012-1390 drupal7-field_permissions 2012-02-21
Fedora FEDORA-2012-1409 drupal7-field_permissions 2012-02-21

Comments (none posted)

flash_plugin: multiple vulnerabilities

Package(s):flash_plugin CVE #(s):CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
Created:February 17, 2012 Updated:February 27, 2012
Description: From the Red Hat advisory:

Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)

A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2012-0767)

Alerts:
SUSE SUSE-SU-2012:0299-1 flash-player 2012-02-27
SUSE SUSE-SU-2012:0280-1 flash-player 2012-02-18
openSUSE openSUSE-SU-2012:0265-1 flash-player 2012-02-17
Red Hat RHSA-2012:0144-01 flash_plugin 2012-02-17

Comments (none posted)

horde3: cross-site scripting

Package(s):horde3 CVE #(s):CVE-2012-0909
Created:February 20, 2012 Updated:February 22, 2012
Description: From the CVE entry:

Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.

Alerts:
Mageia MGASA-2012-0239 horde 2012-08-26
openSUSE openSUSE-SU-2012:0286-1 horde3 2012-02-20

Comments (none posted)

horde3-dimp: cross-site scripting

Package(s):horde3-dimp CVE #(s):CVE-2012-0791
Created:February 20, 2012 Updated:June 4, 2012
Description: From the CVE entry:

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

Alerts:
Mageia MGASA-2012-0239 horde 2012-08-26
Debian DSA-2485-1 imp4 2012-06-03
openSUSE openSUSE-SU-2012:0287-1 horde3-dimp 2012-02-20

Comments (none posted)

ibutils: code execution

Package(s):ibutils CVE #(s):CVE-2008-3277
Created:February 21, 2012 Updated:March 8, 2012
Description: From the Red Hat advisory:

It was found that the ibmssh executable had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim.

Alerts:
Oracle ELSA-2012-0311 ibutils 2012-03-07
Red Hat RHSA-2012:0311-03 ibutils 2012-02-21

Comments (none posted)

initscripts: network traffic sniffing

Package(s):initscripts CVE #(s):CVE-2008-1198
Created:February 21, 2012 Updated:March 22, 2012
Description: From the Red Hat advisory:

With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash.

Alerts:
Scientific Linux SL-init-20120321 initscripts 2012-03-21
Oracle ELSA-2012-0312 initscripts 2012-03-07
Red Hat RHSA-2012:0312-03 initscripts 2012-02-21

Comments (none posted)

java: multiple unspecified vulnerabilities

Package(s):java CVE #(s):CVE-2012-0498 CVE-2012-0499 CVE-2012-0500
Created:February 17, 2012 Updated:August 21, 2012
Description: From the CVE entries:

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2012-0498)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2012-0499)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2012-0500)

Alerts:
Gentoo 201401-30 oracle-jdk-bin 2014-01-26
SUSE SUSE-SU-2012:1013-1 java-1_4_2-ibm-sap 2012-08-21
SUSE SUSE-SU-2012:0881-1 java-1_4_2-ibm-sap 2012-07-16
SUSE SUSE-SU-2012:0603-1 IBM Java 1.6.0 2012-05-09
SUSE SUSE-SU-2012:0602-1 IBM Java 1.5.0 2012-05-09
Red Hat RHSA-2012:0514-01 java-1.6.0-ibm 2012-04-24
Red Hat RHSA-2012:0508-01 java-1.5.0-ibm 2012-04-23
Scientific Linux SL-java-20120227 java-1.6.0-sun 2012-02-27
Mandriva MDVSA-2012:021 java-1.6.0-openjdk 2012-02-17
Red Hat RHSA-2012:0139-01 java-1.6.0-sun 2012-02-16
Red Hat RHSA-2012:0702-01 java-1.4.2-ibm 2012-05-30
SUSE SUSE-SU-2012:0734-1 IBM Java 2012-06-13

Comments (none posted)

jetty5: denial of service

Package(s):jetty5 CVE #(s):CVE-2011-4461
Created:February 16, 2012 Updated:January 7, 2013
Description:

From the openSUSE advisory:

jetty5 was prone to a remotely exploitable Denial of Service flaw via hash collisions (CVE-2011-4461).

Alerts:
Mageia MGASA-2013-0002 jetty 2013-01-05
Red Hat RHSA-2012:1605-01 fuse-mq 2012-12-21
Red Hat RHSA-2012:1606-01 fuse-management-console 2012-12-21
Red Hat RHSA-2012:1604-01 fuse-esb 2012-12-21
Ubuntu USN-1429-1 jetty 2012-04-26
Fedora FEDORA-2012-0752 jetty 2012-03-24
Fedora FEDORA-2012-0730 jetty 2012-03-24
openSUSE openSUSE-SU-2012:0262-1 jetty5 2012-02-16

Comments (none posted)

libpng: code execution

Package(s):libpng CVE #(s):CVE-2011-3026
Created:February 16, 2012 Updated:July 23, 2012
Description:

From the Debian advisory:

Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mageia MGASA-2012-0176 iceape 2012-07-21
Gentoo 201206-15 libpng 2012-06-22
Fedora FEDORA-2012-5068 thunderbird 2012-04-06
Fedora FEDORA-2012-5028 thunderbird 2012-03-31
Fedora FEDORA-2012-1845 xulrunner 2012-03-06
SUSE SUSE-SU-2012:0318-1 libpng 2012-02-28
openSUSE openSUSE-SU-2012:0316-1 libpng12 2012-02-28
Mandriva MDVSA-2012:022-1 mozilla 2012-02-28
Fedora FEDORA-2012-2008 libpng10 2012-02-28
Fedora FEDORA-2012-2028 libpng10 2012-02-28
Fedora FEDORA-2012-1930 libpng 2012-02-28
SUSE SUSE-SU-2012:0303-1 Mozilla Firefox 2012-02-27
SUSE SUSE-SU-2012:0298-1 Mozilla XULrunner 2012-02-27
openSUSE openSUSE-SU-2012:0297-1 mozilla-xulrunner192 2012-02-24
Mandriva MDVSA-2012:022 mozilla 2012-02-23
Fedora FEDORA-2012-1844 thunderbird 2012-02-23
CentOS CESA-2012:0317 libpng 2012-02-22
Mandriva MDVSA-2012:022 libpng 2012-02-22
Oracle ELSA-2012-0317 libpng 2012-02-21
Oracle ELSA-2012-0317 libpng 2012-02-21
Oracle ELSA-2012-0317 libpng 2012-02-21
Fedora FEDORA-2012-1922 libpng 2012-02-21
Scientific Linux SL-libp-20120220 libpng 2012-02-20
CentOS CESA-2012:0317 libpng 2012-02-20
CentOS CESA-2012:0317 libpng 2012-02-20
CentOS CESA-2012:0317 libpng 2012-02-20
Red Hat RHSA-2012:0317-01 libpng 2012-02-20
Ubuntu USN-1369-1 thunderbird 2012-02-17
Ubuntu USN-1367-4 xulrunner-1.9.2 2012-02-17
Ubuntu USN-1367-3 thunderbird 2012-02-17
Ubuntu USN-1367-2 firefox 2012-02-17
Fedora FEDORA-2012-1856 xulrunner 2012-02-19
Oracle ELSA-2012-0143 xulrunner 2012-02-17
Oracle ELSA-2012-0143 xulrunner 2012-02-17
Oracle ELSA-2012-0142 firefox 2012-02-17
Oracle ELSA-2012-0141 seamonkey 2012-02-17
Oracle ELSA-2012-0140 thunderbird 2012-02-17
CentOS CESA-2012:0140 thunderbird 2012-02-17
CentOS CESA-2012:0141 seamonkey 2012-02-17
CentOS CESA-2012:0142 firefox 2012-02-17
CentOS CESA-2012:0143 xulrunner 2012-02-17
CentOS CESA-2012:0143 xulrunner 2012-02-17
Ubuntu USN-1367-1 libpng 2012-02-16
Scientific Linux SL-xulr-20120216 xulrunner 2012-02-16
Scientific Linux SL-seam-20120216 seamonkey 2012-02-16
Scientific Linux SL-thun-20120216 thunderbird 2012-02-16
Scientific Linux SL-fire-20120216 firefox 2012-02-16
Red Hat RHSA-2012:0143-01 xulrunner 2012-02-16
Red Hat RHSA-2012:0142-01 firefox 2012-02-16
Red Hat RHSA-2012:0141-01 seamonkey 2012-02-16
Red Hat RHSA-2012:0140-01 thunderbird 2012-02-16
Debian DSA-2410-1 libpng 2012-02-15

Comments (none posted)

libvorbis: code execution

Package(s):libvorbis CVE #(s):CVE-2012-0444
Created:February 16, 2012 Updated:April 3, 2012
Description:

From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444)

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2012:052 libvorbis 2012-04-03
Mandriva MDVSA-2012:051 libvorbis 2012-04-03
SUSE SUSE-SU-2012:0326-1 libvorbis 2012-03-06
openSUSE openSUSE-SU-2012:0319-1 libvorbis 2012-03-01
Ubuntu USN-1370-1 libvorbis 2012-02-20
Ubuntu USN-1369-1 thunderbird 2012-02-17
Debian DSA-2412-1 libvorbis 2012-02-19
Fedora FEDORA-2012-1652 libvorbis 2012-02-17
Oracle ELSA-2012-0136 libvorbis 2012-02-15
Oracle ELSA-2012-0136 libvorbis 2012-02-15
Oracle ELSA-2012-0136 libvorbis 2012-02-15

Comments (none posted)

libxml2: denial of service

Package(s):libxml2 CVE #(s):CVE-2012-0841
Created:February 22, 2012 Updated:September 27, 2012
Description: The libxml2 library suffers from predictable hash values, allowing a remote attacker to force the use of excessive CPU time and, possibly, slow down or bring down a service.
Alerts:
SUSE SUSE-SU-2013:1627-1 libxml2 2013-11-04
SUSE SUSE-SU-2013:1625-1 libxml2 2013-11-04
Oracle ELSA-2013-0581 libxml2 2013-03-01
Scientific Linux SL-ming-20130201 mingw32-libxml2 2013-02-01
Oracle ELSA-2013-0217 mingw32-libxml2 2013-02-01
CentOS CESA-2013:0217 mingw32-libxml2 2013-02-01
Red Hat RHSA-2013:0217-01 mingw32-libxml2 2013-01-31
Fedora FEDORA-2012-13824 libxml2 2012-09-27
Fedora FEDORA-2012-13820 libxml2 2012-09-26
Oracle ELSA-2012-1288 libxml2 2012-09-18
openSUSE openSUSE-SU-2012:0421-1 libxml2 2012-03-28
Oracle ELSA-2012-0324 libxml2 2012-03-09
openSUSE openSUSE-SU-2012:0342-1 libxml2 2012-03-09
Scientific Linux SL-libx-20120306 libxml2 2012-03-06
Gentoo 201203-04 libxml2 2012-03-05
Ubuntu USN-1376-1 libxml2 2012-02-27
Debian DSA-2417-1 libxml2 2012-02-23
Oracle ELSA-2012-0324 libxml2 2012-02-22
Mandriva MDVSA-2012:023 libxml2 2012-02-22
CentOS CESA-2012:0324 libxml2 2012-02-22
Red Hat RHSA-2012:0324-01 libxml2 2012-02-21

Comments (none posted)

mozilla: use after free

Package(s):firefox CVE #(s):
Created:February 17, 2012 Updated:February 22, 2012
Description: From the Mozilla Firefox advisory:

Firefox 10.0.1 fixes a use after free in nsXBLDocumentInfo::ReadPrototypeBindings

Alerts:
Fedora FEDORA-2012-1606 thunderbird 2012-02-22
Fedora FEDORA-2012-1606 xulrunner 2012-02-22
Fedora FEDORA-2012-1606 firefox 2012-02-22
Fedora FEDORA-2012-1665 seamonkey 2012-02-17
Fedora FEDORA-2012-1650 xulrunner 2012-02-17
Fedora FEDORA-2012-1650 thunderbird 2012-02-17
Fedora FEDORA-2012-1650 firefox 2012-02-17

Comments (none posted)

mumble: information disclosure

Package(s):mumble CVE #(s):CVE-2012-0863
Created:February 20, 2012 Updated:August 30, 2012
Description: From the Debian advisory:

It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them.

Alerts:
Mageia MGASA-2012-0248 mumble 2012-08-30
Mageia MGASA-2012-0247 mumble 2012-08-30
Debian DSA-2411-1 mumble 2012-02-19
Fedora FEDORA-2012-8960 mumble 2012-06-19
Fedora FEDORA-2012-8956 mumble 2012-06-19
Fedora FEDORA-2012-8903 mumble 2012-06-19

Comments (none posted)

rocksndiamonds: arbitrary file overwrite

Package(s):rocksndiamonds CVE #(s):CVE-2011-4606
Created:February 21, 2012 Updated:August 3, 2012
Description: From the CVE entry:

Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.

Alerts:
Mageia MGASA-2012-0195 rocksndiamonds 2012-08-02
openSUSE openSUSE-SU-2012:0918-1 rocksndiamonds 2012-07-27
Fedora FEDORA-2012-1567 rocksndiamonds 2012-02-21

Comments (none posted)

wicd: information disclosure

Package(s):wicd CVE #(s):CVE-2012-0813
Created:February 17, 2012 Updated:February 22, 2012
Description: From the Fedora advisory:

A sensitive information disclosure flaw was found in the way wicd, wireless and wired network connection manager, performed management of sensitive information, to be stored in log files. Fields like 'password', 'identity', 'private_key', 'private_key_passwd' etc., were not excluded from being logged into /var/log/wicd log file, which could allow local attacker, with the privileges of the 'adm' group to view content of these entities in plain text, leading to information disclosure.

Alerts:
Gentoo 201206-08 wicd 2012-06-21
Fedora FEDORA-2012-1077 wicd 2012-02-17
Fedora FEDORA-2012-1059 wicd 2012-02-17

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds