headers
Robert Buchholz | 1 Aug 2008 01:33
Picon
Favicon

[ GLSA 200807-16 ] Python: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200807-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Python: Multiple vulnerabilities
      Date: July 31, 2008
      Bugs: #230640, #232137
        ID: 200807-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Python may allow for the execution of
arbitrary code.

Background
==========

Python is an interpreted, interactive, object-oriented programming
language.

Affected packages
=================

    -------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 0 comments |
headers
Pallav Khandhar | 1 Aug 2008 09:19
Picon

Tool Release: ProcL - Detect Hidden Process

Greetings,

I am glad to release ProcL v1.0.  ProcL employs many different methods  
to detect hidden processes. Essentially, ProcL detailed and  
implemented a mechanism to embed all these different approaches in one  
tool to detect hidden processes. Our methods of detecting hidden  
processes requires the examination of each kernel object - EPROCESS,  
ETHREADS, HANDLES, JOBS. Therefore, we believe, ProcL would defeat  
process concealment from one certain method.

Hiding a process is particularly threatening because it represents  
some malicious code running on your system that you are completely  
unaware of. Process hiding has a significant effect. Many of the  
trojan, virus, spyware, rootkit writers use similar techniques to hide  
themselves and stay undetected as long as possible on target machines.  
Finding all the ways a rootkit might hide a process is just the first  
step in defending against the rootkits. Detecting hidden objects is a  
promising new area in rootkit detection.

For more information on the tool
http://www.scanit.net/rd/tools/03

Download the tool
http://www.scanit.net/files/tools/ProcL.zip

Cheers,
Pallav Khandhar
Sr. Security Researcher
Scanit R&D Lab
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mark Thomas | 1 Aug 2008 16:06
Picon
Favicon
Gravatar

[CVE-2008-1232] Apache Tomcat XSS vulnerability


CVE-2008-1232: Apache Tomcat XSS vulnerability

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected

Description:
The message argument of HttpServletResponse.sendError() call is not only
displayed on the error page, but is also used for the reason-phrase of HTTP
response. This may include characters that are illegal in HTTP headers. It
is possible for a specially crafted message to result in arbitrary content
being injected into the HTTP response. For a successful XSS attack,
unfiltered user supplied data must be included in the message argument.

Mitigation:
6.0.x users should upgrade to 6.0.18
5.5.x users should obtain the latest source from svn or apply this patch
which will be included from 5.5.27
http://svn.apache.org/viewvc?rev=680947&view=rev

4.1.x users should obtain the latest source from svn or apply this patch
which will be included from 4.1.38
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mark Thomas | 1 Aug 2008 16:06
Picon
Favicon
Gravatar

[CVE-2008-2370] Apache Tomcat information disclosure vulnerability


CVE-2008-2370: Apache Tomcat information disclosure vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected

Description:
When using a RequestDispatcher the target path was normalised before the
query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise be
protected by a security constraint or by locating it in under the WEB-INF
directory.

Mitigation:
6.0.x users should upgrade to 6.0.18
5.5.x users should obtain the latest source from svn or apply this patch
which will be included from 5.5.27
http://svn.apache.org/viewvc?rev=680949&view=rev
4.1.x users should obtain the latest source from svn or apply this patch
which will be included from 4.1.38
http://svn.apache.org/viewvc?rev=680950&view=rev
(Continue reading)

Permalink | Reply | 0 comments |
headers
Williams, James K | 1 Aug 2008 12:52
Favicon

CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability


Title: CA ARCserve Backup for Laptops and Desktops Server LGServer 
Service Vulnerability


CA Advisory Date: 2008-07-31


Reported By: Vulnerability Research Team of Assurent Secure 
Technologies, a TELUS Company


Impact: A remote attacker can execute arbitrary code or cause a 
denial of service condition. 


Summary: CA ARCserve Backup for Laptops and Desktops server 
contains a vulnerability that can allow a remote attacker to 
execute arbitrary code or cause a denial of service condition. CA 
has issued updates to address the vulnerability. The vulnerability, 
CVE-2008-3175, occurs due to insufficient bounds checking by the 
LGServer service. An attacker can make a request that can result 
in arbitrary code execution or crash the service.


Mitigating Factors: Only the server installation of BrightStor 
ARCserve Backup for Laptops and Desktops is affected. The client 
installation is not affected.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mark Thomas | 1 Aug 2008 16:06
Picon
Favicon
Gravatar

[CVE-2008-2370] Apache Tomcat information disclosure vulnerability


CVE-2008-2370: Apache Tomcat information disclosure vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected

Description:
When using a RequestDispatcher the target path was normalised before the
query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise be
protected by a security constraint or by locating it in under the WEB-INF
directory.

Mitigation:
6.0.x users should upgrade to 6.0.18
5.5.x users should obtain the latest source from svn or apply this patch
which will be included from 5.5.27
http://svn.apache.org/viewvc?rev=680949&view=rev
4.1.x users should obtain the latest source from svn or apply this patch
which will be included from 4.1.38
http://svn.apache.org/viewvc?rev=680950&view=rev
(Continue reading)

Permalink | Reply | 0 comments |
headers
chris | 1 Aug 2008 03:03

libxslt heap overflow

Hi,

A heap overflow exists in libxslt when processing a crypto-related
built-in function.

Full technical details:
http://scary.beasts.org/security/CESA-2008-003.html

The faulty code can be summarized:

static void
exsltCryptoRc4EncryptFunction (xmlXPathParserContextPtr ctxt, int nargs) {
...
    key = xmlXPathPopString (ctxt);
    key_len = xmlUTF8Strlen (str);

...
    padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
    key_size = xmlUTF8Strsize (key, key_len);
    memcpy (padkey, key, key_size);
    memset (padkey + key_size, '\0', sizeof (padkey));
...

A statically-sized heap buffer is populated with an arbitrary-length
string from an incoming XSL function argument.

And the malicious XSL to trigger this:

<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
(Continue reading)

Permalink | Reply | 0 comments |
headers
Thijs Kinkhorst | 1 Aug 2008 09:52
Picon
Favicon

[SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code execution


------------------------------------------------------------------------
Debian Security Advisory DSA-1625-1                  security <at> debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
August 01, 2008                       http://www.debian.org/security/faq
------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0053 CVE-2008-1373 CVE-2008-1722
Debian Bug     : 476305

Several remote vulnerabilities have been discovered in the Common Unix
Printing System (CUPS). The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2008-0053

    Buffer overflows in the HP-GL input filter allowed to possibly run
    arbitrary code through crafted HP-GL files.

CVE-2008-1373

    Buffer overflow in the GIF filter allowed to possibly run arbitrary
    code through crafted GIF files.

CVE-2008-1722
(Continue reading)

Permalink | Reply | 0 comments |
headers
Thijs Kinkhorst | 1 Aug 2008 09:52
Picon
Favicon

[SECURITY] [DSA 1626-1] New httrack packages fix arbitrary code execution


------------------------------------------------------------------------
Debian Security Advisory DSA-1626-1                  security <at> debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
August 01, 2008                       http://www.debian.org/security/faq
------------------------------------------------------------------------

Package        : httrack
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
BugTraq ID     : 30425

Joan Calvet discovered that httrack, a utility to create local copies of
websites, is vulnerable to a buffer overflow potentially allowing to
execute arbitrary code when passed excessively long URLs.

For the stable distribution (etch), this problem has been fixed in
version 3.40.4-3.1+etch1.

For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 3.42.3-1.

We recommend that you upgrade your httrack package.

Upgrade instructions
--------------------

wget url
        will fetch the file for you
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kees Cook | 1 Aug 2008 16:51
Favicon
Gravatar

[USN-632-1] Python vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-632-1            August 01, 2008
python2.4, python2.5 vulnerabilities
CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315,
CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4                       2.4.3-0ubuntu6.2
  python2.4-minimal               2.4.3-0ubuntu6.2

Ubuntu 7.04:
  python2.4                       2.4.4-2ubuntu7.2
  python2.4-minimal               2.4.4-2ubuntu7.2
  python2.5                       2.5.1-0ubuntu1.2
  python2.5-minimal               2.5.1-0ubuntu1.2
(Continue reading)

Permalink | Reply | 0 comments |

Gmane