[Start]
[Organized]
[Chronological]
[Date Prev]
[Date Next]
[SECWS] Bul - 2351 - 10/22/2008
The SECURITY WATCH APOGÉE-Communications
Edition of Wednesday, October 22 2008 All rights reserved
___________________________________________________________________________
SUMMARY OF THIS BULLETIN
------------------------
* ALERTS (8)
- F-SECURE - Arbitrary code execution in F-Secure products
- IBM - Denial of service in 'WebSphere Application Server'
- LINUX - Denial of service in the Linux kernel
- LINUX - Denial of service in the Linux Kernel (2.6.26.5)
- LINUX - Denial of service in the Linux kernel (SCTP AUTH)
- OPERA - Cross-Site Scripting in 'Opera'
- WIRESHARK - Denial of service in 'Wireshark'
- TYPO3 - Application compromise in 'TYPO3'
* INFORMATION (6)
- LINUX REDHAT - Patches for 'ed' (RHEL 2.1, 3, 4, 5)
- LINUX REDHAT - Patches for 'ruby' (RHEL 2.1)
- LINUX REDHAT - Patches for 'ruby' (RHEL 3)
- LINUX REDHAT - Patches for 'ruby' (RHEL 4, 5)
- LINUX SUSE - Patches for the Linux kernel (SUSE-SA:2008:051)
- LINUX SUSE - Patches for the Linux kernel (SUSE-SA:2008:052)
* REISSUES OF ALERTS (0)
___________________________________________________________________________
ALERTS
___________________________________________________________________________
* F-SECURE - Arbitrary code execution in F-Secure products
An integer overflow in the listed F-Secure products allows an attacker to
execute an arbitrary code.
- Date: October 22 2008
- Platform: F-Secure 'Anti-Virus'
F-Secure 'Client Security'
F-Secure 'Home Server Security'
F-Secure 'Internet Gatekeeper'
F-Secure 'Internet Security' version 2006
F-Secure 'Internet Security' version 2007
F-Secure 'Internet Security' version 2007 Second Edition
F-Secure 'Internet Security' version 2008
F-Secure 'Linux Security'
F-Secure 'Messaging Security Gateway'
- Context: Multi-platform
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: Critical
- Origin: Compressed file archives
- Problem: Integer overflow
- Damage: Arbitrary code execution
- CVE names: No CVE name assigned at the present time
- Description: An integer overflow which can be generated during the scan
of compressed file archives affects the listed F-Secure
products. This flaw allows an attacker to execute an
arbitrary code.
- References: F-Secure [FSC-2008-3]
http://www.f-secure.com/security/fsc-2008-3.shtml
SecurityFocus - BID [31846]
http://www.securityfocus.com/bid/31846
- Solution: Apply the available patches depending on your product and
your version.
http://www.f-secure.com/security/fsc-2008-3.shtml
- Our advice: See the original bulletin to know the products and the
versions affected.
___________________________________________________________________________
* IBM - Denial of service in 'WebSphere Application Server'
A security bypass in 'WebSphere Application Server' allows an attacker to
trigger a denial of service.
- Date: October 21 2008
- Platform: IBM 'WebSphere Application Server' versions prior to
6.0.2.31
- Context: Multi-platform
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: High
- Origin: Not available
- Problem: Security bypass
- Damage: Denial of service
- CVE names: No CVE name assigned at the present time
- Description: A security bypass affects 'WebSphere Application Server'.
This flaw allows an attacker to trigger a denial of
service.
- References: SecurityFocus - BID [31839]
http://www.securityfocus.com/bid/31839
- Solution: The version 6.0.2.31 fixes this flaw.
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
___________________________________________________________________________
* LINUX - Denial of service in the Linux kernel
A handling error in the Linux kernel allows an attacker to trigger a denial
of service.
- Date: October 22 2008
- Platform: Linux 'Kernel' versions prior to 2.6.27
- Context: Unix
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: High
- Origin: Violation in the SCTP protocol
- Problem: Handling error
- Damage: Denial of service
- CVE names: CVE-2008-4618
- Description: The Linux kernel doesn't manage correctly the error
conditions linked to the violations in the SCTP protocol.
This flaw allows an attacker to trigger a denial of
service.
- References: SecurityFocus - BID [31848]
http://www.securityfocus.com/bid/31848
- Solution: The version 2.6.27 fixes this flaw.
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.tar.gz
___________________________________________________________________________
* LINUX - Denial of service in the Linux Kernel (2.6.26.5)
A handling error in the Linux kernel allows an attacker to trigger a denial
of service.
- Date: October 22 2008
- Platform: Linux 'Kernel' version 2.6.26.5
- Context: Unix
- Easiness: Specialist
- Target: Remote
- Patch: None
- Severity: High
- Origin: 'ext2', 'ext3' and 'ext4' files systems
- Problem: Handling error
- Damage: Denial of service
- CVE names: CVE-2008-3528
- Description: The 'ext2', 'ext3' and 'ext4' files systems don't manage
correctly the corrupted data structures. This flaw allows
an attacker to trigger a denial of service.
- References: Bugzilla [459577]
https://bugzilla.redhat.com/show_bug.cgi?id=459577
- Solution: There is no official patch available to our knowledge.
___________________________________________________________________________
* LINUX - Denial of service in the Linux kernel (SCTP AUTH)
A handling error in the Linux kernel allows an attacker to trigger a denial
of service.
- Date: October 22 2008
- Platform: Linux 'Kernel' versions prior to 2.6.27-rc6-git6
Linux 'Noyau' versions prior to 2.6.27-rc6-git6
- Context: Unix
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: High
- Origin: 'SCTP AUTH' extension
- Problem: Handling error
- Damage: Denial of service
- CVE names: CVE-2008-4576
- Description: A handling error of the 'SCTP AUTH' extension affects the
Linux kernel. This flaw allows an attacker to trigger a
denial of service.
- References: SecurityFocus - BID [31634]
http://www.securityfocus.com/bid/31634
- Solution: The version 2.6.27-rc6-git6 fixes this flaw.
http://www.kernel.org/
___________________________________________________________________________
* OPERA - Cross-Site Scripting in 'Opera'
A lack of validation in the 'Opera' browser allows an attacker to lead
Cross-Site Scripting attacks.
- Date: October 21 2008
- Platform: Opera 'Opera' versions prior to 9.61
- Context: Multi-platform
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: High
- Origin: User's data
- Problem: Lack of validation
- Damage: Cross-Site Scripting
- CVE names: No CVE name assigned at the present time
- Description: A lack of validation of the user's data affects the 'Opera'
browser. This flaw allows an attacker to lead Cross-Site
Scripting attacks.
- References: SecurityFocus - BID [31842]
http://www.securityfocus.com/bid/31842
- Solution: The version 9.61 fixes this flaw.
http://www.opera.com/
___________________________________________________________________________
* WIRESHARK - Denial of service in 'Wireshark'
Multiple flaws in 'Wireshark' allow an attacker to trigger a denial of
service.
- Date: October 21 2008
- Platform: Wireshark 'Wireshark' versions 0.10.3 to 1.0.3
- Context: Multi-platform
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: High
- Origin: 'Bluetooth ACL', 'Q.931' and 'USB' dissectors, 'commview
wiretap' module
- Problem: Multiple
- Damage: Denial of service
- CVE names: No CVE name assigned at the present time
- Description: Multiple flaws in the 'Bluetooth ACL', 'Q.931' and 'USB'
dissectors and in the 'commview wiretap' module affect
'Wireshark'. These flaws allow an attacker to trigger a
denial of service.
- References: SecurityFocus - BID [31838]
http://www.securityfocus.com/bid/31838
Wireshark [wnpa-sec-2008-06]
http://www.wireshark.org/security/wnpa-sec-2008-06.html
- Solution: The version 1.0.4 fixes these flaws.
http://www.wireshark.org/download/src/wireshark-1.0.4.tar.gz
___________________________________________________________________________
* TYPO3 - Application compromise in 'TYPO3'
SQL code injection in 'TYPO3' allows an attacker to modify the data and to
compromise the application.
- Date: October 21 2008
- Platform: Typo3 'Econda Plugin' version 0.0.4 and prior
Typo3 'Frontend Users View' version 0.1.6 and prior
Typo3 'JobControl' version 1.15.4 and prior
Typo3 'M1 Intern' version 1.0.0
Typo3 'Mannschaftsliste' version 1.0.3 and prior
Typo3 'simplesurvey' version 1.7.0 and prior
- Context: Multi-platform
- Easiness: Specialist
- Target: Remote
- Patch: Patch
- Severity: Medium to High
- Origin: 'JobControl', 'Econda Plugin', 'Frontend Users View',
'Mannschaftsliste', 'M1 Intern' and 'simplesurvey'
extensions
- Problem: SQL code injection
- Damage: Data modification, application compromise
- CVE names: No CVE name assigned at the present time
- Description: A lack of validation of the data passed to the data passed
to the 'JobControl', 'Econda Plugin', 'Frontend Users
View', 'Mannschaftsliste', 'M1 Intern' and 'simplesurvey'
extensions allows an attacker to inject a SQL code in
'TYPO3'. Thanks to this injection, an attacker can modify
the data and compromise the application.
- References: SecurityFocus - BID [31840]
http://www.securityfocus.com/bid/31840
SecurityFocus - BID [31841]
http://www.securityfocus.com/bid/31841
SecurityFocus - BID [31843]
http://www.securityfocus.com/bid/31843
SecurityFocus - BID [31844]
http://www.securityfocus.com/bid/31844
SecurityFocus - BID [31845]
http://www.securityfocus.com/bid/31845
SecurityFocus - BID [31847]
http://www.securityfocus.com/bid/31847
- Solution: The version 0.0.4 of 'Econda Plugin' fixes this flaw.
The version 1.15.5 of 'JobControl' fixes this flaw.
The version 1.8.1.t3x of 'simplesurvey' fixes this flaw.
The other don't have patches.
http://typo3.org/fileadmin/ter/d/m/dmmjobcontrol_1.15.5.t3x
http://typo3.org/fileadmin/ter/e/c/econda_0.0.4.t3x
http://typo3.org/fileadmin/ter/s/i/simplesurvey_1.8.1.t3x
___________________________________________________________________________
INFORMATION
___________________________________________________________________________
* LINUX REDHAT - Patches for 'ed' (RHEL 2.1, 3, 4, 5)
Red Hat has announced, in the bulletin RHSA-2008:0946, the availability of
patches for the 'ed' package on Red Hat Enterprise Linux 2.1, 3, 4 and 5.
They fix a heap overflow in 'ed' which allows an attacker to execute an
arbitrary code.
CVE-2008-3916
GNU 'signal.c', 'ed' [1020734] (bulletin 2309 dated 08/25/2008)
http://rhn.redhat.com/errata/RHSA-2008-0946.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'ruby' (RHEL 2.1)
Red Hat has announced, in the bulletin RHSA-2008:0895, the availability of
patches for the 'ruby' package on Red Hat Enterprise Linux 2.1.
They fix multiple flaws in 'Ruby' which allow triggering a denial of
service or bypassing certain security mechanisms, among other things.
CVE-2008-3443, CVE-2008-3655
RUBY 'Ruby', 'regex.c', 'untrace_var', 'safe level', 'DNS',
'$PROGRAM_NAME', 'Syslog', 'WEBrick::HTTPUtils.split_header_value()',
'resolv.rb', 'dl' [30682], [Multiple vulnerabilities in Ruby] (bulletins
2304 dated 08/18/2008 and 2301 dated 08/12/2008)
http://rhn.redhat.com/errata/RHSA-2008-0895.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'ruby' (RHEL 3)
Red Hat has announced, in the bulletin RHSA-2008:0896, the availability of
patches for the 'ruby' package on Red Hat Enterprise Linux 3.
They fix multiple flaws in 'Ruby' which allow triggering a denial of
service or bypassing certain security mechanisms, among other things.
CVE-2008-3443, CVE-2008-3655, CVE-2008-3905
RUBY 'Ruby', 'regex.c', 'untrace_var', 'safe level', 'DNS',
'WEBrick::HTTPUtils.split_header_value()', 'Syslog', '$PROGRAM_NAME',
'resolv.rb', 'dl' [30682], [Multiple vulnerabilities in Ruby] (bulletins
2304 dated 08/18/2008 and 2301 dated 08/12/2008)
http://rhn.redhat.com/errata/RHSA-2008-0896.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'ruby' (RHEL 4, 5)
Red Hat has announced, in the bulletin RHSA-2008:0897, the availability of
patches for the 'ruby' package on Red Hat Enterprise Linux 4 and 5.
They fix multiple flaws in 'Ruby' which allow triggering a denial of
service or bypassing certain security mechanisms, among other things.
CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790,
CVE-2008-3905
RUBY 'Ruby', 'regex.c', 'untrace_var', 'REXML', 'safe level', 'DNS',
'WEBrick::HTTPUtils.split_header_value()', 'Syslog', '$PROGRAM_NAME',
'resolv.rb', 'dl' [30802], [30682], [Multiple vulnerabilities in Ruby]
(bulletins 2304 dated 08/18/2008, 2301 dated 08/12/2008 and 2309 dated
08/25/2008)
http://rhn.redhat.com/errata/RHSA-2008-0897.html
___________________________________________________________________________
* LINUX SUSE - Patches for the Linux kernel (SUSE-SA:2008:051)
SuSE has announced, in the bulletin SUSE-SA:2008:051, the availability of
patches for the Linux kernel on SLE SDK 10 SP2, SUSE Linux Enterprise
Desktop 10 SP2, SUSE Linux Enterprise 10 SP2 DEBUGINFO and SUSE Linux
Enterprise Server 10 SP2.
They fix flaws in the Linux kernel which allow triggering a denial of
service and obtaining a privileges escalation, among other things.
CVE-2007-6716, CVE-2008-1514, CVE-2008-3525, CVE-2008-3528, CVE-2008-4210
LINUX 'dio', 'SBNI', 'ext4', 'truncate()', 'Direct-IO',
'drivers/net/wan/sbni.c', 'ext3', 'sbni_ioctl()', 'ftruncate()', 'ext2',
'ptrace' [461082], [oss-security/2008/08/29/2], [ChangeLog-2.6.27-rc6],
[31368], [459577], [438147] (bulletins 2351 dated 10/22/2008, 2332 dated
09/25/2008, 2320 dated 09/09/2008, 2345 dated 10/14/2008 and 2325 dated
09/16/2008)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
___________________________________________________________________________
* LINUX SUSE - Patches for the Linux kernel (SUSE-SA:2008:052)
SuSE has announced, in the bulletin SUSE-SA:2008:052, the availability of
patches for the Linux kernel on openSUSE 10.3.
They fix flaws in the Linux kernel which allow triggering a denial of
service and obtaining a privileges escalation, among other things.
CVE-2007-6716, CVE-2008-1673, CVE-2008-2812, CVE-2008-2826, CVE-2008-3272,
CVE-2008-3276, CVE-2008-3525, CVE-2008-3528, CVE-2008-4576
LINUX 'dio', 'snd_seq_oss_synth_make_info()', 'dccp_setsockopt_change()',
'SBNI', 'TTY', 'ext4', 'SCTP AUTH', 'Direct-IO', 'drivers/net/wan/sbni.c',
'BER', 'ext3', 'sbni_ioctl()', 'sctp_getsockopt_local_addrs_old()', 'ext2'
[oss-security/2008/08/29/2], [30704], [29990], [459577], [29589],
[ChangeLog-2.6.27-rc2], [461082], [30076], [31634] (bulletins 2351 dated
10/22/2008, 2332 dated 09/25/2008, 2304 dated 08/18/2008, 2271 dated
06/30/2008, 2320 dated 09/09/2008, 2298 dated 08/07/2008, 2256 dated
06/09/2008 and 2275 dated 07/04/2008)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
___________________________________________________________________________
Yours sincerely,
The Security Watch Team
--
Security Watch Service
mailto:veille-sec@veille.apogee-com.fr
DEVOTEAM Solutions / APOGEE Communications
Bat. A
1, Rue Galvani
91300 Massy Palaiseau
Tel : +33 169 857 890
Fax : +33 169 857 851
Nota: Trademarks and products appearing in this bulletin are property
of their respective depositaries.