[Start] [Organized] [Chronological] [Date Prev] [Date Next]

[SECWS] Bul - 2351 - 10/22/2008


The SECURITY WATCH                                    APOGÉE-Communications
Edition of Wednesday, October 22 2008                   All rights reserved
___________________________________________________________________________

 SUMMARY OF THIS BULLETIN
 ------------------------

* ALERTS (8)
 - F-SECURE       - Arbitrary code execution in F-Secure products
 - IBM            - Denial of service in 'WebSphere Application Server'
 - LINUX          - Denial of service in the Linux kernel
 - LINUX          - Denial of service in the Linux Kernel (2.6.26.5)
 - LINUX          - Denial of service in the Linux kernel (SCTP AUTH)
 - OPERA          - Cross-Site Scripting in 'Opera'
 - WIRESHARK      - Denial of service in 'Wireshark'
 - TYPO3          - Application compromise in 'TYPO3'

* INFORMATION (6)
 - LINUX REDHAT   - Patches for 'ed' (RHEL 2.1, 3, 4, 5)
 - LINUX REDHAT   - Patches for 'ruby' (RHEL 2.1)
 - LINUX REDHAT   - Patches for 'ruby' (RHEL 3)
 - LINUX REDHAT   - Patches for 'ruby' (RHEL 4, 5)
 - LINUX SUSE     - Patches for the Linux kernel (SUSE-SA:2008:051)
 - LINUX SUSE     - Patches for the Linux kernel (SUSE-SA:2008:052)

* REISSUES OF ALERTS (0)
___________________________________________________________________________

ALERTS
___________________________________________________________________________

* F-SECURE       - Arbitrary code execution in F-Secure products

An integer overflow in the listed F-Secure products allows an attacker to
execute an arbitrary code.

 - Date:        October 22 2008
 - Platform:    F-Secure 'Anti-Virus'
                F-Secure 'Client Security'
                F-Secure 'Home Server Security'
                F-Secure 'Internet Gatekeeper'
                F-Secure 'Internet Security' version 2006
                F-Secure 'Internet Security' version 2007
                F-Secure 'Internet Security' version 2007 Second Edition
                F-Secure 'Internet Security' version 2008
                F-Secure 'Linux Security'
                F-Secure 'Messaging Security Gateway'
 - Context:     Multi-platform
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    Critical
 - Origin:      Compressed file archives
 - Problem:     Integer overflow
 - Damage:      Arbitrary code execution
 - CVE names:   No CVE name assigned at the present time
 - Description: An integer overflow which can be generated during the scan
                of compressed file archives affects the listed F-Secure
                products. This flaw allows an attacker to execute an
                arbitrary code.
 - References:  F-Secure [FSC-2008-3]
                 http://www.f-secure.com/security/fsc-2008-3.shtml
                SecurityFocus - BID [31846]
                 http://www.securityfocus.com/bid/31846
 - Solution:    Apply the available patches depending on your product and
                your version.
                 http://www.f-secure.com/security/fsc-2008-3.shtml
 - Our advice:  See the original bulletin to know the products and the
                versions affected.
___________________________________________________________________________

* IBM            - Denial of service in 'WebSphere Application Server'

A security bypass in 'WebSphere Application Server' allows an attacker to
trigger a denial of service.

 - Date:        October 21 2008
 - Platform:    IBM 'WebSphere Application Server' versions prior to
                6.0.2.31
 - Context:     Multi-platform
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    High
 - Origin:      Not available
 - Problem:     Security bypass
 - Damage:      Denial of service
 - CVE names:   No CVE name assigned at the present time
 - Description: A security bypass affects 'WebSphere Application Server'.
                This flaw allows an attacker to trigger a denial of
                service.
 - References:  SecurityFocus - BID [31839]
                 http://www.securityfocus.com/bid/31839
 - Solution:    The version 6.0.2.31 fixes this flaw.
                 http://www-01.ibm.com/support/docview.wss?uid=swg27006876
___________________________________________________________________________

* LINUX          - Denial of service in the Linux kernel

A handling error in the Linux kernel allows an attacker to trigger a denial
of service.

 - Date:        October 22 2008
 - Platform:    Linux 'Kernel' versions prior to 2.6.27
 - Context:     Unix
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    High
 - Origin:      Violation in the SCTP protocol
 - Problem:     Handling error
 - Damage:      Denial of service
 - CVE names:   CVE-2008-4618
 - Description: The Linux kernel doesn't manage correctly the error
                conditions linked to the violations in the SCTP protocol.
                This flaw allows an attacker to trigger a denial of
                service.
 - References:  SecurityFocus - BID [31848]
                 http://www.securityfocus.com/bid/31848
 - Solution:    The version 2.6.27 fixes this flaw.
                 http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.tar.gz
___________________________________________________________________________

* LINUX          - Denial of service in the Linux Kernel (2.6.26.5)

A handling error in the Linux kernel allows an attacker to trigger a denial
of service.

 - Date:        October 22 2008
 - Platform:    Linux 'Kernel' version 2.6.26.5
 - Context:     Unix
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       None
 - Severity:    High
 - Origin:      'ext2', 'ext3' and 'ext4' files systems
 - Problem:     Handling error
 - Damage:      Denial of service
 - CVE names:   CVE-2008-3528
 - Description: The 'ext2', 'ext3' and 'ext4' files systems don't manage
                correctly the corrupted data structures. This flaw allows
                an attacker to trigger a denial of service.
 - References:  Bugzilla [459577]
                 https://bugzilla.redhat.com/show_bug.cgi?id=459577
 - Solution:    There is no official patch available to our knowledge.
___________________________________________________________________________

* LINUX          - Denial of service in the Linux kernel (SCTP AUTH)

A handling error in the Linux kernel allows an attacker to trigger a denial
of service.

 - Date:        October 22 2008
 - Platform:    Linux 'Kernel' versions prior to 2.6.27-rc6-git6
                Linux 'Noyau' versions prior to 2.6.27-rc6-git6
 - Context:     Unix
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    High
 - Origin:      'SCTP AUTH' extension
 - Problem:     Handling error
 - Damage:      Denial of service
 - CVE names:   CVE-2008-4576
 - Description: A handling error of the 'SCTP AUTH' extension affects the
                Linux kernel. This flaw allows an attacker to trigger a
                denial of service.
 - References:  SecurityFocus - BID [31634]
                 http://www.securityfocus.com/bid/31634
 - Solution:    The version 2.6.27-rc6-git6 fixes this flaw.
                 http://www.kernel.org/
___________________________________________________________________________

* OPERA          - Cross-Site Scripting in 'Opera'

A lack of validation in the 'Opera' browser allows an attacker to lead
Cross-Site Scripting attacks.

 - Date:        October 21 2008
 - Platform:    Opera 'Opera' versions prior to 9.61
 - Context:     Multi-platform
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    High
 - Origin:      User's data
 - Problem:     Lack of validation
 - Damage:      Cross-Site Scripting
 - CVE names:   No CVE name assigned at the present time
 - Description: A lack of validation of the user's data affects the 'Opera'
                browser. This flaw allows an attacker to lead Cross-Site
                Scripting attacks.
 - References:  SecurityFocus - BID [31842]
                 http://www.securityfocus.com/bid/31842
 - Solution:    The version 9.61 fixes this flaw.
                 http://www.opera.com/
___________________________________________________________________________

* WIRESHARK      - Denial of service in 'Wireshark'

Multiple flaws in 'Wireshark' allow an attacker to trigger a denial of
service.

 - Date:        October 21 2008
 - Platform:    Wireshark 'Wireshark' versions 0.10.3 to 1.0.3
 - Context:     Multi-platform
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    High
 - Origin:      'Bluetooth ACL', 'Q.931' and 'USB' dissectors, 'commview
                wiretap' module
 - Problem:     Multiple
 - Damage:      Denial of service
 - CVE names:   No CVE name assigned at the present time
 - Description: Multiple flaws in the 'Bluetooth ACL', 'Q.931' and 'USB'
                dissectors and in the 'commview wiretap' module affect
                'Wireshark'. These flaws allow an attacker to trigger a
                denial of service.
 - References:  SecurityFocus - BID [31838]
                 http://www.securityfocus.com/bid/31838
                Wireshark [wnpa-sec-2008-06]
                 http://www.wireshark.org/security/wnpa-sec-2008-06.html
 - Solution:    The version 1.0.4 fixes these flaws.
                 http://www.wireshark.org/download/src/wireshark-1.0.4.tar.gz
___________________________________________________________________________

* TYPO3          - Application compromise in 'TYPO3'

SQL code injection in 'TYPO3' allows an attacker to modify the data and to
compromise the application.

 - Date:        October 21 2008
 - Platform:    Typo3 'Econda Plugin' version 0.0.4 and prior
                Typo3 'Frontend Users View' version 0.1.6 and prior
                Typo3 'JobControl' version 1.15.4 and prior
                Typo3 'M1 Intern' version 1.0.0
                Typo3 'Mannschaftsliste' version 1.0.3 and prior
                Typo3 'simplesurvey' version 1.7.0 and prior
 - Context:     Multi-platform
 - Easiness:    Specialist
 - Target:      Remote
 - Patch:       Patch
 - Severity:    Medium to High
 - Origin:      'JobControl', 'Econda Plugin', 'Frontend Users View',
                'Mannschaftsliste', 'M1 Intern' and 'simplesurvey'
                extensions
 - Problem:     SQL code injection
 - Damage:      Data modification, application compromise
 - CVE names:   No CVE name assigned at the present time
 - Description: A lack of validation of the data passed to the data passed
                to the 'JobControl', 'Econda Plugin', 'Frontend Users
                View', 'Mannschaftsliste', 'M1 Intern' and 'simplesurvey'
                extensions allows an attacker to inject a SQL code in
                'TYPO3'. Thanks to this injection, an attacker can modify
                the data and compromise the application.
 - References:  SecurityFocus - BID [31840]
                 http://www.securityfocus.com/bid/31840
                SecurityFocus - BID [31841]
                 http://www.securityfocus.com/bid/31841
                SecurityFocus - BID [31843]
                 http://www.securityfocus.com/bid/31843
                SecurityFocus - BID [31844]
                 http://www.securityfocus.com/bid/31844
                SecurityFocus - BID [31845]
                 http://www.securityfocus.com/bid/31845
                SecurityFocus - BID [31847]
                 http://www.securityfocus.com/bid/31847
 - Solution:    The version 0.0.4 of 'Econda Plugin' fixes this flaw.
                The version 1.15.5 of 'JobControl' fixes this flaw.
                The version 1.8.1.t3x of 'simplesurvey' fixes this flaw.
                The other don't have patches.
                 http://typo3.org/fileadmin/ter/d/m/dmmjobcontrol_1.15.5.t3x
                 http://typo3.org/fileadmin/ter/e/c/econda_0.0.4.t3x
                 http://typo3.org/fileadmin/ter/s/i/simplesurvey_1.8.1.t3x
___________________________________________________________________________

INFORMATION
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'ed' (RHEL 2.1, 3, 4, 5)

Red Hat has announced, in the bulletin RHSA-2008:0946, the availability of
patches for the 'ed' package on Red Hat Enterprise Linux 2.1, 3, 4 and 5.
They fix a heap overflow in 'ed' which allows an attacker to execute an
arbitrary code.
CVE-2008-3916
GNU 'signal.c', 'ed' [1020734] (bulletin 2309 dated 08/25/2008)

http://rhn.redhat.com/errata/RHSA-2008-0946.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'ruby' (RHEL 2.1)

Red Hat has announced, in the bulletin RHSA-2008:0895, the availability of
patches for the 'ruby' package on Red Hat Enterprise Linux 2.1.
They fix multiple flaws in 'Ruby' which allow triggering a denial of
service or bypassing certain security mechanisms, among other things.
CVE-2008-3443, CVE-2008-3655
RUBY 'Ruby', 'regex.c', 'untrace_var', 'safe level', 'DNS',
'$PROGRAM_NAME', 'Syslog', 'WEBrick::HTTPUtils.split_header_value()',
'resolv.rb', 'dl' [30682], [Multiple vulnerabilities in Ruby] (bulletins
2304 dated 08/18/2008 and 2301 dated 08/12/2008)

http://rhn.redhat.com/errata/RHSA-2008-0895.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'ruby' (RHEL 3)

Red Hat has announced, in the bulletin RHSA-2008:0896, the availability of
patches for the 'ruby' package on Red Hat Enterprise Linux 3.
They fix multiple flaws in 'Ruby' which allow triggering a denial of
service or bypassing certain security mechanisms, among other things.
CVE-2008-3443, CVE-2008-3655, CVE-2008-3905
RUBY 'Ruby', 'regex.c', 'untrace_var', 'safe level', 'DNS',
'WEBrick::HTTPUtils.split_header_value()', 'Syslog', '$PROGRAM_NAME',
'resolv.rb', 'dl' [30682], [Multiple vulnerabilities in Ruby] (bulletins
2304 dated 08/18/2008 and 2301 dated 08/12/2008)

http://rhn.redhat.com/errata/RHSA-2008-0896.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'ruby' (RHEL 4, 5)

Red Hat has announced, in the bulletin RHSA-2008:0897, the availability of
patches for the 'ruby' package on Red Hat Enterprise Linux 4 and 5.
They fix multiple flaws in 'Ruby' which allow triggering a denial of
service or bypassing certain security mechanisms, among other things.
CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790,
CVE-2008-3905
RUBY 'Ruby', 'regex.c', 'untrace_var', 'REXML', 'safe level', 'DNS',
'WEBrick::HTTPUtils.split_header_value()', 'Syslog', '$PROGRAM_NAME',
'resolv.rb', 'dl' [30802], [30682], [Multiple vulnerabilities in Ruby]
(bulletins 2304 dated 08/18/2008, 2301 dated 08/12/2008 and 2309 dated
08/25/2008)

http://rhn.redhat.com/errata/RHSA-2008-0897.html
___________________________________________________________________________

* LINUX SUSE     - Patches for the Linux kernel (SUSE-SA:2008:051)

SuSE has announced, in the bulletin SUSE-SA:2008:051, the availability of
patches for the Linux kernel on SLE SDK 10 SP2, SUSE Linux Enterprise
Desktop 10 SP2, SUSE Linux Enterprise 10 SP2 DEBUGINFO and SUSE Linux
Enterprise Server 10 SP2.
They fix flaws in the Linux kernel which allow triggering a denial of
service and obtaining a privileges escalation, among other things.
CVE-2007-6716, CVE-2008-1514, CVE-2008-3525, CVE-2008-3528, CVE-2008-4210
LINUX 'dio', 'SBNI', 'ext4', 'truncate()', 'Direct-IO',
'drivers/net/wan/sbni.c', 'ext3', 'sbni_ioctl()', 'ftruncate()', 'ext2',
'ptrace' [461082], [oss-security/2008/08/29/2], [ChangeLog-2.6.27-rc6],
[31368], [459577], [438147] (bulletins 2351 dated 10/22/2008, 2332 dated
09/25/2008, 2320 dated 09/09/2008, 2345 dated 10/14/2008 and 2325 dated
09/16/2008)

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
___________________________________________________________________________

* LINUX SUSE     - Patches for the Linux kernel (SUSE-SA:2008:052)

SuSE has announced, in the bulletin SUSE-SA:2008:052, the availability of
patches for the Linux kernel on openSUSE 10.3.
They fix flaws in the Linux kernel which allow triggering a denial of
service and obtaining a privileges escalation, among other things.
CVE-2007-6716, CVE-2008-1673, CVE-2008-2812, CVE-2008-2826, CVE-2008-3272,
CVE-2008-3276, CVE-2008-3525, CVE-2008-3528, CVE-2008-4576
LINUX 'dio', 'snd_seq_oss_synth_make_info()', 'dccp_setsockopt_change()',
'SBNI', 'TTY', 'ext4', 'SCTP AUTH', 'Direct-IO', 'drivers/net/wan/sbni.c',
'BER', 'ext3', 'sbni_ioctl()', 'sctp_getsockopt_local_addrs_old()', 'ext2'
[oss-security/2008/08/29/2], [30704], [29990], [459577], [29589],
[ChangeLog-2.6.27-rc2], [461082], [30076], [31634] (bulletins 2351 dated
10/22/2008, 2332 dated 09/25/2008, 2304 dated 08/18/2008, 2271 dated
06/30/2008, 2320 dated 09/09/2008, 2298 dated 08/07/2008, 2256 dated
06/09/2008 and 2275 dated 07/04/2008)

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
___________________________________________________________________________


Yours sincerely,

The Security Watch Team



--
Security Watch Service
mailto:veille-sec@veille.apogee-com.fr
DEVOTEAM Solutions / APOGEE Communications
Bat. A
1, Rue Galvani
91300 Massy Palaiseau
Tel : +33 169 857 890
Fax : +33 169 857 851

Nota: Trademarks and products appearing in this bulletin are property
      of their respective depositaries.