Security Hero Rotating Header Image

Linux

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

Posted by Pierre-Yves Rofes on May 24

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-02
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0195.html

squirrelmail

[ MDVSA-2009:122 ] squirrelmail

Posted by security_at_mandriva.com on May 23

 _______________________________________________________________________

 Mandriva Linux Security Advisory MDVSA-2009:122
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package :…

URL: http://seclists.org/fulldisclosure/2009/May/0188.html

prot_antivirus)

CVE-2009-1783 (f-prot_antivirus)

Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1783

Dell Introduces Rugged Netbook for Kids

Dell Introduces Rugged Netbook for Kids

Dell is betting small computers will be perfect for tiny hands as it launches a new ˇ§ruggedˇ¨ netbook targeted at students. Called the Latitude 2100, the netbook comes with an anti-microbial keyboard (perfect for germy little hands), a 10.1-inch touchscreen, a case with a rubber-like feel and a choice of five colors.

ˇ§Compared to plastic or magnesium alloy, the rubberized casing makes the device easy to grip and non-slip,ˇ¨ says David Lord, senior manager at Dell. ˇ§It shows our intent of using the netbook form factor in a way that benefits the education market.ˇ¨

Based on a Intel Atom N270 processor, the Latitude 2100 netbook offers a choice of Windows or Ubuntu Linux OS, up to 1 GB memory, up to 16 GB solid state drive or 250 GB hard drive, Bluetooth, wireless LAN and a touchpad input. The netbook weighs 2.91 lbs. It also offers features such as a network activity light located at the back of the display so teachers can monitor the deviceˇ¦s connectivity status.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31378

New Linux 2.6.26 packages fix several vulnerabilities

[SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities

<!– Envelope-to: email@address Delivery-date: Wed, 20 May 2009 00:36:49 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M6YrZ-00040U-1W for email@address; Wed, 20 May 2009 00:36:49 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 2F54523795B; Tue, 19 May 2009 12:07:32 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 27007 invoked from network); 15 May 2009 19:29:11 -0000 Resent-Cc: recipient list not shown: ; Old-Return-Path: <dannf@ldl.fc.hp.com> X-Original-To: lists-debian-security-announce@liszt.debian.org Delivered-To: lists-debian-security-announce@liszt.debian.org X-Virus-Scanned: at lists.debian.org with policy bank moderated X-Spam-Flag: NO X-Spam-Score: -9.557 X-Spam-Level: X-Spam-Status: No, score=-9.557 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_1=1, IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MDO_CABLE_TV3=0.5, MURPHY_DRUGS_REL8=0.02, MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5, PHONENUMBER=1.5, RCVD_IN_DNSWL_MED=-4, TRACKER_ID=2.003] autolearn=ham X-policyd-weight: using cached result; rate: -7 X-Virus-Scanned: Debian amavisd-new at ldl.fc.hp.com Message-ID: <20090515191750.GB1911@ldl.fc.hp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-Debian: PGP check passed for security officers Priority: urgent Resent-Message-ID: <0ZkxcQQFzvK.A.q4E.AKcDKB@liszt> Reply-To: listadmin@securityfocus.com Mail-Followup-To: bugtraq@securityfocus.com Resent-Date: Fri, 15 May 2009 19:29:04 +0000 (UTC) Resent-From: list@liszt.debian.org (Mailing List Manager) X-IMAPbase: 1176125385 9130 Status: O X-UID: 9130 Content-Length: 39073 X-Keywords:

HPSBMA02426 SSRT090053 rev.1 – HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access

[security bulletin] HPSBMA02426 SSRT090053 rev.1 – HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access

<!– Envelope-to: email@address Delivery-date: Tue, 19 May 2009 23:50:43 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M6Y8x-0003KJ-6R for email@address; Tue, 19 May 2009 23:50:43 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id CDAC22378A7; Tue, 19 May 2009 12:06:03 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 5350 invoked from network); 15 May 2009 13:03:18 -0000 Sender: secure@hpchs.cup.hp.com Message-Id: <20090515130316.21981C003@hpchs.cup.hp.com> X-IMAPbase: 1176125385 9126 Status: O X-UID: 9126 Content-Length: 6353 X-Keywords:

ntp

[ MDVSA-2009:117 ] ntp

Posted by security_at_mandriva.com on May 19

 _______________________________________________________________________

 Mandriva Linux Security Advisory MDVSA-2009:117
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ntp…

URL: http://seclists.org/fulldisclosure/2009/May/0160.html

Linux Kernel ‘exit_notify()’ CAP_KILL Verification Local Privilege Escalation Vulnerability

Vuln: Linux Kernel ‘exit_notify()’ CAP_KILL Verification Local Privilege Escalation Vulnerability

Linux Kernel ‘exit_notify()’ CAP_KILL Verification Local Privilege Escalation Vulnerability

URL: http://www.securityfocus.com/bid/34405

phpMyAdmin

[ MDVSA-2009:115 ] phpMyAdmin

Posted by security_at_mandriva.com on May 18

 _______________________________________________________________________

 Mandriva Linux Security Advisory MDVSA-2009:115
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package :…

URL: http://seclists.org/fulldisclosure/2009/May/0154.html

ipsec-tools

[ MDVSA-2009:114 ] ipsec-tools

Posted by security_at_mandriva.com on May 18

 _______________________________________________________________________

 Mandriva Linux Security Advisory MDVSA-2009:114
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package :…

URL: http://seclists.org/fulldisclosure/2009/May/0153.html

1 kernel

rPSA-2009-0084-1 kernel

Posted by rPath Update Announcements on May 15

rPath Security Advisory: 2009-0084-1
Published: 2009-05-15
Products:
    rPath Appliance Platform Linux Service 1
    rPath Appliance Platform Linux Service 2
    rPath Linux 2

Rating: Critical
Exposure Level Classification:

URL: http://seclists.org/fulldisclosure/2009/May/0146.html

Linux Kernel ‘EFER_LME’ Local Denial of Service Vulnerability

Vuln: Linux Kernel ‘EFER_LME’ Local Denial of Service Vulnerability

Linux Kernel ‘EFER_LME’ Local Denial of Service Vulnerability

URL: http://www.securityfocus.com/bid/34331

quagga

[ MDVSA-2009:109 ] quagga

Posted by security_at_mandriva.com on May 10

 _______________________________________________________________________

 Mandriva Linux Security Advisory MDVSA-2009:109
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package :…

URL: http://seclists.org/fulldisclosure/2009/May/0080.html

Yet another reason why Macs need security software

Yet another reason why Macs need security software

As expected, my blog this week about Macintosh security generated a lot of comments. Some were personal in nature (author’s note: I really do know the difference between a Trojan and a virus but typos happen), some were quite thought-provoking.

I did receive some interesting data from a colleague from IBM. According to the X-Force 2008 Trend & Risk Report (PDF) released early this year, Mac OS X Server and Mac OS X top the list of operating systems with the most disclosed vulnerabilities for 2008. Each accounts for 14.3 percent, and has been in the top five in each of the last three years. Rounding out the top five were: Linux Kernel at 10.9 percent, Sun Solaris at 7.3 percent, and Microsoft Windows XP at 5.5 percent.

The purpose of this data is to compare the total number of disclosed vulnerabilities with each individual operating system. Vulnerability data is submitted to the Mitre Corp. and then appears in the CVE (Common Vulnerabilities and Exposures) List.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31221

Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

<!– Envelope-to: email@address Delivery-date: Fri, 08 May 2009 21:59:28 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M2XAF-0008O0-WB for email@address; Fri, 08 May 2009 21:59:28 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 2FD32143865; Fri, 8 May 2009 12:48:59 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 18685 invoked from network); 8 May 2009 18:38:15 -0000 Message-ID: <20090508203746.5a663d2b@sofistic.net> Organization: Sofistic X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-IMAPbase: 1176125385 9009 Status: O X-UID: 9009 Content-Length: 3855 X-Keywords: