SCO fixes two critical flaws in Sendmail
The SCO Group of Lindon, Utah has issued a fix for two old vulnerabilities in Sendmail that malicious people could use to launch a denial-of-service attack or compromise a vulnerable system. IT security firm Secunia of Copenhagen, Denmark calls the flaws "extremely critical." The first problem can be exploited to cause a denial-of-service attack and could allow a remote attacker to execute arbitrary code with the privileges of the Sendmail daemon, typically root, according to SCO's advisory. The second problem is in the prescan function in Sendmail 8.12.9, which allows remote attackers to execute arbitrary code via buffer overflow attacks. The vulnerabilities affect OpenServer 5.0.6 and 5.0.7. The SCO recommends users install the latest packages.
Gentoo fixes Samba vulnerabilities
Gentoo Linux has fixed buffer overflow vulnerabilities in Samba that could allow an attacker to remotely execute arbitrary code. According to the advisory, "Samba is a package that allows *nix systems to act as file servers for Windows computers (and) also allows *nix systems to mount shares exported by a Samba/CIFS/Windows server. The Samba Web Administration Tool (SWAT) is a web-based configuration tool (that is) part of the Samba package."
Researcher Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data decoder used to handle http basic authentication, the advisory said. The same flaw is present in the code used to handle the sambaMungedDial attribute value when using the ldapsam passdb backend. Another buffer overflow was found in the code used to support the 'mangling method = hash' smb.conf option. The SWAT authentication overflow could be exploited to execute arbitrary code with the rights of the Samba daemon process. The overflow in the sambaMungedDial handling code is not thought to be exploitable. The buffer overflow in 'mangling method = hash' code could also be used to execute arbitrary code on vulnerable configurations. For a workaround, the advisory suggests users disable SWAT, not use ldapsam passdb backends and avoid the 'mangling method = hash' option. All Samba users should upgrade to the latest version, Gentoo said.
Vulnerability in Mozilla Firefox
A "moderately critical" vulnerability in Mozilla and Mozilla Firefox could allow malicious Web sites to spoof the user interface, Denmark-based IT security firm Secunia said in an advisory. "The problem is that they don't restrict Web sites from including arbitrary, remote XUL (XML User Interface language) files," Secunia said. "This can be exploited to 'hijack' most of the user interface (including tool bars, SSL certificate dialogs, address bar and more); thereby controlling almost anything the user sees." The Mozilla user interface is built using XUL files, the advisory noted. A proof-of-concept exploit for Firefox that spoofs an SSL secured PayPal Web site has been published. The flaw has been confirmed using Mozilla 1.7 for Linux, Mozilla Firefox 0.9.1 for Linux, Mozilla 1.7.1 for Windows and Mozilla Firefox 0.9.2 for Windows. Prior versions may also be affected, Secunia said. The advisory recommends users avoid links to untrusted sites.
Flaws fixed in phpMyAdmin
Gentoo Linux has fixed multiple vulnerabilities in phpMyAdmin a remote attacker with a valid user account could use to alter configuration variables and execute arbitrary PHP code. The advisory noted that phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web browser. "Two serious vulnerabilities exist in phpMyAdmin," the advisory said. "The first allows any user to alter the server configuration variables (including host, name and password) by appending new settings to the array variables that hold the configuration in a GET statement. The second allows users to include arbitrary PHP code to be executed within an eval() statement in table name configuration settings. This second vulnerability is only exploitable if $cfg['LeftFrameLight'] is set to FALSE." Authenticated users can alter configuration variables for their running copy of phpMyAdmin, the advisory said. While the impact of this should be minimal, the second vulnerability would allow an authenticated user to execute arbitrary PHP code with the permissions of the Web server, potentially allowing a serious denial of service or further remote compromise. Gentoo recommends users upgrade to the latest version of the tool.
Check Point fixes ASN.1 problem
Check Point Software Technologies has fixed an ASN.1 vulnerability affecting its VPN-1 products, which could be used to spark a buffer overrun and compromise the gateway. The Israel-based company said in an advisory that in certain circumstances, the flaw could allow further network compromises. Check Point said the problem doesn't affect those who do not use remote access VPNs or gateway-to-gateway VPNs, or those who have upgraded to current product versions (VPN-1/FireWall-1 R55 HFA-08, R54 HFA-412, and VPN-1 SecuRemote/SecureClient R56 HF1). The advisory said, "A single packet attack is only possible if Aggressive Mode IKE is implemented. Check Point strongly discourages the use of Aggressive Mode IKE because it has inherent security limitations." Check Point is not aware of any exploits of the vulnerability. The company recommends users install the update on all enforcement modules.