News

Tuesday, October 24, 2006

SecurityFocus Linux Newsletter #309

SecurityFocus Linux Newsletter #309
----------------------------------------

This Issue is Sponsored by: Lancope

"Revolutionize the way you view your network security"
How do you protect what you can't see? Stop protecting while blind. Gain network visibility now. Learn how Cisco NetFlow gives visibility and enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security.
ALERT: Download FREE White Paper "Network Behavior Analysis (NBA) in the Enterprise."

http://www.lancope.com/resource/

------------------------------------------------------------------
I. FRONT AND CENTER
1. Viruses, Phishing, and Trojans For Profit
II. LINUX VULNERABILITY SUMMARY
1. Clam Anti-Virus PE Rebuilding Heap Buffer Overflow Vulnerability
2. Clam Anti-Virus CHM Unpacker Denial Of Service Vulnerability
3. Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities
4. NVidia Binary Graphics Driver For Linux Buffer Overflow Vulnerability
5. Libksba Signature Verification Denial of Service Vulnerability
6. Opera Web Browser URI Tag Parsing Heap Buffer Overflow Vulnerability
7. Adobe Flash Player Plugin HTTP Header Injection Weakness
8. RETIRED: Adobe Flash Player Plugin Multiple HTTP Response Splitting Vulnerabilities
9. Trolltech QT Pixmap Images Integer Overflow Vulnerability
10. Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
11. Drupal Multiple HTML-Injection Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Detecting Brute-Force and Dictionary attacks
2. Dynamic firewall based on bandwidth usage ?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Viruses, Phishing, and Trojans For Profit
By Kelly Martin
Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams and botnet attacks that are stealing millions from organizations and individuals.
http://www.securityfocus.com/columnists/419


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Clam Anti-Virus PE Rebuilding Heap Buffer Overflow Vulnerability
BugTraq ID: 20535
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20535
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Exploiting this issue could allow attacker-supplied machine code to execute in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

ClamAV version 0.88.4 is vulnerable to this issue.

2. Clam Anti-Virus CHM Unpacker Denial Of Service Vulnerability
BugTraq ID: 20537
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
ClamAV is prone to a denial-of-service vulnerability because of an unspecified failure in the CHM unpacker.

Exploitation could cause the application to crash, resulting in a denial of service.

3. Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities
BugTraq ID: 20538
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20538
Summary:
Bugzilla is affected by multiple input-validation and information-disclosure vulnerabilities because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users.

An attacker can leverage these issues to access attachment and deadline information that are marked private or are otherwise protected and to conduct cross-site scripting and HTML-injection attacks. Exploiting these input-validation issues may allow attackers to steal cookie-based authentication credentials and to launch other attacks.

Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these vulnerabilities.

4. NVidia Binary Graphics Driver For Linux Buffer Overflow Vulnerability
BugTraq ID: 20559
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20559
Summary:
The NVIDIA binary graphics driver is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service.

NVidia Driver for Linux versions 8774 and 8762 are vulnerable to this issue; other versions may also be affected.

5. Libksba Signature Verification Denial of Service Vulnerability
BugTraq ID: 20565
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20565
Summary:
The libksba library is prone to a denial-of-service vulnerability because it crashes when verifying a signature with a malformed X.509 certificate.

Attackers can exploit this issue to crash the KSBA library, and in turn cause various programs that depend on the library to cease functioning, effectively denying service.

The following versions are affected:

- SUSE Linux's version 0.9.12
- Ubuntu libksba8 version 0.9.9-2ubuntu0.5.04.

Other individual implementations may also be vulnerable.

6. Opera Web Browser URI Tag Parsing Heap Buffer Overflow Vulnerability
BugTraq ID: 20591
Remote: Yes
Date Published: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20591
Summary:
Opera Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied data before copying it to the heap.

Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the application.

7. Adobe Flash Player Plugin HTTP Header Injection Weakness
BugTraq ID: 20592
Remote: Yes
Date Published: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20592
Summary:
Adobe Flash Player Plugin is prone to a weakness that permits the injection of arbitrary HTTP headers because it fails to sanitize user-supplied input.

A successful attack may allow attackers to perform arbitrary HTTP requests facilitating cross-site request forgery, cross-site scripting, HTTP request smuggling, and other attacks.

Since this weakness would typically be used as one component in a larger attack scenario, the consequences of an attack will depend on the vulnerabilities exploited along with this weakness.

Version 9.0.16 for Windows and 7.0.63 for Linux are affected by this issue.

8. RETIRED: Adobe Flash Player Plugin Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 20593
Remote: Yes
Date Published: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20593
Summary:
The Adobe Flash Player Plugin is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.

A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Adobe Flash Player Plugin version 9.0.16 for Windows and version 7.0.63 for Linux are vulnerable; other versions may also be affected.

This BID has been retired.

9. Trolltech QT Pixmap Images Integer Overflow Vulnerability
BugTraq ID: 20599
Remote: Yes
Date Published: 2006-10-18
Relevant URL: http://www.securityfocus.com/bid/20599
Summary:
Qt is prone to an integer-overflow vulnerability because the library fails to do proper bounds checking on user-supplied data.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

10. Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
BugTraq ID: 20617
Remote: Yes
Date Published: 2006-10-18
Relevant URL: http://www.securityfocus.com/bid/20617
Summary:
Asterisk is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Exploiting this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.

11. Drupal Multiple HTML-Injection Vulnerabilities
BugTraq ID: 20628
Remote: Yes
Date Published: 2006-10-19
Relevant URL: http://www.securityfocus.com/bid/20628
Summary:
Drupal is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered, and launch other attacks.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Detecting Brute-Force and Dictionary attacks
http://www.securityfocus.com/archive/91/449157

2. Dynamic firewall based on bandwidth usage ?
http://www.securityfocus.com/archive/91/448124

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Lancope

"Revolutionize the way you view your network security"
How do you protect what you can't see? Stop protecting while blind. Gain network visibility now. Learn how Cisco NetFlow gives visibility and enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security.
ALERT: Download FREE White Paper "Network Behavior Analysis (NBA) in the Enterprise."

http://www.lancope.com/resource/

No comments:

Blog Archive