News

Tuesday, November 28, 2006

SecurityFocus Linux Newsletter #314

SecurityFocus Linux Newsletter #314
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Ce5v

------------------------------------------------------------------
I. FRONT AND CENTER
1. A Hard Lesson in Privacy
2. Vulnerability Scanning Web 2.0 Client-Side Components
II. LINUX VULNERABILITY SUMMARY
1. Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
2. ImageMagick SGI Image File Unspecified Remote Heap Buffer Overflow Vulnerability
3. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
4. Computer Associates BrightStor ARCserve Backup Tape Engine Remote Buffer Overflow Vulnerability
5. GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
6. NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
7. PSToText Filename Handling Shell Command Execution Vulnerability
8. NetBSD Multiple Local Denial of Service Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Portsentry and Snort Question
2. Red Hat vs Debian Linux: overall security
3. How to check UID of process on the other side of local TCP/UDP connection
4. spambots and dictionary attacks
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A Hard Lesson in Privacy
By Scott Granneman
Scott Granneman looks at a hard lesson in personal privacy and security through the lens of a very public and well-known female television show host in Europe.
http://www.securityfocus.com/columnists/424

2. Vulnerability Scanning Web 2.0 Client-Side Components
By Shreeraj Shah
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
http://www.securityfocus.com/infocus/1881


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 21183
Remote: Yes
Date Published: 2006-11-20
Relevant URL: http://www.securityfocus.com/bid/21183
Summary:
Dovecot is prone to an off-by-one buffer-overflow condition due to an error that results in insufficient memory allocation.

An attacker may exploit this issue to trigger denial-of-service conditions. Presumably, arbitrary code execution may be possible as well.

Versions 1.0test53 to 1.0.rc14 are vulnerable.

2. ImageMagick SGI Image File Unspecified Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 21185
Remote: Yes
Date Published: 2006-11-20
Relevant URL: http://www.securityfocus.com/bid/21185
Summary:
ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

ImageMagick versions in the 6.x series, up to version 6.2.8, are vulnerable to this issue.

3. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
BugTraq ID: 21219
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21219
Summary:
JBoss is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to read, create, delete and overwrite arbitrary files from the vulnerable system in the context of the affected application. Successful exploits can result in a compromise of vulnerable applications.

JBoss Web Server 1.0.0.GA is vulnerable to this issue. Other applications that utilize the affected JBoss java class may also be affected.

4. Computer Associates BrightStor ARCserve Backup Tape Engine Remote Buffer Overflow Vulnerability
BugTraq ID: 21221
Remote: Yes
Date Published: 2006-11-21
Relevant URL: http://www.securityfocus.com/bid/21221
Summary:
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.

A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions.

BrightStore ARCserver Backup 11.5 is vulnerable to this issue; other versions may also be affected.

5. GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
BugTraq ID: 21235
Remote: Yes
Date Published: 2006-11-21
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives.

A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

6. NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
BugTraq ID: 21251
Remote: Yes
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21251
Summary:
NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

Although the WG311v1ND5.SYS driver is used primarily on Microsoft Windows, users of Linux and BSD machines running the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.

Version 2.3.1.10 of the WG311v1ND5.SYS driver is vulnerable to this issue; other versions may also be affected.

7. PSToText Filename Handling Shell Command Execution Vulnerability
BugTraq ID: 21299
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21299
Summary:
pstotext is prone to a vulnerability that may permit the execution of arbitrary shell commands. This issue occurs because the application fails to properly sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary shell commands with the privileges of the application.

8. NetBSD Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 21327
Remote: No
Date Published: 2006-11-28
Relevant URL: http://www.securityfocus.com/bid/21327
Summary:
NetBSD is prone to multiple local denial-of-service vulnerabilities due to improper validation of user-supplied input.

An attacker may leverage these issues to cause the affected computer to crash, denying service to legitimate users.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Portsentry and Snort Question
http://www.securityfocus.com/archive/91/452881

2. Red Hat vs Debian Linux: overall security
http://www.securityfocus.com/archive/91/452878

3. How to check UID of process on the other side of local TCP/UDP connection
http://www.securityfocus.com/archive/91/452761

4. spambots and dictionary attacks
http://www.securityfocus.com/archive/91/451920

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Ce5v

No comments:

Blog Archive