----------------------------------------
This Issue is Sponsored by: Watchfire
Watchfire announces AppScan 7.0! The industry's only web application security scanner with new features that include Privilege Escalation Testing, Validation Highlighting and Reasoning and Complex Authentication Support to automate even more scanning and provide greater visibility and control for security professionals, penetration testers and QA staff. See for yourself. Download an evaluation copy of AppScan now!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTx
------------------------------------------------------------------
I. FRONT AND CENTER
1. Vulnerability Scanning Web 2.0 Client-Side Components
II. LINUX VULNERABILITY SUMMARY
1. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
2. PSToText Filename Handling Shell Command Execution Vulnerability
3. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
4. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
5. NetBSD Multiple Local Denial of Service Vulnerabilities
6. Linux Kernel Get_FDB_Entries Buffer Overflow Vulnerability
7. KOffice PPT Files Integer Overflow Vulnerability
8. LibGSF Remote Heap Buffer Overflow Vulnerability
9. Invision Gallery Index.PHP IMG Parameter SQL Injection Vulnerability
10. SMF Image File HTML Injection Vulnerability
11. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
12. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Selecting OS for High-availability/mission-critical web portal
2. Portsentry and Snort Question
3. Red Hat vs Debian Linux: overall security
4. How to check UID of process on the other side of local TCP/UDP connection
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Vulnerability Scanning Web 2.0 Client-Side Components
1. Vulnerability Scanning Web 2.0 Client-Side Components
By Shreeraj Shah
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
http://www.securityfocus.com/infocus/1881
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
BugTraq ID: 21219
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21219
Summary:
JBoss is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to read, create, delete, and overwrite arbitrary files from the vulnerable system in the context of the affected application. Successful exploits can result in a compromise of vulnerable applications.
JBoss Web Server 1.0.0.GA is vulnerable to this issue. Other applications that use the affected JBoss Java class may also be affected.
2. PSToText Filename Handling Shell Command Execution Vulnerability
BugTraq ID: 21299
Remote: No
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21299
Summary:
The 'pstotext' utility is prone to a vulnerability that may permit the execution of arbitrary shell commands. This issue occurs because the application fails to properly sanitize user-supplied data.
Exploiting this issue allows attackers to execute arbitrary shell commands with the privileges of the application.
3. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
BugTraq ID: 21300
Remote: Yes
Date Published: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21300
Summary:
ThinClientServer is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.
4. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
BugTraq ID: 21306
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.
GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue; previous versions may also be affected.
5. NetBSD Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 21327
Remote: No
Date Published: 2006-11-28
Relevant URL: http://www.securityfocus.com/bid/21327
Summary:
NetBSD is prone to multiple local denial-of-service vulnerabilities because it fails to properly validate user-supplied input.
An attacker may leverage these issues to cause the affected computer to crash, denying service to legitimate users.
6. Linux Kernel Get_FDB_Entries Buffer Overflow Vulnerability
BugTraq ID: 21353
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Attackers may potentially exploit this issue to execute arbitrary code within the context of the affected kernel, but this has not been confirmed. Successfully exploiting this issue would cause the complete compromise of the affected computer.
Little information is currently known about this vulnerability. Due to the fact that the affected function is in the network-bridging code, remote attacks may be possible.
Linux kernel versions prior to 2.6.18.4 are vulnerable to this issue.
7. KOffice PPT Files Integer Overflow Vulnerability
BugTraq ID: 21354
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
KOffice versions prior to 1.6.1 are affected.
8. LibGSF Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 21358
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.securityfocus.com/bid/21358
Summary:
The libgsf library is prone to a remote heap buffer-overflow vulnerability.
Exploiting this issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial of service.
9. Invision Gallery Index.PHP IMG Parameter SQL Injection Vulnerability
BugTraq ID: 21388
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21388
Summary:
Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
10. SMF Image File HTML Injection Vulnerability
BugTraq ID: 21431
Remote: Yes
Date Published: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21431
Summary:
SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Note that this vulnerability may be triggered only in the Internet Explorer browser.
SMF version 1.1 is vulnerable to this issue.
11. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
BugTraq ID: 21435
Remote: Yes
Date Published: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
xine-lib library running on real media is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged in user. Failed exploit attempts will result in a denial-of-service.
12. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
BugTraq ID: 21462
Remote: Yes
Date Published: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to overwrite a function pointer.
This issue is due to a design error when dealing with OpenPGP packets and may be exploited to execute arbitrary code.
Successful exploits may result in the remote compromise of computers utilizing the vulnerable application.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Selecting OS for High-availability/mission-critical web portal
http://www.securityfocus.com/archive/91/453320
2. Portsentry and Snort Question
http://www.securityfocus.com/archive/91/452881
3. Red Hat vs Debian Linux: overall security
http://www.securityfocus.com/archive/91/452878
4. How to check UID of process on the other side of local TCP/UDP connection
http://www.securityfocus.com/archive/91/452761
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
Watchfire announces AppScan 7.0! The industry's only web application security scanner with new features that include Privilege Escalation Testing, Validation Highlighting and Reasoning and Complex Authentication Support to automate even more scanning and provide greater visibility and control for security professionals, penetration testers and QA staff. See for yourself. Download an evaluation copy of AppScan now!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTx
No comments:
Post a Comment