News

Tuesday, March 20, 2007

SecurityFocus Linux Newsletter #329

SecurityFocus Linux Newsletter #329
----------------------------------------

This Issue is Sponsored by: Black Hat

Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf.

For general information or to register visit:

http://www.blackhat.com


------------------------------------------------------------------
I. FRONT AND CENTER
1. Blanket Discovery for Stolen Laptops
II. LINUX VULNERABILITY SUMMARY
1. KTorrent Multiple Remote Vulnerabilities
2. Xine DirectShow Loader Remote Buffer Overflow Vulnerability
3. Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
4. PHProjekt Multiple SQL Injection Vulnerabilities
5. PHProjekt Arbitrary File Upload Vulnerability
6. Adobe JRun Unspecified Denial Of Service Vulnerability
7. MiniGZip Controls File_Compress Buffer Overflow Vulnerability
8. Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
9. Sun Java System Web Server Certificate Revocation Access Control Bypass Vulnerability
10. Multiple Cisco Products Online Help Cross Site Scripting Vulnerability
11. Sun Java System Web Server Unspecified Unauthorized Access Vulnerability
12. Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities
13. LibWPD Library Multiple Buffer Overflow Vulnerabilities
14. Rhapsody IRC Multiple Remote Vulnerabilities
15. Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
16. File(1) Command File_PrintF Integer Underflow Vulnerability
17. Lookup Insecure Temporary File Creation Vulnerability
18. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. KTorrent Multiple Remote Vulnerabilities
BugTraq ID: 22930
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a directory-traversal vulnerability and an unspecified vulnerability when processing messages with invalid chunk indexes.

Very little information is known about one of these issues. This BID will be updated as soon as more information becomes available.

An attacker can exploit the directory-traversal issue to overwrite arbitrary files on the user's system. Presumably, the unspecified vulnerability when processing messages with invalid chunk indexes will allow attackers to execute arbitrary code or to cause a denial of service, but this has not been confirmed.

Versions prior to 2.1.2 are vulnerable to these issues.

2. Xine DirectShow Loader Remote Buffer Overflow Vulnerability
BugTraq ID: 22933
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22933
Summary:
Xine is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied input into finite-sized buffers.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

3. Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
BugTraq ID: 22946
Remote: No
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22946
Summary:
The Linux kernel is prone to multiple NULL-pointer dereference vulnerabilities.

A local attacker can exploit these issues to crash the affected kernel, denying service to legitimate users.

4. PHProjekt Multiple SQL Injection Vulnerabilities
BugTraq ID: 22955
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22955
Summary:
PHProjekt is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

PHProjekt 5.2.0 and prior versions are vulnerable to these issues.

5. PHProjekt Arbitrary File Upload Vulnerability
BugTraq ID: 22956
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22956
Summary:
PHProjekt is prone to an arbitrary file-upload vulnerability.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

Versions prior to 5.2.1 are vulnerable to this issue.

6. Adobe JRun Unspecified Denial Of Service Vulnerability
BugTraq ID: 22958
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22958
Summary:
Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.

7. MiniGZip Controls File_Compress Buffer Overflow Vulnerability
BugTraq ID: 22964
Remote: No
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22964
Summary:
The 'minigzip' tool is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.

8. Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
BugTraq ID: 22967
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22967
Summary:
Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

9. Sun Java System Web Server Certificate Revocation Access Control Bypass Vulnerability
BugTraq ID: 22973
Remote: Yes
Date Published: 2007-03-15
Relevant URL: http://www.securityfocus.com/bid/22973
Summary:
Sun Java System Web Server is prone to a vulnerability that lets attackers bypass access controls.

An attacker may leverage this issue to access a secure webserver using a revoked certificate. Such unauthorized access may help the attacker launch other attacks.

10. Multiple Cisco Products Online Help Cross Site Scripting Vulnerability
BugTraq ID: 22982
Remote: Yes
Date Published: 2007-03-15
Relevant URL: http://www.securityfocus.com/bid/22982
Summary:
Multiple Cisco products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue by enticing a victim into following a maliciously crafted URI.

Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is being tracked by Cisco IDs: CSCsh91761, CSCsh52300, CSCsh91884, CSCsi12435, CSCsh91901, CSCsi10405, CSCsh91953, CSCsh93070, CSCsh93854, CSCek71039, CSCsh95009, CSCsi10818, CSCsi10674, CSCsi10982, CSCsi13743, CSCsi13763.

11. Sun Java System Web Server Unspecified Unauthorized Access Vulnerability
BugTraq ID: 22993
Remote: Yes
Date Published: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/22993
Summary:
Sun Java System Web Server is prone to a vulnerability that lets attackers gain unauthorized access to sensitive information.

An attacker may leverage this issue to access data stored on the host running the webserver. Such unauthorized access may help the attacker launch other attacks.

12. Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities
BugTraq ID: 22994
Remote: Yes
Date Published: 2007-03-15
Relevant URL: http://www.securityfocus.com/bid/22994
Summary:
Computer Associates BrightStor ARCServe BackUp Tape Engine service is prone to multiple vulnerabilities.

Exploiting these issues can result in denial-of-service conditions or remote code execution.

13. LibWPD Library Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23006
Remote: Yes
Date Published: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/23006
Summary:
The libwpd library is prone to multiple buffer-overflow vulnerabilities because it fails to adequately check boundaries on user-supplied input.

A successful exploit could let a remote attacker execute arbitrary code in the context of an application using the affected library.

Version 0.8.7 is vulnerable; other versions prior to 0.8.9 may also be affected.

14. Rhapsody IRC Multiple Remote Vulnerabilities
BugTraq ID: 23011
Remote: Yes
Date Published: 2007-03-17
Relevant URL: http://www.securityfocus.com/bid/23011
Summary:
Rhapsody IRC is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues and format-string issues.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

15. Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
BugTraq ID: 23014
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23014
Summary:
The Linux Security Auditing Tool creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Version 0.9.2 is vulnerable to this issue; other versions may also be affected.

16. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

17. Lookup Insecure Temporary File Creation Vulnerability
BugTraq ID: 23026
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23026
Summary:
Lookup creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.

Lookup version 1.4 is vulnerable to this issue; other versions may also be affected.

18. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
BugTraq ID: 23031
Remote: Yes
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23031
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat

Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf.

For general information or to register visit:

http://www.blackhat.com

No comments:

Blog Archive