----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN
------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit 3.0 day
2. Blanket Discovery for Stolen Laptops
II. LINUX VULNERABILITY SUMMARY
1. OpenOffice Meta Character Remote Shell Command Execution Vulnerability
2. Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
3. File(1) Command File_PrintF Integer Underflow Vulnerability
4. Lookup Insecure Temporary File Creation Vulnerability
5. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
6. OpenAFS FetchStatus Reply Privilege Escalation Vulnerability
7. Inkscape Malicious URI Format String Vulnerability
8. Gnome Evolution Format String Vulnerability
9. XMMS Skins Integer Overflow And Underflow Vulnerabilities
10. Mozilla FireFox FTP PASV Port-Scanning Vulnerability
11. Squid Proxy TRACE Request Remote Denial of Service Vulnerability
12. KDE Konqueror/IOSlave FTP PASV Port-Scanning Vulnerability
13. Asterisk SIP Channel Driver Reponse Code Zero Remote Denial of Service Vulnerability
14. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
15. Inkscape Client Malicious Jabber Server Format String Vulnerability
16. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
17. Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities
18. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Metasploit 3.0 day
By Federico Biancuzzi
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
http://www.securityfocus.com/columnists/439
2. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. OpenOffice Meta Character Remote Shell Command Execution Vulnerability
BugTraq ID: 22812
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22812
Summary:
OpenOffice is prone to a vulnerability that allows arbitrary shell commands to run because the software fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the applicaiton.
2. Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
BugTraq ID: 23014
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23014
Summary:
The Linux Security Auditing Tool creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Version 0.9.2 is vulnerable to this issue; other versions may also be affected.
3. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.
An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.
Versions prior to 4.20 are vulnerable.
4. Lookup Insecure Temporary File Creation Vulnerability
BugTraq ID: 23026
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23026
Summary:
Lookup creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
Lookup version 1.4 is vulnerable to this issue; other versions may also be affected.
5. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
BugTraq ID: 23031
Remote: Yes
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23031
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
6. OpenAFS FetchStatus Reply Privilege Escalation Vulnerability
BugTraq ID: 23060
Remote: No
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23060
Summary:
OpenAFS is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary commands with superuser privileges on the affected computer.
OpenAFS 1.4.3 (and prior versions) and 1.5.0 through 1.5.16 are affected by this vulnerability.
7. Inkscape Malicious URI Format String Vulnerability
BugTraq ID: 23070
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23070
Summary:
Inkscape is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
8. Gnome Evolution Format String Vulnerability
BugTraq ID: 23073
Remote: Yes
Date Published: 2007-03-21
Relevant URL: http://www.securityfocus.com/bid/23073
Summary:
Gnome Evolution is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier in a shared memo.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Gnome Evolution version 2.8.2.1 is vulnerable to this issue; other versions may also be affected.
9. XMMS Skins Integer Overflow And Underflow Vulnerabilities
BugTraq ID: 23078
Remote: Yes
Date Published: 2007-03-21
Relevant URL: http://www.securityfocus.com/bid/23078
Summary:
XMMS is prone to an integer-overflow vulnerability and an integer-underflow vulnerability because it fails to adequately handle user-supplied data.
An attacker can leverage these issues to corrupt stack-based memory and execute arbitrary code with the privileges of a user running the application. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.
Version 1.2.10 is vulnerable; other versions may also be affected.
10. Mozilla FireFox FTP PASV Port-Scanning Vulnerability
BugTraq ID: 23082
Remote: Yes
Date Published: 2007-03-21
Relevant URL: http://www.securityfocus.com/bid/23082
Summary:
Mozilla Firefox is prone to vulnerability that may allow attackers to obtain potentially sensitive information.
A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks.
11. Squid Proxy TRACE Request Remote Denial of Service Vulnerability
BugTraq ID: 23085
Remote: Yes
Date Published: 2007-03-21
Relevant URL: http://www.securityfocus.com/bid/23085
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain TRACE requests.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying futher service to legitimate users.
This issue affects version 2.6.
12. KDE Konqueror/IOSlave FTP PASV Port-Scanning Vulnerability
BugTraq ID: 23091
Remote: Yes
Date Published: 2007-03-21
Relevant URL: http://www.securityfocus.com/bid/23091
Summary:
KDE Konqueror is prone to a vulnerability that may allow attackers to obtain potentially sensitive information.
A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks.
13. Asterisk SIP Channel Driver Reponse Code Zero Remote Denial of Service Vulnerability
BugTraq ID: 23093
Remote: Yes
Date Published: 2007-03-21
Relevant URL: http://www.securityfocus.com/bid/23093
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain SIP packets.
Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
Asterisk versions prior to 1.2.17 and 1.4.2 are vulnerable to this issue.
14. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Date Published: 2007-03-22
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.
Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.
This issue affects the Linux kernel 2.6 series.
15. Inkscape Client Malicious Jabber Server Format String Vulnerability
BugTraq ID: 23138
Remote: Yes
Date Published: 2007-03-26
Relevant URL: http://www.securityfocus.com/bid/23138
Summary:
The Inkscape client application is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
16. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
BugTraq ID: 23142
Remote: No
Date Published: 2007-03-26
Relevant URL: http://www.securityfocus.com/bid/23142
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.
17. Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities
BugTraq ID: 23162
Remote: No
Date Published: 2007-03-27
Relevant URL: http://www.securityfocus.com/bid/23162
Summary:
The Linux kernel is prone to multiple vulnerabilities in its DCCP support. Exploiting these issues can allow local attackers to access privileged information.
An attacker may be able to obtain sensitive data that can potentially aid in further attacks.
Linux Kernel versions in the 2.6.20 and later branch are vulnerable to these issues.
18. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
BugTraq ID: 23173
Remote: Yes
Date Published: 2007-03-28
Relevant URL: http://www.securityfocus.com/bid/23173
Summary:
IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN
No comments:
Post a Comment