News

Thursday, April 05, 2007

SecurityFocus Linux Newsletter #331

SecurityFocus Linux Newsletter #331
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit 3.0 day
2. Blanket Discovery for Stolen Laptops
II. LINUX VULNERABILITY SUMMARY
1. Inkscape Client Malicious Jabber Server Format String Vulnerability
2. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
3. Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities
4. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
5. CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability
6. Computer Associates BrightStor ARCserve Backup MediaSVR.EXE 191 Buffer Overflow Vulnerability
7. ImageMagic Multiple Integer Overflow Vulnerabilities
8. XFSection Xoops Module Print.PHP SQL Injection Vulnerability
9. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
10. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
11. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
12. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
13. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
14. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
15. Metamod-P Safevoid_Vsnprintf() Remote Denial of Service Vulnerability
16. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
17. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Metasploit 3.0 day
By Federico Biancuzzi
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
http://www.securityfocus.com/columnists/439

2. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Inkscape Client Malicious Jabber Server Format String Vulnerability
BugTraq ID: 23138
Remote: Yes
Date Published: 2007-03-26
Relevant URL: http://www.securityfocus.com/bid/23138
Summary:
The Inkscape client application is prone to a format-string vulnerability.

This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

2. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
BugTraq ID: 23142
Remote: No
Date Published: 2007-03-26
Relevant URL: http://www.securityfocus.com/bid/23142
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

3. Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities
BugTraq ID: 23162
Remote: No
Date Published: 2007-03-27
Relevant URL: http://www.securityfocus.com/bid/23162
Summary:
The Linux kernel is prone to multiple vulnerabilities in its DCCP support. Exploiting these issues can allow local attackers to access privileged information.

An attacker may be able to obtain sensitive data that can potentially aid in further attacks.

Linux Kernel versions in the 2.6.20 and later branch are vulnerable to these issues.

4. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
BugTraq ID: 23173
Remote: Yes
Date Published: 2007-03-28
Relevant URL: http://www.securityfocus.com/bid/23173
Summary:
IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

5. CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability
BugTraq ID: 23198
Remote: Yes
Date Published: 2007-03-29
Relevant URL: http://www.securityfocus.com/bid/23198
Summary:
CruiseWorks and Minna De Office are prone to a vulnerability that allows attackers to bypass access restrictions. This issue occurs because they fail to implement adequate access restrictions.

An attacker can exploit this issue to modify certain system configurations. Other attacks may also be possible.

This issue affects CruiseWorks 1.09e and Minna De Office 2.0, 1.12, and prior versions; other versions may also be affected.

6. Computer Associates BrightStor ARCserve Backup MediaSVR.EXE 191 Buffer Overflow Vulnerability
BugTraq ID: 23209
Remote: Yes
Date Published: 2007-03-30
Relevant URL: http://www.securityfocus.com/bid/23209
Summary:
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.

A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions.

7. ImageMagic Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23252
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23252
Summary:
ImageMagic is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

8. XFSection Xoops Module Print.PHP SQL Injection Vulnerability
BugTraq ID: 23261
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23261
Summary:
XFsection is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

XFsection 1.07 and prior versions are vulnerable; other versions may also be affected.

9. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
BugTraq ID: 23269
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23269
Summary:
Trolltech QT is prone to an input-validation vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to exploit other issues in applications that employ the affected library. A successful attack may allow the attacker to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Qt versions 3.3.8 and 4.2.3 are known to be vulnerable to this issue; other versions may be affected as well.

10. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
BugTraq ID: 23281
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23281
Summary:
MIT Kerberos 5 is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain superuser or SYSTEM-level privileges on the affected computer. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue occurs in Kerberos 5 versions 1.6 and prior.

11. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BugTraq ID: 23282
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.

This issue also affects third-party applications using the affected API.

12. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
libXfont is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect version 1.2.2; other versions may also be vulnerable.

13. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

14. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23285
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6 and prior versions are vulnerable.

15. Metamod-P Safevoid_Vsnprintf() Remote Denial of Service Vulnerability
BugTraq ID: 23299
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23299
Summary:
Metamod-P is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, effectively denying service to legitimate users.

Metamod-P version 1.19p29 is vulnerable to this issue; previous versions may be affected as well.

16. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

17. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Date Published: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash denying service to legitimate users.

This issue affects versions 2.6.9 to 2.6.20 and isdn4k utilities

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN

No comments:

Blog Archive