----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000ClcR
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit 3.0 day
2. Blanket Discovery for Stolen Laptops
II. LINUX VULNERABILITY SUMMARY
1. ImageMagic Multiple Integer Overflow Vulnerabilities
2. XFSection Xoops Module Print.PHP SQL Injection Vulnerability
3. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
4. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
5. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
6. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
7. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
8. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
9. Metamod-P Safevoid_Vsnprintf() Remote Denial of Service Vulnerability
10. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
11. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
12. Man Command -H Flag Local Buffer Overflow Vulnerability
13. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
14. Linux Kernel DCCP Proto.C Buffer Overflow Vulnerability
15. IPSec-Tools Remote Denial Of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Metasploit 3.0 day
By Federico Biancuzzi
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
http://www.securityfocus.com/columnists/439
2. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. ImageMagic Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23252
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23252
Summary:
ImageMagic is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
2. XFSection Xoops Module Print.PHP SQL Injection Vulnerability
BugTraq ID: 23261
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23261
Summary:
XFsection is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
XFsection 1.07 and prior versions are vulnerable; other versions may also be affected.
3. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
BugTraq ID: 23269
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23269
Summary:
Trolltech QT is prone to an input-validation vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to exploit other issues in applications that employ the affected library. A successful attack may allow the attacker to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Qt versions 3.3.8 and 4.2.3 are known to be vulnerable to this issue; other versions may be affected as well.
4. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
BugTraq ID: 23281
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23281
Summary:
MIT Kerberos 5 is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain superuser or SYSTEM-level privileges on the affected computer. Successfully exploiting this issue will result in the complete compromise of affected computers.
This issue occurs in Kerberos 5 versions 1.6 and prior.
5. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BugTraq ID: 23282
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.
This issue also affects third-party applications using the affected API.
6. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.
An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.
These issues affect libXfont 1.2.2; other versions may also be vulnerable.
7. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.
8. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23285
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 kadmind 1.6 and prior versions are vulnerable.
9. Metamod-P Safevoid_Vsnprintf() Remote Denial of Service Vulnerability
BugTraq ID: 23299
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23299
Summary:
Metamod-P is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash the application, effectively denying service to legitimate users.
Metamod-P version 1.19p29 is vulnerable to this issue; previous versions may be affected as well.
10. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
11. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Date Published: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.
This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.
12. Man Command -H Flag Local Buffer Overflow Vulnerability
BugTraq ID: 23355
Remote: No
Date Published: 2007-04-06
Relevant URL: http://www.securityfocus.com/bid/23355
Summary:
The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
NOTE: Presumably, this issue is exploitable only when 'man' has been installed setuid.
Exploiting this issue allows attackers to execute malicious machine code with the privileges of the 'man' utility. This can result in the compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
13. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
BugTraq ID: 23376
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed.
An attacker can exploit this issue to crash host computers, effectively denying service to legitimate users.
Versions prior to 2.6.20.5 are vulnerable.
14. Linux Kernel DCCP Proto.C Buffer Overflow Vulnerability
BugTraq ID: 23384
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23384
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.
Versions prior to 2.6.20.5 are vulnerable.
15. IPSec-Tools Remote Denial Of Service Vulnerability
BugTraq ID: 23394
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23394
Summary:
IPSec-Tools is affected by a remote denial-of-service vulnerability because the application fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.
IPSec-Tools versions prior to 0.6.7 are vulnerable to this issue.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000ClcR
No comments:
Post a Comment