News

Loading...

Tuesday, April 24, 2007

SecurityFocus Linux Newsletter #334

SecurityFocus Linux Newsletter #334
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS will not stop
such attacks because SQL Injections are NOT seen as intruders. Download this *FREE*
white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Impersonations: No Validation Required
II. LINUX VULNERABILITY SUMMARY
1. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
2. ScramDisk 4 Linux Local Privilege Escalation Vulnerabilities
3. Lighttpd Multiple Remote Denial of Service Vulnerabilities
4. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
5. Oracle April 2007 Security Update Multiple Vulnerabilities
6. McAfee E-Business Administration Server Authentication Packet Denial of Service Vulnerability
7. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
8. ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
9. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
10. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
11. Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
12. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
13. OpenSSH S/Key Remote Information Disclosure Vulnerability
14. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Online Impersonations: No Validation Required
By Dr. Neal Krawetz
It is said that imitation is the sincerest form of flattery. Unfortunately, online social networks provide no method for distinguishing an impersonation from the real thing. While your online words and actions may circulate for years, so do those of an impersonator.
http://www.securityfocus.com/columnists/441


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

2. ScramDisk 4 Linux Local Privilege Escalation Vulnerabilities
BugTraq ID: 23495
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23495
Summary:
ScramDisk is prone to multiple local privilege-escalation vulnerabilities.

Exploiting these issues allows local attackers to attain superuser privileges, which can lead to a complete system compromise.

These issues affect versions prior to 1.0-1.

3. Lighttpd Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 23515
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23515
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle unexpected conditions.

Successfully exploiting these issues allows remote attackers to trigger an infinite loop, consuming excessive CPU resources, or to crash affected servers via a NULL-pointer dereference. This will deny further service to legitimate users.

Lighttpd versions prior to 1.4.14 are vulnerable.

4. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
BugTraq ID: 23520
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23520
Summary:
Vixie Cron is prone to a local denial-of-service vulnerability.

This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.

A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.

Vixie Cron versions prior to 4.1-r10 are vulnerable.

5. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

6. McAfee E-Business Administration Server Authentication Packet Denial of Service Vulnerability
BugTraq ID: 23544
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23544
Summary:
McAfee E-Business Administration Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain network packets. A successful attack allows a remote attacker to crash the Administration Server, denying further service to legitimate users.

These versions are affected:

E-Business Server 8.5.1 (and earlier) for Windows and Solaris
E-Business Server 8.1.0 (and earlier) for Linux, HP-UX, and AIX

7. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
BugTraq ID: 23545
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23545
Summary:
3proxy is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.

3proxy 0.5 to 0.5.3g and 0.6b-devel before 20070413 are vulnerable to this issue.

8. ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
BugTraq ID: 23546
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23546
Summary:
ProFTPD is reported prone to a security-restriction-bypass vulnerability because of an error in the AUTH API.

Attackers may exploit this issue to bypass security controls when multiple modules are configured with disparate authentication policies.

ProFTPD 1.2 and 1.3 branches are reported vulnerable; other versions may be affected as well.

NOTE: The latest version in the CVS repository reportedly addresses this issue.

9. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
BugTraq ID: 23552
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23552
Summary:
Dovecot is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

10. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
BugTraq ID: 23566
Remote: No
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions.

Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition.

Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable.

Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers.

11. Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
BugTraq ID: 23589
Remote: Yes
Date Published: 2007-04-22
Relevant URL: http://www.securityfocus.com/bid/23589
Summary:
Courier-IMAP is prone to a shell-command-injection vulnerability.

Commands executed through this vulnerability could permit an attacker to gain access to a vulnerable system.

Courier-IMAP versions for Gentoo prior to 4.0.6-r2 are vulnerable to this issue.

12. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
BugTraq ID: 23594
Remote: No
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23594
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.4.34.2 and prior are vulnerable to this issue.

13. OpenSSH S/Key Remote Information Disclosure Vulnerability
BugTraq ID: 23601
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23601
Summary:
OpenSSH contains an information-disclosure vulnerability when S/Key authentication is enabled. This issue occurs because the application fails to properly obscure the existence of valid usernames in authentication attempts.

Exploiting this vulnerability allows remote users to test for the existence of valid usernames. Knowledge of system users may aid in further attacks.

14. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
BugTraq ID: 23618
Remote: No
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23618
Summary:
PostgreSQL is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to escalate privileges in the context of the 'security_definer' function.

PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 are vulnerable to this issue.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS will not stop
such attacks because SQL Injections are NOT seen as intruders. Download this *FREE*
white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive