----------------------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
II. LINUX VULNERABILITY SUMMARY
1. Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
2. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
3. OpenSSH S/Key Remote Information Disclosure Vulnerability
4. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
5. Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities
6. Cisco NetFlow Collection Engine Remote Default Account Vulnerability
7. Asterisk ManagerInterface Manager.Conf Remote Denial of Service Vulnerability
8. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
9. Moinmoin Index.PHP Cross-Site Scripting Vulnerability
10. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
11. GIMP RAS File Buffer Overflow Vulnerability
12. Iputils Rarpd Remote Denial Of Service Vulnerability
13. Linux Kernel UTrace Unspecified Local Denial of Service Vulnerability
14. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
15. Sun Java Web Start Unauthorized Access Vulnerability
16. VMware Multiple Denial Of Service Vulnerabilities
17. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
18. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
BugTraq ID: 23589
Remote: Yes
Date Published: 2007-04-22
Relevant URL: http://www.securityfocus.com/bid/23589
Summary:
Courier-IMAP is prone to a shell-command-injection vulnerability.
Commands executed through this vulnerability could permit an attacker to gain access to a vulnerable system.
Courier-IMAP versions for Gentoo prior to 4.0.6-r2 are vulnerable to this issue.
2. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
BugTraq ID: 23594
Remote: No
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23594
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.
Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.
Kernel versions 2.4.34.2 and prior are vulnerable to this issue.
3. OpenSSH S/Key Remote Information Disclosure Vulnerability
BugTraq ID: 23601
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23601
Summary:
OpenSSH contains an information-disclosure vulnerability when S/Key authentication is enabled. This issue occurs because the application fails to properly obscure the existence of valid usernames in authentication attempts.
Exploiting this vulnerability allows remote users to test for the existence of valid usernames. Knowledge of system users may aid in further attacks.
4. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
BugTraq ID: 23618
Remote: No
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23618
Summary:
PostgreSQL is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to escalate privileges in the context of the 'security_definer' function.
PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 are vulnerable to this issue.
5. Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23635
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23635
Summary:
Computer Associates BrightStor ARCServe Media Server is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
A remote attacker may exploit these issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits can result in a complete compromise of affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
6. Cisco NetFlow Collection Engine Remote Default Account Vulnerability
BugTraq ID: 23647
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23647
Summary:
Cisco NetFlow Collection Engine (NFC) is prone to a default-account vulnerability. This issue stems from a design flaw that makes an insecure account available to remote users.
Successfully exploiting this issue allows remote attackers to gain administrative access to the vulnerable application and user-level access to the hosting operating system.
Versions of Cisco NFC prior to 6.0 are vulnerable to this issue.
Cisco is tracking this issue as Cisco Bug ID CSCsh75038.
7. Asterisk ManagerInterface Manager.Conf Remote Denial of Service Vulnerability
BugTraq ID: 23649
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23649
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle exceptional conditions.
Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
8. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
BugTraq ID: 23656
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23656
Summary:
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause denial-of-service conditions.
9. Moinmoin Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23676
Remote: Yes
Date Published: 2007-04-26
Relevant URL: http://www.securityfocus.com/bid/23676
Summary:
Moinmoin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Moinmoin 1.5.7 is vulnerable; other versions may also be affected.
10. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
BugTraq ID: 23677
Remote: No
Date Published: 2007-04-26
Relevant URL: http://www.securityfocus.com/bid/23677
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted.
A local attacker may exploit this issue to trigger an infinite-recursion stack-based overflow in the kernel. This results in a denial of service to legitimate users.
Versions prior to 2.6.20.8 are vulnerable.
11. GIMP RAS File Buffer Overflow Vulnerability
BugTraq ID: 23680
Remote: Yes
Date Published: 2007-04-26
Relevant URL: http://www.securityfocus.com/bid/23680
Summary:
GIMP is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.
GIMP 2.2.14 is vulnerable to this issue; other versions may also be affected.
12. Iputils Rarpd Remote Denial Of Service Vulnerability
BugTraq ID: 23706
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23706
Summary:
The 'iputils rarpd' program is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.
13. Linux Kernel UTrace Unspecified Local Denial of Service Vulnerability
BugTraq ID: 23720
Remote: No
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23720
Summary:
The Linux kernel is prone to a denial-of-service vulnerability that stems from a flaw in 'utrace' support.
A local attacker may exploit this issue to cause the affected kernel to crash, effectively denying service to legitimate users.
14. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
BugTraq ID: 23725
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23725
Summary:
VIM is prone to multiple vulnerabilities that permit a remote attacker to execute arbitrary code.
An attacker could exploit these issues by enticing a victim to load a malicious file. A successful exploit could result in the execution of arbitrary code within the context of the affected application.
15. Sun Java Web Start Unauthorized Access Vulnerability
BugTraq ID: 23728
Remote: Yes
Date Published: 2007-04-29
Relevant URL: http://www.securityfocus.com/bid/23728
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote attackers to gain unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows untrusted applications to gain read/write privileges to local files on a vulnerable computer.
The following versions for Windows, Solaris and Linux platforms are vulnerable:
Java Web Start in JDK and JRE 5.0 Update 10 and earlier
Java Web Start in SDK and JRE 1.4.2_13 and earlier
16. VMware Multiple Denial Of Service Vulnerabilities
BugTraq ID: 23732
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23732
Summary:
VMware is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial-of-service conditions.
Versions prior to 5.5.4 Build 44386 are vulnerable to these issues.
17. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
BugTraq ID: 23741
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23741
Summary:
X.Org X Window System Xserver is prone to a denial-of-service vulnerabilty. This issue is due to a failure of the software to properly handle exceptional conditions.
Attackers with the ability to connect to a vulnerable X server may exploit this issue to crash the targeted server, denying futher service to legitimate users.
X.Org X Window System Xserver version 1.3.0 is vulnerable to this issue; other versions may also be affected.
18. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
BugTraq ID: 23742
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23742
Summary:
Red Hat Sendmail is prone to a vulnerability that permits an attacker to send spoofed emails.
A successful exploit may allow an attacker to impersonate the localhost when sending an email message.
This issue affects Sendmail on Red Hat systems due to a configuration error. It is not currently known at this time if this issue affects other released of the software.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
No comments:
Post a Comment