----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CoNe
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
II. LINUX VULNERABILITY SUMMARY
1. Iputils Rarpd Remote Denial Of Service Vulnerability
2. Linux Kernel UTrace Unspecified Local Denial of Service Vulnerability
3. VMware Workstation Shared Folders Directory Traversal Vulnerability
4. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
5. Sun Java Web Start Unauthorized Access Vulnerability
6. VMware Multiple Denial Of Service Vulnerabilities
7. LFTP MirrorJob::HandleFile Arbitrary Command Injection Vulnerability
8. ISC BIND Query_AddSOA Denial Of Service Vulnerability
9. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
10. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
11. KTorrent Remote Directory Traversal Variant Vulnerability
12. Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
13. Xscreensaver Local Denial Of Service Vulnerability
14. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
15. Multiple Vendors Zoo Compression Algorithm Remote Denial of Service Vulnerability
16. Asterisk IAX2 Text Frame Information Disclosure Vulnerability
17. ELinks Relative Path Arbitrary Code Execution Vulnerability
18. LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability
19. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
20. PopTop PPTP Server GRE Packet Denial Of Service Vulnerability
21. Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
22. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. understanding chkrootkit and rkhunter logs
2. Center for Internet Security - Call for Participation
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Iputils Rarpd Remote Denial Of Service Vulnerability
BugTraq ID: 23706
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23706
Summary:
The 'iputils rarpd' program is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.
2. Linux Kernel UTrace Unspecified Local Denial of Service Vulnerability
BugTraq ID: 23720
Remote: No
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23720
Summary:
The Linux kernel is prone to a denial-of-service vulnerability that stems from a flaw in 'utrace' support.
A local attacker may exploit this issue to cause the affected kernel to crash, effectively denying service to legitimate users.
3. VMware Workstation Shared Folders Directory Traversal Vulnerability
BugTraq ID: 23721
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23721
Summary:
VMware Workstation is prone to a directory-traversal vulnerability because it fails to properly sanitize input.
An attacker with access to a virtual guest operating system can exploit this issue by traversing a shared directory to manipulate arbitrary files on the host operating system in the context of the user running the application.
Successful attacks could result in the compromise of the affected host operating system. Other attacks are possible.
VMware Workstation 5.5.3 build 34685 on Windows XP SP2 is vulnerable. Other versions may also be affected.
4. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
BugTraq ID: 23725
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23725
Summary:
VIM is prone to multiple vulnerabilities that permit a remote attacker to execute arbitrary code.
An attacker could exploit these issues by enticing a victim to load a malicious file. A successful exploit could result in the execution of arbitrary code within the context of the affected application.
5. Sun Java Web Start Unauthorized Access Vulnerability
BugTraq ID: 23728
Remote: Yes
Date Published: 2007-04-29
Relevant URL: http://www.securityfocus.com/bid/23728
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote attackers to gain unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows untrusted applications to gain read/write privileges to local files on a vulnerable computer.
The following versions for Windows, Solaris and Linux platforms are vulnerable:
Java Web Start in JDK and JRE 5.0 Update 10 and earlier
Java Web Start in SDK and JRE 1.4.2_13 and earlier
6. VMware Multiple Denial Of Service Vulnerabilities
BugTraq ID: 23732
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23732
Summary:
VMware is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial-of-service conditions.
Versions prior to 5.5.4 Build 44386 are vulnerable to these issues.
7. LFTP MirrorJob::HandleFile Arbitrary Command Injection Vulnerability
BugTraq ID: 23736
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23736
Summary:
LFTP is prone to an arbitrary-command-injection vulnerability because it fails to adequately sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application.
Versions prior to 3.5.9 are vulnerable.
8. ISC BIND Query_AddSOA Denial Of Service Vulnerability
BugTraq ID: 23738
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23738
Summary:
ISC BIND is prone to a denial-of-service vulnerability because it fails to handle certain sequences of malicious queries.
NOTE: Only applications configured with the 'recursion' directive/attribute enabled are vulnerable to this issue.
An attacker can exploit this issue to cause the application to exit, denying service to legitimate users.
ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.
9. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
BugTraq ID: 23741
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23741
Summary:
X.Org X Window System Xserver is prone to a denial-of-service vulnerabilty because the software fails to properly handle exceptional conditions.
Attackers who can connect to a vulnerable X server may exploit this issue to crash the targeted server, denying futher service to legitimate users.
X.Org X Window System Xserver 1.3.0 is vulnerable to this issue; other versions may also be affected.
10. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
BugTraq ID: 23742
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23742
Summary:
Red Hat Sendmail is prone to a vulnerability that permits an attacker to send spoofed emails.
A successful exploit may allow an attacker to impersonate the localhost when sending an email message.
This issue affects Sendmail on Red Hat systems due to a configuration error. It is not currently known if this issue affects other releases of the software.
11. KTorrent Remote Directory Traversal Variant Vulnerability
BugTraq ID: 23745
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23745
Summary:
KTorrent is prone to a remote directory-traversal vulnerability.
An attacker can exploit this issue by using modified '..' sequences to overwrite arbitrary files on a victim user's system.
This issue is due to an incomplete vendor fix of the issue discussed in BID 22930.
Versions prior to 2.1.3 are vulnerable to these issues.
12. Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
BugTraq ID: 23762
Remote: Yes
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23762
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability. The issue is exposed when Net-SNMP is configured to communicate over TCP; Net-SNMP using UDP is unaffected.
This issue affects Net-SNMP when running in 'master agentx' mode. An attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users.
13. Xscreensaver Local Denial Of Service Vulnerability
BugTraq ID: 23783
Remote: No
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23783
Summary:
Xscreensaver is prone to a local denial-of-service vulnerability.
Successful exploits will cause the xscreensaver daemon to crash, unlock the screen, and allow unauthorized access to the vulnerable computer.
Xscreensaver versions prior to 5.02 are vulnerable to this issue.
14. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23813
Remote: Yes
Date Published: 2007-05-04
Relevant URL: http://www.securityfocus.com/bid/23813
Summary:
PHP is prone to three remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
All three issues affect PHP 5.2.1 and prior versions; PHP 4.4.6 and prior versions are affected only by one of the issues.
Few details are available at the moment. These issues may have been previously described in other BIDs. This record may be updated or retired if further analysis shows that these issues have been reported in the past.
15. Multiple Vendors Zoo Compression Algorithm Remote Denial of Service Vulnerability
BugTraq ID: 23823
Remote: Yes
Date Published: 2007-05-04
Relevant URL: http://www.securityfocus.com/bid/23823
Summary:
The Zoo compression algorithm is prone to a remote denial-of-service vulnerability. This issue arises when applications implementing the Zoo algorithm process certain malformed archives.
A successful attack can exhaust system resources and trigger a denial-of-service condition.
This issue affects Zoo 2.10 and other applications implementing the vulnerable algorithm.
16. Asterisk IAX2 Text Frame Information Disclosure Vulnerability
BugTraq ID: 23824
Remote: Yes
Date Published: 2007-05-04
Relevant URL: http://www.securityfocus.com/bid/23824
Summary:
Asterisk is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue may also result in a segmentation fault.
17. ELinks Relative Path Arbitrary Code Execution Vulnerability
BugTraq ID: 23844
Remote: No
Date Published: 2007-05-07
Relevant URL: http://www.securityfocus.com/bid/23844
Summary:
ELinks is prone to an arbitrary code-execution vulnerability.
An attacker can exploit this issue to potentially execute arbitrary code with the privileges of the user running the affected application.
This issue requires an attacker to trick an unsuspecting victim into running the vulnerable application in an attacker-controlled directory.
This issue affects ELinks 0.11.1; other versions may also be vulnerable.
18. LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability
BugTraq ID: 23857
Remote: No
Date Published: 2007-05-07
Relevant URL: http://www.securityfocus.com/bid/23857
Summary:
LDAP Account Manager is prone to a local privilege-escalation vulnerability.
A local attacker may execute arbitrary code with superuser privileges. This may facilitate a complete compromise of the affected computer.
Versions prior to 1.0.0 are reported vulnerable to this issue.
19. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Date Published: 2007-05-07
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.
Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.
This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.
20. PopTop PPTP Server GRE Packet Denial Of Service Vulnerability
BugTraq ID: 23886
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23886
Summary:
PoPToP PPTP Server is prone to a denial-of-service vulnerability because it fails to adequately handle certain malformed packet data.
Attackers can exploit this issue to disconnect arbitrary PPTP connections.
PoPToP PPTP Server 1.3.4 is vulnerable; other versions may also be affected.
21. Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
BugTraq ID: 23887
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23887
Summary:
Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.
Exploiting this issue allows remote attackers to read portions of memory.
Python 2.4.4-2 and 2.5 are confirmed vulnerable to this issue.
22. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
BugTraq ID: 23890
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23890
Summary:
IBM DB2 Universal Database is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Successful attacks can result in the compromise of the application or can cause denial-of-service conditions.
Few technical details are currently available. We will update this BID as more information emerges.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. understanding chkrootkit and rkhunter logs
http://www.securityfocus.com/archive/91/467957
2. Center for Internet Security - Call for Participation
http://www.securityfocus.com/archive/91/467965
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CoNe
No comments:
Post a Comment