News

Tuesday, June 19, 2007

SecurityFocus Linux Newsletter #342

SecurityFocus Linux Newsletter #342
----------------------------------------

This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign. Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity. Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000047sfi/direct/01/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded Problems
2. Security Analogies
II. LINUX VULNERABILITY SUMMARY
1. PHPMailer Remote Shell Command Execution Vulnerability
2. Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
3. OpenOffice RTF File Parser Buffer Overflow Vulnerability
4. EXIF Library EXIF File Processing Integer Overflow Vulnerability
5. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
6. SpamAssassin Local Symlink Attack And Denial of Service Vulnerability
7. HP System Management Homepage Remote Privilege Escalation Vulnerability
8. Astaro Up2Date Secure Gateway SMTP Proxy Malformed Email Remote Denial of Service Vulnerability
9. F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Embedded Problems
By Federico Biancuzzi
Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router.
http://www.securityfocus.com/columnists/446

2. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. PHPMailer Remote Shell Command Execution Vulnerability
BugTraq ID: 24417
Remote: Yes
Date Published: 2007-06-11
Relevant URL: http://www.securityfocus.com/bid/24417
Summary:
PHPMailer is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

This issue affects PHPMailer when configured to use sendmail.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application using the affected class utility.

PHPMailer 1.73 and prior versions are vulnerable to this issue.

2. Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
BugTraq ID: 24436
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24436
Summary:
Firebird SQL is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.

Firebird SQL 2.0 is vulnerable; previous versions may also be affected.

3. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

4. EXIF Library EXIF File Processing Integer Overflow Vulnerability
BugTraq ID: 24461
Remote: Yes
Date Published: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24461
Summary:
The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

5. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 24471
Remote: No
Date Published: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24471
Summary:
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.

A local attacker can exploit these issues to deny legitimate user access to the server daemon.

6. SpamAssassin Local Symlink Attack And Denial of Service Vulnerability
BugTraq ID: 24481
Remote: No
Date Published: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24481
Summary:
SpamAssassin is prone to a remote denial-of-service vulnerability because the application creates files in an insecure manner.

An attacker can exploit this issue to cause a denial-of-service condition.

Versions prior to SpamAssassin 3.2.1 are vulnerable to this issue.

7. HP System Management Homepage Remote Privilege Escalation Vulnerability
BugTraq ID: 24486
Remote: Yes
Date Published: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24486
Summary:
HP System Management Homepage is prone to a privilege-escalation vulnerability.

Attackers can exploit this issue to gain superuser access to the affected application. This may facilitate further attacks.

Versions prior to 2.1.9 that are running on Linux with Novell's eDirectory services are vulnerable.

8. Astaro Up2Date Secure Gateway SMTP Proxy Malformed Email Remote Denial of Service Vulnerability
BugTraq ID: 24492
Remote: Yes
Date Published: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24492
Summary:
Astaro Up2Date is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to cause the application to stop responding, denying further service to legitimate users.

This issue affects versions prior to Astaro Up2Date 7.005.

9. F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass Vulnerability
BugTraq ID: 24525
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24525
Summary:
Multiple F-Secure Anti-Virus products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

An attacker may exploit this issue by sending maliciously crafted RAR or LHA archives to victims.

Successful exploits will allow attackers to distribute compressed archives containing malicious code that will not be detected by the antivirus application.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign. Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity. Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000047sfi/direct/01/

No comments:

Blog Archive