News

Wednesday, July 18, 2007

SecurityFocus Linux Newsletter #346

SecurityFocus Linux Newsletter #346
----------------------------------------

This Issue is Sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. LINUX VULNERABILITY SUMMARY
1. Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
2. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
3. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
4. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
5. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
6. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
7. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
8. Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
9. EldoS SecureBlackbox PGPBBox.dll ActiveX Control Arbitrary File Overwrite Vulnerability
10. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
11. RETIRED: Konqueror Web Browser Data: URL Scheme Address Bar Spoofing Vulnerability
12. HP Serviceguard for Linux Unspecified Local Privilege Escalation Vulnerability
13. Curl GnuTLS Certificate Verfication Access Validation Vulnerability
14. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability
15. Asterisk Multiple Remote Denial of Service Vulnerabilities
16. Samsung Linux Printer Driver SetUID Script Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449

2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
BugTraq ID: 24282
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24282
Summary:
Symantec AntiVirus products that include the Symantec Decomposer are prone to multiple remote vulnerabilities related to the handling of CAB and RAR archives. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges or to cause the affected application to enter an infinite loop, resulting in a denial-of-service condition.

2. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
BugTraq ID: 24818
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24818
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle certain H.323 data.

Attackers can exploit this issue to crash the affected operating system, denying access to legitimate users.

Versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are vulnerable.

3. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
BugTraq ID: 24845
Remote: No
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24845
Summary:
The PowerPC Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to corrupt memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

Note that this issue affects only the Linux kernel on PowerPC architectures.

4. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

5. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
BugTraq ID: 24850
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24850
Summary:
Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets.

Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks.

Sun Java System Web Server 7.0 for the following operating systems is affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows
- HP-UX

Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows

6. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24854
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24854
Summary:
Centericq is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

7. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
BugTraq ID: 24856
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24856
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.

Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.

8. Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
BugTraq ID: 24866
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24866
Summary:
Multiple applications using RAR are prone to a NULL-pointer dereference vulnerability.

A successful attack will result in denial-of-service conditions. Attackers may also be able to exploit this issue to execute arbitrary code, but this has not been confirmed.

This issue affects the following:

ClamAV prior to 0.91
'UnRAR' 3.70; other versions may also be vulnerable.

Other applications using the vulnerabile 'UnRAR' utility are affected by this issue. We will update this BID as more information emerges.

9. EldoS SecureBlackbox PGPBBox.dll ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24882
Remote: Yes
Date Published: 2007-07-12
Relevant URL: http://www.securityfocus.com/bid/24882
Summary:
SecureBlackbox ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files.

The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This may cause denial-of-service conditions and may also allow the attacker to execute arbitrary code on the victim's computer, which may facilitate a remote compromise.

10. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 24888
Remote: No
Date Published: 2007-07-12
Relevant URL: http://www.securityfocus.com/bid/24888
Summary:
The X Font Server (XFS) creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks to alter the permissions of an arbitrary attacker-supplied file.

11. RETIRED: Konqueror Web Browser Data: URL Scheme Address Bar Spoofing Vulnerability
BugTraq ID: 24918
Remote: Yes
Date Published: 2007-07-16
Relevant URL: http://www.securityfocus.com/bid/24918
Summary:
Konqueror Web Browser is prone to an address bar spoofing vulnerability.

An attacker may exploit this vulnerability to spoof the originating URL of a trusted web site. This issue may allow a remote attacker to carry out phishing style attacks.

Konqueror 3.5.7 on Linux is reported vulnerable to this issue. Previous versions may be affected as well.

NOTE: This BID is being retired because the issue is already being tracked with BID 24912.

12. HP Serviceguard for Linux Unspecified Local Privilege Escalation Vulnerability
BugTraq ID: 24920
Remote: No
Date Published: 2007-07-16
Relevant URL: http://www.securityfocus.com/bid/24920
Summary:
HP Serviceguard for Linux is prone to an unspecified privilege-escalation vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

An attacker can exploit this issue to gain local unauthorized access or escalated privileges on affected computers.

13. Curl GnuTLS Certificate Verfication Access Validation Vulnerability
BugTraq ID: 24938
Remote: Yes
Date Published: 2007-07-17
Relevant URL: http://www.securityfocus.com/bid/24938
Summary:
Curl is prone to a vulnerability that permits an attacker to access unauthorized websites. The attacker may then launch other attacks.

This issue affects versions prior to Curl 7.16.14. Other applications using the 'libcurl' library are also affected.

14. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 24949
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24949
Summary:
Asterisk is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause a denial-of-service condition.

15. Asterisk Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24950
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24950
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

16. Samsung Linux Printer Driver SetUID Script Local Privilege Escalation Vulnerability
BugTraq ID: 24953
Remote: No
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24953
Summary:
Samsung Linux Printer Driver is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com

No comments:

Blog Archive