News

Wednesday, August 29, 2007

SecurityFocus Linux Newsletter #352

SecurityFocus Linux Newsletter #352
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper
One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data.
XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D1rX


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Virtualized rootkits - Part 2
2. Virtualized rootkits - Part 1
II. LINUX VULNERABILITY SUMMARY
1. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
2. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
3. Sysstat Insecure Temporary File Creation Vulnerability
4. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
5. Asterisk SIP Dialog History Resource Exhaustion Remote Denial of Service Vulnerability
6. IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
7. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
8. Skulltag Huffman Packet Decompression Remote Heap Based Buffer Overflow Vulnerability
9. Bugzilla Multiple Remote Vulnerabilities
10. Sophos Antivirus UPX and BZIP Multiple Remote Vulnerabilities
11. Asterisk Malformed MIME Body Remote Denial of Service Vulnerability
12. BitchX IRC MODE Remote Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. mail antivirus
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Virtualized rootkits - Part 2
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 2 of 2
http://www.securityfocus.com/columnists/452


2. Virtualized rootkits - Part 1
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 1 of 2
http://www.securityfocus.com/columnists/451


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
BugTraq ID: 25360
Remote: No
Date Published: 2007-08-19
Relevant URL: http://www.securityfocus.com/bid/25360
Summary:
Gentoo Linux NVIDIA drivers are prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the application to crash or possibly cause hardware damage to a graphics card.

2. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
BugTraq ID: 25363
Remote: No
Date Published: 2007-08-19
Relevant URL: http://www.securityfocus.com/bid/25363
Summary:
Gentoo Linux NVIDIA drivers are prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the application to crash or possibly cause hardware damage to a graphics card.

3. Sysstat Insecure Temporary File Creation Vulnerability
BugTraq ID: 25380
Remote: No
Date Published: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25380
Summary:
Sysstat creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of applications utilizing the affected library.

Successfully mounting a symbolic link attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Sysstat 7.1.6 is reported to be vulnerable. Other versions may be affected as well.

4. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
BugTraq ID: 25387
Remote: No
Date Published: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25387
Summary:
The Linux kernel is prone to a security-bypass weakness when dealing with signal handling.

This issue is due to a lack of proper access-validation when the parent process attempts to deliver its death signal to the child that registered it via 'prctl'.

A local attacker may exploit this issue to bypass certain security restrictions, which may lead to other attacks.

Linux kernel versions prior to 2.6.22.4 are vulnerable.

5. Asterisk SIP Dialog History Resource Exhaustion Remote Denial of Service Vulnerability
BugTraq ID: 25392
Remote: Yes
Date Published: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25392
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to consume all system resources, denying service to legitimate users.

6. IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
BugTraq ID: 25401
Remote: No
Date Published: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25401
Summary:
IBM Lotus Notes is prone to a local privilege-escalation vulnerability because it fails to assigned proper file permissions during installation.

Attackers can exploit this issue to run arbitrary applications with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

NOTE: This issue may be related to the one covered under BID 20612. This has not been confirmed. This BID will be updated as further information becomes available.

7. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Date Published: 2007-08-23
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability. This issue occurs because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

8. Skulltag Huffman Packet Decompression Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 25423
Remote: Yes
Date Published: 2007-08-23
Relevant URL: http://www.securityfocus.com/bid/25423
Summary:
Skulltag is prone to a remote heap-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits may compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Skulltag version 0.97d-beta4.1 is vulnerable; other versions may also be affected.

9. Bugzilla Multiple Remote Vulnerabilities
BugTraq ID: 25425
Remote: Yes
Date Published: 2007-08-23
Relevant URL: http://www.securityfocus.com/bid/25425
Summary:
Bugzilla is prone to multiple remote vulnerabilities. These issues include an HTML-injection vulnerability, a remote-command injection vulnerability and an information-disclosure vulnerability.

An attacker can exploit this issue to execute arbitrary code and commands with the privileges of the webserver process, steal cookie-based authentication credentials and disclose sensitive information.

This issue affects Bugzilla 2.20.4, 2.22.2, 3.0, 3.1; prior versions of the 2.20 and 2.22 branches are also affected.

10. Sophos Antivirus UPX and BZIP Multiple Remote Vulnerabilities
BugTraq ID: 25428
Remote: Yes
Date Published: 2007-08-23
Relevant URL: http://www.securityfocus.com/bid/25428
Summary:
Sophos Antivirus is prone to multiple remote vulnerabilities. These issues include a remote code-execution vulnerability and a denial-of-service vulnerability.

A remote attacker can exploit this issue to execute arbitrary code within the context of the affected application or crash the affected application, denying service to legitimate users. Successful exploits may result in a crash of the antivirus engine or the exhaustion of disk space on affected computers.

This issue affects Sophos applications using antivirus engine versions prior to 2.48.0.

11. Asterisk Malformed MIME Body Remote Denial of Service Vulnerability
BugTraq ID: 25438
Remote: Yes
Date Published: 2007-08-24
Relevant URL: http://www.securityfocus.com/bid/25438
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle specially crafted emails.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

This issue affects Asterisk versions 1.4.5 to 1.4.11.

12. BitchX IRC MODE Remote Buffer Overflow Vulnerability
BugTraq ID: 25462
Remote: Yes
Date Published: 2007-08-27
Relevant URL: http://www.securityfocus.com/bid/25462
Summary:
BitchX is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects BitchX 1.1; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. mail antivirus
http://www.securityfocus.com/archive/91/477433

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper
One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data.
XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D1rX

No comments:

Blog Archive