News

Wednesday, September 05, 2007

SecurityFocus Linux Newsletter #353

SecurityFocus Linux Newsletter #353
----------------------------------------

This Issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mod Your iPhone- For Fun or Profit?
2. Virtualized rootkits - Part 2
II. LINUX VULNERABILITY SUMMARY
1. BitchX IRC MODE Remote Buffer Overflow Vulnerability
2. TCP Wrappers Libwrap0 Hosts.Deny Bypass Vulnerability
3. Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
4. Hexamail POP3 Server Remote Buffer Overflow Vulnerability
5. Norman Virus Control NVCOAFT51.SYS Driver Multiple Vulnerabilities
6. Backup Manager FTP Server Information Disclosure Vulnerability
7. Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
8. MIT Kerberos 5 kadmind Server Uninitialized Pointer Remote Code Execution Vulnerability
9. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
10. Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
III. LINUX FOCUS LIST SUMMARY
1. mail antivirus
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mod Your iPhone- For Fun or Profit?
By Mark Rasch
I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn't wait in line for hours; I just walked into the local Apple store, plunked down my life's savings, and voila, another AT&T customer!
http://www.securityfocus.com/columnists/453

2. Virtualized rootkits - Part 2
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 2 of 2
http://www.securityfocus.com/columnists/452


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. BitchX IRC MODE Remote Buffer Overflow Vulnerability
BugTraq ID: 25462
Remote: Yes
Date Published: 2007-08-27
Relevant URL: http://www.securityfocus.com/bid/25462
Summary:
BitchX is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects BitchX 1.1; other versions may also be affected.

2. TCP Wrappers Libwrap0 Hosts.Deny Bypass Vulnerability
BugTraq ID: 25485
Remote: Yes
Date Published: 2007-08-30
Relevant URL: http://www.securityfocus.com/bid/25485
Summary:
TCP Wrappers is prone to a vulnerability that lets attackers bypass access control rules. This issue occurs because the 'daemon_or_port_match()' function fails to properly handle connections missing server socket details in the 'hosts.deny' file.

Successfully exploiting this issue allows attackers to bypass 'hosts.deny' rules, potentially aiding them in further network-based attacks.

TCP Wrappers implementations on a variety of operating platforms are vulnerable, including TCP Wrappers:libwrap0 shipped with Ubuntu 7.0.4 and TCP Wrappers:libwrap0 7.6.dbs-11 on Debian Linux. Other platforms may be affected as well.

3. Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
BugTraq ID: 25495
Remote: Yes
Date Published: 2007-08-30
Relevant URL: http://www.securityfocus.com/bid/25495
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Fetchmail 4.6.8 through to 6.3.8 are vulnerable to this issue.

4. Hexamail POP3 Server Remote Buffer Overflow Vulnerability
BugTraq ID: 25496
Remote: Yes
Date Published: 2007-08-30
Relevant URL: http://www.securityfocus.com/bid/25496
Summary:
Hexamail Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application, likely with SYSTEM-level privileges because the server must listen on TCP ports lower than 1024.

Hexamail Server 3.0.0.001 is vulnerable to this issue; other versions may also be affected.

5. Norman Virus Control NVCOAFT51.SYS Driver Multiple Vulnerabilities
BugTraq ID: 25499
Remote: No
Date Published: 2007-08-31
Relevant URL: http://www.securityfocus.com/bid/25499
Summary:
Norman Virus Control is prone to multiple vulnerabilities including a heap-based kernel memory buffer-overflow issue and multiple input-validation vulnerabilities.

These issues reside in the 'nvcoaft51.sys' driver.

Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Norman Virus Control 5.82 is vulnerable; other versions may also be affected.

NOTE: Other Norman products may also use the affected driver.

6. Backup Manager FTP Server Information Disclosure Vulnerability
BugTraq ID: 25503
Remote: No
Date Published: 2007-08-31
Relevant URL: http://www.securityfocus.com/bid/25503
Summary:
Backup Manger is prone to an information-disclosure vulnerability affecting FTP access to the backup server.

Local attackers can exploit this issue to gain authentication credentials for the backup server. Successful attacks can compromise the backup server.

Versions prior to Backup Manager 0.6.3 are vulnerable.

7. Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
BugTraq ID: 25504
Remote: No
Date Published: 2007-08-31
Relevant URL: http://www.securityfocus.com/bid/25504
Summary:
The Linux Kernel is prone to a local denial-of-service vulnerability because it fails to properly free resources of USB PWC devices.

Attackers can exploit this issue to block the USB subsystem, resulting in denial-of-service conditions.

Versions prior to 2.6.22.6 are vulnerable.

8. MIT Kerberos 5 kadmind Server Uninitialized Pointer Remote Code Execution Vulnerability
BugTraq ID: 25533
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25533
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a remote code-execution vulnerability because of an uninitialized pointer.

An authenticated attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will cause denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.5 through 1.6.2 are vulnerable.

9. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
BugTraq ID: 25534
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25534
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third party applications using the affected RPC library are also affected.

10. Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
BugTraq ID: 25542
Remote: No
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25542
Summary:
Red Hat Advanced Intrusion Detection Environment (AIDE) is prone to a checksum database design weakness.

An attacker may exploit this issue to evade AIDE file modification checks, which may lead to other attacks.

This issue is due to an RPM packaging error on Red Hat systems. Other implementations of AIDE may possibly be affected but this has not been verified by Symantec.

AIDE versions prior to 0.13.1 on Red Hat Enterprise Linux version 5 server and client are vulnerable to this issue.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. mail antivirus
http://www.securityfocus.com/archive/91/477433

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com

No comments:

Blog Archive