News

Wednesday, September 12, 2007

SecurityFocus Linux Newsletter #354

SecurityFocus Linux Newsletter #354
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
2. Mod Your iPhone - For Fun or Profit?
II. LINUX VULNERABILITY SUMMARY
1. MIT Kerberos 5 kadmind Server Uninitialized Pointer Remote Code Execution Vulnerability
2. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
3. Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
4. Alien Arena 2007 Multiple Remote Vulnerabilities
5. debian-goodies Checkrestart Script Local Privilege Escalation Vulnerability
6. Gforge Unspecified SQL Injection Vulnerability
7. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
8. QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability
9. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
10. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
11. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. mail antivirus
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892

2. Mod Your iPhone - For Fun or Profit?
By Mark Rasch
I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn't wait in line for hours; I just walked into the local Apple store, plunked down my life's savings, and voila, another AT&T customer!
http://www.securityfocus.com/columnists/453


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MIT Kerberos 5 kadmind Server Uninitialized Pointer Remote Code Execution Vulnerability
BugTraq ID: 25533
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25533
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a remote code-execution vulnerability because of an uninitialized pointer.

An authenticated attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will cause denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.5 through 1.6.2 are vulnerable.

2. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
BugTraq ID: 25534
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25534
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third-party applications using the affected RPC library are also affected.

3. Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
BugTraq ID: 25542
Remote: No
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25542
Summary:
Red Hat Advanced Intrusion Detection Environment (AIDE) is prone to a design weakness because its database does not contain checksums for files.

An attacker may exploit this issue to evade AIDE file-modification checks, which may lead to other attacks.

This issue is due to an RPM packaging error on Red Hat systems. Other implementations of AIDE may also be affected, but Symantec has not confirmed this.

Versions prior to AIDE 0.13.1 on Red Hat Enterprise Linux 5 server and client are vulnerable.

4. Alien Arena 2007 Multiple Remote Vulnerabilities
BugTraq ID: 25559
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.securityfocus.com/bid/25559
Summary:
Alien Arena 2007 is prone to multiple remote vulnerabilities, including a denial-of-service vulnerability and a format-string vulnerability.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application or to disconnect users from the game server.

Alien Arena 2007 6.10 is vulnerable; other versions may also be affected.

5. debian-goodies Checkrestart Script Local Privilege Escalation Vulnerability
BugTraq ID: 25569
Remote: No
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25569
Summary:
The 'checkrestart' utility in the 'debian-goodies' package is prone to a local privilege-escalation vulnerability because the application fails to sufficiently validate user-supplied data.

An attacker can exploit this issue to execute arbitrary commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects versions prior to debian-goodies 0.34.

6. Gforge Unspecified SQL Injection Vulnerability
BugTraq ID: 25585
Remote: Yes
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25585
Summary:
Gforge is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Gforge 3.1 is vulnerable; other versions may also be affected.

7. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
BugTraq ID: 25606
Remote: No
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25606
Summary:
The X.Org X Window System is prone to a local buffer-overflow vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges. This may facilitate a compromise of the affected computer.

8. QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability
BugTraq ID: 25618
Remote: No
Date Published: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25618
Summary:
QGit is prone to a local privilege-escalation vulnerability because the application handles temporary files in an insecure manner.

An attacker can exploit this issue overwrite files and to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to QGit 1.5.7 are vulnerable.

9. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25627
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25627
Summary:
RealPlayer and Helix Player are prone to a denial-of-service vulnerability when handling malformed AU media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

10. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
BugTraq ID: 25628
Remote: No
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25628
Summary:
OpenSSH is prone to a local authentication-bypass vulnerability because the software fails to properly manage trusted and untrusted X11 cookies.

Successfully exploiting this issue allows local attackers to potentially launch a forwarded X11 session through SSH in an unauthorized manner. Further details are currently unavailable. We will update this BID as more information emerges.

This issue affects OpenSSH 4.6; previous versions may be affected as well.

11. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25634
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25634
Summary:
Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

These issues affect versions prior to Quagga Routing Suite 0.99.9.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. mail antivirus
http://www.securityfocus.com/archive/91/477433

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp

No comments:

Blog Archive