News

Tuesday, September 18, 2007

SecurityFocus Linux Newsletter #355

SecurityFocus Linux Newsletter #355
----------------------------------------

This Issue is Sponsored by:Techmentor
_______________________

TechMentor - Las Vegas - October 15 - 19
Join your fellow systems administrators and IT managers at the Rio Hotel & Casino in Vegas for a week of in-depth technical training. TechMentor will give you the tools and techniques to help you get the most out of your network. Register now!
http://techmentorevents.com/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
II. LINUX VULNERABILITY SUMMARY
1. QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability
2. Lighttpd Mod_FastCGI Request Headers Remote Buffer Overflow Vulnerability
3. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
4. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
5. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
6. MPlayer AVIHeader.C Heap Based Buffer Overflow Vulnerability
7. Trolltech QT ToUnicode Function Off By One Buffer Overflow Vulnerability
8. AOL Instant Messenger Notification Window Remote Script Code Execution Vulnerability
9. Linux Kernel CIFS Local Privilege Escalation Vulnerability
10. OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability
BugTraq ID: 25618
Remote: No
Date Published: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25618
Summary:
QGit is prone to a local privilege-escalation vulnerability because the application handles temporary files in an insecure manner.

An attacker can exploit this issue overwrite files and to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to QGit 1.5.7 are vulnerable.

2. Lighttpd Mod_FastCGI Request Headers Remote Buffer Overflow Vulnerability
BugTraq ID: 25622
Remote: Yes
Date Published: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25622
Summary:
Lighttpd is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Lighttpd 1.4.17 is vulnerable; prior versions may also be affected.

3. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25627
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25627
Summary:
RealPlayer and Helix Player are prone to a denial-of-service vulnerability when handling malformed AU media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

4. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25634
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25634
Summary:
Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

These issues affect versions prior to Quagga Routing Suite 0.99.9.

5. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
BugTraq ID: 25636
Remote: No
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25636
Summary:
Samba is prone to a local privilege-escalation vulnerability due to a logic error in the Winbind daemon.

An attacker can exploit this issue to gain 'groupid 0' privileges on UNIX computers running the vulnerable Samba software. This may aid them in further attacks.

Samba 3.0.25 through 3.0.25c are vulnerable to this issue.

6. MPlayer AVIHeader.C Heap Based Buffer Overflow Vulnerability
BugTraq ID: 25648
Remote: Yes
Date Published: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/25648
Summary:
MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions.

MPlayer 1.0rc1 is vulnerable; other versions may also be affected.

7. Trolltech QT ToUnicode Function Off By One Buffer Overflow Vulnerability
BugTraq ID: 25657
Remote: Yes
Date Published: 2007-09-13
Relevant URL: http://www.securityfocus.com/bid/25657
Summary:
Qt is prone to a buffer-overflow vulnerability because the framework fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications that use the affected framework. Failed exploit attempts will result in a denial-of-service condition.

8. AOL Instant Messenger Notification Window Remote Script Code Execution Vulnerability
BugTraq ID: 25659
Remote: Yes
Date Published: 2007-09-13
Relevant URL: http://www.securityfocus.com/bid/25659
Summary:
AOL Instant Messenger is prone to a remote script-code-execution vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the notification window of an unsuspecting user. This may help the attacker launch other attacks.

AOL Instant Messenger 6.1.41.2 is vulnerable; other versions may also be affected.

9. Linux Kernel CIFS Local Privilege Escalation Vulnerability
BugTraq ID: 25672
Remote: No
Date Published: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25672
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

An attacker could exploit this issue to execute arbitrary code with the privileges of the victim.

10. OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25690
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25690
Summary:
OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by:Techmentor
_______________________

TechMentor - Las Vegas - October 15 - 19
Join your fellow systems administrators and IT managers at the Rio Hotel & Casino in Vegas for a week of in-depth technical training. TechMentor will give you the tools and techniques to help you get the most out of your network. Register now!
http://techmentorevents.com/

No comments:

Blog Archive