News

Thursday, September 27, 2007

SecurityFocus Linux Newsletter #356

SecurityFocus Linux Newsletter #356
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D3WW


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
II. LINUX VULNERABILITY SUMMARY
1. OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
2. inotify-tools C Library inotifytools_snfprintf() Local Buffer Overflow Vulnerability
3. Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability
4. Dibbler Multiple Memory Corruption Vulnerabilities
5. KDE KDM Unspecified Password Authentication Bypass Vulnerability
6. VMware Workstation Guest System Denial Of Service Vulnerability
7. VMware Workstation Path Specification Local Privilege Escalation Vulnerability
8. SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability
9. PAM IDE-CD SG_IO Security Bypass Vulnerability
10. Imatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
11. Linux Kernel Ptrace Local Privilege Escalation Vulnerability
12. Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability
13. Linux Kernel ATM Module CLIP Support Local Denial of Service Vulnerability
14. Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability
15. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
16. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25690
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25690
Summary:
OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

2. inotify-tools C Library inotifytools_snfprintf() Local Buffer Overflow Vulnerability
BugTraq ID: 25724
Remote: No
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25724
Summary:
The 'inotify-tools' C library is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the application using the library. Successful exploits can compromise affected applications and possibly the underlying computer. Failed exploit attempts will result in a denial of service.

Versions prior to inotify-tools 3.11 are vulnerable.

3. Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability
BugTraq ID: 25725
Remote: Yes
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25725
Summary:
Bugzilla is prone to a security-bypass vulnerability because it fails to adequately validate user-supplied input.

Attackers can exploit this issue to create Bugzilla user accounts on computers that also have the 'SOAP::Lite' Perl module installed.

NOTE: The application is vulnerable even if account creation has been disabled.

Versions prior to Bugzilla 3.0.2 and 3.1.2 are vulnerable.

4. Dibbler Multiple Memory Corruption Vulnerabilities
BugTraq ID: 25726
Remote: Yes
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25726
Summary:
Dibbler is prone to multiple memory-corruption vulnerabilities, including an integer-overflow issue, a buffer-overflow issue, and a NULL-pointer-dereference issue.

An attacker could exploit these issues by sending a malicious IPv6 packet to a computer running the affected application.

Successfully exploiting these issues will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

These issues affect Dibbler 0.6.0; prior versions may also be affected.

5. KDE KDM Unspecified Password Authentication Bypass Vulnerability
BugTraq ID: 25730
Remote: No
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25730
Summary:
KDM is prone to an authentication-bypass vulnerability under certain circumstances.

Attackers can exploit this issue to gain superuser privileges, resulting in the complete compromise of affected computers.

This issue affects KDM shipped with KDE 3.3.0 up to and including 3.5.7.

6. VMware Workstation Guest System Denial Of Service Vulnerability
BugTraq ID: 25731
Remote: No
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25731
Summary:
VMware Workstation is prone to a denial-of-service vulnerability.

An unprivileged attacker in a guest operating system could cause a host process to become unresponsive or to crash, effectively denying service to legitimate users.

7. VMware Workstation Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 25732
Remote: No
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25732
Summary:
VMware Workstation is prone to a privilege-escalation vulnerability.

The application tries to execute registered Windows services without using properly quoted paths. Successful exploits may allow local attackers to gain elevated privileges.

8. SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability
BugTraq ID: 25739
Remote: No
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25739
Summary:
SKK Tools creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects SKK Tools 1.2; other versions may also be vulnerable.

9. PAM IDE-CD SG_IO Security Bypass Vulnerability
BugTraq ID: 25749
Remote: No
Date Published: 2007-09-20
Relevant URL: http://www.securityfocus.com/bid/25749
Summary:
PAM is prone to a security-bypass vulnerability because it fails to restrict access to recordable CD devices.

Attackers can exploit this issue to tamper with writable media that is in a device.

10. Imatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
BugTraq ID: 25772
Remote: Yes
Date Published: 2007-09-24
Relevant URL: http://www.securityfocus.com/bid/25772
Summary:
Xitami is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Xitami 2.5 is vulnerable to this issue; other versions may also be affected.

11. Linux Kernel Ptrace Local Privilege Escalation Vulnerability
BugTraq ID: 25774
Remote: No
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25774
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

Versions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue.

12. Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 25777
Remote: Yes
Date Published: 2007-09-24
Relevant URL: http://www.securityfocus.com/bid/25777
Summary:
Balsa is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

This issue affects the application's IMAP functionality.

An attacker can exploit this issue to execute arbitrary machine code within the context of the user running the application. Failed exploit attempts will result in a denial-of-service vulnerability.

Versions prior to Balsa 2.3.20 are vulnerable.

13. Linux Kernel ATM Module CLIP Support Local Denial of Service Vulnerability
BugTraq ID: 25798
Remote: No
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25798
Summary:
Linux kernel is prone to a local denial-of-service vulnerability.

This issue affects the ATM module when configured for CLIP module support.

Versions of Linux kernel prior to 2.4.35.3 or 2.6.22.7 are affected by this issue.

14. Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability
BugTraq ID: 25801
Remote: No
Date Published: 2007-09-25
Relevant URL: http://www.securityfocus.com/bid/25801
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

This issue occurs because of a NULL-pointer dereference in certain 'ptrace' operations.

A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

15. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
BugTraq ID: 25807
Remote: No
Date Published: 2007-09-25
Relevant URL: http://www.securityfocus.com/bid/25807
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.22.8 are vulnerable.

16. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 25831
Remote: Yes
Date Published: 2007-09-27
Relevant URL: http://www.securityfocus.com/bid/25831
Summary:
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D3WW

No comments:

Blog Archive