----------------------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Of Hackers and Ego
2.Passive Network Analysis
II. LINUX VULNERABILITY SUMMARY
1. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
2. rPath rMake Local Privilege Escalation Vulnerability
3. Borland InterBase Multiple Remote Buffer Overflow Vulnerabilities
4. Sun Java Runtime Environment Multiple Weaknesses
5. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
6. GForge Verify.PHP Cross Site Scripting Vulnerability
7. Guilt Multiple Insecure Temporary File Creation Vulnerabilities
8. HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability
9. OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability
10. AlsaPlayer Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability
11. Cisco Wireless Control System Insecure Password Vulnerability
12. Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
13. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
14. Firebird Process_Packet Remote Buffer Overflow Vulnerability
15. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
16. rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability
17. Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution Vulnerability
18. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Linux Hardening
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Of Hackers and Egos
By Don Parker
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill.
http://www.securityfocus.com/columnists/454
2.Passive Network Analysis
By Stephen Barish
In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks.
http://www.securityfocus.com/infocus/1894
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
BugTraq ID: 25898
Remote: Yes
Date Published: 2007-10-02
Relevant URL: http://www.securityfocus.com/bid/25898
Summary:
X.Org X Font Server (XFS) is prone to multiple memory-corruption vulnerabilities, including an integer-overflow issue and a heap-based memory-corruption issue.
An attacker could exploit this issue to execute arbitrary code with the privileges of the X Font Server. Failed exploit attempts will likely result in a denial-of-service condition.
NOTE: These issues are exploitable remotely only on Solaris operating systems; by default the server is listening on TCP port 7100. For other UNIX-like operating systems, an attacker can exploit these issues only locally.
These issues affect X Font Server 1.0.4; prior versions may also be affected.
2. rPath rMake Local Privilege Escalation Vulnerability
BugTraq ID: 25899
Remote: No
Date Published: 2007-10-02
Relevant URL: http://www.securityfocus.com/bid/25899
Summary:
rPath rMake is prone to a local privilege-escalation vulnerability that stems from a design error.
An attacker may exploit this vulnerability to execute arbitrary code with superuser privileges. This may facilitate a complete compromise of affected computers.
This vulnerability affects rMake 1.0.11; other versions may also be affected.
3. Borland InterBase Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25917
Remote: Yes
Date Published: 2007-10-03
Relevant URL: http://www.securityfocus.com/bid/25917
Summary:
Borland InterBase is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers.
Borland InterBase 2007 for Linux and Windows is considered vulnerable.
4. Sun Java Runtime Environment Multiple Weaknesses
BugTraq ID: 25918
Remote: Yes
Date Published: 2007-10-03
Relevant URL: http://www.securityfocus.com/bid/25918
Summary:
Sun Java Runtime Environment is prone to multiple weaknesses that may allow JavaScript code or applets to connect to resources other than the one the scripts or applets were downloaded from. One of the weaknesses may allow an attacker to obscure a Java warning about an untrusted applet from the user.
These issues affect the following packages for Windows, Solaris, and Linux:
JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier
5. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Date Published: 2007-10-04
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability.
An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.
6. GForge Verify.PHP Cross Site Scripting Vulnerability
BugTraq ID: 25923
Remote: Yes
Date Published: 2007-10-04
Relevant URL: http://www.securityfocus.com/bid/25923
Summary:
GForge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. A fix is available from the vendor.
Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue affects GForge 4.6; other versions may also be affected.
7. Guilt Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 25941
Remote: No
Date Published: 2007-10-05
Relevant URL: http://www.securityfocus.com/bid/25941
Summary:
Guilt is prone to multiple vulnerabilities because it creates temporary files in an insecure way.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Guilt 0.27 is vulnerable to these issues; other versions may also be affected.
8. HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability
BugTraq ID: 25953
Remote: Yes
Date Published: 2007-10-03
Relevant URL: http://www.securityfocus.com/bid/25953
Summary:
HP System Management Homepage is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Versions of HP System Management Homepage (SMH) prior to 2.1.10 for Linux and Windows, and HP-UX B.11.11, B.11.23, and B.11.31 are affected.
9. OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability
BugTraq ID: 25955
Remote: Yes
Date Published: 2007-10-08
Relevant URL: http://www.securityfocus.com/bid/25955
Summary:
OpenH323 is prone to a remote denial-of-service vulnerability because of memory mismanagement when handling user-supplied data.
Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
This issue affects OpenH323 2.2.4; earlier versions may also be vulnerable. Applications using the affected library may also be vulnerable.
10. AlsaPlayer Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 25969
Remote: Yes
Date Published: 2007-10-08
Relevant URL: http://www.securityfocus.com/bid/25969
Summary:
AlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
This issue affects versions prior to AlsaPlayer 0.99.80-rc3.
11. Cisco Wireless Control System Insecure Password Vulnerability
BugTraq ID: 26000
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26000
Summary:
Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue occurs when the Cisco Wireless LAN Solution Engine (WLSE) uses a conversion utility to convert to the Cisco Wireless Control System (WCS). This issue is being tracked by Cisco Bug ID CSCsj71081
An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device.
This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions.
12. Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26005
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26005
Summary:
Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
Versions prior to Asterisk Open Source 1.4.13 are vulnerable.
13. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
BugTraq ID: 26010
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26010
Summary:
IBM DB2 Universal Database is prone to a buffer-overflow vulnerability and two denial-of-service vulnerabilities.
Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the database server, compromising the computer. Exploits may also result in server crashes, denying service to legitimate users.
IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues.
14. Firebird Process_Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 26011
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26011
Summary:
Firebird is prone to a remote stack-based buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.
Firebird 2.0.2 is vulnerable; previous versions may also be affected.
15. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 26015
Remote: Yes
Date Published: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26015
Summary:
Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues.
Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers.
The following applications are affected:
BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
16. rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability
BugTraq ID: 26048
Remote: No
Date Published: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26048
Summary:
rPath Linux is prone to a local information-disclosure vulnerability.
The issue is due to incorrect file permissions being set on the '/var/log/btmp' file by scripts from the initscripts package.
Attackers can leverage this issue to gain valuable information to construct valid login credentials.
This issue affects rPath Linux 1; other versions may also be affected.
17. Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution Vulnerability
BugTraq ID: 26050
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26050
Summary:
Computer Associates BrightStor ARCserve Backup is prone to an unspecified remote code-execution vulnerability.
Very little information is known about this issue. We will update this BID as soon as more information becomes available.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
This issue affects Computer Associates BrightStor ARCserve Backup 11.5 SP3; other versions may also be affected.
18. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
BugTraq ID: 26054
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26054
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to a an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers.
NOTE: By default the application's hpssd daemon only listens on localhost, however it can be configured to listen to remote requests as well.
HPLIP versions in the 1.0 and 2.0 series are vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Linux Hardening
http://www.securityfocus.com/archive/91/482082
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl
No comments:
Post a Comment