----------------------------------------
This issue is Sponsored by: CSI
CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Starting up with Aspect-Oriented Programming
2.Of Hackers and Ego
II. LINUX VULNERABILITY SUMMARY
1. OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability
2. AlsaPlayer Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability
3. Wesnoth Client UTF-8 Remote Denial of Service Vulnerability
4. Cisco Wireless Control System Insecure Password Vulnerability
5. Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
6. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
7. Firebird Process_Packet Remote Buffer Overflow Vulnerability
8. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
9. rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability
10. Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution Vulnerability
11. MadWifi Xrates Element Remote Denial of Service Vulnerability
12. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
13. OpenSSL DTLS Heap Buffer Overflow Vulnerability
14. Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
15. DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
16. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability
17. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
18. WWWISIS IsisScript Local File Disclosure Vulnerability
19. WebMod AUTH.W Cross-Site Scripting Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Linux Hardening
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Starting up with Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895
2.Of Hackers and Egos
By Don Parker
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill.
http://www.securityfocus.com/columnists/454
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability
BugTraq ID: 25955
Remote: Yes
Date Published: 2007-10-08
Relevant URL: http://www.securityfocus.com/bid/25955
Summary:
OpenH323 is prone to a remote denial-of-service vulnerability because of memory mismanagement when handling user-supplied data.
Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
This issue affects OpenH323 2.2.4; earlier versions may also be vulnerable. Applications using the affected library may also be vulnerable.
2. AlsaPlayer Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 25969
Remote: Yes
Date Published: 2007-10-08
Relevant URL: http://www.securityfocus.com/bid/25969
Summary:
AlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
This issue affects versions prior to AlsaPlayer 0.99.80-rc3.
3. Wesnoth Client UTF-8 Remote Denial of Service Vulnerability
BugTraq ID: 25995
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25995
Summary:
Wesnoth is prone to a remote denial-of-service vulnerability because it fails to handle unexpected input.
Attackers can exploit this issue to cause the Wesnoth client to crash.
Wesnoth 1.2.6 is affected by this issue.
4. Cisco Wireless Control System Insecure Password Vulnerability
BugTraq ID: 26000
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26000
Summary:
Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue occurs when the Cisco Wireless LAN Solution Engine (WLSE) uses a conversion utility to convert to the Cisco Wireless Control System (WCS). This issue is being tracked by Cisco Bug ID CSCsj71081
An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device.
This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions.
5. Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26005
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26005
Summary:
Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
Versions prior to Asterisk Open Source 1.4.13 are vulnerable.
6. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
BugTraq ID: 26010
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26010
Summary:
IBM DB2 Universal Database is prone to two denial-of-service vulnerabilities.
Successfully exploiting these issues allows attackers to cause server crashes, denying service to legitimate users.
IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues.
NOTE: Information regarding the buffer-overflow vulnerability previously documented in this BID has been removed. That vulnerability is documented in a separate record: BID 23890 (IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability).
7. Firebird Process_Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 26011
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26011
Summary:
Firebird is prone to a remote stack-based buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.
Firebird 2.0.2 is vulnerable; previous versions may also be affected.
8. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 26015
Remote: Yes
Date Published: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26015
Summary:
Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues.
Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers.
The following applications are affected:
BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
9. rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability
BugTraq ID: 26048
Remote: No
Date Published: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26048
Summary:
rPath Linux is prone to a local information-disclosure vulnerability because scripts from the 'initscripts' package fail to set file permissions correctly on the '/var/log/btmp' file.
Attackers can leverage this issue to obtain valuable information to construct valid login credentials.
This issue affects rPath Linux 1; other versions may also be affected.
10. Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution Vulnerability
BugTraq ID: 26050
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26050
Summary:
Computer Associates BrightStor ARCserve Backup is prone to an unspecified remote code-execution vulnerability.
Very few details are known about this issue. We will update this BID as soon as more information emerges.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
This issue affects Computer Associates BrightStor ARCserve Backup 11.5 SP3; other versions may also be affected.
11. MadWifi Xrates Element Remote Denial of Service Vulnerability
BugTraq ID: 26052
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26052
Summary:
MadWifi is prone to a remote denial-of-service vulnerability because the application limits the size of the extended supported rates element in beacon frames transmitted from wireless access points.
An attacker can exploit this issue to cause the affected computer to crash, denying further service to legitimate users.
This issue affects MadWifi 0.9.3.2 and prior versions.
12. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
BugTraq ID: 26054
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26054
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers.
NOTE: By default the application's 'hpssd' daemon listens only on localhost, but it can be configured (via /etc/hp/hplip.conf) to listen to remote requests as well.
HPLIP versions in the 1.0 and 2.0 series are vulnerable.
13. OpenSSL DTLS Heap Buffer Overflow Vulnerability
BugTraq ID: 26055
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26055
Summary:
OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.
14. Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
BugTraq ID: 26057
Remote: Yes
Date Published: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26057
Summary:
CallManager and Openser are prone to a remote unauthorized-access vulnerability that may lead to toll fraud and caller-ID spoofing.
A remote attacker can exploit this issue to initiate unauthorized phone calls and pretend to be a legitimate user.
15. DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
BugTraq ID: 26061
Remote: Yes
Date Published: 2007-10-13
Relevant URL: http://www.securityfocus.com/bid/26061
Summary:
DenyHosts is prone to a remote denial-of-service vulnerability becaus the application fails to properly ensure the source of authentication-failure messages.
Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. Exploiting this allows attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users.
This issue is a variant of the vulnerability discussed in BID 21468 (DenyHosts Remote Denial of Service Vulnerability).
16. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 26067
Remote: Yes
Date Published: 2007-10-13
Relevant URL: http://www.securityfocus.com/bid/26067
Summary:
WWWISIS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
17. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
BugTraq ID: 26076
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26076
Summary:
Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library.
Attackers can exploit this issue to cause denial-of-service conditions.
Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable.
18. WWWISIS IsisScript Local File Disclosure Vulnerability
BugTraq ID: 26079
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26079
Summary:
WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process.
An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks.
This issue affects WWWISIS 7.1; other versions may also be vulnerable.
19. WebMod AUTH.W Cross-Site Scripting Vulnerability
BugTraq ID: 26087
Remote: Yes
Date Published: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26087
Summary:
WebMod is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects WebMod 0.48; other versions may also be vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Linux Hardening
http://www.securityfocus.com/archive/91/482082
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CSI
CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.
No comments:
Post a Comment