News

Thursday, October 25, 2007

SecurityFocus Linux Newsletter #360

SecurityFocus Linux Newsletter #360
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Rebinding attacks unbound
2.Aspect-Oriented Programming and Security
II. LINUX VULNERABILITY SUMMARY
1. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
2. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
3. WWWISIS IsisScript Local File Disclosure Vulnerability
4. WebMod AUTH.W Cross-Site Scripting Vulnerability
5. Asterisk 'asterisk-addons' CDR_ADDON_MYSQL Module SQL Injection Vulnerability
6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
7. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
8. Red Hat Linux Kernel Stack Unwinder Local Denial Of Service Vulnerability
9. Linux Kernel eHCA Driver Physical Address Space Information Disclosure Vulnerability
10. 3proxy FTP Proxy Double Free Memory Corruption Vulnerability
11. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability
12. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
13. XEN Xenmon.py Xenbaked Insecure Temporary File Creation Vulnerability
14. XScreenSaver Locked Screen Bypass Vulnerability
15. JustSystem Ichitaro JSTARO4.OCX and TJSVDA.DLL Multiple Buffer Overflow Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Linux Hardening
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455

2.Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 26072
Remote: No
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26072
Summary:
The TRAMP extension for Emacs creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to TRAMP 2.1.11 are vulnerable.

2. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
BugTraq ID: 26076
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26076
Summary:
Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable.

3. WWWISIS IsisScript Local File Disclosure Vulnerability
BugTraq ID: 26079
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26079
Summary:
WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process.

An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

This issue affects WWWISIS 7.1; other versions may also be vulnerable.

4. WebMod AUTH.W Cross-Site Scripting Vulnerability
BugTraq ID: 26087
Remote: Yes
Date Published: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26087
Summary:
WebMod is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects WebMod 0.48; other versions may also be vulnerable.

5. Asterisk 'asterisk-addons' CDR_ADDON_MYSQL Module SQL Injection Vulnerability
BugTraq ID: 26095
Remote: Yes
Date Published: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26095
Summary:
Asterisk 'asterisk-addons' package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects these versions:

'asterisk-addons' prior to 1.2.8 when used with Asterisk Open Source 1.2.x
'asterisk-addons' prior to 1.4.4 when used with Asterisk Open Source 1.4.x

6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
BugTraq ID: 26119
Remote: Yes
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26119
Summary:
Drupal is prone to multiple remote vulnerabilities:

- A cross-site request-forgery vulnerability.
- An HTTP response-splitting vulnerability.
- An HTML-injection vulnerability.
- A vulnerability that may allow an attacker to mail unpublished comments.
- An arbitrary-code-execution vulnerability.

An attacker may exploit these vulnerabilities to:

- Influence or misrepresent how web content is served, cached, or interpreted.
- Execute arbitrary code within the context of the webserver process.
- Steal cookie-based authentication credentials, allowing the attacker to launch other attacks.

7. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
BugTraq ID: 26132
Remote: Yes
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26132
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.7 and prior versions.

These vulnerabilities allow attackers to:

- Execute arbitrary code due to memory corruption
- Carry out content spoofing and phishing attacks
- Gain unauthorized access to files on a user's computer running the Linux operating system
- Execute script code with elevated privileges

Other attacks may also be possible.

These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior versions are also affected by many of these vulnerabilities.

8. Red Hat Linux Kernel Stack Unwinder Local Denial Of Service Vulnerability
BugTraq ID: 26158
Remote: No
Date Published: 2007-10-22
Relevant URL: http://www.securityfocus.com/bid/26158
Summary:
The Red Hat Linux kernel is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

9. Linux Kernel eHCA Driver Physical Address Space Information Disclosure Vulnerability
BugTraq ID: 26161
Remote: No
Date Published: 2007-10-22
Relevant URL: http://www.securityfocus.com/bid/26161
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain a portion of the physical address space. Information harvested may aid in further attacks.

10. 3proxy FTP Proxy Double Free Memory Corruption Vulnerability
BugTraq ID: 26180
Remote: Yes
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26180
Summary:
3proxy is prone to a double-free memory-corruption vulnerability.

Attackers may be able to exploit this issue to cause denial-of-service conditions.

This issue affects 3proxy 0.5.3i; other versions may also be vulnerable.

11. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability
BugTraq ID: 26185
Remote: Yes
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26185
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

12. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
BugTraq ID: 26188
Remote: No
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26188
Summary:
Gnome-screensaver is prone to a locked screen bypass vulnerability. A malicious user with physical console access can bypass the user's locked screen.

This issue affects gnome-screensaver released with Ubuntu 7.10; fixes from Ubuntu are available; other versions may also be affected.

13. XEN Xenmon.py Xenbaked Insecure Temporary File Creation Vulnerability
BugTraq ID: 26190
Remote: No
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26190
Summary:
Xen is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Xen 3.0; other versions may also be vulnerable.

14. XScreenSaver Locked Screen Bypass Vulnerability
BugTraq ID: 26204
Remote: No
Date Published: 2007-10-17
Relevant URL: http://www.securityfocus.com/bid/26204
Summary:
XScreenSaver is prone to a locked screen bypass vulnerability because the application crashes randomly when configured in a specific manner.

A malicious user with local access to the console could exploit this issue to bypass a user's locked screen.

This issue affects XScreenSaver 5.03-10 with the 'rss-glx-xscreensaver' and 'tempest' packages; other versions may also be affected.

15. JustSystem Ichitaro JSTARO4.OCX and TJSVDA.DLL Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26206
Remote: Yes
Date Published: 2007-10-25
Relevant URL: http://www.securityfocus.com/bid/26206
Summary:
JustSystem Ichitaro is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow attackers to execute arbitrary code in the context of a vulnerable application; failed attempts will likely cause denial-of-service conditions.


These issues affect Ichitaro 11, 12, 13, 2004, 2005, 2006, 2007, Ichitaro for Linux, Ichitaro Lite2, Punch and Ichitaro viewer; other version may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Linux Hardening
http://www.securityfocus.com/archive/91/482082

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3

No comments:

Blog Archive