News

Wednesday, November 07, 2007

SecurityFocus Linux Newsletter #362

SecurityFocus Linux Newsletter #362
----------------------------------------

This issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored.
This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools.
Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=7017000000093zv


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.E-mail privacy to disappear?
2.Rebinding attacks unbound
II. LINUX VULNERABILITY SUMMARY
1. vobcopy vobcopy.bla Insecure Temporary File Creation Vulnerability
2. Liferea Feedlist.OPML Local Information Disclosure Vulnerability
3. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
4. McAfee E-Business Server Authentication Packet Handling Integer Overflow Vulnerability
5. Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
6. Mono System.Math BigInteger Buffer Overflow Vulnerability
7. iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
8. BitchX E_HOSTNAME Function Insecure Temporary File Creation Vulnerability
9. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
10. PCRE Regular Expression Library Multiple Security Vulnerabilities
11. Perl Unicode Regular Expression Buffer Overflow Vulnerability
12. Xpdf Multiple Remote Stream.CC Vulnerabilities
13. CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
14. Mcstrans Mcstrans.C Local Denial of Service Vulnerability
15. GForge Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. How secure is the openSUSE Build Service?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.E-mail privacy to disappear?
On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your e-mail -- similar to the way they could simply subpoena any physical mail sitting on your desk -- is unconstitutionally broad.

http://www.securityfocus.com/columnists/456

2.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. vobcopy vobcopy.bla Insecure Temporary File Creation Vulnerability
BugTraq ID: 26233
Remote: No
Date Published: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26233
Summary:
The 'vobcopy' tool creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

2. Liferea Feedlist.OPML Local Information Disclosure Vulnerability
BugTraq ID: 26254
Remote: No
Date Published: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26254
Summary:
Liferea is prone to a local information-disclosure vulnerability because the application fails to set file permissions correctly on a backup file.

Attackers can leverage this issue to obtain sensitive information used to construct valid login credentials.

This issue affects versions prior to Liferea 1.4.6.

3. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 26268
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26268
Summary:
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.

4. McAfee E-Business Server Authentication Packet Handling Integer Overflow Vulnerability
BugTraq ID: 26269
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26269
Summary:
The application is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.

Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. This is turn may result in a complete compromise of the affected system. Failed exploit attempts will result in a denial of service.

The issue affects McAfee E-Business Server 8.1.1 for Linux and 8.5.2 for Solaris. Versions for Windows are not affected.

5. Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
BugTraq ID: 26270
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26270
Summary:
Perdition IMAP proxy server is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected application. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.

This issue affects Perdition 1.17 and prior versions.

6. Mono System.Math BigInteger Buffer Overflow Vulnerability
BugTraq ID: 26279
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26279
Summary:
Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

7. iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
BugTraq ID: 26299
Remote: No
Date Published: 2007-11-02
Relevant URL: http://www.securityfocus.com/bid/26299
Summary:
iSCSI Enterprise Target is prone to a local information-disclosure vulnerability because the software sets incorrect permissions on the '/etc/ietd.conf' file.

Attackers can exploit this issue to obtain usernames and passwords as well as information about the configuration of the affected application.

This issue affects iSCSI Enterprise Target 0.4.15; other versions may also be affected.

8. BitchX E_HOSTNAME Function Insecure Temporary File Creation Vulnerability
BugTraq ID: 26326
Remote: No
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26326
Summary:
BitchX is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects BitchX 1.1; other versions may also be vulnerable.

9. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
BugTraq ID: 26337
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26337
Summary:
The Linux kernel ieee80211 driver is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash a victim computer, effectively denying service.

Versions prior to Linux kernel 2.6.22.11 are vulnerable.

10. PCRE Regular Expression Library Multiple Security Vulnerabilities
BugTraq ID: 26346
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26346
Summary:
PCRE regular-expression library is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

11. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.

Perl 5.8 is vulnerable to this issue; other versions may also be affected.

12. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Date Published: 2007-11-07
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.

Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.

Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.

13. CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
BugTraq ID: 26369
Remote: No
Date Published: 2007-11-07
Relevant URL: http://www.securityfocus.com/bid/26369
Summary:
CoolKey creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks to alter the permissions of an arbitrary attacker-specified file, such as '/etc/shadow'. This could facilitate a complete compromise of the affected computer.

14. Mcstrans Mcstrans.C Local Denial of Service Vulnerability
BugTraq ID: 26371
Remote: No
Date Published: 2007-11-07
Relevant URL: http://www.securityfocus.com/bid/26371
Summary:
Mcstrans is prone to a local denial-of-service vulnerability because it fails to adequately check user-supplied data.

Successfully exploiting this issue allows local attackers to deny service to legitimate users.

15. GForge Insecure Temporary File Creation Vulnerability
BugTraq ID: 26373
Remote: No
Date Published: 2007-11-07
Relevant URL: http://www.securityfocus.com/bid/26373
Summary:
GForge creates temporary files in an insecure way.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. How secure is the openSUSE Build Service?
http://www.securityfocus.com/archive/91/483116

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored.
This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools.
Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=7017000000093zv

No comments:

Blog Archive