News

Loading...

Wednesday, November 28, 2007

SecurityFocus Linux Newsletter #365

SecurityFocus Linux Newsletter #365
----------------------------------------

This issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper

One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data. XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Aye, Robot, or Can Computers Contract?
2.Don't blame the IDS
II. LINUX VULNERABILITY SUMMARY
1. SMF Private Forum Messages Information Disclosure Vulnerability
2. IBM Director CIM Server Remote Denial of Service Vulnerability
3. skge Driver Spin_Unlock Remote Denial of Service Vulnerability
4. I Hear U Multiple Remote Denial Of Service Vulnerabilities
5. Wireshark 0.99.6 Multiple Remote Vulnerabilities
6. nss-mdns NSS.C Remote Denial of Service Vulnerability
7. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
8. wpa_supplicant TSF-Reporting Drivers Stack Based Buffer Overflow Vulnerability
9. Cygwin Filename Filename Buffer Overflow Vulnerability
10. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
11. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
12. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
13. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
14. ht://Dig Htsearch Cross Site Scripting Vulnerability
15. vlock Plugin Name Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. important errors to control with swatch
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.

http://www.securityfocus.com/columnists/458
2.Don't blame the IDS

By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. SMF Private Forum Messages Information Disclosure Vulnerability
BugTraq ID: 26508
Remote: Yes
Date Published: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26508
Summary:
SMF is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

SMF 1.1.4 is vulnerable; other versions may also be affected.

2. IBM Director CIM Server Remote Denial of Service Vulnerability
BugTraq ID: 26509
Remote: Yes
Date Published: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26509
Summary:
The CIM Server from the IBM Director suite is prone to a remote denial-of-service vulnerability because the application fails to properly handle multiple simultaneous network connections.

Successfully exploiting this issue allows remote attackers to consume excessive CPU resources and to trigger crashes, which would deny further service to legitimate users.

IBM Director 5.20.1 and prior versions on Linux and Microsoft Windows platforms are affected.

3. skge Driver Spin_Unlock Remote Denial of Service Vulnerability
BugTraq ID: 26511
Remote: Yes
Date Published: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26511
Summary:
The 'skge' driver is prone to a remote denial-of-service vulnerability.

An attacker could exploit this issue to crash the affected computer, denying further service to legitimate users.

4. I Hear U Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 26516
Remote: Yes
Date Published: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26516
Summary:
Multiple denial-of-service vulnerabilities affect I Hear U because the application fails to handle specially crafted packets.

An attacker may leverage these issues to cause a remote denial-of-service condition in affected applications.

These issues affect versions prior to I Hear U 0.5.7.

5. Wireshark 0.99.6 Multiple Remote Vulnerabilities
BugTraq ID: 26532
Remote: Yes
Date Published: 2007-11-22
Relevant URL: http://www.securityfocus.com/bid/26532
Summary:
Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Versions prior to Wireshark 0.99.7 are affected.

6. nss-mdns NSS.C Remote Denial of Service Vulnerability
BugTraq ID: 26539
Remote: Yes
Date Published: 2007-11-22
Relevant URL: http://www.securityfocus.com/bid/26539
Summary:
The 'nss-mdns' tool is prone to a denial-of-service vulnerability that occurs when the library fails to handle miss-aligned data structures.

An attacker could exploit this issue to crash the application using the affected library, denying further service to legitimate users.

Versions prior to nss-mdns 0.10 are vulnerable.

7. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26550
Remote: Yes
Date Published: 2007-11-23
Relevant URL: http://www.securityfocus.com/bid/26550
Summary:
PCRE regular-expression library is prone to multiple remote denial-of-service vulnerabilities because a memory-calculation error occurs for certain regular expressions.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

These issues affect versions prior to PCRE 7.0.

8. wpa_supplicant TSF-Reporting Drivers Stack Based Buffer Overflow Vulnerability
BugTraq ID: 26555
Remote: Yes
Date Published: 2007-11-23
Relevant URL: http://www.securityfocus.com/bid/26555
Summary:
The 'wpa_supplicant' program is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Failed exploit attempts may trigger crashes, denying service to legitimate users.

This issue affects wpa_supplicant 0.6.0; other versions may also be affected.

9. Cygwin Filename Filename Buffer Overflow Vulnerability
BugTraq ID: 26557
Remote: Yes
Date Published: 2007-11-24
Relevant URL: http://www.securityfocus.com/bid/26557
Summary:
Cygwin is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to overflow a buffer and execute arbitrary machine-code in the context of the vulnerable application. This may facilitate a compromise of the vulnerable computer.

This issue affects Cygwin 1.5.7 and earlier; other versions may also be vulnerable.

10. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
BugTraq ID: 26589
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26589
Summary:
Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to spoof HTTP Referer headers. This issue stems from a race condition in the affected application. The weakness arises because of a small timing difference when using a modal 'alert()' dialog, which allows users to generate fake HTTP Referer headers.

An attacker can exploit this issue to spoof HTTP referer headers. This may cause other security mechanisms that rely on this data to fail or to return misleading information.

This issue affects versions prior to Mozilla FireFox 2.0.0.10 and Mozilla SeaMonkey 1.1.7.

11. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
BugTraq ID: 26593
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26593
Summary:
The Mozilla Foundation has released a security advisory disclosing three unspecified memory-corruption vulnerabilities.

Successfully exploiting these issues may allow attackers to execute code, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application.

Versions prior to Mozilla Firefox 2.0.0.10 and Mozilla SeaMonkey 1.1.7 are vulnerable to these issues.

12. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
BugTraq ID: 26597
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26597
Summary:
Samhain Labs Samhain is prone to an information-disclosure weakness because of an error in the use of the random number generator.

An attacker can exploit this issue to weaken encryption and other security-related algorithms, which may aid in further attacks.

The issue affects Samhain 2.4.0 and 2.4.0a. Note that versions prior to 2.4.0 are not vulnerable to this issue.

13. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
BugTraq ID: 26605
Remote: No
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26605
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects version 2.6.23; other versions may also be affected.

14. ht://Dig Htsearch Cross Site Scripting Vulnerability
BugTraq ID: 26610
Remote: Yes
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26610
Summary:
ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects ht://Dig 3.2.0b6; other versions may also be vulnerable.

15. vlock Plugin Name Local Privilege Escalation Vulnerability
BugTraq ID: 26624
Remote: No
Date Published: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26624
Summary:
vlock is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects vlock versions prior to 2.2-rc3.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. important errors to control with swatch
http://www.securityfocus.com/archive/91/483940

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper

One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data. XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive