----------------------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D8v9
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Copyrights and Wrongs
2.The Man in the Machine
II. LINUX VULNERABILITY SUMMARY
1. Sun Solaris LX(5) Branded Zones Unspecified Local Denial of Service Vulnerability
2. Zsh Insecure Temporary File Creation Vulnerability
3. Claws Mail Insecure Temporary File Creation Vulnerability
4. Ascential DataStage Multiple Local Vulnerabilities
5. SING Log Option Local Privilege Escalation Vulnerability
6. ZABBIX daemon_start Local Privilege Escalation Vulnerability
7. OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability
8. xterm Psuedo Terminal Insecure Permissions Local Insecure Permission Weakness
9. hugin Insecure Temporary File Creation Vulnerability
10. Drupal TAXONOMY_SELECT_NODES() SQL Injection Vulnerability
11. Drupal Shoutbox Module Multiple HTML Injection Vulnerabilities
12. HP OpenView Network Node Manager CGI Buffer Overflow Vulnerabilities
13. MIT Kerberos Multiple Memory Corruption Vulnerabilities
14. MySQL Server RENAME TABLE System Table Overwrite Vulnerability
15. NFSv4 ID Mapper nfsidmap Username Lookup Local Privilege Escalation Vulnerability
16. Ext2 Filesystem Utilities e2fsprogs libext2fs Multiple Unspecified Integer Overflow Vulnerabilities
17. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.
http://www.securityfocus.com/columnists/460
2.The Man in the Machine
By Federico Biancuzzi
In April 2007, when two security researchers demonstrated a flaw in the next-generation IPv6 routing scheme that would allow attackers to significantly amplify any denial-of-service attack by a factor of at least 80, networking expert Jun-ichiro "Itojun" Hagino worked to get Internet engineers to take the threat seriously.
http://www.securityfocus.com/columnists/459
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Sun Solaris LX(5) Branded Zones Unspecified Local Denial of Service Vulnerability
BugTraq ID: 26672
Remote: No
Date Published: 2007-12-01
Relevant URL: http://www.securityfocus.com/bid/26672
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability caused by a race condition.
A local unprivileged attacker can exploit this issue to cause a system panic on an affected computer, resulting in a denial-of-service condition.
This issue affects Solaris 10 x86 running in 64-bit mode.
2. Zsh Insecure Temporary File Creation Vulnerability
BugTraq ID: 26674
Remote: No
Date Published: 2007-12-02
Relevant URL: http://www.securityfocus.com/bid/26674
Summary:
Zsh is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects Zsh 4.3.4; other versions may also be vulnerable.
3. Claws Mail Insecure Temporary File Creation Vulnerability
BugTraq ID: 26676
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26676
Summary:
Claws Mail is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects Claws Mail 3.1.0; other versions may also be vulnerable.
4. Ascential DataStage Multiple Local Vulnerabilities
BugTraq ID: 26677
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26677
Summary:
Ascential DataStage is prone to three security vulnerabilities that a local attacker may exploit to obtain sensitive information and to manipulate files.
These issues were reported to affect Ascential DataStage 7.5; other versions may also be affected.
5. SING Log Option Local Privilege Escalation Vulnerability
BugTraq ID: 26679
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26679
Summary:
SING is prone to a local privilege-escalation vulnerability.
Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.
SING 1.1 is vulnerable to this issue; other versions may also be affected.
6. ZABBIX daemon_start Local Privilege Escalation Vulnerability
BugTraq ID: 26680
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26680
Summary:
ZABBIX is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
This issue affects ZABBIX 1.4.2; prior versions may also be affected.
7. OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability
BugTraq ID: 26703
Remote: Yes
Date Published: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26703
Summary:
OpenOffice is prone to a code-execution vulnerability.
Successful exploits allow remote attackers to execute arbitrary Java code in the context of the vulnerable application.
Versions prior to OpenOffice 2.3.1 are vulnerable.
8. xterm Psuedo Terminal Insecure Permissions Local Insecure Permission Weakness
BugTraq ID: 26710
Remote: No
Date Published: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26710
Summary:
The 'xterm' program is prone to an insecure-permissions weakness.
A local attacker can exploit this issue to write data to other terminals. This may aid in exploiting any latent vulnerabilities in the affected application.
9. hugin Insecure Temporary File Creation Vulnerability
BugTraq ID: 26730
Remote: No
Date Published: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26730
Summary:
The 'hugin' program is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects hugin 0.6.1 and 0.7_beta4; other versions may also be vulnerable.
10. Drupal TAXONOMY_SELECT_NODES() SQL Injection Vulnerability
BugTraq ID: 26735
Remote: Yes
Date Published: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26735
Summary:
Drupal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to Drupal 4.7.9 and 5.4 are vulnerable.
11. Drupal Shoutbox Module Multiple HTML Injection Vulnerabilities
BugTraq ID: 26736
Remote: Yes
Date Published: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26736
Summary:
Drupal Shoutbox module is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content.
Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to Shoutbox 5.x-1.1 are affected by these issues.
12. HP OpenView Network Node Manager CGI Buffer Overflow Vulnerabilities
BugTraq ID: 26741
Remote: Yes
Date Published: 2007-12-06
Relevant URL: http://www.securityfocus.com/bid/26741
Summary:
HP OpenView Network Node Manager is prone to multiple stack-based buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers.
Versions 6.41, 7.01, and 7.51 are affected when running on HP-UX, Solaris, Windows, and Linux platforms.
13. MIT Kerberos Multiple Memory Corruption Vulnerabilities
BugTraq ID: 26750
Remote: Yes
Date Published: 2007-12-06
Relevant URL: http://www.securityfocus.com/bid/26750
Summary:
Multiple memory-corruption vulnerabilities with unknown impacts affect MIT Kerberos 5. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, two double-free vulnerabilities, and an unspecified vulnerability in 'gssftp'.
Very few technical details are currently available. We will update this BID as more information emerges.
14. MySQL Server RENAME TABLE System Table Overwrite Vulnerability
BugTraq ID: 26765
Remote: No
Date Published: 2007-12-07
Relevant URL: http://www.securityfocus.com/bid/26765
Summary:
MySQL is prone to a local denial-of-service vulnerability because the database server fails to properly handle unexpected symbolic links.
Exploiting this issue allows attackers with local access to affected computers to overwrite MySQL system tables. Further attacks against the MySQL database and potentially the underlying operating system may be possible.
This issue affects versions prior to MySQL 5.0.51.
15. NFSv4 ID Mapper nfsidmap Username Lookup Local Privilege Escalation Vulnerability
BugTraq ID: 26767
Remote: No
Date Published: 2007-12-07
Relevant URL: http://www.securityfocus.com/bid/26767
Summary:
The 'nfsidmap' utility is prone to a local privilege-escalation vulnerability because it fails to adequately handle files that have unknown owners.
Attackers can leverage this issue to gain superuser privileges. Successful exploits will completely compromise affected computers.
Versions prior to 'nfsidmap' 0.17 are vulnerable.
16. Ext2 Filesystem Utilities e2fsprogs libext2fs Multiple Unspecified Integer Overflow Vulnerabilities
BugTraq ID: 26772
Remote: Yes
Date Published: 2007-12-08
Relevant URL: http://www.securityfocus.com/bid/26772
Summary:
e2fsprogs is prone to multiple unspecified integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
e2fsprogs versions 1.38 through 1.40.2 are vulnerable; other versions may also be affected.
17. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26791
Remote: Yes
Date Published: 2007-12-10
Relevant URL: http://www.securityfocus.com/bid/26791
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
NOTE: This issue occurs only when the 'domain logons' option is enabled.
An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D8v9
No comments:
Post a Comment