News

Wednesday, January 02, 2008

SecurityFocus Linux Newsletter #370

SecurityFocus Linux Newsletter #370
----------------------------------------

This issue is Sponsored by: Black Hat DC

Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Real Flaws in Virtual Worlds
2.Copyrights and Wrongs
II. LINUX VULNERABILITY SUMMARY
1. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
2. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.

http://www.securityfocus.com/columnists/461

2.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.

http://www.securityfocus.com/columnists/460


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
BugTraq ID: 27043
Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.

An attacker can exploit this issue to append to or create arbitrary files.

This issue affects versions of Bitflu prior to 0.42.

2. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
BugTraq ID: 27063
Remote: Yes
Date Published: 2007-12-29
Relevant URL: http://www.securityfocus.com/bid/27063
Summary:
ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.

Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These affects have not been confirmed.

Further information is not currently available; this BID will be updated as more information is disclosed.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat DC

Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.

www.blackhat.com

No comments:

Blog Archive