----------------------------------------
This issue is Sponsored by: Black Hat DC
Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Real Flaws in Virtual Worlds
2.Copyrights and Wrongs
II. LINUX VULNERABILITY SUMMARY
1. Asterisk BYE Message Remote Denial of Service Vulnerability
2. JustSystems Multiple Products 'JSFC.DLL' Buffer Overflow Vulnerability
3. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
4. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
5. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
6. IceWarp Mail Server 'admin/index.html' Cross-Site Scripting Vulnerability
7. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
8. Xen DR7 and CR4 Registers Multiple Local Denial of Service Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.
http://www.securityfocus.com/columnists/461
2.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.
http://www.securityfocus.com/columnists/460
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Asterisk BYE Message Remote Denial of Service Vulnerability
BugTraq ID: 27110
Remote: Yes
Date Published: 2008-01-02
Relevant URL: http://www.securityfocus.com/bid/27110
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
2. JustSystems Multiple Products 'JSFC.DLL' Buffer Overflow Vulnerability
BugTraq ID: 27153
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27153
Summary:
JustSystems products are prone to a buffer-overflow vulnerability.
Successful exploits may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attempts will likely cause denial-of-service conditions.
The issue affects various JustSystems products using the 'JSFC.DLL' library. Please see the referenced vendor advisory for details on vulnerable products and updates.
3. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 27163
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27163
Summary:
PostgreSQL is prone to multiple remote vulnerabilities, including:
- Three privilege-escalation vulnerabilities
- Three denial-of-service vulnerabilities
An attacker can exploit these issues to gain complete control of the affected application or to cause a denial-of-service condition.
These issues affect PostgreSQL 8.2, 8.1, 8.0, 7.4, and 7.3; other versions may also be affected.
4. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27172
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27172
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
This issue occurs in the PAM (Pluggable Authentication Module) authentication code.
Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Versions in the OpenPegasus 2.6 series are vulnerable.
5. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
BugTraq ID: 27178
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27178
Summary:
SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers.
SynCE 0.92 is vulnerable; other versions may also be affected.
6. IceWarp Mail Server 'admin/index.html' Cross-Site Scripting Vulnerability
BugTraq ID: 27189
Remote: Yes
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27189
Summary:
IceWarp Mail Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue affects unknown versions of IceWarp Mail Server; we may update this BID when more details become available.
7. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 27198
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27198
Summary:
The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.9 and prior.
8. Xen DR7 and CR4 Registers Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 27219
Remote: No
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27219
Summary:
Xen is prone to multiple local denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the hypervisor, triggering denial-of-service conditions for all hosted virtual machines.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat DC
Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.
No comments:
Post a Comment