News

Wednesday, January 16, 2008

SecurityFocus Linux Newsletter #372

SecurityFocus Linux Newsletter #372
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Finding a Cure for Data Loss
2.Real Flaws in Virtual Worlds
II. LINUX VULNERABILITY SUMMARY
1. JustSystems Multiple Products 'JSFC.DLL' Buffer Overflow Vulnerability
2. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
3. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
4. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
5. IceWarp Mail Server 'admin/index.html' Cross-Site Scripting Vulnerability
6. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
7. Xen DR7 and CR4 Registers Multiple Local Denial of Service Vulnerabilities
8. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
12. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
13. xine-lib Multiple Unspecified Remote Denial of Service Vulnerabilities
14. Linux Kernel VFS Unauthorized File Access Vulnerability
15. Cisco VPN Client for Windows Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462

2.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.

http://www.securityfocus.com/columnists/461


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. JustSystems Multiple Products 'JSFC.DLL' Buffer Overflow Vulnerability
BugTraq ID: 27153
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27153
Summary:
JustSystems products are prone to a buffer-overflow vulnerability.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attempts will likely cause denial-of-service conditions.

The issue affects various JustSystems products using the 'JSFC.DLL' library. Please see the referenced vendor advisory for details on vulnerable products and updates.

2. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 27163
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27163
Summary:
PostgreSQL is prone to multiple remote vulnerabilities, including:

- Three privilege-escalation vulnerabilities
- Three denial-of-service vulnerabilities

An attacker can exploit these issues to gain complete control of the affected application or to cause a denial-of-service condition.

These issues affect PostgreSQL 8.2, 8.1, 8.0, 7.4, and 7.3; other versions may also be affected.

3. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27172
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27172
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue occurs in the PAM (Pluggable Authentication Module) authentication code.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Versions in the OpenPegasus 2.6 series are vulnerable.

4. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
BugTraq ID: 27178
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27178
Summary:
SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers.

SynCE 0.92 is vulnerable; other versions may also be affected.

5. IceWarp Mail Server 'admin/index.html' Cross-Site Scripting Vulnerability
BugTraq ID: 27189
Remote: Yes
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27189
Summary:
IceWarp Mail Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects IceWarp Mail Server 9.1.1 for Windows; other versions may also be affected.

6. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 27198
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27198
Summary:
The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.9 and prior versions.

7. Xen DR7 and CR4 Registers Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 27219
Remote: No
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27219
Summary:
Xen is prone to multiple local denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the hypervisor, triggering denial-of-service conditions for all hosted virtual machines.

8. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
BugTraq ID: 27234
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27234
Summary:
Apache 'mod_proxy_ftp' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect versions prior to Apache 2.2.7-dev, Apache 1.3.40-dev, and Apache 2.0.62-dev.

9. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
BugTraq ID: 27236
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27236
Summary:
The Apache 'mod_proxy_balancer' module is prone to multiple vulnerabilities, including denial-of-service, memory-corruption, cross-site scripting, HTML-injection, and cross-site request-forgery issues.

Attackers can exploit these issues to inject arbitrary script code into vulnerable sections of the application, execute this script code in the browser of a user in the context of the affected site, and perform certain actions using the user's active session. Attackers can exploit the denial-of-service issue to deny further service to legitimate users. Exploiting the memory-corruption vulnerability is likely to cause a crash and could allow arbitrary code to run, but this has not been confirmed.

The issues affect Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0; other versions may also be vulnerable.

10. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reports indicate that this issue can also be used to redirect user's browser to arbitrary locations and may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

11. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
BugTraq ID: 27238
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27238
Summary:
Drupal is prone to multiple remote vulnerabilities, including multiple cross-site scripting issues and a cross-site request-forgery issue.

Attackers can exploit these issues to execute arbitrary script code in the browser of a user in the context of the affected site, steal cookie-based authentication credentials, and perform certain actions using users' active sessions; other attacks are also possible.

These issues affect versions prior to Drupal 4.7.11 and 5.6.

12. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
BugTraq ID: 27248
Remote: Yes
Date Published: 2008-01-11
Relevant URL: http://www.securityfocus.com/bid/27248
Summary:
The libxml2 library is prone to a denial-of-service vulnerability because of an infinite-loop flaw.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.

Versions prior to libxml2 2.6.31 are affected by this issue.

13. xine-lib Multiple Unspecified Remote Denial of Service Vulnerabilities
BugTraq ID: 27251
Remote: Yes
Date Published: 2008-01-11
Relevant URL: http://www.securityfocus.com/bid/27251
Summary:
The 'xine-lib' library is prone to multiple unspecified denial-of-service vulnerabilities when handling malformed media files.

An attacker can exploit these issues to crash the affected application using the library, denying service to legitimate users.

14. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Date Published: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.

A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.

This issue affects kernel versions prior to 2.6.23.14.

15. Cisco VPN Client for Windows Local Denial of Service Vulnerability
BugTraq ID: 27289
Remote: No
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27289
Summary:
Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs.

Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users.

This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive