----------------------------------------
This issue is Sponsored by: Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Skills for the Future
2. Mother, May I?
II. LINUX VULNERABILITY SUMMARY
1. MPlayer 'demux_mov.c' Remote Code Execution Vulnerability
2. ELOG 'logbook' HTML Injection Vulnerability
3. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
4. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
5. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability
6. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
7. Sun Java RunTime Environment Read and Write Permission Multiple Privilege Escalation Vulnerabilities
8. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
9. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
10. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability
11. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
12. Mozilla Firefox 2.0.0.11 Multiple Remote Vulnerabilities
13. Website Meta Language Multiple Local Insecure Temporary File Creation Vulnerabilities
14. Linux Kernel 2.6.22.16 Multiple Memory Corruption Vulnerabilities
15. Linux Kernel 'tmpfs' filesystem Local Security Vulnerability
16. Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities
17. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.
http://www.securityfocus.com/columnists/464
2. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MPlayer 'demux_mov.c' Remote Code Execution Vulnerability
BugTraq ID: 27499
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27499
Summary:
MPlayer is prone to a remote code-execution vulnerability because it fails to sanitize certain 'MOV' file tags before using them to index heap memory.
An attacker can exploit this issue to execute arbitrary code, which can result in the complete compromise of the computer. Failed exploit attempts will result in a denial-of-service condition.
This issue affects MPlayer 1.0rc2; other versions may also be affected.
2. ELOG 'logbook' HTML Injection Vulnerability
BugTraq ID: 27526
Remote: Yes
Date Published: 2008-01-30
Relevant URL: http://www.securityfocus.com/bid/27526
Summary:
ELOG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue affects versions prior to ELOG 2.7.2.
3. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27528
Remote: Yes
Date Published: 2008-01-30
Relevant URL: http://www.securityfocus.com/bid/27528
Summary:
The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.
An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious file.
Successful exploits will allow attackers to execute arbitrary commands with the privileges of the user running the affected application.
4. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
BugTraq ID: 27555
Remote: No
Date Published: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27555
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.
This issue affects Linux kernel 2.4.21 through 2.6.18-53 running on the PowerPC architecture.
5. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability
BugTraq ID: 27556
Remote: No
Date Published: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27556
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain page faults when using NUMA (Non-Uniform Memory Access) methods.
Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.
Linux kernel 2.6.9 and prior versions are vulnerable. This issue affects the Itanium architecture; other architectures may also be vulnerable.
6. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
BugTraq ID: 27596
Remote: No
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27596
Summary:
IBM DB2 Universal Database Server is prone to multiple local vulnerabilities, including:
- An unspecified local vulnerability
- A local security-bypass vulnerability
Attackers can exploit these issues to compromise the affected application, execute arbitrary code within the context of the affected application, and bypass certain security restrictions. Other attacks are also possible.
These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 16.
NOTE: Two issues that were previously documented in this BID were given their own records to better document the details: BID 27681 ('IBM DB2 Universal Database DAS Buffer Overflow Vulnerability') and BID 27680 ('IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability').
7. Sun Java RunTime Environment Read and Write Permission Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 27650
Remote: Yes
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27650
Summary:
Sun Java Runtime Environment is prone to multiple privilege-escalation vulnerabilities when running untrusted applications or applets.
Successful exploits will compromise arbitrary data and possibly the underlying computer.
These issues affect the following versions:
JDK and JRE 6 Update 1 and earlier
JDK and JRE 5.0 Update 13 and earlier.
8. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.
Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected toolkit. Failed exploit attempts likely result in denial-of-service conditions.
Versions prior to TCL/TK 8.5.1 are vulnerable to this issue.
9. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
BugTraq ID: 27665
Remote: Yes
Date Published: 2008-02-05
Relevant URL: http://www.securityfocus.com/bid/27665
Summary:
IBM WebSphere Edge Server Caching Proxy is prone to a cross-site scripting vulnerability that affects the caching proxy server because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability affects Caching Proxy 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, and 6.1. Other versions may also be affected.
10. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability
BugTraq ID: 27680
Remote: No
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27680
Summary:
IBM DB2 Universal Database Server is prone to a local privilege-escalation vulnerability because of how the application contructs library paths.
Exploiting this issue allows local attackers to gain root privileges. Note that an attacker must be able to execute the set-uid root 'db2pd' binary to exploit this issue.
DB2 Universal Database Server 9.1 FixPack 2 on Linux systems is vulnerable. Other versions, including those for other UNIX platforms, are suspected to be vulnerable.
NOTE: This vulnerability was previously disclosed in BID 27596 'IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities'. Due to more information, it has been assigned its own record.
11. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
BugTraq ID: 27681
Remote: Yes
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27681
Summary:
IBM DB2 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the affected service. Successfully exploiting this issue may facilitate in the remote compromise of affected computers. Failed exploit attempts will likely crash the affected application.
NOTE: This vulnerability was previously disclosed in BID 27596 (IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities). Due to more information, it has been assigned its own record.
12. Mozilla Firefox 2.0.0.11 Multiple Remote Vulnerabilities
BugTraq ID: 27683
Remote: Yes
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27683
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.11 and prior versions.
Exploiting these issues can allow attackers to:
- remotely execute arbitrary code
- cause denial-of-service conditions
- hide contents of security warnings
- access sensitive information
- escape sandbox and execute scripts with chrome privileges
- inject script code into other sites and violate the same-origin policy
Other attacks are possible.
These issues are present in Firefox 2.0.0.11 and prior versions. Mozilla Thunderbird 2.0.0.9 and prior versions as well as SeaMonkey 1.1.7 and prior versions are also affected by many of these vulnerabilities.
13. Website Meta Language Multiple Local Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 27685
Remote: No
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27685
Summary:
Website Meta Language is reportedly affected by multiple local vulnerabilities because it creates temporary files in an insecure way. These issues stem from a design error that causes the application to fail to verify the presence of a file before writing to it.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates a vulnerable application.
Website Meta Language 2.0.11 is affected by these vulnerabilities; other versions may also be affected.
14. Linux Kernel 2.6.22.16 Multiple Memory Corruption Vulnerabilities
BugTraq ID: 27686
Remote: No
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27686
Summary:
The Linux kernel is prone to multiple memory-corruption vulnerabilities due to insufficient range checking in certain fault handlers.
Local attackers could exploit these issues to cause denial-of-service conditions, bypass certain security restrictions and potentially access sensitive information or gain elevated privileges.
These issues affect versions prior to 2.6.22.17.
15. Linux Kernel 'tmpfs' filesystem Local Security Vulnerability
BugTraq ID: 27694
Remote: No
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27694
Summary:
Linux Kernel is prone to a vulnerability that allows users to gain access to sensitive information or cause a denial-of-service condition.
Successfully exploiting this issue will allow attackers to gain access to sensitive information or crash the affected kernel, denying service to legitimate users.
16. Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities
BugTraq ID: 27704
Remote: No
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27704
Summary:
The Linux kernel is prone to multiple memory access vulnerabilities, including:
- A vulnerability that allows unauthorized users to read arbitrary memory locations.
- A vulnerability that allows unauthorized users to write to arbitrary memory locations.
An attacker can exploit these issues to read and write to arbitrary memory locations on the affected computer.
This issue affects Linux kernel versions prior to 2.6.24.1.
17. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service Vulnerability
BugTraq ID: 27705
Remote: No
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27705
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check certain device driver fault handlers.
Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
Versions prior to Linux kernel 2.6.24.1 are vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
No comments:
Post a Comment