News

Loading...

Wednesday, February 27, 2008

SecurityFocus Linux Newsletter #378

SecurityFocus Linux Newsletter #378
----------------------------------------

This issue is Sponsored by: CISO Executive Summit & Roundtable-Middle East, 12th-14th May, Bahrain, Ritz-Carlton


Over 20 speakers from across The Middle East, Europe, U.S & Asia will gather together for the MIS training.s CISO Executive Summit Middle East, Sheraton Bahrain Hotel, Kingdom of Bahrain 12-14 May 2008. This dynamic international speaker line up will provide a broad perspective on the security threats faced today and in the future. Take away actionable strategies that will enable you to limit the risk within your organisation. International case studies from the industries leading associations and organisations will provide you with the knowledge to identify the warning signs of key threats to your company.
Register now at www.mistieruope.com/CISOME


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. The Laws of Full Disclosure
2. Tweaking Social Security to Combat Fraud
II. LINUX VULNERABILITY SUMMARY
1. Multiple Horde Products Security Bypass Vulnerability
2. Kerio MailServer Multiple Unspecified Vulnerabilities
3. MoinMoin Multiple Cross Site Scripting Vulnerabilities
4. CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
5. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
6. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
7. SplitVT 'xprop' Local Privilege Escalation Vulnerability
8. DSPAM Debian 'libdspam7-drv-mysql' Cron Job MySQL Calls Local Information Disclosure Vulnerability
9. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
10. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
11. LWS php User Base 'unverified.inc.php' Local File Include Vulnerability
12. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of Service Vulnerabilities
13. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
14. CUPS Multiple Remote Denial of Service Vulnerabilities
15. KVM Block Device Backend Local Security Bypass Vulnerability
16. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
17. Ghostscript Unspecified Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CanSecWest 2008 Mar 26-28
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Laws of Full Disclosure
By Federico Biancuzzi
Full disclosure has a long tradition in the security community worldwide, yet different European countries have different views on the legality of vulnerability research. SecurityFocus contributor Federico Biancuzzi investigates the subject of full disclosure and the law by interviewing lawyers from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece, Hungary, Ireland, Italy, Poland, Romania, and the UK.
http://www.securityfocus.com/columnists/466

2. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007. Reports are so commonplace that we've actually become de-sensitized to them. "200,000 victims reported..." "500,000 victims reported..." Even figures into the millions don't seem to faze us anymore. And that is a Bad Thing.

http://www.securityfocus.com/columnists/465


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Multiple Horde Products Security Bypass Vulnerability
BugTraq ID: 27844
Remote: Yes
Date Published: 2008-02-18
Relevant URL: http://www.securityfocus.com/bid/27844
Summary:
Horde products are prone to a security-bypass vulnerability.

Attackers can use this issue to bypass certain security restrictions and edit arbitrary contacts in shared and personal address books. This may aid in further attacks.

This issue affects Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4, and Turba Contact Manager 2.1.6; other versions may also be vulnerable.

2. Kerio MailServer Multiple Unspecified Vulnerabilities
BugTraq ID: 27868
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27868
Summary:
Kerio MailServer is prone to multiple unspecified vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions or potentially execute arbitrary code in the context of the application; other attacks are also possible.

Very few details are currently available regarding these issues. We will update this BID as more information emerges.

Versions prior to Kerio MailServer 6.5.0 are vulnerable.

3. MoinMoin Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 27904
Remote: Yes
Date Published: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27904
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect the following versions:

MoinMoin 1.5.8 and prior versions
MoinMoin 1.6.x prior to 1.6.1.

4. CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
BugTraq ID: 27906
Remote: Yes
Date Published: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27906
Summary:
CUPS is prone to a remote denial-of-service vulnerability because it fails to protect against a double-free condition.

Attackers may exploit this issue to crash the application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.

CUPS 1.3.5 is vulnerable to this issue; other versions may also be affected.

5. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
BugTraq ID: 27911
Remote: Yes
Date Published: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27911
Summary:
Symantec Decomposer is prone to a denial-of-service vulnerability because it fails to adequately parse certain user-supplied input.

Attackers can exploit this issue to exhaust memory resources and cause denial-of-service conditions.

The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to 3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as 5.0.4.363.and prior

6. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
BugTraq ID: 27913
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27913
Summary:
Symantec Decomposer is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary machine code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

The following products are affected:

- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to 3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as 5.0.4.363.and prior

7. SplitVT 'xprop' Local Privilege Escalation Vulnerability
BugTraq ID: 27936
Remote: No
Date Published: 2008-02-21
Relevant URL: http://www.securityfocus.com/bid/27936
Summary:
SplitVT is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to gain group 'utmp' privileges on affected computers.

8. DSPAM Debian 'libdspam7-drv-mysql' Cron Job MySQL Calls Local Information Disclosure Vulnerability
BugTraq ID: 27938
Remote: No
Date Published: 2008-02-21
Relevant URL: http://www.securityfocus.com/bid/27938
Summary:
The 'libdspam7-drv-mysql' cron job in Debian is prone to an information-disclosure vulnerability.

Local attackers can leverage this issue to harvest the password of the MySQL DSPAM database user. This will allow attackers to gain unauthorized database access.

This issue affects 'libdspam7-drv-mysql' 3.6.8-5; other versions may also be affected.

9. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
BugTraq ID: 27961
Remote: Yes
Date Published: 2008-02-24
Relevant URL: http://www.securityfocus.com/bid/27961
Summary:
LWS php Download Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

This issue affects php Download Manager 1.1 and 1.0; other versions may also be vulnerable.

10. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
BugTraq ID: 27963
Remote: Yes
Date Published: 2008-02-24
Relevant URL: http://www.securityfocus.com/bid/27963
Summary:
LWS php User Base is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

php User Base 1.3 BETA is vulnerable; other versions may also be affected.

11. LWS php User Base 'unverified.inc.php' Local File Include Vulnerability
BugTraq ID: 27964
Remote: Yes
Date Published: 2008-02-23
Relevant URL: http://www.securityfocus.com/bid/27964
Summary:
LWS php User Base is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

This issue affects php User Base 1.3 BETA; other versions may also be vulnerable.

12. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of Service Vulnerabilities
BugTraq ID: 27981
Remote: Yes
Date Published: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27981
Summary:
MyServer is prone to multiple remote denial-of-service vulnerabilities because it fails to adequately handle HTTP method requests that return a '204 No Content' error.

Successful attacks will deny service to legitimate users.

MyServer 0.8.11 is vulnerable; other versions may also be affected.

13. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
BugTraq ID: 27987
Remote: Yes
Date Published: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27987
Summary:
The SWORD Project's Diatheke front-end is prone to a vulnerability that can allow arbitrary shell commands to run.

Successful exploits will compromise the application and possibly the underlying webserver.

SWORD 1.5.9 is vulnerable; other versions may also be affected.

14. CUPS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 27988
Remote: Yes
Date Published: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27988
Summary:
CUPS is prone to two remote denial-of-service vulnerabilities.

Attackers may exploit these issues to crash the application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.

CUPS 1.1.17 and 1.1.22 are vulnerable to these issues; other versions may also be affected.

15. KVM Block Device Backend Local Security Bypass Vulnerability
BugTraq ID: 28001
Remote: No
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28001
Summary:
KVM (Kernel-based Virtual Machine) is prone to a local security-bypass vulnerability because it fails to validate user-supplied input.

Local attackers can leverage this issue to access memory outside of the virtualization jail. This could allow attackers to write to arbitrary host memory locations or crash the underlying KVM host. Other attacks may also be possible.

16. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 28012
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28012
Summary:
Mozilla Thunderbird is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.

The issue affects Mozilla Thunderbird versions prior to 2.0.0.12.

17. Ghostscript Unspecified Buffer Overflow Vulnerability
BugTraq ID: 28017
Remote: Yes
Date Published: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28017
Summary:
Ghostscript is prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CanSecWest 2008 Mar 26-28
http://www.securityfocus.com/archive/91/488611

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CISO Executive Summit & Roundtable-Middle East, 12th-14th May, Bahrain, Ritz-Carlton


Over 20 speakers from across The Middle East, Europe, U.S & Asia will gather together for the MIS training.s CISO Executive Summit Middle East, Sheraton Bahrain Hotel, Kingdom of Bahrain 12-14 May 2008. This dynamic international speaker line up will provide a broad perspective on the security threats faced today and in the future. Take away actionable strategies that will enable you to limit the risk within your organisation. International case studies from the industries leading associations and organisations will provide you with the knowledge to identify the warning signs of key threats to your company.
Register now at www.mistieruope.com/CISOME

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive