----------------------------------------
This issue is Sponsored by: Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.A Guide to Different Kinds of Honeypots
2.The Laws of Full Disclosure
II. LINUX VULNERABILITY SUMMARY
1. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
2. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
3. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
4. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
5. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of Service Vulnerabilities
6. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
7. CUPS Multiple Remote Denial of Service Vulnerabilities
8. KVM Block Device Backend Local Security Bypass Vulnerability
9. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
10. Ghostscript zseticcspace() Function Buffer Overflow Vulnerability
11. D-Bus 'send_interface' Attribute Security Policy Bypass Vulnerability
12. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
13. am-utils 'expn' Insecure Temporary File Creation Vulnerability
14. Sun Java SE Multiple Unspecified Vulnerabilities
15. Adobe Acrobat Reader 'acroread' Insecure Temporary File Creation Vulnerability
16. Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
17. Linux Kiss Server Multiple Format String Vulnerabilities
18. Gnome Evolution Encrypted Message Format String Vulnerability
19. Numara FootPrints HTML Injection and Remote Command Execution Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. CanSecWest 2008 Mar 26-28
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.A Guide to Different Kinds of Honeypots
Honeypots come in many shapes and sizes and are available to mimic lots of different kinds of applications and protocols. We shall take the definition of a honeypot as "a security resource whose value lies in being probed, attacked, or compromised"[Spitzner02]. That is, a honeypot is a system we can monitor to observe how attackers behave, a system which is designed to lure attackers away from more valuable systems and/or a system which is designed to provide early warning of an intrusion to the target network. A honeypot may be used for all three applications at the same time.
http://www.securityfocus.com/infocus/1897
2.The Laws of Full Disclosure
By Federico Biancuzzi
Full disclosure has a long tradition in the security community worldwide, yet different European countries have different views on the legality of vulnerability research. SecurityFocus contributor Federico Biancuzzi investigates the subject of full disclosure and the law by interviewing lawyers from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece, Hungary, Ireland, Italy, Poland, Romania, and the UK.
http://www.securityfocus.com/columnists/466
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
BugTraq ID: 27911
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27911
Summary:
Symantec Decomposer is prone to a denial-of-service vulnerability because it fails to adequately parse certain user-supplied input.
Attackers can exploit this issue to exhaust memory resources and cause denial-of-service conditions.
The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to 3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as 5.0.4.363 and prior.
2. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
BugTraq ID: 27913
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27913
Summary:
Symantec Decomposer is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to 3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as 5.0.4.363 and prior
3. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
BugTraq ID: 27961
Remote: Yes
Date Published: 2008-02-24
Relevant URL: http://www.securityfocus.com/bid/27961
Summary:
LWS php Download Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.
This issue affects php Download Manager 1.1 and 1.0; other versions may also be vulnerable.
4. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
BugTraq ID: 27963
Remote: Yes
Date Published: 2008-02-24
Relevant URL: http://www.securityfocus.com/bid/27963
Summary:
LWS php User Base is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
php User Base 1.3 BETA is vulnerable; other versions may also be affected.
5. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of Service Vulnerabilities
BugTraq ID: 27981
Remote: Yes
Date Published: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27981
Summary:
MyServer is prone to multiple remote denial-of-service vulnerabilities because it fails to adequately handle HTTP method requests that return a '204 No Content' error.
Successful attacks will deny service to legitimate users.
MyServer 0.8.11 is vulnerable; other versions may also be affected.
6. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
BugTraq ID: 27987
Remote: Yes
Date Published: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27987
Summary:
The SWORD Project's Diatheke front-end is prone to a vulnerability that can allow arbitrary shell commands to run.
Successful exploits will compromise the application and possibly the underlying webserver.
SWORD 1.5.9 is vulnerable; other versions may also be affected.
7. CUPS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 27988
Remote: Yes
Date Published: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27988
Summary:
CUPS is prone to two remote denial-of-service vulnerabilities.
Attackers may exploit these issues to crash the application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.
CUPS 1.1.17 and 1.1.22 are vulnerable to these issues; other versions may also be affected.
8. KVM Block Device Backend Local Security Bypass Vulnerability
BugTraq ID: 28001
Remote: No
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28001
Summary:
KVM (Kernel-based Virtual Machine) is prone to a local security-bypass vulnerability because it fails to validate user-supplied input.
Local attackers can leverage this issue to access memory outside of the virtualization jail. This could allow attackers to write to arbitrary host memory locations or crash the underlying KVM host. Other attacks may also be possible.
9. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 28012
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28012
Summary:
Mozilla Thunderbird is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.
Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.
The issue affects versions prior to Mozilla Thunderbird 2.0.0.12.
10. Ghostscript zseticcspace() Function Buffer Overflow Vulnerability
BugTraq ID: 28017
Remote: Yes
Date Published: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28017
Summary:
Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
11. D-Bus 'send_interface' Attribute Security Policy Bypass Vulnerability
BugTraq ID: 28023
Remote: No
Date Published: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28023
Summary:
D-Bus is prone to a vulnerability that can allow attackers to bypass its security policy.
Attackers can leverage this issue to access certain 'dbus-daemon' method calls without proper permission.
This issue affects versions prior to D-Bus 1.0.3 and 1.2.20.
12. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28025
Remote: Yes
Date Published: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28025
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
Wireshark 0.6.0 to 0.99.7 are affected.
13. am-utils 'expn' Insecure Temporary File Creation Vulnerability
BugTraq ID: 28044
Remote: No
Date Published: 2008-02-28
Relevant URL: http://www.securityfocus.com/bid/28044
Summary:
The 'expn' utility of the 'am-utils' package creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
14. Sun Java SE Multiple Unspecified Vulnerabilities
BugTraq ID: 28083
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28083
Summary:
Sun has released an advance notification for security updates for Java SE. The notification indicates that seven advisories addressing multiple vulnerabilities will be released on March 4, 2008. The issues affect the following:
JDK and JRE 6 Update 5
JDK and JRE 5.0 Update 15
SDK and JRE 1.4.2_17
SDK and JRE 1.3.1_22
The following Sun Alerts corresponding to these updates will be released after the updates are available:
233321
233322
233323
233324
233325
233326
233327
The impact and severity of these issues are currently unknown. We will update this BID as more information is disclosed. To better document the issues, each issue may be assigned its own BID.
UPDATE: Sun has released the updates. Please see the references for more information.
15. Adobe Acrobat Reader 'acroread' Insecure Temporary File Creation Vulnerability
BugTraq ID: 28091
Remote: No
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28091
Summary:
The 'acroread' script of the Adobe Acrobat Reader package creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects SUSE Linux Enterprise Desktop 10. It is currently unknown if this issue is present in the upstream Adobe Acrobat Reader package or if it is SUSE-specific. We will update this BID as more information emerges.
16. Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
BugTraq ID: 28092
Remote: No
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28092
Summary:
Dovecot is prone to a vulnerability that can result in unauthorized access to arbitrary data.
This occurs when the 'mail_extra_groups' setting is enabled.
Attackers can leverage this issue to write or delete certain files or to harvest data that may aid in further attacks.
Dovecot 0.99.10.6 through 1.0.10 are vulnerable.
17. Linux Kiss Server Multiple Format String Vulnerabilities
BugTraq ID: 28099
Remote: Yes
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28099
Summary:
Linux Kiss Server is prone to multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.
A remote attacker may execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.
These issues affect Linux Kiss Server 1.2; other versions may also be vulnerable.
18. Gnome Evolution Encrypted Message Format String Vulnerability
BugTraq ID: 28102
Remote: Yes
Date Published: 2008-03-05
Relevant URL: http://www.securityfocus.com/bid/28102
Summary:
Gnome Evolution is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format-specifier argument of a formatted-printing function when processing encrypted email massages.
Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the application. Failed exploit attempts will likely result in a denial of service.
Gnome Evolution 2.12.3 is vulnerable to this issue; other versions may also be affected.
19. Numara FootPrints HTML Injection and Remote Command Execution Vulnerabilities
BugTraq ID: 28103
Remote: Yes
Date Published: 2008-03-05
Relevant URL: http://www.securityfocus.com/bid/28103
Summary:
Numara FootPrints is prone to an HTML-injection vulnerability and a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary commands within the context of the webserver, execute arbitrary HTML or JavaScript code within the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Other attacks are also possible.
Numara FootPrints 8.1 for Linux is vulnerable; other versions running on different platforms may also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CanSecWest 2008 Mar 26-28
http://www.securityfocus.com/archive/91/488611
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
No comments:
Post a Comment