----------------------------------------
This issue is sponsored by Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Catch Them if You can
2.Integrating More Intelligence into Your IDS, Part 2
II. LINUX VULNERABILITY SUMMARY
1. MoinMoin GUI Editor Multiple Cross Site Scripting Vulnerabilities
2. MoinMoin Macro Code Information Disclosure Vulnerability
3. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
4. SAP MaxDB 'vserver' Component Remote Heap Memory Corruption Vulnerability
5. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
6. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
7. Lighttpd mod_userdir Information Disclosure Vulnerability
8. RaidSonic NAS-4220-B Encryption Key Disclosure Vulnerability
9. F-Secure Multiple Products Multiple Remote Archive Handling Vulnerabilities
10. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
11. MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities
12. MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities
13. Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
14. Asterisk Logger and Manager Format String Vulnerabilities
15. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468
2.Integrating More Intelligence into Your IDS, Part 2
By Don Parker and Ryan Wegner
The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1899
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MoinMoin GUI Editor Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 28173
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28173
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
2. MoinMoin Macro Code Information Disclosure Vulnerability
BugTraq ID: 28177
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28177
Summary:
MoinMoin is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.
3. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
BugTraq ID: 28181
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28181
Summary:
Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input.
An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application.
Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled.
NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field.
4. SAP MaxDB 'vserver' Component Remote Heap Memory Corruption Vulnerability
BugTraq ID: 28183
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28183
Summary:
SAP MaxDB is prone to a heap-based memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer.
This issue affects MaxDB 7.6.0.37 running on the Linux operating system. Other versions running on different platforms may also be affected.
5. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 28185
Remote: No
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer.
This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue.
6. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
BugTraq ID: 28191
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is vulnerable; other versions may be affected as well.
7. Lighttpd mod_userdir Information Disclosure Vulnerability
BugTraq ID: 28226
Remote: Yes
Date Published: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28226
Summary:
The 'lighttpd' program is prone to a vulnerability that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions.
Information obtained may aid in further attacks.
This issue affects lighttpd 1.4.18; other versions may also be vulnerable.
8. RaidSonic NAS-4220-B Encryption Key Disclosure Vulnerability
BugTraq ID: 28264
Remote: No
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28264
Summary:
RaidSonic NAS-4220-B is prone to a vulnerability that can compromise encrypted data. This issue occurs because the key used by the device to encrypt hard-drive data is stored insecurely in the configuration partitions of each drive.
Attackers with physical access to the NAS can exploit this issue to decrypt potentially sensitive information stored on the hard disks.
This issue affects NAS-4220-B running firmware 2.6.0-n(2007-10-11). Other devices and firmware versions may also be affected.
9. F-Secure Multiple Products Multiple Remote Archive Handling Vulnerabilities
BugTraq ID: 28282
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28282
Summary:
Multiple F-Secure products are prone to multiple remote archive-handling vulnerabilities because the applications fails to properly handle malformed archive files.
Successfully exploiting these issues allows remote attackers to trigger unhandled exceptions. Various unspecified effects (potentially including denial of service or remote code execution) are possible.
10. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
BugTraq ID: 28288
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28288
Summary:
UnZip is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted ZIP file ('.zip').
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.
UnZip 5.52 is vulnerable; other versions may be affected as well.
11. MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 28302
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28302
Summary:
kadmind is prone to multiple vulnerabilities that can allow remote code-execution due to array over-runs in the RPC library code.
Exploiting these issues may allow attackers to execute arbitrary code with superuser privileges, facilitating in the complete compromise of affected computers. Failed attempts will cause crashes and deny service to legitimate users of the application. Note that a compromise of a Master KDC (Key Distribution Center) principal and policy server will affect multiple hosts that use the server for authentication, potentially contributing to their compromise as well.
These issues affect:
- krb5-1.4 through krb5-1.63, where configurations allow large numbers of open file descriptors.
- krb5-1.2.2 through krb5-1.3, where '<unistd.h>' does not define FD_SETSIZE. Note that this is likely the case in many GNU/Linux distributions; Solaris 10 and Mac OS X 10.4 may be unaffected.
12. MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities
BugTraq ID: 28303
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28303
Summary:
MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory-corruption.
These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages.
An attacker can exploit these issues to gain access to potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in a denial-of-service conditions. Due to the nature of these vulnerabilities, the issues could be leveraged to execute arbitrary code however this has not been confirmed.
MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected.
13. Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 28308
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28308
Summary:
Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Exploiting these issues may allow an attacker to corrupt memory and cause denial-of-service conditions or potentially execute arbitrary code in the context of the application.
These issues affect the following versions:
Asterisk Open Source versions prior to prior to 1.4.18.1 and 1.4.19-rc3.
Asterisk Open Source versions prior to 1.6.0-beta6
Asterisk Business Edition versions prior to C.1.6.1
AsteriskNOW versions prior to 1.0.2
Asterisk Appliance Developer Kit versions prior to Asterisk 1.4 revision 109386
s800i (Asterisk Appliance) versions prior to 1.1.0.2
14. Asterisk Logger and Manager Format String Vulnerabilities
BugTraq ID: 28311
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28311
Summary:
Asterisk is prone to multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.
A remote attacker may potentially execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.
These issues affect Asterisk Open Source versions prior to 1.6.0-beta6.
15. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
BugTraq ID: 28312
Remote: Yes
Date Published: 2008-03-19
Relevant URL: http://www.securityfocus.com/bid/28312
Summary:
The xine-lib library is prone to a remote buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.10.1; other versions may also be vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
No comments:
Post a Comment