----------------------------------------
This issue is sponsored by bmighty:
Linux: The Impact of Service & Support
Review the practices & priorities of 354 business-technology professionals such as: using open source, Windows & Linux. A $99 value for FREE.
http://www.bmighty.com/drivers/linux.jhtml?cid=LSM-sfL
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. LINUX VULNERABILITY SUMMARY
1. RaidSonic NAS-4220-B Encryption Key Disclosure Vulnerability
2. F-Secure Multiple Products Multiple Remote Archive Handling Vulnerabilities
3. bzip2 Unspecified File Handling Vulnerability
4. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
5. S9Y Serendipity Trackbacks HTML Injection Vulnerability
6. MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities
7. MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities
8. CUPS CGI Interface Remote Buffer Overflow Vulnerability
9. Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
10. Asterisk Call Authentication Security Bypass Vulnerability
11. Asterisk Logger and Manager Format String Vulnerabilities
12. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
13. Gentoo 'ssl-cert' eclass Information Disclosure Vulnerability
14. XWine WINE Configuration File Local Arbitrary Command Execution Vulnerability
15. Novell eDirectory LDAP Extended Request Message Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469
2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. RaidSonic NAS-4220-B Encryption Key Disclosure Vulnerability
BugTraq ID: 28264
Remote: No
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28264
Summary:
RaidSonic NAS-4220-B is prone to a vulnerability that can compromise encrypted data. This issue occurs because the key used by the device to encrypt hard-drive data is stored insecurely in the configuration partitions of each drive.
Attackers with physical access to the NAS can exploit this issue to decrypt potentially sensitive information stored on the hard disks.
This issue affects NAS-4220-B running firmware 2.6.0-n(2007-10-11). Other devices and firmware versions may also be affected.
2. F-Secure Multiple Products Multiple Remote Archive Handling Vulnerabilities
BugTraq ID: 28282
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28282
Summary:
Multiple F-Secure products are prone to multiple remote archive-handling vulnerabilities because the applications fails to properly handle malformed archive files.
Successfully exploiting these issues allows remote attackers to trigger unhandled exceptions. Various unspecified effects (potentially including denial of service or remote code execution) are possible.
3. bzip2 Unspecified File Handling Vulnerability
BugTraq ID: 28286
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28286
Summary:
The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.
Successful exploits may allow remote code to run, but this has not been confirmed. Exploit attempts will likely crash the application.
This issue affects bzip2 1.0.4; prior versions may also be affected.
4. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
BugTraq ID: 28288
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28288
Summary:
UnZip is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted ZIP file ('.zip').
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.
UnZip 5.52 is vulnerable; other versions may be affected as well.
5. S9Y Serendipity Trackbacks HTML Injection Vulnerability
BugTraq ID: 28298
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28298
Summary:
Serendipity is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to Serendipity 1.3 are vulnerable.
6. MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 28302
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28302
Summary:
The 'kadmind' server is prone to multiple vulnerabilities that can allow attackers to execute remote code because of array overruns in the RPC library code.
Exploiting these issues may allow attackers to execute arbitrary code with superuser privileges, facilitating in the complete compromise of affected computers. Failed attempts will cause crashes and deny service to legitimate users of the application.
Note that a compromise of a Master KDC (Key Distribution Center) principal and policy server will affect multiple hosts that use the server for authentication, potentially contributing to their compromise as well.
These issues affect:
- krb5-1.4 through krb5-1.63, where configurations allow large numbers of open file descriptors.
- krb5-1.2.2 through krb5-1.3, where '<unistd.h>' does not define FD_SETSIZE. Note that this is likely the case in many GNU/Linux distributions; Solaris 10 and Mac OS X 10.4 may be unaffected.
7. MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities
BugTraq ID: 28303
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28303
Summary:
MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption.
These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages.
An attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Given the nature of these vulnerabilities, the attacker could leverage these issues to execute arbitrary code, but this has not been confirmed.
MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected.
8. CUPS CGI Interface Remote Buffer Overflow Vulnerability
BugTraq ID: 28307
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28307
Summary:
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
CUPS 1.3.5 is reported vulnerable; other versions may be affected as well.
NOTE: This issue was originally covered in BID 28304 (Apple Mac OS X 2008-002 Multiple Security Vulnerabilities), but has been given its own record because further information has emerged.
9. Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 28308
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28308
Summary:
Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Exploiting these issues may allow an attacker to corrupt memory and cause denial-of-service conditions or potentially execute arbitrary code in the context of the application.
These issues affect the following versions:
Asterisk Open Source prior to 1.4.18.1 and 1.4.19-rc3.
Asterisk Open Source prior to 1.6.0-beta6
Asterisk Business Edition prior to C.1.6.1
AsteriskNOW prior to 1.0.2
Asterisk Appliance Developer Kit prior to Asterisk 1.4 revision 109386
s800i (Asterisk Appliance) prior to 1.1.0.2
10. Asterisk Call Authentication Security Bypass Vulnerability
BugTraq ID: 28310
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28310
Summary:
Asterisk is prone to a security-bypass vulnerability that allows attackers to make unauthenticated calls through the SIP channel driver.
Exploiting this issue may also aid in other attacks.
This issue affects the following versions:
Asterisk Open Source prior to 1.2.27
Asterisk Open Source prior to 1.4.18.1 and 1.4.19-rc3.
Asterisk Open Source prior to 1.6.0-beta6
Asterisk Business Edition all A versions
Asterisk Business Edition prior to B.2.5.1
Asterisk Business Edition prior to C.1.6.2
AsteriskNOW prior to 1.0.2
Asterisk Appliance Developer Kit prior to Asterisk 1.4 revision 109393
s800i (Asterisk Appliance) prior to 1.1.0.2
11. Asterisk Logger and Manager Format String Vulnerabilities
BugTraq ID: 28311
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28311
Summary:
Asterisk is prone to multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.
A remote attacker may potentially execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.
These issues affect versions prior to Asterisk Open Source 1.6.0-beta6.
12. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
BugTraq ID: 28312
Remote: Yes
Date Published: 2008-03-19
Relevant URL: http://www.securityfocus.com/bid/28312
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.10.1; other versions may also be vulnerable.
13. Gentoo 'ssl-cert' eclass Information Disclosure Vulnerability
BugTraq ID: 28350
Remote: No
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28350
Summary:
Gentoo is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information and gain access to SSL private encryption keys. Information obtained may aid in further attacks.
The issue affects multiple ebuilds included in Gentoo Linux.
14. XWine WINE Configuration File Local Arbitrary Command Execution Vulnerability
BugTraq ID: 28369
Remote: No
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28369
Summary:
XWine is prone to a vulnerability that can allow local attackers to execute arbitrary commands.
Local attackers can exploit this issue to execute arbitrary commands whenever a local user executes a program under WINE.
This issue affects XWine 1.0.1; other versions may also be vulnerable.
15. Novell eDirectory LDAP Extended Request Message Buffer Overflow Vulnerability
BugTraq ID: 28434
Remote: Yes
Date Published: 2008-03-24
Relevant URL: http://www.securityfocus.com/bid/28434
Summary:
Novell eDirectory is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects eDirectory 8.8.1 and prior as well as 8.7.3.9 and prior versions for Linux, Solaris, and Windows platforms.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by bmighty:
Linux: The Impact of Service & Support
Review the practices & priorities of 354 business-technology professionals such as: using open source, Windows & Linux. A $99 value for FREE.
http://www.bmighty.com/drivers/linux.jhtml?cid=LSM-sfL
No comments:
Post a Comment