News

Wednesday, April 30, 2008

Your gift: 101 T-SQL Scripts & Tools for DB Black Belts

WindowsIT Pro

Offer expires May 30, 2008
Great SQL Info and a Free Gift?!
A Limited Time Offer - Order Now!
Click Here to Subscribe
Other EXCLUSIVE subscriber benefits include:
  • Subscriber-only access to over 2,300 searchable SQL Server articles
    It's like having your own SQL Server library at your fingertips 24/7
  • The NEW 101 T-SQL Black Belt Scripts and Tools CD FREE
    Itzik Ben-Gan's Guide to Database Scripting
  • Pinalkumar Dave, Michelle Poolet, Itzik Ben-Gan, Douglas McDowell, Mike Otey
    share their expert solutions, wit and industry insights
  • A community to connect and interact with your peers
    Access to exclusive SQL Server events, blogs, forums, Web updates, and news alerts on the absolute latest industry developments as they happen
  • Up-to-the-minute information you can't be without
    New SQL developments,BI, SharePoint, Data Warehousing and much more
  • 12 issues (1 year) of SQL Server Magazine for just $84 . That's a $15 discount off the regular price*.At the current US dollar rate, that's our best deal ever!

Is Vista Easier to Patch Than Linux or UNIX?

WIN_SECURITY UPDATE_
A Penton Media Property
April 30, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656244-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
BeyondTrust

FREE Product- Identify What Apps Require Admin Rights

BeyondTrust Application Rights Auditor is a new, free product that
automatically identifies and reports the Windows applications that
require users to have admin rights. Once identified, enterprises can
develop informed plans to remove admin rights without app downtime.

FREE product to identify what apps require users to have admin rights.

http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656245-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--Is Vista Easier to Patch Than Linux or UNIX?
by Mark Joseph Edwards, News Editor
Recently Jeff Jones (strategy director in the Microsoft Security
Technology Unit) released an updated "one year vulnerability report"
regarding Windows Vista. The data in the report shows how Vista compares
to Windows XP, Red Hat Enterprise Linux 4 Workstation, Ubuntu 6.06, and
Mac OS X 10.4 in terms of vulnerabilities during each OS's first year in
the marketplace.

Jones used a variety of criteria for the comparison, including limiting
the applications that he analyzed for the sake of keeping the competing
OSs in line with a typical Vista installation. For example, RedHat and
Ubuntu ship with OpenOffice installed by default on desktop systems.
Jones didn't consider vulnerabilities in OpenOffice as part of his
analysis. Other omissions were made of tools such as the Gimp graphics
program and the gcc compiler, depending on the OS.

When the results were tallied, Jones found that during Vista's first
year, 36 vulnerabilities were fixed by 17 patches in 9 patch events. The
events were regular due to Microsoft's scheduled monthly patch releases.
XP on the other hand experienced 65 vulnerability fixes in 30 patches
for a total of 26 events. Quite a difference, as should be the case at
this point in Windows' evolution.

RedHat Enterprise Linux 4 Workstation experienced 360 vulnerability
fixes in 125 patches in 64 patch events. Ubuntu 6.06 experienced 224
vulnerability fixes in 80 patches in 65 patch events. OS X 10.4
experienced 116 vulnerability fixes in 17 patches in 17 patch events.

The low number of patch events for Vista and OS X are due to Microsoft's
and Apple's routine of issuing patches on relatively fixed schedules.
RedHat and Ubuntu on the other hand publish security patches immediately
after they become available. So there's a trade-off involved: The
approach used by Microsoft and Apple reduces the amount of
administrative overhead but leaves customers exposed to security risks
longer than if patches were issued immediately upon creation.

Near the beginning of the report, Jones suggests how the data might be
useful by posing two questions: "All other things being equal, is it
easier to mediate risk on a system that has 10 vulnerabilities in a year
or one that has 100 vulnerabilities in a year?" And, "Which has a more
negative impact on your security team and risk management process -
deploying 10 security updates per year or deploying 100 security updates
per year?"

The answer to first question is rather obvious: Of course it's easier to
handle risk on systems with fewer vulnerabilities, assuming that we're
talking only about patching holes and nothing else. The second question
is too narrow because it overlooks the fact that Windows is the most
targeted OS on the planet. Maybe asking yourselves how that fact affects
your security team and risk management process would be more realistic.
That aside, some of us would rather have patches immediately even if
that means installing patches 100 times throughout the year.

Another issue not taken into consideration when posing those questions
is the issue of downtime. To give you a good idea of the ramifications
of less-than-stellar patch installation processes, refer to my editorial
of March 5, 2008, "Windows Server: The New King of Downtime" (URL
below). You might recall that according to Yankee Group, Windows Server
has the worst downtime record of any mainstream server OS. The downtime
record is due almost entirely to patch management.

windowsitpro.com/article/articleid/98475/windows-server-the-new-king-of-downtime.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656246-0-0-0-1-2-207)

When patching any version of Windows, a reboot is often required, and in
many cases the OS must be made unavailable to help manage the patch
process. By comparison, UNIX and Linux systems typically don't
experience such extreme burdens. For example, I've loaded many security
patches on Ubuntu desktops and servers, and so far I've never had to
reboot the systems nor take them offline--even systems that run
high-traffic Apache and MySQL servers. Nor have I ever experienced a
patch that breaks system components or services. Maybe I'm just lucky,
but I don't think so.

Last week I did a complete OS upgrade on some Ubuntu desktops. The
upgrade required the installation of 1,234 new packages. The upgrade ran
completely in the background and didn't interrupt system use during
installation. The systems were down for a total of about 30 seconds due
to a need to reboot because the upgrades were major--similar to
upgrading Vista with SP1. As far as I can see Linux is far easier to
upgrade or patch than Windows.

Although I don't think Jones's report is anything to give a lot of
weight to, if you're interested in reading it you can download a copy in
PDF format at Jones's blog at the first URL below. And, if you're
interested to see how Windows is still the most targeted OS on the
planet, get a copy of Microsoft's new Security Intelligence Report at
the second URL below.

blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656247-0-0-0-1-2-207)

www.microsoft.com/downloads/details.aspx?FamilyId=BCC879DB-9FE6-4331-B231-E274EA8FC804&displaylang=en
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656248-0-0-0-1-2-207)

Microsoft has a long way to go to improve its patch management process.
It needs to be more transparent, and patches need to be more thoroughly
tested before they become available. If Microsoft could achieve that,
then the company could ditch its monthly patch release schedule and make
patches available immediately as in the past, but this time without
putting a huge burden on administrators and end users. As things stand
now, there's fear every Patch Tuesday that a patch is going to break
systems. I bet that, like me, many of you never experience that fear
with your Linux platforms.

--Security Horror Story Contest
Tell us about a security hole that you found, a virus that shut down
your network, an embarrassing or scary near-miss or direct hit. (Be sure
to describe how you solved the problem too.) We'll print the best tales
in a Windows IT Pro cover story (anonymously, if you like), and you'll
win a 1-year Windows IT Pro VIP subscription. Send your security horror
stories (no more than 500 words) to lpeters@windowsitpro.com
(mailto:lpeters@windowsitpro.com) by May 9.

----------------------------------------
ADVERTISEMENT
VeriSign, Inc. / SSL

Increase confidence on your site

Give your site visitors the reassurance that your site is safe to
transact on with VeriSign Extended Validation (EV) SSL Certificates.
The new certificates turn the address bar green in high security
browsers letting customers know that they are on the site they intended
to be on. Learn how to provide the latest advancement in SSL, EV SSL,
and give your customers the confidence to transact on your site with
this free white paper.

http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656249-0-0-0-1-2-207
----------------------------------------


SECURITY NEWS AND FEATURES

--Ubuntu 8.04 Unleashed
Canonical released Ubuntu 8.04 for desktops and servers, the latter of
which includes several new security tools and features.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656250-0-0-0-1-2-207

--Panda Warns of Widespread SQL Injection Attacks
Panda Security is warning administrators of a widespread SQL injection
attack against Microsoft IIS servers. The company said that so far about
282,000 Web pages have already been infected.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656251-0-0-0-1-2-207

--UK on Track for a Record Level of Phishing Incidents
UK payment association APACS said it tracked more than 10,000 phishing
incidents between January and March of this year. Compounding the
problem, one third of UK consumers don't have adequate protection on
their computers.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656252-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at

www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656253-0-0-0-1-2-207)


GIVE AND TAKE

--SECURITY MATTERS BLOG: Automatically Generate Exploits?
by Mark Joseph Edwards
Is it possible to take a buggy program along with a patched version of
that same program and automatically generate an exploit? Some people
think it is, and they're out to prove their point.
windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656254-0-0-0-1-2-207)

--FAQ: Publicizing RMS Templates
by John Savill
Q: I've deployed Windows Rights Management Service (RMS) in my
organization, but users aren't receiving the templates I'm pushing.
What's wrong?

Find the answer at
windowsitpro.com/article/articleid/98947
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656255-0-0-0-1-2-207)

--Vote in the 2008 Windows IT Pro Community Choice Awards!
Final voting for the Windows IT Pro Community Choice Awards is now open!
Voting in this awards program is open to all Windows IT Pro Web site
visitors, but vendors whose products are nominated are prohibited from
voting. Click the link below to enter the voting tool:
www.surveymonkey.com/s.aspx?sm=_2fz97tv4rU5iY2IsYDbyCRg_3d_3d
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656256-0-0-0-1-2-207)

Voting will close May 23, 2008 at 11:45 p.m. Mountain.

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.


PRODUCTS

--Use Multiple Diverse Factors for Authentication
by Renee Munshi
AdmitOne Security (formerly BioPassword) announced a new name and a new
product. The AdmitOne Authentication Suite links users to their digital
identities by combining requested authentication factors (username and
password) with observed factors (keystroke dynamics and device
signature) to verify the user. The Suite assesses the risk of fraud to
determine the confidence level of the user's identity. If the confidence
score is too low, additional authentication factors (such as one-time
password to email or SMS) can be employed based on assigned policies.
The Suite includes Web-based administration and reporting capabilities.
For more information, go to
www.admitonesecurity.com (http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656257-0-0-0-1-2-207)


RESOURCES AND EVENTS

Have you checked out OfficeSharePointPro.com lately? Real-time blogs,
hot-off-the-press articles, forums, tips, and more! Learn best practices
from your peers and read real-world implementation and management case
studies. Check it out!

www.officesharepointpro.com/?code=e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656258-0-0-0-1-2-207)

Keep Your Exchange Server Healthy
Fear of loss compels us to protect ourselves. Although no one's life is
in danger from a messaging system, the welfare of your data could be.
Read this white paper to learn the bare and necessary facts you should
know to proactively maintain your Exchange Server 2007 environment.
windowsitpro.com/Whitepapers/Index.cfm?fuseaction=ShowWP&WPID=393a7bec-e173-483c-b887-95b1cf858e28&code=042308er
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656259-0-0-0-1-2-207)

Backup, Recovery, and Testing for Exchange in a Single,
Easy-to-Configure Integrated App
Read how a comprehensive protection solution lets you dispense with your
backup applications, bare-metal recovery solutions, test recovery
hardware, and a lot of worry. See how you can extract any Microsoft
Exchange item or folder without interrupting the performance of the live
Exchange server. Download this white paper today!
windowsitpro.com/whitepapers/Index.cfm?fuseaction=ShowWP&wpid=43065da9-c439-4d63-b079-df04eb60d393&code=042308er
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656260-0-0-0-1-2-207)


FEATURED WHITE PAPER

Top 7 Benefits of Server-Hosted Desktops
This white paper explains the distinct advantages of server-based
computing. Learn the benefits of server-hosted desktops and how to
obtain those benefits. To begin saving money and gain flexibility,
download this white paper today!
windowsitpro.com/whitepapers/Index.cfm?fuseaction=ShowWP&wpid=ad7cc518-087b-4d5c-aa53-2337758a7909&code=042308er
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656261-0-0-0-1-2-207)


ANNOUNCEMENTS

Windows IT Pro Master CD: Take the Experts with You!
Find the solutions you need within the thousands of searchable articles,
helpful bonus content, and loads of expert advice on the Windows IT Pro
Master CD. A Master CD subscription buys you portable access to the
entire Windows IT Pro article database plus exclusive access to the new
articles we publish on WindowsITPro.com every day. It's like having a
team of consultants in your pocket! Get real-world solutions fast--order
the Windows IT Pro Master CD today.
store.pentontech.com/index.cfm?s=1&promocode=EU2284WC&
(http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656262-0-0-0-1-2-207)

CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656263-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656264-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656265-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656266-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=6665

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656267-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-6665-803-202-62923-656268-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

ubuntu-security-announce Digest, Vol 43, Issue 7

This summary is not available. Please click here to view the post.

Tuesday, April 29, 2008

SecurityFocus Linux Newsletter #387

SecurityFocus Linux Newsletter #387
----------------------------------------

This issue is sponsored by Black Hat USA

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Who's Being Exploited?
2.On the Border
II. LINUX VULNERABILITY SUMMARY
1. MoinMoin Multiple ACL Security Bypass Vulnerabilities
2. grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
3. Asterisk IAX2 Packet Amplification Remote Denial of Service Vulnerability
4. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
5. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
6. phpMyAdmin Shared Host Remote Information Disclosure Vulnerability
7. xine-lib NES Sound Format Demuxer 'copyright' Buffer Overflow Vulnerability
8. Computer Associates ARCserve Backup Discovery Service Remote Denial Of Service Vulnerability
9. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
10. KDE 'start_kdeinit' Multiple Local Privilege Escalation Vulnerabilities
11. Linux Terminal Server Project 'ldm' Information Disclosure Vulnerability
12. util-linux-ng 'login' Remote Log Injection Weakness
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MoinMoin Multiple ACL Security Bypass Vulnerabilities
BugTraq ID: 28869
Remote: Yes
Date Published: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28869
Summary:
MoinMoin is prone to multiple security-bypass vulnerabilities because it fails to properly handle Access Control List (ACL) entries.

Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to administrative functionality. This in turn may lead to a compromise of the affected application.

Versions prior to MoinMoin 1.6.3 are affected.

2. grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
BugTraq ID: 28889
Remote: No
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28889
Summary:
The 'grsecurity' application is prone to multiple local security-bypass vulnerabilities because it fails to properly handle return values to certain functions in the RBAC (Role-Based Access Control) system.

Successful exploits will allow attackers to bypass certain security restrictions.

Versions prior to grsecurity 2.1.11-2.6.24.5 (2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21) are affected.

3. Asterisk IAX2 Packet Amplification Remote Denial of Service Vulnerability
BugTraq ID: 28901
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28901
Summary:
Asterisk is prone to a remote denial-of-service vulnerability caused by a flaw in the IAX2 protocol.

Successful exploits result in packet-amplification attacks. Malicious users can cause Asterisk to send large numbers of UDP datagrams to arbitrary addresses, potentially denying service to both the Asterisk service and networks that may become flooded.

4. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
BugTraq ID: 28903
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28903
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.8.6f are vulnerable.

5. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
BugTraq ID: 28904
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28904
Summary:
VLC media player is prone to a buffer-overflow vulnerability because the Cinepak decoder fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6e is vulnerable; other versions may also be affected.

6. phpMyAdmin Shared Host Remote Information Disclosure Vulnerability
BugTraq ID: 28906
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28906
Summary:
phpMyAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue will allow attackers to view arbitrary files within the context of the webserver.

Versions prior to phpMyAdmin 2.11.5.2 are vulnerable.

7. xine-lib NES Sound Format Demuxer 'copyright' Buffer Overflow Vulnerability
BugTraq ID: 28908
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28908
Summary:
The 'xine-lib' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects xine-lib 1.1.12 and prior versions.

UPDATE (April 24, 2008): Guido Landi states that this is not a vulnerability because the buffer cannot be overrun. Symantec has not confirmed this.

8. Computer Associates ARCserve Backup Discovery Service Remote Denial Of Service Vulnerability
BugTraq ID: 28927
Remote: Yes
Date Published: 2008-04-24
Relevant URL: http://www.securityfocus.com/bid/28927
Summary:
Computer Associates ARCserve Backup is affected by a denial-of-service vulnerability because the application mishandles malformed user-supplied input.

A remote attacker may exploit this issue to cause denial-of-service conditions.

CA ARCserve Backup 12.0.5454.0 is affected by this issue; other versions may also be vulnerable.

9. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 28928
Remote: Yes
Date Published: 2008-04-24
Relevant URL: http://www.securityfocus.com/bid/28928
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers. Failed exploits can cause denial-of-service conditions.

Perl 5.8.8 is vulnerable to this issue; other versions may also be affected.

NOTE: This issue may be related to BID 26350 ('Perl Unicode Regular Expression Buffer Overflow Vulnerability').

10. KDE 'start_kdeinit' Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 28938
Remote: No
Date Published: 2008-04-26
Relevant URL: http://www.securityfocus.com/bid/28938
Summary:
The 'start_kdeinit' utility in KDE is prone to multiple local privilege-escalation vulnerabilities because it fails to properly sanitize input.

Successful attacks allow local users to send signals to arbitrary processes, triggering denial-of-service conditions. Attackers may also be able to execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

11. Linux Terminal Server Project 'ldm' Information Disclosure Vulnerability
BugTraq ID: 28960
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28960
Summary:
Linux Terminal Server Project is prone to an information-disclosure vulnerability.

An attacker can exploit this issue from the local network to obtain potentially sensitive information that may aid in further attacks.

12. util-linux-ng 'login' Remote Log Injection Weakness
BugTraq ID: 28983
Remote: Yes
Date Published: 2008-04-29
Relevant URL: http://www.securityfocus.com/bid/28983
Summary:
The 'login' utility from 'util-linux-ng' is prone to a weakness that allows remote attackers to inject false information into log files. This issue occurs because the utility fails to properly sanitize user-supplied input.

Successful exploits allow malicious users to inject false information into log files. The injected information may aid in indirect attacks against log-monitoring systems or may allow attackers to obfuscate malicious activity.

Versions prior to util-linux-ng 2.13.1.1 are prone to this issue.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

Blog Archive