----------------------------------------
This issue is sponsored by Blackhat USA
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Thinking Beyond the Ivory Towers
2.Click Crime
II. LINUX VULNERABILITY SUMMARY
1. Debian OpenSSL Package Random Number Generator Weakness
2. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
3. Xen Para-Virtualized Framebuffer Message Format Denial Of Service Vulnerability
4. Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities
5. libvorbis Multiple Remote Vulnerabilities
6. 'libid3tag' Denial of Service Vulnerability
7. GForge Insecure Temporary File Creation Vulnerability
8. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
9. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
10. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
11. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
12. libxslt XSL File Processing Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CfP hack.lu 2008
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.
http://www.securityfocus.com/columnists/472
2. Click Crime
By Mark Rasch
It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one.
http://www.securityfocus.com/columnists/471
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.
Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.
This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.
2. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
BugTraq ID: 29183
Remote: No
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29183
Summary:
Xen is prone to a local denial-of-service vulnerability.
Successfully exploiting this issue will crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
3. Xen Para-Virtualized Framebuffer Message Format Denial Of Service Vulnerability
BugTraq ID: 29186
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29186
Summary:
Xen is prone to a denial-of-service vulnerability because the application fails to adequately verify the format of user-supplied data.
An attacker can leverage this issue to cause denial-of-service conditions or to compromise the privileged domain (Dom0).
4. Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities
BugTraq ID: 29190
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29190
Summary:
Multiple operating systems are prone to remote denial-of-service vulnerabilities that occur when affected operating systems are acting as IPv6 routers.
Successful exploits allow remote attackers to cause computers to consume excessive CPU resources or to stop responding to advertised routes in a network. This will potentially deny further network services to legitimate users.
Microsoft Windows XP, Microsoft Windows Server 2003, and Linux are prone to these issues. Other operating systems may also be affected.
5. libvorbis Multiple Remote Vulnerabilities
BugTraq ID: 29206
Remote: Yes
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29206
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a heap-overflow issue and multiple integer-overflow issues.
An attacker can exploit these issues to execute arbitrary code within the context of an affected application or cause the application to crash.
These issues affect libvorbis 1.2.0; other versions of the library may also be affected.
6. 'libid3tag' Denial of Service Vulnerability
BugTraq ID: 29210
Remote: Yes
Date Published: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29210
Summary:
The 'libid3tag' library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions in applications using a vulnerable version of the library.
The issue affects libid3tag 0.15.0b; other versions may also be vulnerable.
7. GForge Insecure Temporary File Creation Vulnerability
BugTraq ID: 29215
Remote: No
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29215
Summary:
GForge creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.
8. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.
9. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 29290
Remote: Yes
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29290
Summary:
mtr is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
10. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
BugTraq ID: 29292
Remote: Yes
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29292
Summary:
GnuTLS is prone to multiple remote vulnerabilities, including:
- A buffer-overflow vulnerability
- Multiple denial-of-service vulnerabilities
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the affected application, denying service to legitimate users.
GnuTLS versions prior to 2.2.5 are vulnerable.
11. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
BugTraq ID: 29294
Remote: No
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29294
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain large timer expiry values.
Attackers can exploit this issue to cause the application to enter an infinite loop, denying service to legitimate users.
This issue affects the Linux kernel 2.6.21-rc4 and prior version srunning on 64-bit architectures.
12. libxslt XSL File Processing Buffer Overflow Vulnerability
BugTraq ID: 29312
Remote: Yes
Date Published: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29312
Summary:
The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects libxslt versions 1.1.23 and prior.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CfP hack.lu 2008
http://www.securityfocus.com/archive/91/492320
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Blackhat USA
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
No comments:
Post a Comment