----------------------------------------
This issue is sponsored by Black Hat USA:
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Anti-Social Networking
2. Thinking Beyond the Ivory Towers
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel SPARC 'mmap()' Denial Of Service Vulnerability
2. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
3. OpenSSL Multiple Denial of Service Vulnerabilities
4. 'imlib2' Library Multiple Buffer Overflow Vulnerabilities
5. Pan '.nzb' File Parsing Heap Overflow Vulnerability
6. ikiwiki Blank Password Authentication Bypass Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. ARP handler Inspection tool released
2. Spam sent through server using authid=apache or mysql
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.
http://www.securityfocus.com/columnists/473
2. Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.
http://www.securityfocus.com/columnists/472
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel SPARC 'mmap()' Denial Of Service Vulnerability
BugTraq ID: 29397
Remote: No
Date Published: 2008-05-27
Relevant URL: http://www.securityfocus.com/bid/29397
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when mapping memory addresses on SPARC-based computers.
Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.
Linux kernels prior to 2.6.25.3 are vulnerable.
2. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
BugTraq ID: 29404
Remote: Yes
Date Published: 2008-05-28
Relevant URL: http://www.securityfocus.com/bid/29404
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs when the application processes SMB packets in a client context.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.
The issue affects Samba 3.0.28a and 3.0.29; other versions may also be affected.
NOTE: This BID was originally titled 'Samba 'lib/util_sock.c' Buffer Overflow Vulnerability'. The title was changed to better identify the issue.
3. OpenSSL Multiple Denial of Service Vulnerabilities
BugTraq ID: 29405
Remote: Yes
Date Published: 2008-05-28
Relevant URL: http://www.securityfocus.com/bid/29405
Summary:
OpenSSL is prone to multiple denial-of-service vulnerabilities.
Attackers can leverage these issues to cause a client or server application to crash. Successful exploits will deny service to legitimate users.
OpenSSL 0.9.8f and 0.9.8g are reported vulnerable. Other versions may be affected as well.
4. 'imlib2' Library Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 29417
Remote: Yes
Date Published: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29417
Summary:
The 'imlib2' library is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data.
An attacker can exploit these issues to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.
The issues affect imlib2 1.4.0; other versions may also be affected.
5. Pan '.nzb' File Parsing Heap Overflow Vulnerability
BugTraq ID: 29421
Remote: Yes
Date Published: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29421
Summary:
Pan is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed '.nzb' files.
Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.
6. ikiwiki Blank Password Authentication Bypass Vulnerability
BugTraq ID: 29479
Remote: Yes
Date Published: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29479
Summary:
The 'ikiwiki' program is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application.
Versions between ikiwiki 1.34 and 2.47 are vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. ARP handler Inspection tool released
http://www.securityfocus.com/archive/91/492905
2. Spam sent through server using authid=apache or mysql
http://www.securityfocus.com/archive/91/492810
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
No comments:
Post a Comment