News

Friday, June 20, 2008

SecurityFocus Linux Newsletter #394

SecurityFocus Linux Newsletter #394
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Racing Against Reversers
2.Anti-Social Networking
II. LINUX VULNERABILITY SUMMARY
1. OpenOffice 'rtl_allocateMemory()' Heap Based Buffer Overflow Vulnerability
2. Net-SNMP Remote Authentication Bypass Vulnerability
3. TYPO3 Cross-Site Scripting Vulnerability and File Upload Vulnerability
4. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
5. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
6. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
7. Sun Java System Access Manager Authentication Bypass Vulnerability
8. Red Hat Enterprise Linux OpenOffice Insecure Library Path Local Privilege Escalation Vulnerability
9. Fetchmail Verbose Mode Large Log Messages Remote Denial of Service Vulnerability
10. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
11. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
12. Skulltag Malformed Packet Denial of Service Vulnerability
13. Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability
14. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Vulnerability and Patch-Management in Linux (and other Unix)
2. sshd log analyzer
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.

http://www.securityfocus.com/columnists/474

2.Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.

http://www.securityfocus.com/columnists/473


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. OpenOffice 'rtl_allocateMemory()' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 29622
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29622
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because of errors in processing certain files.

Remote attackers can exploit this issue by enticing victims into opening maliciously crafted OpenOffice.org document files.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issue affects OpenOffice 2 up to and including 2.4.

2. Net-SNMP Remote Authentication Bypass Vulnerability
BugTraq ID: 29623
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29623
Summary:
Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.

Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.

Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable.

3. TYPO3 Cross-Site Scripting Vulnerability and File Upload Vulnerability
BugTraq ID: 29657
Remote: Yes
Date Published: 2008-06-11
Relevant URL: http://www.securityfocus.com/bid/29657
Summary:
TYPO3 is prone to a cross-site scripting vulnerability and a file-upload vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can exploit the file-upload issue to execute arbitrary code in the context of the webserver.

TYPO3 3.x, 4.0 to 4.0.8, 4.1 to 4.1.6, and 4.2.0 are vulnerable.

4. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
BugTraq ID: 29665
Remote: Yes
Date Published: 2008-06-11
Relevant URL: http://www.securityfocus.com/bid/29665
Summary:
X.Org X Server is prone to a denial-of-service vulnerability because the software fails to properly handle exceptional conditions.

Attackers who can connect to a vulnerable X Server may exploit this issue to crash the targeted server, denying further service to legitimate users.

5. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
BugTraq ID: 29669
Remote: Yes
Date Published: 2008-06-11
Relevant URL: http://www.securityfocus.com/bid/29669
Summary:
X.Org X Server is prone to an information-disclosure vulnerability that lets X clients read arbitrary X server memory.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

6. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29670
Remote: Yes
Date Published: 2008-06-11
Relevant URL: http://www.securityfocus.com/bid/29670
Summary:
The RENDER component for X Server is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.

7. Sun Java System Access Manager Authentication Bypass Vulnerability
BugTraq ID: 29676
Remote: Yes
Date Published: 2008-06-11
Relevant URL: http://www.securityfocus.com/bid/29676
Summary:
Sun Java System Access Manager is prone to an authentication-bypass vulnerability.

Exploiting this issue can allow remote attackers to access resources in an unauthorized manner or to gain administrative privileges to the application. This may aid in further attacks.

Sun Java System Access Manager 7.1 is affected by this issue.

8. Red Hat Enterprise Linux OpenOffice Insecure Library Path Local Privilege Escalation Vulnerability
BugTraq ID: 29695
Remote: No
Date Published: 2008-06-13
Relevant URL: http://www.securityfocus.com/bid/29695
Summary:
Red Hat Enterprise Linux OpenOffice packages are prone to a local privilege-escalation vulnerability because they were built with insecure library search paths.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

OpenOffice 1.1.x built and shipped with Red Hat Enterprise Linux 3 and 4 are affected.

9. Fetchmail Verbose Mode Large Log Messages Remote Denial of Service Vulnerability
BugTraq ID: 29705
Remote: Yes
Date Published: 2008-06-13
Relevant URL: http://www.securityfocus.com/bid/29705
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of the issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to Fetchmail 6.3.9 are vulnerable.

10. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
BugTraq ID: 29747
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29747
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer on the local network, denying service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.26-rc6 are vulnerable.

11. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
BugTraq ID: 29758
Remote: No
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29758
Summary:
The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows.

Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.

12. Skulltag Malformed Packet Denial of Service Vulnerability
BugTraq ID: 29760
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29760
Summary:
Skulltag is prone to a vulnerability that can cause denial-of-service conditions.

A successful attack will deny service to legitimate users.

Skulltag 0.97d2-RC3 is vulnerable; other versions may also be affected.

13. Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29782
Remote: Yes
Date Published: 2008-06-17
Relevant URL: http://www.securityfocus.com/bid/29782
Summary:
The Novell eDirectory server iMonitor is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects Novell eDirectory versions prior to and including 8.8.2 and 8.7.3.9 for Solaris, Linux and Windows 2000/2003.

14. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Date Published: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP versions 5.2.6 and prior are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Vulnerability and Patch-Management in Linux (and other Unix)
http://www.securityfocus.com/archive/91/493478

2. sshd log analyzer
http://www.securityfocus.com/archive/91/493280

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

No comments:

Blog Archive