News

Wednesday, June 25, 2008

SecurityFocus Linux Newsletter #395

SecurityFocus Linux Newsletter #395
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Firing Up Browser Security
2.Racing Against Reversers
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
2. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
3. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
4. Skulltag Malformed Packet Denial of Service Vulnerability
5. Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability
6. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
7. TMSNC UBX Message Remote Buffer Overflow Vulnerability
8. Multiple XnView Products TAAC File Buffer Overflow Vulnerability
9. IGSuite 'formid' Parameter SQL Injection Vulnerability
10. phpDMCA Multiple Remote File Include Vulnerabilities
11. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Vulnerability and Patch-Management in Linux (and other Unix)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Firing Up Browser Security
By Federico Biancuzzi
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.

http://www.securityfocus.com/columnists/475

2.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.

http://www.securityfocus.com/columnists/474


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
BugTraq ID: 29747
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29747
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer on the local network, denying service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.26-rc6 are vulnerable.

2. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
BugTraq ID: 29750
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29750
Summary:
ClamAV is prone to a denial-of-service vulnerability caused by an invalid memory access during a 'memcpy()' call.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to ClamAV 0.93.1 are vulnerable.

3. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
BugTraq ID: 29758
Remote: No
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29758
Summary:
The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows.

Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.

4. Skulltag Malformed Packet Denial of Service Vulnerability
BugTraq ID: 29760
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29760
Summary:
Skulltag is prone to a vulnerability that can cause denial-of-service conditions.

A successful attack will deny service to legitimate users.

Skulltag 0.97d2-RC3 is vulnerable; other versions may also be affected.

5. Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29782
Remote: Yes
Date Published: 2008-06-17
Relevant URL: http://www.securityfocus.com/bid/29782
Summary:
The Novell eDirectory server iMonitor is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects versions prior to and including Novell eDirectory 8.8.2 and 8.7.3.9 for Solaris, Linux, and Windows 2000/2003.

6. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Date Published: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.6 and prior versions are vulnerable.

7. TMSNC UBX Message Remote Buffer Overflow Vulnerability
BugTraq ID: 29850
Remote: Yes
Date Published: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29850
Summary:
TMSNC is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

This issue affects TMSNC 0.3.2; other versions may also be affected.

8. Multiple XnView Products TAAC File Buffer Overflow Vulnerability
BugTraq ID: 29851
Remote: Yes
Date Published: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29851
Summary:
The XnView, NConvert, and GFL SDK products are all vulnerable to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious image files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected applications, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.

The following packages are affected by this issue:
- XnView 1.70 for Linux and FreeBSD
- XnView 1.93.6 for Windows
- GFL SDK 2.82
- NConvert 4.92

Other versions may also be affected.

9. IGSuite 'formid' Parameter SQL Injection Vulnerability
BugTraq ID: 29879
Remote: Yes
Date Published: 2008-06-22
Relevant URL: http://www.securityfocus.com/bid/29879
Summary:
IGSuite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IGSuite 3.2.4 is vulnerable; previous versions may also be affected.

10. phpDMCA Multiple Remote File Include Vulnerabilities
BugTraq ID: 29880
Remote: Yes
Date Published: 2008-06-22
Relevant URL: http://www.securityfocus.com/bid/29880
Summary:
phpDMCA is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

phpDMCA 1.0.0 is vulnerable; other versions may also be affected.

11. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
BugTraq ID: 29913
Remote: No
Date Published: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29913
Summary:
Red Hat Linux SBLIM packages are prone to a local privilege-escalation vulnerability because they were built with insecure library search paths.

Exploiting this issue allows local attackers to execute arbitrary code with elevated privileges.

SBLIM packages built and shipped with the following versions of Red Hat are affected:

Red Hat Enterprise Linux Workstation version 5
Red Hat Desktop version 4
Red Hat Enterprise Linux version 5 server
Red Hat Enterprise Linux AS version 4
Red Hat Enterprise Linux Desktop version 5 client
Red Hat Enterprise Linux ES version 4
Red Hat Enterprise Linux WS version 4

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Vulnerability and Patch-Management in Linux (and other Unix)
http://www.securityfocus.com/archive/91/493478

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

No comments:

Blog Archive