----------------------------------------
This issue is sponsored by Black Hat USA:
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. LINUX VULNERABILITY SUMMARY
1. EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability
2. EMC Retrospect Backup Client Password Hash Information Disclosure Vulnerability
3. EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability
4. Asterisk IAX2 Firmware Provisioning Packet Amplification Remote Denial of Service Vulnerability
5. Linux Kernel x86_64 Kernel LDT 'ldt_desc' Buffer Overflow Vulnerability
6. GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability
7. vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
8. Cygwin 'setup.exe' Installation and Update Process Mirror Authenticity Verification Vulnerability
9. Links 'only proxies' Unspecified Security Vulnerability
10. @Mail Multiple Local Information Disclosure Vulnerabilities
11. 'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
12. libxslt RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability
13. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
14. SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. root shell auditing
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477
2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability
BugTraq ID: 30306
Remote: Yes
Date Published: 2008-07-21
Relevant URL: http://www.securityfocus.com/bid/30306
Summary:
EMC Dantz Retrospect Backup Client is prone to a remote memory-corruption vulnerability.
Remote attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
2. EMC Retrospect Backup Client Password Hash Information Disclosure Vulnerability
BugTraq ID: 30308
Remote: Yes
Date Published: 2008-07-21
Relevant URL: http://www.securityfocus.com/bid/30308
Summary:
EMC Retrospect Backup Client is prone to an information-disclosure vulnerability.
Exploiting this issue can allow attackers to access password hash data that will aid in further attacks.
Retrospect Backup Client 7.5.116 is vulnerable; other versions may also be affected.
3. EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability
BugTraq ID: 30313
Remote: Yes
Date Published: 2008-07-21
Relevant URL: http://www.securityfocus.com/bid/30313
Summary:
EMC Retrospect Backup Client is prone to a remote denial-of-service vulnerability because of a design error that causes a NULL-pointer exception.
An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
4. Asterisk IAX2 Firmware Provisioning Packet Amplification Remote Denial of Service Vulnerability
BugTraq ID: 30350
Remote: Yes
Date Published: 2008-07-22
Relevant URL: http://www.securityfocus.com/bid/30350
Summary:
Asterisk servers may be used to carry out remote denial-of-service attacks. This issue is caused by a flaw in the IAX2 firmware download protocol.
Successful exploits result in packet-amplification attacks. Malicious users can cause Asterisk servers to send large numbers of unwanted firmware packets to arbitrary addresses, potentially denying service to computers and networks because of flooding.
5. Linux Kernel x86_64 Kernel LDT 'ldt_desc' Buffer Overflow Vulnerability
BugTraq ID: 30351
Remote: No
Date Published: 2008-07-22
Relevant URL: http://www.securityfocus.com/bid/30351
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data on 64-bit computers.
A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.
Linux kernels 2.6.25 through 2.6.25.10 are affected.
6. GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability
BugTraq ID: 30363
Remote: No
Date Published: 2008-07-24
Relevant URL: http://www.securityfocus.com/bid/30363
Summary:
GNU Coreutils is prone to a local authentication-bypass vulnerability.
A local attacker running the 'su' command can exploit this issue to gain unauthorized access to locked or expired accounts. Successfully exploiting this issue may lead to other attacks.
7. vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
BugTraq ID: 30364
Remote: Yes
Date Published: 2008-07-24
Relevant URL: http://www.securityfocus.com/bid/30364
Summary:
The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability when used with Pluggable Authentication Modules (PAM).
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Versions prior to vsftpd 2.0.5 are affected.
8. Cygwin 'setup.exe' Installation and Update Process Mirror Authenticity Verification Vulnerability
BugTraq ID: 30375
Remote: Yes
Date Published: 2008-07-25
Relevant URL: http://www.securityfocus.com/bid/30375
Summary:
Cygwin 'setup.exe' is prone to a vulnerability caused by inadequate verification of mirror authenticity.
Attackers who can impersonate a Cygwin download mirror (by exploiting a DNS cache-poisoning, session-hijacking, or some other vulnerability) could perform a man-in-the-middle attack and leverage this issue to cause the application to retrieve and install malicious packages.
Versions prior to Cygwin 'setup.exe' 2.573.2.3 are vulnerable.
9. Links 'only proxies' Unspecified Security Vulnerability
BugTraq ID: 30422
Remote: Yes
Date Published: 2008-07-29
Relevant URL: http://www.securityfocus.com/bid/30422
Summary:
Links is prone to an unspecified security vulnerability related to providing URIs to external programs.
Very few details are available regarding this issue. We will update this BID as more information emerges.
10. @Mail Multiple Local Information Disclosure Vulnerabilities
BugTraq ID: 30434
Remote: No
Date Published: 2008-07-30
Relevant URL: http://www.securityfocus.com/bid/30434
Summary:
@Mail is prone to multiple information-disclosure vulnerabilities because the application fails to properly restrict access to sensitive files.
An unprivileged attacker may exploit these issues to obtain sensitive information.
@Mail 5.41 is vulnerable; other versions may also be affected.
11. 'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
BugTraq ID: 30466
Remote: Yes
Date Published: 2008-07-31
Relevant URL: http://www.securityfocus.com/bid/30466
Summary:
The 'nfs-utils' package is prone to a security-bypass vulnerability because it was not properly built with TCP wrappers support.
Remote attackers can exploit this issue to bypass certain security restrictions and gain access to NFS services on vulnerable computers.
This issue occurs in the 'nfs-utils' package built with Red Hat Enterprise Linux 5.
12. libxslt RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability
BugTraq ID: 30467
Remote: Yes
Date Published: 2008-07-31
Relevant URL: http://www.securityfocus.com/bid/30467
Summary:
The 'libxslt' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects libxslt versions 1.1.8 to 1.1.24.
13. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
BugTraq ID: 30473
Remote: No
Date Published: 2008-07-31
Relevant URL: http://www.securityfocus.com/bid/30473
Summary:
OpenSC insecurely initializes Seimens CardOS M4 based smart cards and USB crypto tokens.
Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks.
NOTE: This issue can not be leveraged to access an existing PIN number.
This issue occurs in versions prior to OpenSC 0.11.5.
14. SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 30474
Remote: No
Date Published: 2008-07-31
Relevant URL: http://www.securityfocus.com/bid/30474
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability that occurs in the 'dbmsrv' process because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary code with 'sdb:sdba' privileges. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer.
SAP MaxDB version 7.6.03.15 on Linux is vulnerable; other versions running on different platforms may also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. root shell auditing
http://www.securityfocus.com/archive/91/494849
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com
No comments:
Post a Comment