----------------------------------------
This issue is sponsored by Sponsored by IBM:
Web Application Security: Automated Scanning Versus Manual Penetration Testing
There are many ways to uncover Web application vulnerabilities. This white paper examines a few of these vulnerability detection methods - comparing and contrasting manual penetration testing with automated scanning tools.
http://whitepapers.securityfocus.com/option,com_categoryreport/task,viewabstract/title,3249/id,/vid,36/cat,/pathway,no/srcid,189/
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. LINUX VULNERABILITY SUMMARY
1. libxml2 Recursive Entity Remote Denial of Service Vulnerability
2. Red Hat OpenSSH Backdoor Vulnerability
3. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
4. VLC Media Player 'mmstu.c' MMS Protocol Handling Buffer Overflow Vulnerability
5. GPicView Multiple Local Security Vulnerabilities
6. LibTIFF 'tif_lzw.c' Remote Integer Underflow Vulnerability
7. HP System Management Homepage (SMH) 'message.php' Cross Site Scripting Vulnerability
8. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
9. IBM DB2 CLR Stored Procedures Deployment Unspecified Vulnerability
10. OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
11. Honeyd Insecure Temporary File Creation Vulnerability
12. APTonCD Insecure Temporary File Creation Vulnerability
13. Aegis 'aegis.cgi' Insecure Temporary File Creation Vulnerability
14. AudioLink Insecure Temporary File Creation Vulnerability
15. gdrae Insecure Temporary File Creation Vulnerability
16. Amanda CDRW-Taper Insecure Temporary File Creation Vulnerability
17. CDcontrol Insecure Temporary File Creation Vulnerability
18. Crossfire crossfire-maps Insecure Temporary File Creation Vulnerability
19. ARB Multiple Insecure Temporary File Creation Vulnerabilities
20. Apertium Multiple Insecure Temporary File Creation Vulnerabilities
21. Caudium Insecure Temporary File Creation Vulnerability
22. cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
23. LinuxTrade Insecure Temporary File Creation Vulnerabilities
24. Debian 'linux-patch-openswan' Insecure Temporary File Creation Vulnerabilities
25. Dreambox Web Interface URI Remote Denial of Service Vulnerability
26. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
27. Ogle DVD Player Insecure Temporary File Creation Vulnerabilities
28. Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability
29. Plait Insecure Temporary File Creation Vulnerability
30. MySpell Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/ Oct. 1)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478
2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. libxml2 Recursive Entity Remote Denial of Service Vulnerability
BugTraq ID: 30783
Remote: Yes
Date Published: 2008-08-21
Relevant URL: http://www.securityfocus.com/bid/30783
Summary:
The libxml2 library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.
2. Red Hat OpenSSH Backdoor Vulnerability
BugTraq ID: 30794
Remote: Yes
Date Published: 2008-08-22
Relevant URL: http://www.securityfocus.com/bid/30794
Summary:
OpenSSH running on Red Hat operating systems are prone to a backdoor vulnerability.
Attackers can exploit this issue by enticing an unsuspecting victim to download and install a malicious OpenSSH package from a compromised Red Hat software repository or from mirrors that replicated the malicious packages. Successfully exploiting this issue will compromise the affected computer.
This issue affects OpenSSH running on the following operating systems:
Red Hat Enterprise Linux 4 i386
Red Hat Enterprise Linux 4 x86_64
Red Hat Enterprise Linux 5 x86_64
3. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
BugTraq ID: 30795
Remote: Yes
Date Published: 2008-08-19
Relevant URL: http://www.securityfocus.com/bid/30795
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.
Vim 7.2 is vulnerable; other versions may also be affected.
4. VLC Media Player 'mmstu.c' MMS Protocol Handling Buffer Overflow Vulnerability
BugTraq ID: 30806
Remote: Yes
Date Published: 2008-08-24
Relevant URL: http://www.securityfocus.com/bid/30806
Summary:
VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6i is vulnerable; other versions may also be affected.
5. GPicView Multiple Local Security Vulnerabilities
BugTraq ID: 30819
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30819
Summary:
GPicView is affected by multiple local security vulnerabilities:
- The software creates temporary files in an insecure manner.
- The software contains two vulnerabilities that may allow attackers to overwrite arbitrary files.
These issues stem from a design error that permits files to be saved without user verification.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of the user running the application.
GPicView 0.1.9 is vulnerable; other versions may also be affected.
6. LibTIFF 'tif_lzw.c' Remote Integer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.
LibTIFF 3.7.2 and 3.8.2 are vulnerable.
7. HP System Management Homepage (SMH) 'message.php' Cross Site Scripting Vulnerability
BugTraq ID: 30846
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30846
Summary:
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
NOTE: This issue may stem from an incomplete fix for the issues discussed in BIDs 24256 (HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability) and 25953 (HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability), but Symantec has not confirmed this.
8. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
BugTraq ID: 30847
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30847
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
Versions since Linux kernel 2.6.24-rc1 are vulnerable.
9. IBM DB2 CLR Stored Procedures Deployment Unspecified Vulnerability
BugTraq ID: 30859
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30859
Summary:
IBM DB2 is prone to an unspecified security vulnerability that occurs when deploying CLR stored procedures from IBM Database Add-ins for Visual Studio.
Very little is known about this issue at this time. We will update this BID as more information emerges.
Versions prior to IBM DB2 9.5 Fixpak 2 are vulnerable.
10. OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
BugTraq ID: 30866
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30866
Summary:
OpenOffice is prone to a remote code-execution vulnerability because of errors in memory allocation.
Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted OpenOffice document.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
OpenOffice 2.41 is vulnerable; other versions may also be affected. This issue is limited to builds on 64-bit platforms.
11. Honeyd Insecure Temporary File Creation Vulnerability
BugTraq ID: 30874
Remote: No
Date Published: 2008-08-24
Relevant URL: http://www.securityfocus.com/bid/30874
Summary:
Honeyd creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Honeyd 1.5c is vulnerable; other versions may also be affected.
12. APTonCD Insecure Temporary File Creation Vulnerability
BugTraq ID: 30882
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30882
Summary:
APTonCD creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
APTonCD 0.1 is vulnerable; other versions may also be affected.
13. Aegis 'aegis.cgi' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30883
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30883
Summary:
Aegis creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Aegis 4.2.4 is vulnerable; other versions may also be affected.
14. AudioLink Insecure Temporary File Creation Vulnerability
BugTraq ID: 30886
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30886
Summary:
AudioLink creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
AudioLink 0.05 is vulnerable; other versions may also be affected.
15. gdrae Insecure Temporary File Creation Vulnerability
BugTraq ID: 30888
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30888
Summary:
The 'gdrae' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects gdrae 0.1; other versions may also be affected.
16. Amanda CDRW-Taper Insecure Temporary File Creation Vulnerability
BugTraq ID: 30890
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30890
Summary:
Amanda CDRW-Taper creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Amanda CDRW-Taper 0.4 is vulnerable; other versions may also be affected.
17. CDcontrol Insecure Temporary File Creation Vulnerability
BugTraq ID: 30892
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30892
Summary:
CDcontrol creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
CDcontrol 1.90 is vulnerable; other versions may also be affected.
18. Crossfire crossfire-maps Insecure Temporary File Creation Vulnerability
BugTraq ID: 30893
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30893
Summary:
Crossfire crossfire-maps creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Crossfire crossfire-maps 0.11.0-1 is vulnerable; other versions may also be affected.
19. ARB Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30895
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30895
Summary:
ARB creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
ARB 0.0.20071207 is vulnerable; other versions may also be affected.
20. Apertium Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30896
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30896
Summary:
Apertium creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Apertium 3.0.7 is vulnerable; other versions may also be affected.
21. Caudium Insecure Temporary File Creation Vulnerability
BugTraq ID: 30897
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30897
Summary:
Caudium creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Caudium 1.4.12 is vulnerable; other versions may also be affected.
22. cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30898
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30898
Summary:
The 'cman' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
The 'cman' component of cluster2 2.03.07 is vulnerable; other versions may also be affected.
23. LinuxTrade Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30910
Remote: No
Date Published: 2008-08-24
Relevant URL: http://www.securityfocus.com/bid/30910
Summary:
LinuxTrade creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
LinuxTrade 3.65 is vulnerable; other versions may also be affected.
24. Debian 'linux-patch-openswan' Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30918
Remote: No
Date Published: 2008-08-24
Relevant URL: http://www.securityfocus.com/bid/30918
Summary:
Debian 'linux-patch-openswan' creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian 'linux-patch-openswan' 2.4.12+dfsg-1.1 is vulnerable; other versions may also be affected.
25. Dreambox Web Interface URI Remote Denial of Service Vulnerability
BugTraq ID: 30919
Remote: Yes
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30919
Summary:
Dreambox is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution may be possible. This has not been confirmed.
Dreambox DM500C is vulnerable; other models may also be affected.
26. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30925
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30925
Summary:
OpenOffice creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
OpenOffice 2.4.1 is vulnerable; other versions may also be affected.
27. Ogle DVD Player Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30926
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30926
Summary:
Ogle DVD Player creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Ogle 0.9.2 is vulnerable; other versions may also be affected.
28. Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30927
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30927
Summary:
Mgetty creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Mgetty 1.1.36 is vulnerable; other versions may also be affected.
29. Plait Insecure Temporary File Creation Vulnerability
BugTraq ID: 30928
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30928
Summary:
Plait creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Plait 1.5.2 is vulnerable; other versions may also be affected.
30. MySpell Insecure Temporary File Creation Vulnerability
BugTraq ID: 30929
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30929
Summary:
MySpell creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
MySpell 3.1 is vulnerable; other versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/ Oct. 1)
http://www.securityfocus.com/archive/91/495774
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by IBM:
Web Application Security: Automated Scanning Versus Manual Penetration Testing
There are many ways to uncover Web application vulnerabilities. This white paper examines a few of these vulnerability detection methods - comparing and contrasting manual penetration testing with automated scanning tools.
http://whitepapers.securityfocus.com/option,com_categoryreport/task,viewabstract/title,3249/id,/vid,36/cat,/pathway,no/srcid,189/
No comments:
Post a Comment