----------------------------------------
This issue is sponsored by Sponsored by IBM:
Web Application Security: Automated Scanning Versus Manual Penetration Testing
There are many ways to uncover Web application vulnerabilities. This white paper examines a few of these vulnerability detection methods - comparing and contrasting manual penetration testing with automated scanning tools.
http://dinclinx.com/Redirect.aspx?36;3249;40;189;0;26;e990d3e3991e114c
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. LINUX VULNERABILITY SUMMARY
1. GPicView Multiple Local Security Vulnerabilities
2. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
3. HP System Management Homepage (SMH) 'message.php' Cross Site Scripting Vulnerability
4. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
5. IBM DB2 CLR Stored Procedures Deployment Unspecified Vulnerability
6. OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
7. APTonCD Insecure Temporary File Creation Vulnerability
8. Aegis 'aegis.cgi' Insecure Temporary File Creation Vulnerability
9. AudioLink Insecure Temporary File Creation Vulnerability
10. gdrae Insecure Temporary File Creation Vulnerability
11. Amanda CDRW-Taper Insecure Temporary File Creation Vulnerability
12. CDcontrol Insecure Temporary File Creation Vulnerability
13. Crossfire crossfire-maps Insecure Temporary File Creation Vulnerability
14. ARB Multiple Insecure Temporary File Creation Vulnerabilities
15. Apertium Multiple Insecure Temporary File Creation Vulnerabilities
16. Caudium Insecure Temporary File Creation Vulnerability
17. cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
18. Dreambox Web Interface URI Remote Denial of Service Vulnerability
19. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
20. Ogle DVD Player Insecure Temporary File Creation Vulnerabilities
21. Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability
22. Plait Insecure Temporary File Creation Vulnerability
23. MySpell Insecure Temporary File Creation Vulnerability
24. QEMU 'qemu-make-debian-root' Insecure Temporary File Creation Vulnerability
25. Radiance Insecure Temporary File Creation Vulnerabilities
26. Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/ Oct. 1)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478
2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. GPicView Multiple Local Security Vulnerabilities
BugTraq ID: 30819
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30819
Summary:
GPicView is affected by multiple local security vulnerabilities:
- The software creates temporary files in an insecure manner.
- The software contains two vulnerabilities that may allow attackers to overwrite arbitrary files.
These issues stem from a design error that permits files to be saved without user verification.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of the user running the application.
GPicView 0.1.9 is vulnerable; other versions may also be affected.
2. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.
LibTIFF 3.7.2 and 3.8.2 are vulnerable.
3. HP System Management Homepage (SMH) 'message.php' Cross Site Scripting Vulnerability
BugTraq ID: 30846
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30846
Summary:
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
NOTE: This issue may stem from an incomplete fix for the issues discussed in BIDs 24256 (HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability) and 25953 (HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability), but Symantec has not confirmed this.
4. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
BugTraq ID: 30847
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30847
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
Versions since Linux kernel 2.6.24-rc1 are vulnerable.
5. IBM DB2 CLR Stored Procedures Deployment Unspecified Vulnerability
BugTraq ID: 30859
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30859
Summary:
IBM DB2 is prone to an unspecified security vulnerability that occurs when deploying CLR stored procedures from IBM Database Add-ins for Visual Studio.
Very little is known about this issue at this time. We will update this BID as more information emerges.
Versions prior to IBM DB2 9.5 Fixpak 2 are vulnerable.
6. OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
BugTraq ID: 30866
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30866
Summary:
OpenOffice is prone to a remote code-execution vulnerability because of errors in memory allocation.
Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted OpenOffice document.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
OpenOffice 2.41 is vulnerable; other versions may also be affected. This issue is limited to builds on 64-bit platforms.
7. APTonCD Insecure Temporary File Creation Vulnerability
BugTraq ID: 30882
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30882
Summary:
APTonCD creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
APTonCD 0.1 is vulnerable; other versions may also be affected.
8. Aegis 'aegis.cgi' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30883
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30883
Summary:
Aegis creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Aegis 4.2.4 is vulnerable; other versions may also be affected.
9. AudioLink Insecure Temporary File Creation Vulnerability
BugTraq ID: 30886
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30886
Summary:
AudioLink creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
AudioLink 0.05 is vulnerable; other versions may also be affected.
10. gdrae Insecure Temporary File Creation Vulnerability
BugTraq ID: 30888
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30888
Summary:
The 'gdrae' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects gdrae 0.1; other versions may also be affected.
11. Amanda CDRW-Taper Insecure Temporary File Creation Vulnerability
BugTraq ID: 30890
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30890
Summary:
Amanda CDRW-Taper creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Amanda CDRW-Taper 0.4 is vulnerable; other versions may also be affected.
12. CDcontrol Insecure Temporary File Creation Vulnerability
BugTraq ID: 30892
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30892
Summary:
CDcontrol creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
CDcontrol 1.90 is vulnerable; other versions may also be affected.
13. Crossfire crossfire-maps Insecure Temporary File Creation Vulnerability
BugTraq ID: 30893
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30893
Summary:
Crossfire crossfire-maps creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Crossfire crossfire-maps 0.11.0-1 is vulnerable; other versions may also be affected.
14. ARB Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30895
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30895
Summary:
ARB creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
ARB 0.0.20071207 is vulnerable; other versions may also be affected.
15. Apertium Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30896
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30896
Summary:
Apertium creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Apertium 3.0.7 is vulnerable; other versions may also be affected.
16. Caudium Insecure Temporary File Creation Vulnerability
BugTraq ID: 30897
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30897
Summary:
Caudium creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Caudium 1.4.12 is vulnerable; other versions may also be affected.
17. cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30898
Remote: No
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30898
Summary:
The 'cman' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
The 'cman' component of cluster2 2.03.07 is vulnerable; other versions may also be affected.
18. Dreambox Web Interface URI Remote Denial of Service Vulnerability
BugTraq ID: 30919
Remote: Yes
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30919
Summary:
Dreambox is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
Dreambox DM500C is vulnerable; other models may also be affected.
19. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30925
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30925
Summary:
OpenOffice creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
OpenOffice 2.4.1 is vulnerable; other versions may also be affected.
20. Ogle DVD Player Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30926
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30926
Summary:
Ogle DVD Player creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Ogle 0.9.2 is vulnerable; other versions may also be affected.
21. Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30927
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30927
Summary:
Mgetty creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Mgetty 1.1.36 is vulnerable; other versions may also be affected.
22. Plait Insecure Temporary File Creation Vulnerability
BugTraq ID: 30928
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30928
Summary:
Plait creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Plait 1.5.2 is vulnerable; other versions may also be affected.
23. MySpell Insecure Temporary File Creation Vulnerability
BugTraq ID: 30929
Remote: No
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30929
Summary:
MySpell creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
MySpell 3.1 is vulnerable; other versions may also be affected.
24. QEMU 'qemu-make-debian-root' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30931
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30931
Summary:
QEMU creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
QEMU 0.9.1 is vulnerable; other versions may also be affected.
25. Radiance Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30953
Remote: No
Date Published: 2008-09-24
Relevant URL: http://www.securityfocus.com/bid/30953
Summary:
Radiance creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Radiance 3R9 is vulnerable; other versions may also be affected.
26. Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
BugTraq ID: 30977
Remote: No
Date Published: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30977
Summary:
Postfix is prone to a local denial-of-service vulnerability because of a file-descriptor leak that occurs when it executes non-Postfix commands.
Local attackers can exploit this issue to trigger automatic Postfix shutdowns, denying service to legitimate users.
Postfix 2.4 and later for Linux kernel 2.6 platforms are vulnerable.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/ Oct. 1)
http://www.securityfocus.com/archive/91/495774
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by IBM:
Web Application Security: Automated Scanning Versus Manual Penetration Testing
There are many ways to uncover Web application vulnerabilities. This white paper examines a few of these vulnerability detection methods - comparing and contrasting manual penetration testing with automated scanning tools.
http://dinclinx.com/Redirect.aspx?36;3249;40;189;0;26;e990d3e3991e114c
No comments:
Post a Comment