News

Thursday, October 02, 2008

SecurityFocus Linux Newsletter #409

SecurityFocus Linux Newsletter #409
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Blaming the Good Samaritan
2.The Boston Trio and the MBTA
II. LINUX VULNERABILITY SUMMARY
1. Radiance Insecure Temporary File Creation Vulnerabilities
2. RETIRED: Multiple Vendors IMAP Servers Denial of Service Vulnerability
3. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
4. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
5. Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
6. Lighttpd Duplicate Request Header Denial of Service Vulnerability
7. JasPer 1.900.1 Multiple Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481

2.The Boston Trio and the MBTA
By Mark Rasch
The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a Court in Boston.
http://www.securityfocus.com/columnists/480


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Radiance Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30953
Remote: No
Date Published: 2008-09-24
Relevant URL: http://www.securityfocus.com/bid/30953
Summary:
Radiance creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Radiance 3R9 is vulnerable; other versions may also be affected.

2. RETIRED: Multiple Vendors IMAP Servers Denial of Service Vulnerability
BugTraq ID: 31318
Remote: Yes
Date Published: 2008-09-22
Relevant URL: http://www.securityfocus.com/bid/31318
Summary:
Multiple vendors' IMAP servers are prone to a remote denial-of-service vulnerability caused by an unspecified error when handling IMAP login requests.

An attacker can exploit this issue to make the affected applications unresponsive, denying service to legitimate users.

This issue affects:

University of Washington imapd
Carnegie Mellon University Cyrus IMAP Server
GNU Mailutils imapd

NOTE: Reports indicate that this issue arises when the affected serves are used with the Debian Sarge platform. Therefore these issues may affect only Debian-specific instances. We will update this BID as more information emerges.

UPDATE: The issue is being retired because it has been determined not to be a vulnerability.

3. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 31346
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31346
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.16 and prior versions, Firefox 3.0.1 and prior versions, Thunderbird 2.0.0.16 and prior versions, and SeaMonkey 1.1.11 and prior versions.

Exploiting these issues can allow attackers to:

- traverse directories
- obtain potentially sensitive information
- execute scripts with elevated privileges
- execute arbitrary code
- cause denial-of-service conditions
- carry out cross-site scripting attacks
- steal authentication credentials
- force users to download files
- violate the same-origin policy

Other attacks are also possible.

4. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 31397
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31397
Summary:
Mozilla Firefox and SeaMonkey are prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Firefox 2.0.0.17 and prior to SeaMonkey 1.1.12 are vulnerable.

NOTE: This issue was originally documented in BID 31346 (Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities). It has been given its own record to better document the details.

5. Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
BugTraq ID: 31411
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31411
Summary:
Mozilla SeaMonkey and Thunderbird are prone to a remote heap-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.

The issue affects versions prior to Mozilla Thunderbird 2.0.0.17 and prior to Mozilla SeaMonkey 1.1.12.

6. Lighttpd Duplicate Request Header Denial of Service Vulnerability
BugTraq ID: 31434
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31434
Summary:
The 'lighttpd' program is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue will allow attackers to cause the affected computer to leak memory, eventually denying service to legitimate users.

Versions prior to lighttpd 1.4.20 are vulnerable.

7. JasPer 1.900.1 Multiple Vulnerabilities
BugTraq ID: 31470
Remote: Yes
Date Published: 2008-09-29
Relevant URL: http://www.securityfocus.com/bid/31470
Summary:
JasPer is prone to multiple vulnerabilities, including a buffer-overflow vulnerability, a temporary file race condition, and multiple integer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts are likely to cause denial-of-service conditions.

JasPer 1.900.1 is vulnerable; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF

No comments:

Blog Archive