SecurityFocus Linux Newsletter #256
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Two-factor banking
2. ICANN on center stage
3. OpenBSD's network stack
II. LINUX VULNERABILITY SUMMARY
1. Xine-Lib Remote CDDB Information Format String Vulnerability
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
3. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
4. Linux Kernel Multiple Security Vulnerabilities
5. Graphviz Insecure Temporary File Creation Vulnerability
6. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
7. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
8. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
9. OpenSSL Insecure Protocol Negotiation Weakness
10. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
11. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
12. Linux Orinoco Driver Remote Information Disclosure Vulnerability
13. PHPWebSite Search Module SQL Injection Vulnerability
14. AbiWord Stack-Based Buffer Overflow Vulnerabilities
15. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
16. XMail Local Buffer Overflow Vulnerability
17. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
18. SPE Insecure File Permissions Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. routing_based_on_port/services
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Two-factor banking
By Kelly Martin
People who lived through the Second World War, like my grandparents, had a very different view of money than those of us who grew up in the Information Age.
http://www.securityfocus.com/columnists/363
2. ICANN on center stage
By Scott Granneman
ICANN and the U.S. government reach center stage next month in Tunisia, as the future of IP address assignments and U.S. control of the root DNS turns into a hotbed of debate.
http://www.securityfocus.com/columnists/362
3. OpenBSD's network stack
By Federico Biancuzzi
SecurityFocus interviews three OpenBSD developers about their network stack protection against DoS ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD.
http://www.securityfocus.com/columnists/361
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to securely implement a formatted printing function.
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be affected. Other versions may also be affected, as well as all applications that utilize a vulnerable version of the library.
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malformed archive files to bypass detection.
This issue arises when an affected application processes a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header.
This issue could result in malicious archives bypassing detection and allowing the contents to be opened by a recipient.
It should be noted that specific information regarding affected packages and versions is currently unavailable. The reporter of this issue used the EICAR test message stored in multiple different malformed archives. It may be possible that some of the reportedly affected packages may actually be immune to this issue.
This BID will be updated as further information is disclosed.
3. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
BugTraq ID: 15048
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15048
Summary:
up-IMAPProxy is reported prone to multiple unspecified remote format string vulnerabilities.
Successful exploitation could result in a failure of the application or arbitrary code execution in the context of the application.
Specific details of these issues are not currently known. This BID will be updated when further information becomes available.
4. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 15049
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues may allow local and remote attackers to trigger denial of service conditions or disclose sensitive kernel memory.
Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other versions may be affected as well.
5. Graphviz Insecure Temporary File Creation Vulnerability
BugTraq ID: 15050
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Graphviz 2.2.1 is reportedly affected, however, other versions may be vulnerable as well.
6. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15051
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15051
Summary:
xloadimage is affected by multiple remotely exploitable buffer overflow vulnerabilities.
The problems present themselves when the application processes malformed image titles.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access.
7. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
BugTraq ID: 15054
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15054
Summary:
Kaspersky Anti-Virus Engine is prone to a remote buffer overflow vulnerability.
This issue presents itself when an attacker sends a maliciously crafted CHM file to an affected computer and this file is processed by Kaspersky's CHM file parser.
This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. Attackers may gain privileged remote access to computers running the affected application.
8. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15060
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15060
Summary:
KWord is prone to a remote buffer overflow vulnerability.
The vulnerability arises when the application handles a malformed RTF file.
A successful attack may result in arbitrary code execution facilitating remote unauthorized access in the context of the user running KWord.
KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.
9. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol negotiation weakness. This issue is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility with third party software.
This issue presents itself when two peers attempt to negotiate the protocol they wish to communicate with. Attackers able to intercept and modify the SSL communications may exploit this weakness to force SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2 to gain access to, or tamper with the cleartext communications between the targeted client and server.
It should be noted that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with the frequently used 'SSL_OP_ALL' option.
SSL peers configured not to permit SSL version 2 are not affected by this issue.
10. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
BugTraq ID: 15076
Remote: No
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial of service vulnerabilities affects the Linux kernel. These issues are due to a design flaw that creates memory leaks.
These vulnerabilities may be exploited by local users to consume excessive kernel resources, likely triggering a kernel crash, denying service to legitimate users.
These issues affect Linux kernel versions prior to 2.6.14-rc4.
11. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
BugTraq ID: 15080
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15080
Summary:
NetMail Network Messaging Application Protocol (NMAP) Agent is affected by a remote buffer overflow vulnerability.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected server process.
12. Linux Orinoco Driver Remote Information Disclosure Vulnerability
BugTraq ID: 15085
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels is susceptible to a remote information disclosure vulnerability. This issue is due to the driver sending uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to gain access to potentially sensitive kernel memory, aiding them in further attacks.
13. PHPWebSite Search Module SQL Injection Vulnerability
BugTraq ID: 15088
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15088
Summary:
phpWebSite is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vendor has released the patch phpwebsite_security_patch_20051202.tgz addressing this issue.
This vulnerability was originally believed to be related to to BID 14172 (PHPWebSite Index.PHP Multiple SQL Injection Vulnerabilities) but is a seperate issue.
14. AbiWord Stack-Based Buffer Overflow Vulnerabilities
BugTraq ID: 15096
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15096
Summary:
AbiWord is susceptible to multiple stack-based buffer overflow vulnerabilities; fixes are available. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer while importing RTF files.
These issues likely allow attackers to execute arbitrary machine code in the context of the user running the affected application.
Though similar to the vulnerability described in BID 14971 (AbiWord RTF File Processing Buffer Overflow Vulnerability), these vulnerabilities are a separate issue.
15. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
BugTraq ID: 15102
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15102
Summary:
GNU wget and cURL are prone to a buffer overflow vulnerability. This issue is due to a failure in the applications to do proper bounds checking on user supplied data before using it in a memory copy operation.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
Exploitation of this vulnerability requires that NTLM authentication is enabled in the affected clients.
16. XMail Local Buffer Overflow Vulnerability
BugTraq ID: 15103
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15103
Summary:
XMail is prone to a local buffer overflow vulnerability.
A successful attack can facilitate arbitrary code execution with elevated privileges. An attacker can gain superuser or group mail privileges depending on the underlying operating system and distribution.
XMail 1.21 is reported to be vulnerable. Other versions may be affected as well.
17. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
BugTraq ID: 15106
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15106
Summary:
Mozilla Thunderbird is prone to an insecure SMTP authentication protocol negotiation weakness.
Reports indicate that the application uses PLAIN authentication if CRAM-MD5 or STARTTLS between a client and a server cannot be established. This can allow an attacker to obtain credentials by sniffing network traffic.
This issue can also allow an attacker to carry out man in the middle attacks by establishing a malicious server and causing CRAM-MD5 or STARTTLS to fail followed by harvesting authentication credentials of vulnerable users.
Mozilla Thunderbird 1.0.7 and 1.5 Beta 2 were reported to be vulnerable. Other versions may be affected as well.
18. SPE Insecure File Permissions Vulnerability
BugTraq ID: 15113
Remote: No
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15113
Summary:
SPE is prone to a vulnerability regarding insecure file permissions. This issue is due to an error in the application during install.
A local attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. routing_based_on_port/services
http://www.securityfocus.com/archive/91/412365
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Two-factor banking
2. ICANN on center stage
3. OpenBSD's network stack
II. LINUX VULNERABILITY SUMMARY
1. Xine-Lib Remote CDDB Information Format String Vulnerability
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
3. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
4. Linux Kernel Multiple Security Vulnerabilities
5. Graphviz Insecure Temporary File Creation Vulnerability
6. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
7. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
8. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
9. OpenSSL Insecure Protocol Negotiation Weakness
10. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
11. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
12. Linux Orinoco Driver Remote Information Disclosure Vulnerability
13. PHPWebSite Search Module SQL Injection Vulnerability
14. AbiWord Stack-Based Buffer Overflow Vulnerabilities
15. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
16. XMail Local Buffer Overflow Vulnerability
17. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
18. SPE Insecure File Permissions Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. routing_based_on_port/services
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Two-factor banking
By Kelly Martin
People who lived through the Second World War, like my grandparents, had a very different view of money than those of us who grew up in the Information Age.
http://www.securityfocus.com/columnists/363
2. ICANN on center stage
By Scott Granneman
ICANN and the U.S. government reach center stage next month in Tunisia, as the future of IP address assignments and U.S. control of the root DNS turns into a hotbed of debate.
http://www.securityfocus.com/columnists/362
3. OpenBSD's network stack
By Federico Biancuzzi
SecurityFocus interviews three OpenBSD developers about their network stack protection against DoS ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD.
http://www.securityfocus.com/columnists/361
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to securely implement a formatted printing function.
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be affected. Other versions may also be affected, as well as all applications that utilize a vulnerable version of the library.
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malformed archive files to bypass detection.
This issue arises when an affected application processes a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header.
This issue could result in malicious archives bypassing detection and allowing the contents to be opened by a recipient.
It should be noted that specific information regarding affected packages and versions is currently unavailable. The reporter of this issue used the EICAR test message stored in multiple different malformed archives. It may be possible that some of the reportedly affected packages may actually be immune to this issue.
This BID will be updated as further information is disclosed.
3. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
BugTraq ID: 15048
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15048
Summary:
up-IMAPProxy is reported prone to multiple unspecified remote format string vulnerabilities.
Successful exploitation could result in a failure of the application or arbitrary code execution in the context of the application.
Specific details of these issues are not currently known. This BID will be updated when further information becomes available.
4. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 15049
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues may allow local and remote attackers to trigger denial of service conditions or disclose sensitive kernel memory.
Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other versions may be affected as well.
5. Graphviz Insecure Temporary File Creation Vulnerability
BugTraq ID: 15050
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Graphviz 2.2.1 is reportedly affected, however, other versions may be vulnerable as well.
6. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15051
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15051
Summary:
xloadimage is affected by multiple remotely exploitable buffer overflow vulnerabilities.
The problems present themselves when the application processes malformed image titles.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access.
7. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
BugTraq ID: 15054
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15054
Summary:
Kaspersky Anti-Virus Engine is prone to a remote buffer overflow vulnerability.
This issue presents itself when an attacker sends a maliciously crafted CHM file to an affected computer and this file is processed by Kaspersky's CHM file parser.
This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. Attackers may gain privileged remote access to computers running the affected application.
8. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15060
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15060
Summary:
KWord is prone to a remote buffer overflow vulnerability.
The vulnerability arises when the application handles a malformed RTF file.
A successful attack may result in arbitrary code execution facilitating remote unauthorized access in the context of the user running KWord.
KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.
9. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol negotiation weakness. This issue is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility with third party software.
This issue presents itself when two peers attempt to negotiate the protocol they wish to communicate with. Attackers able to intercept and modify the SSL communications may exploit this weakness to force SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2 to gain access to, or tamper with the cleartext communications between the targeted client and server.
It should be noted that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with the frequently used 'SSL_OP_ALL' option.
SSL peers configured not to permit SSL version 2 are not affected by this issue.
10. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
BugTraq ID: 15076
Remote: No
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial of service vulnerabilities affects the Linux kernel. These issues are due to a design flaw that creates memory leaks.
These vulnerabilities may be exploited by local users to consume excessive kernel resources, likely triggering a kernel crash, denying service to legitimate users.
These issues affect Linux kernel versions prior to 2.6.14-rc4.
11. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
BugTraq ID: 15080
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15080
Summary:
NetMail Network Messaging Application Protocol (NMAP) Agent is affected by a remote buffer overflow vulnerability.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected server process.
12. Linux Orinoco Driver Remote Information Disclosure Vulnerability
BugTraq ID: 15085
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels is susceptible to a remote information disclosure vulnerability. This issue is due to the driver sending uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to gain access to potentially sensitive kernel memory, aiding them in further attacks.
13. PHPWebSite Search Module SQL Injection Vulnerability
BugTraq ID: 15088
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15088
Summary:
phpWebSite is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vendor has released the patch phpwebsite_security_patch_20051202.tgz addressing this issue.
This vulnerability was originally believed to be related to to BID 14172 (PHPWebSite Index.PHP Multiple SQL Injection Vulnerabilities) but is a seperate issue.
14. AbiWord Stack-Based Buffer Overflow Vulnerabilities
BugTraq ID: 15096
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15096
Summary:
AbiWord is susceptible to multiple stack-based buffer overflow vulnerabilities; fixes are available. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer while importing RTF files.
These issues likely allow attackers to execute arbitrary machine code in the context of the user running the affected application.
Though similar to the vulnerability described in BID 14971 (AbiWord RTF File Processing Buffer Overflow Vulnerability), these vulnerabilities are a separate issue.
15. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
BugTraq ID: 15102
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15102
Summary:
GNU wget and cURL are prone to a buffer overflow vulnerability. This issue is due to a failure in the applications to do proper bounds checking on user supplied data before using it in a memory copy operation.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
Exploitation of this vulnerability requires that NTLM authentication is enabled in the affected clients.
16. XMail Local Buffer Overflow Vulnerability
BugTraq ID: 15103
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15103
Summary:
XMail is prone to a local buffer overflow vulnerability.
A successful attack can facilitate arbitrary code execution with elevated privileges. An attacker can gain superuser or group mail privileges depending on the underlying operating system and distribution.
XMail 1.21 is reported to be vulnerable. Other versions may be affected as well.
17. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
BugTraq ID: 15106
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15106
Summary:
Mozilla Thunderbird is prone to an insecure SMTP authentication protocol negotiation weakness.
Reports indicate that the application uses PLAIN authentication if CRAM-MD5 or STARTTLS between a client and a server cannot be established. This can allow an attacker to obtain credentials by sniffing network traffic.
This issue can also allow an attacker to carry out man in the middle attacks by establishing a malicious server and causing CRAM-MD5 or STARTTLS to fail followed by harvesting authentication credentials of vulnerable users.
Mozilla Thunderbird 1.0.7 and 1.5 Beta 2 were reported to be vulnerable. Other versions may be affected as well.
18. SPE Insecure File Permissions Vulnerability
BugTraq ID: 15113
Remote: No
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15113
Summary:
SPE is prone to a vulnerability regarding insecure file permissions. This issue is due to an error in the application during install.
A local attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. routing_based_on_port/services
http://www.securityfocus.com/archive/91/412365
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
[ reply ]