SecurityFocus Linux Newsletter #319

SecurityFocus Linux Newsletter #319
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

Hack Yourself- Finding Web Application Security Holes- White Paper
Learn how to defend against Web Application Attacks with real-world examples of 
recent hacking methods such as: SQL Injection, Cross Site Scripting and 
Parameter Manipulation. Learn step-by-step vulnerability testing methods for 
your own Web Applications and guidelines for establishing best administration 
and coding practices.  
Download *FREE* white paper from SPI Dynamics for a complete guide to 
protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000CgNW

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Wireless Forensics: Tapping the Air - Part Two
       2. PHP apps: Security's Low-Hanging Fruit
II.  LINUX VULNERABILITY SUMMARY
       1. Linux Kernel EFLAGS Local Denial of Service Vulnerability
       2. Avahi Compressed DNS Denial Of Service Vulnerability
       3. Kaspersky AntiVirus Scan Engine PE File Denial Of Service 
Vulnerability
       4. Fetchmail Remote Denial of Service Vulnerability
       5. Fetchmail Multiple Password Information Disclosure Vulnerabilities
       6. CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability
       7. X.Org DBE And Render Extensions Multiple Integer Overflow 
Vulnerabilities
       8. MIT Kerberos 5 RPC Library Remote Code Execution Vulnerability
       9. MIT Kerberos Administration Daemon Free Pointers Remote Code 
Execution Vulnerability
       10. Secure Locate Local Information Disclosure Vulnerability
       11. Snort Backtracking Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. SF new article announcement: Wireless Forensics: Tapping the Air - 
Part Two (fwd)
       2. SF new column announcement: PHP apps - Security's Low-Hanging Fruit 
(fwd)
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Wireless Forensics: Tapping the Air - Part Two
By Raul Siles, GSE
This two-part series looks at the issues associated with collecting and 
analyzing network traffic from wireless networks in an accurate and 
comprehensive way; a discipline known as wireless forensics. Part two focuses 
on the technical challenges for wireless traffic analysis, advanced 
anti-forensic techniques that could thwart a forensic investigation, and some 
legal considerations for both the U.S. and Europe.
http://www.securityfocus.com/infocus/1885

2. PHP apps: Security's Low-Hanging Fruit
By Kelly Martin
PHP has become the most popular application language on the web, but common 
security mistakes by developers are giving PHP a bad name. Here's how PHP 
coding errors have become the new low-hanging fruit for attackers, contributing 
to the phishing problems on the web. 
http://www.securityfocus.com/columnists/427


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel EFLAGS Local Denial of Service Vulnerability
BugTraq ID: 21851
Remote: No
Date Published: 2007-01-02
Relevant URL: http://www.securityfocus.com/bid/21851
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. 

 A local attacker can exploit this issue to crash processes belonging to other 
users.

Versions prior to 2.6.18 are vulnerable to this issue.

2. Avahi Compressed DNS Denial Of Service Vulnerability
BugTraq ID: 21881
Remote: Yes
Date Published: 2007-01-05
Relevant URL: http://www.securityfocus.com/bid/21881
Summary:
Avahi is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause the application to crash, 
denying further service to legitimate users.

Versions prior to 0.6.16 are vulnerable to this issue.

3. Kaspersky AntiVirus Scan Engine PE File Denial Of Service Vulnerability
BugTraq ID: 21901
Remote: Yes
Date Published: 2007-01-06
Relevant URL: http://www.securityfocus.com/bid/21901
Summary:
Kaspersky Antivirus is prone to a denial-of-service vulnerability. This issue 
occurs because the application fails to handle specially crafted portable 
executable (PE) files.

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate users.

4. Fetchmail Remote Denial of Service Vulnerability
BugTraq ID: 21902
Remote: Yes
Date Published: 2007-01-06
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application 
fails to handle exceptional conditions. 

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate users.

5. Fetchmail Multiple Password Information Disclosure Vulnerabilities
BugTraq ID: 21903
Remote: Yes
Date Published: 2007-01-06
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure vulnerabilities. These 
issues occur because the application discloses information about user passwords.

An attacker can exploit these issue to access sensitive information that may 
aid the attacker in other attacks.

These issue affects version prior to 6.3.6-rc4

6. CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability
BugTraq ID: 21932
Remote: Yes
Date Published: 2007-01-08
Relevant URL: http://www.securityfocus.com/bid/21932
Summary:
CenterICQ is prone to a remote buffer-overflow vulnerability because the 
application fails to properly bounds-check user-supplied input before copying 
it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context 
of the affected application. Failed exploit attempts will result in a denial of 
service.  

This issue affects versions 4.9.11 up to 4.21.0.

7. X.Org DBE And Render Extensions Multiple Integer Overflow Vulnerabilities
BugTraq ID: 21968
Remote: No
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21968
Summary:
X.Org is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit this issue to execute arbitrary code with superuser 
privileges. A successful exploit will result in the complete compromise of 
affected computers. Failed exploit attempts will likely result in 
denial-of-service conditions.

8. MIT Kerberos 5 RPC Library Remote Code Execution Vulnerability
BugTraq ID: 21970
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21970
Summary:
MIT Kerberos 5 is prone to a remote code-execution vulnerability. This issue 
resides in the server-side portion of the Kerberos RPC library. Currently, the 
'kadmind' service is known to be vulnerable, but other applications that use 
this library may also be affected.

An attacker can exploit this issue to execute arbitrary code with 
administrative privileges, completely compromising affected computers. Failed 
exploit attempts will result in a denial of service. After a Kerberos database 
computer has been compromised, attackers may gain unauthorized access to
other services that rely on the Kerberos infrastructure for authentication.

9. MIT Kerberos Administration Daemon Free Pointers Remote Code Execution 
Vulnerability
BugTraq ID: 21975
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21975
Summary:
MIT Kerberos 5 is prone to a remote code-execution vulnerability.

This issue occurs because of memory-management problems in the abstraction 
interface of the GSS-API implementation.

An attacker can exploit this issue to execute arbitrary code with superuser 
privileges, completely compromising affected computers. Failed exploit attempts 
will likely result in a denial-of-service conditions.

This issue also affects third-party applications using the affected API.

10. Secure Locate Local Information Disclosure Vulnerability
BugTraq ID: 21989
Remote: No
Date Published: 2007-01-10
Relevant URL: http://www.securityfocus.com/bid/21989
Summary:
Secure Locate is prone to a local information-disclosure vulnerability because 
the utility fails to properly interpret filesystem permissions.
 
 Successfully exploiting this issue allows attackers to gain access to the 
names of files located in directories they do not have permissions to access. 
Information that attackers harvest may aid them in further attacks.
 
 Secure Locate 3.1 is vulnerable to this issue; other versions may also be 
affected.

11. Snort Backtracking Denial of Service Vulnerability
BugTraq ID: 21991
Remote: Yes
Date Published: 2007-01-10
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
Snort is prone to a denial-of-service vulnerability because the network 
intrusion detection (NID) system fails to handle specially crafted network 
packets. 

An attacker can exploit this issue to cause the affected NID system to consume 
100% CPU resources, allowing malicious network traffic to avoid detection.

This issue affects versions prior to 2.6.1.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. SF new article announcement: Wireless Forensics: Tapping the Air - Part Two 
(fwd)
http://www.securityfocus.com/archive/91/456372

2. SF new column announcement: PHP apps - Security's Low-Hanging Fruit (fwd)
http://www.securityfocus.com/archive/91/456371

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
linux-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website. 

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

Hack Yourself- Finding Web Application Security Holes- White Paper
Learn how to defend against Web Application Attacks with real-world examples of 
recent hacking methods such as: SQL Injection, Cross Site Scripting and 
Parameter Manipulation. Learn step-by-step vulnerability testing methods for 
your own Web Applications and guidelines for establishing best administration 
and coding practices.  
Download *FREE* white paper from SPI Dynamics for a complete guide to 
protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000CgNW