Date: Tue, 07 Feb 2006 17:06:48 -0700
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #272 
SecurityFocus Linux Newsletter #272
----------------------------------------

This Issue is Sponsored By: 8e6 Technologies

Stop Spyware Now - Free White Paper!
Spyware remains a problem for most companies, disrupting productivity, 
wasting time and money. Now 8e6 Technologies' free White Paper proposes 
breakthrough solutions to counteract the Spyware problem: recognize 
potential infections, stop unauthorized programs at the source. Get the 
Free White Paper.

http://a.gklmedia.com/sfln/nl/110

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Malicious Malware: attacking the attackers, part 2
        2. Nmap 4.00 with Fyodor
II.  LINUX VULNERABILITY SUMMARY
        1. Communigate Pro Server LDAP Denial of Service Vulnerability
        2. Linux Kernel Multiple Security Vulnerabilities
        3. Pioneers Chat Buffer Denial Of Service Vulnerability
        4. MyDNS DNS Query Denial Of Service Vulnerability
        5. Mail-Audit Insecure Temporary File Creation Vulnerability
        6. Fcron Convert-FCronTab Local Buffer Overflow Vulnerability
        7. Multiple Mozilla Products Memory Corruption/Code 
Injection/Access Restriction Bypass Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Malicious Malware: attacking the attackers, part 2
By Thorsten Holz, Frederic Raynal
This article explores measures to attack those malicious attackers who 
seek to harm our legitimate systems. The proactive use of exploits and 
bot networks that fight other bot networks, along with social 
engineering and attacker techniques are all discussed in an ethical manner. Part 
two of two.
http://www.securityfocus.com/infocus/1857

2. Nmap 4.00 with Fyodor
By Federico Biancuzzi
After more than eight years since its first release in Phrack magazine, 
Fyodor has announced Nmap 4.00. Curious as usual, Federico Biancuzzi 
interviewed Fyodor on behalf of SecurityFocus to discuss the new port 
scanning engine, version detection improvements, and the new stack 
fingerprinting algorithm under work by the community.
http://www.securityfocus.com/columnists/384


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Communigate Pro Server LDAP Denial of Service Vulnerability
BugTraq ID: 16407
Remote: Yes
Date Published: 2006-01-28
Relevant URL: http://www.securityfocus.com/bid/16407
Summary:
CommuniGate Pro Server is prone to a remote denial-of-service 
vulnerability with a potential for arbitrary code execution. This issue 
reportedly resides in the LDAP component of the application.

CommuniGate Pro Server 5.0.6 is vulnerable; earlier versions may also 
be affected.

2. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 16414
Remote: Yes
Date Published: 2006-01-30
Relevant URL: http://www.securityfocus.com/bid/16414
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues can 
allow local and remote attackers to trigger denial-of-service conditions 
or to corrupt memory to potentially execute arbitrary code.

These issues affect kernel versions 2.6.15 and prior.

3. Pioneers Chat Buffer Denial Of Service Vulnerability
BugTraq ID: 16429
Remote: Yes
Date Published: 2006-01-30
Relevant URL: http://www.securityfocus.com/bid/16429
Summary:
Pioneers is prone to a remote denial-of-service vulnerability. This 
issue is due to a failure in the application to handle exceptional 
conditions.

An attacker can exploit this issue to crash the affected Pioneers 
server and possibly clients connected to a vulnerable Pioneers server.

This issue is reported to affect version 0.9.40; other versions may 
also be vulnerable.

4. MyDNS DNS Query Denial Of Service Vulnerability
BugTraq ID: 16431
Remote: Yes
Date Published: 2006-01-30
Relevant URL: http://www.securityfocus.com/bid/16431
Summary:
MyDNS is prone to a remote denial-of-service vulnerability. This issue 
is due to a failure in the application to properly handle DNS queries.

An attacker can exploit this issue to crash the affected service, 
effectively denying service to legitimate users.

The vendor has addressed this issue in version 1.1.0; earlier versions 
are reportedly vulnerable.

5. Mail-Audit Insecure Temporary File Creation Vulnerability
BugTraq ID: 16434
Remote: No
Date Published: 2006-01-31
Relevant URL: http://www.securityfocus.com/bid/16434
Summary:
Mail-Audit creates temporary files in an insecure manner. This issue 
arises only when logging has been enabled.

Exploitation would most likely result in loss of data or a denial of 
service if critical files are overwritten in the attack. Other attacks 
may be possible as well.


Mail-Audit 2.1 and prior versions are considered vulnerable.

6. Fcron Convert-FCronTab Local Buffer Overflow Vulnerability
BugTraq ID: 16467
Remote: No
Date Published: 2006-02-01
Relevant URL: http://www.securityfocus.com/bid/16467
Summary:
Fcron is susceptible to a local buffer-overflow vulnerability. This 
issue is due to the application's failure to properly bounds-check 
user-supplied data before copying it to an insufficiently sized memory buffer.

This issue allows local attackers to execute arbitrary machine code 
with superuser privileges, since the affected utility is installed 
setuid-superuser by default in some installations. This allows attackers to 
completely compromise affected computers.

Fcron version 3.0 is affected by this issue; previous versions may also 
be affected.

Update: This issue is now retired. Further analysis reveals that this 
issue cannot be exploited for code execution; therefore, this is not a 
vulnerability.

7. Multiple Mozilla Products Memory Corruption/Code Injection/Access 
Restriction Bypass Vulnerabilities
BugTraq ID: 16476
Remote: Yes
Date Published: 2006-02-02
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities. These 
issues include various memory-corruption, code-injection, and 
access-restriction-bypass vulnerabilities. Other undisclosed issues may have 
also been addressed in the various updated vendor applications.

Successful exploitation of these issues may permit an attacker to 
execute arbitrary code in the context of the affected application. This may 
facilitate a compromise of the affected computer; other attacks are 
also possible.

III. LINUX FOCUS LIST SUMMARY
---------------------------------

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: 8e6 Technologies

Stop Spyware Now - Free White Paper!
Spyware remains a problem for most companies, disrupting productivity, 
wasting time and money. Now 8e6 Technologies' free White Paper proposes 
breakthrough solutions to counteract the Spyware problem: recognize 
potential infections, stop unauthorized programs at the source. Get the 
Free White Paper.

http://a.gklmedia.com/sfln/nl/110