LQ Security Report

Capt_Caveman · 11-14-2004, 10:56 PM

November 9th 2004
9 issues handled (SF)
1. Caudium Remote Denial Of Service Vulnerability
2. Bogofilter EMail Filter Remote Quoted Printable Decoder Deni...
3. Linux Kernel IPTables Initialization Failure Vulnerability
4. QwikMail Remote Format String Vulnerability
5. Cherokee HTTPD Auth_Pam Authentication Remote Format String...
6. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
7. Proxytunnel Remote Format String Vulnerability
8. Sun Java System Web And Application Servers Remote Denial Of...
9. Gallery Unspecified Remote HTML Injection Vulnerability

November 11th 2004
55 isues handled (SN)
[SA13163] Gentoo update for pavuk
[SA13128] Conectiva update for libtiff3
[SA13127] Conectiva update for xpdf
[SA13125] Debian update for freeamp
[SA13120] Pavuk Multiple Buffer Overflow Vulnerabilities
[SA13119] IBM Tivoli Access Manager for e-business Kerberos Vulnerabilities
[SA13118] Gentoo update for kaffeine/gxine
[SA13117] gxine "http_open()" Buffer Overflow Vulnerability
[SA13115] Trustix update for apache
[SA13109] Kaffeine Player "http_open()" Buffer Overflow Vulnerability
[SA13107] Gentoo update for zgv
[SA13106] Gentoo update for imagemagick
[SA13101] Conectiva update for gaim
[SA13098] Mandrake update for xorg-x11
[SA13154] Debian update for libgd2
[SA13152] Debian update for libgd1
[SA13149] BNC IRC proxy "getnickuserhost()" Buffer Overflow Vulnerability
[SA13105] Gentoo update for gallery
[SA13103] Sophos MailMonitor Unspecified Email Processing Vulnerability
[SA13097] Mandrake update for libxml/libxml2
[SA13112] Debian update for dhcp
[SA13100] DHCP Logging Functions Format String Vulnerability
[SA13162] Fedora update for ruby
[SA13158] Gentoo update for apache
[SA13141] Mandrake update for ruby
[SA13133] Debian update for ruby
[SA13123] Ruby "cgi.rb" Denial of Service Vulnerability
[SA13102] Conectiva update for apache
[SA13096] Mandrake update for iptables
[SA13165] Mandrake update for samba
[SA13146] up-imapproxy "IMAP_Line_Read()" Denial of Service Vulnerability
[SA13139] Samba Wildcard Filename Matching Denial of Service Vulnerability
[SA13166] Mandrake update for speedtouch
[SA13157] Gentoo update for mtink
[SA13151] mtink Insecure Temporary File Creation
[SA13150] Gentoo update for zip
[SA13140] Fedora update for zip
[SA13132] Debian update for gzip
[SA13131] gzip Various Scripts Insecure Temporary File Creation
[SA13130] Samhain Database Update Code Buffer Overflow Vulnerability
[SA13126] Linux Kernel ELF Binary Loader Setuid File Handling Vulnerabilities
[SA13122] Gentoo update for openssl/groff
[SA13121] Debian update for shadow
[SA13108] Gentoo Portage/Gentoolkit Insecure Temporary File Creation
[SA13099] Gentoo update for shadow
[SA13095] Mandrake update for shadow-utils
[SA13155] SquirrelMail Encoded Headers Script Insertion Vulnerability
[SA13144] Mozilla Firefox Multiple Vulnerabilities
[SA13136] Nucleus Unspecified Cross-Site Scripting and SQL Injection
[SA13135] SQLgrey Postfix greylisting service Unspecified SQL Injection
[SA13110] eGroupWare Unspecified "JiNN" Vulnerability
[SA13104] JAF CMS Arbitrary Local File Inclusion Vulnerability
[SA13143] RealVNC Multiple Connections Denial of Service Vulnerability
[SA13142] Sun Java JRE DNS Denial of Service Vulnerability
[SA13111] Mantis Information Disclosure Vulnerabilities

November 12th 2004
50 issues handled over 6 distros (LAW)
xpdf
libtiff3
sasl
shadow
ruby
freeam
gzip
libgd1
gnats
libgd2
udev
initscripts
hotplug
ipsec-tools
kde
gpdf
wireless-tools
redhat-artwork
gnome-media
zip
gnumeric
system-config-users
openoffice.org
jwhois
glibc
libxml2
gd
unarj
CUPS
Gallery
ImageMagick
zgv
Portage
Kaffeine
gxine
OpenSSL
Groff
mtink
Apache
pavuk
ez-ipupdate
samba
Davfs2
webmin
speedtouch
php
postfix
kernel
sqlgrey
sqlite

Capt_Caveman · 11-14-2004, 11:00 PM

Security Focus

1. Caudium Remote Denial Of Service Vulnerability
BugTraq ID: 11567
Remote: Yes
Date Published: Oct 30 2004
Relevant URL: http://www.securityfocus.com/bid/11567
Summary:
Caudium is reported prone to a remote denial of service vulnerability. Remote attackers may exploit this vulnerability to crash affected Web servers, denying service to legitimate users. Versions of Caudium prior to 1.4.4 RC2 are reported susceptible to this vulnerability.

2. Bogofilter EMail Filter Remote Quoted Printable Decoder Deni...
BugTraq ID: 11568
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11568
Summary:
A remote quoted printable decoder denial of service vulnerability reportedly affects Bogofilter. This issue is due to a failure of the application to handle malformed email headers. An attacker can leverage this issue to cause the affected email filter to crash, denying service to all legitimate users.

3. Linux Kernel IPTables Initialization Failure Vulnerability
BugTraq ID: 11570
Remote: No
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11570
Summary:
Linux kernel iptables is reportedly affected by an initialization error vulnerability. This issue is due to a design error within the application. This issue causes the affected utility to initialize improperly, leading to a false sense of security as all of the firewall rules may not always be loaded.

4. QwikMail Remote Format String Vulnerability
BugTraq ID: 11572
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11572
Summary:
It is reported that QwikMail is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. This vulnerability reportedly allows remote attackers to execute arbitrary code in the context of the affected daemon process. Version 0.3 was reported susceptible to this vulnerability. Other versions may also be affected.

5. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
BugTraq ID: 11574
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11574
Summary:
It is reported that Cherokee is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. A remote attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service.

6. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
BugTraq ID: 11575
Remote: Unknown
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11575
Summary:
An unspecified RPM initialization script vulnerability affects PostgreSQL. The underlying issue causing this vulnerability is currently unknown. The impact of this issue is currently unknown. This BID will be updated immediately upon the release of more information.

7. Proxytunnel Remote Format String Vulnerability
BugTraq ID: 11592
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11592
Summary:
Proxytunnel is prone to a remotely exploitable format string vulnerability. This vulnerability is exposed when the proxy server handles malicious input from another remote server. This issue occurs when the software is run in daemon mode. Successful exploitation of this vulnerability may allow for execution of arbitrary code in the context of the proxy server.

8. Sun Java System Web And Application Servers Remote Denial Of...
BugTraq ID: 11593
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11593
Summary:
A remote denial of service vulnerability affects the Sun Java Web Server and the Sun Java Application Server. This issue is due to a failure of the server applications to process malformed data. An attacker may exploit this issue to cause the affected server to crash, denying service to legitimate users.

9. Gallery Unspecified Remote HTML Injection Vulnerability
BugTraq ID: 11602
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11602
Summary:
An unspecified HTML injection vulnerability reportedly affects Gallery. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Capt_Caveman · 11-14-2004, 11:07 PM

Secunia

[SA13163] Gentoo update for pavuk

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-11

Gentoo has issued an update for pavuk. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13163/

--

[SA13128] Conectiva update for libtiff3

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08

Conectiva has issued an update for libtiff3. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13128/

--

[SA13127] Conectiva update for xpdf

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08

Conectiva has issued an update for xpdf. This fixes some
vulnerabilities, which potentially can be exploited by malicious
people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13127/

--

[SA13125] Debian update for freeamp

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08

Debian has issued an update for freeamp. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13125/

--

[SA13120] Pavuk Multiple Buffer Overflow Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08

Multiple vulnerabilities have been reported in Pavuk, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13120/

--

[SA13119] IBM Tivoli Access Manager for e-business Kerberos
Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08

IBM has acknowledged some vulnerabilities in IBM Tivoli Access Manager
for e-business, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13119/

--

[SA13118] Gentoo update for kaffeine/gxine

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08

Gentoo has issued updates for kaffeine and gxine. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13118/

--

[SA13117] gxine "http_open()" Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08

A vulnerability has been reported in gxine, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13117/

--

[SA13115] Trustix update for apache

Critical: Highly critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2004-11-08

Trustix has issued an update for apache. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system, and by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13115/

--

[SA13109] Kaffeine Player "http_open()" Buffer Overflow
Vulnerability

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08

KF has reported a vulnerability in Kaffeine Player, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13109/

--

[SA13107] Gentoo update for zgv

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08

Gentoo has issued an update for zgv. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13107/

--

[SA13106] Gentoo update for imagemagick

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08

Gentoo has issued an update for imagemagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13106/

--

[SA13101] Conectiva update for gaim

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-05

Conectiva has issued an update for gaim. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13101/

--

[SA13098] Mandrake update for xorg-x11

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-05

MandrakeSoft has issued an update for xorg-x11. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13098/

--

[SA13154] Debian update for libgd2

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-11-10

Debian has issued an update for libgd2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13154/

--

[SA13152] Debian update for libgd1

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-11-10

Debian has issued an update for libgd1. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13152/

--

[SA13149] BNC IRC proxy "getnickuserhost()" Buffer Overflow
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-10

Leon Juranic has reported a vulnerability in BNC IRC proxy, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13149/

--

[SA13105] Gentoo update for gallery

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-11-08

Gentoo has issued an update for gallery. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/13105/

--

[SA13103] Sophos MailMonitor Unspecified Email Processing
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-11-05

A vulnerability with an unknown impact has been reported in Sophos
MailMonitor.

Full Advisory:
http://secunia.com/advisories/13103/

--

[SA13097] Mandrake update for libxml/libxml2

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-11-05

MandrakeSoft has issued updates for libxml and libxml2. These fix some
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13097/

--

[SA13112] Debian update for dhcp

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-11-08

Debian has issued an update for dhcp. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13112/

--

[SA13100] DHCP Logging Functions Format String Vulnerability

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-11-08

infamous41md has reported a vulnerability in ISC DHCP, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13100/

--

[SA13162] Fedora update for ruby

Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2004-11-11

Fedora has issued an update for ruby. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and by malicious, local users to potentially gain knowledge
of sensitive information.

Full Advisory:
http://secunia.com/advisories/13162/

--

[SA13158] Gentoo update for apache

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-10

Gentoo has issued an update for apache. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/13158/

--

[SA13141] Mandrake update for ruby

Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2004-11-09

MandrakeSoft has issued an update for ruby. This fixes two
vulnerabilities, which potentially can be exploited to gain knowledge
of sensitive information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13141/

--

[SA13133] Debian update for ruby

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-08

Debian has issued an update for ruby. This fixes a vulnerability,which
can be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13133/

--

[SA13123] Ruby "cgi.rb" Denial of Service Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-08

A vulnerability has been reported in Ruby, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13123/

--

[SA13102] Conectiva update for apache

Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-11-05

Conectiva has issued an update for apache. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/13102/

--

[SA13096] Mandrake update for iptables

Critical: Less critical
Where: From remote
Impact:
Released: 2004-11-05

MandrakeSoft has issued an update for iptables. This fixes a security
issue, where iptables under some circumstances fails to load required
modules.

Full Advisory:
http://secunia.com/advisories/13096/

--

[SA13165] Mandrake update for samba

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-11-11

MandrakeSoft has issued an update for samba. This fixes a
vulnerability, which can be exploited by malicious users to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13165/

--

[SA13146] up-imapproxy "IMAP_Line_Read()" Denial of Service Vulnerability

Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, DoS
Released: 2004-11-10

Timo Sirainen has reported a vulnerability in up-imapproxy, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially leak sensitive information from other connections.

Full Advisory:
http://secunia.com/advisories/13146/

--

[SA13139] Samba Wildcard Filename Matching Denial of Service Vulnerability

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-11-09

Karol Wiesek has reported a vulnerability in Samba, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13139/

--

[SA13166] Mandrake update for speedtouch

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-11

MandrakeSoft has issued an update for speedtouch. This fixes a
vulnerability, which potentially can be exploited by malicious, local
users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13166/

--

[SA13157] Gentoo update for mtink

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10

Gentoo has issued an update for mtink. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13157/

--

[SA13151] mtink Insecure Temporary File Creation

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10

Tavis Ormandy has reported a vulnerability in mtink, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13151/

--

[SA13150] Gentoo update for zip

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10

Gentoo has issued an update for zip. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/13150/

--

[SA13140] Fedora update for zip

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-09

Fedora has issued an update for zip. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/13140/

--

[SA13132] Debian update for gzip

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08

Debian has issued an update for gzip. This fixes some vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13132/

--

[SA13131] gzip Various Scripts Insecure Temporary File Creation

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08

Some vulnerabilities have been reported in gzip, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13131/

--

[SA13130] Samhain Database Update Code Buffer Overflow Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-09

A vulnerability has been reported in Samhain, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13130/

--

[SA13126] Linux Kernel ELF Binary Loader Setuid File Handling
Vulnerabilities

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10

Paul Starzetz has reported some vulnerabilities in the Linux kernel,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/13126/

--

[SA13122] Gentoo update for openssl/groff

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08

Gentoo has issued updates for openssl and groff. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13122/

--

[SA13121] Debian update for shadow

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-11-08

Debian has issued an update for shadow. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/13121/

--

[SA13108] Gentoo Portage/Gentoolkit Insecure Temporary File Creation

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08

Gentoo has issued updates for Portage and Gentoolkit. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13108/

--

[SA13099] Gentoo update for shadow

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-11-05

Gentoo has issued an update for shadow. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/13099/

--

[SA13095] Mandrake update for shadow-utils

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-11-05

MandrakeSoft has issued an update for shadow-utils. This fixes a
vulnerability, which can be exploited by malicious, local users to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/13095/

---

[SA13155] SquirrelMail Encoded Headers Script Insertion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-11-11

Joost Pol has reported a vulnerability in SquirrelMail, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/13155/

--

[SA13144] Mozilla Firefox Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, Privilege escalation, DoS
Released: 2004-11-10

Details have been released about several vulnerabilities in Mozilla
Firefox. These can potentially be exploited to detect the presence of
local files, cause a DoS (Denial of Service), disclose sensitive
information, spoof the file download dialog, and gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13144/

--

[SA13136] Nucleus Unspecified Cross-Site Scripting and SQL Injection

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-11-09

Positive Technologies has reported some vulnerabilities in Nucleus,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/13136/

--

[SA13135] SQLgrey Postfix greylisting service Unspecified SQL
Injection

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-11-09

A vulnerability has been reported in SQLgrey Postfix greylisting
service, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/13135/

--

[SA13110] eGroupWare Unspecified "JiNN" Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-11-08

A vulnerability with an unknown impact has been reported in
eGroupWare.

Full Advisory:
http://secunia.com/advisories/13110/

--

[SA13104] JAF CMS Arbitrary Local File Inclusion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-11-08

y3dips has reported a vulnerability in JAF CMS, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/13104/

--

[SA13143] RealVNC Multiple Connections Denial of Service Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-09

A vulnerability has been discovered in RealVNC, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13143/

--

[SA13142] Sun Java JRE DNS Denial of Service Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-09

Kurt Huwig has discovered a vulnerability in Sun Java JRE, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/13142/

--

[SA13111] Mantis Information Disclosure Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-11-08

Two vulnerabilities have been reported in Mantis, which can be
exploited by malicious users to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/13111/

Capt_Caveman · 11-14-2004, 11:12 PM

Linux Advisory Watch

Distribution: Conectiva

11/8/2004 - xpdf
vulnerabilities fix

Chris Evans discovered several integer overflows vulnerabilities
in the xpdf code which can be exploited remotely by a specially
crafted PDF document and may lead to the execution of arbitrary code.
http://www.linuxsecurity.com/advisor...sory-5098.html

11/8/2004 - libtiff3
vulnerabilities fix

This announcement fixes several integer overflow vulnerabilities
that were encountered in libtiff.
http://www.linuxsecurity.com/advisor...sory-5099.html

11/11/2004 - sasl
buffer overflow vulnerability fix

A vulnerability[2] has been discovered in the Cyrus implementation
of the SASL library. The library honors the environment variable
SASL_PATH blindly, which allows a local attacker to link against a
malicious library to run arbitrary code with the privileges of a
setuid or setgid application.
http://www.linuxsecurity.com/advisor...sory-5150.html

Distribution: Debian

11/5/2004 - shadow
unintended behaviour fix

A vulnerability has been discovered in the shadow suite which
provides programs like chfn and chsh. It is possible for a user,
who is logged in but has an expired password to alter his account
information with chfn or chsh without having to change the
password. The problem was originally thought to be more severe.
http://www.linuxsecurity.com/advisor...sory-5086.html

11/8/2004 - ruby
denial of service fix

The upstream developers of Ruby have corrected a problem in the
CGI module for this language. Specially crafted requests could
cause an infinite loop and thus cause the program to eat up cpu cycles.
http://www.linuxsecurity.com/advisor...sory-5088.html

11/8/2004 - freeam
arbitrary code execution fix

Luigi Auriemma discovered a buffer overflow condition in the
playlist module of freeamp which could lead to arbitrary code
execution. Recent versions of freeamp were renamed into zinf.
http://www.linuxsecurity.com/advisor...sory-5089.html

11/8/2004 - gzip
insecure temporary files fix

Trustix developers discovered insecure temporary file creation in
supplemental scripts in the gzip package which may allow local
users to overwrite files via a symlink attack.
http://www.linuxsecurity.com/advisor...sory-5101.html

11/9/2004 - libgd1
arbitrary code execution fix

"infamous41md" discovered several integer overflows in the PNG
image decoding routines of the GD graphics library. This could
lead to the execution of arbitrary code on the victim's machine.
http://www.linuxsecurity.com/advisor...sory-5133.html

11/9/2004 - gnats
arbitrary code execution fix

Khan Shirani discovered a format string vulnerability in gnats,
the GNU problem report management system. This problem may be
exploited to execute arbitrary code.
http://www.linuxsecurity.com/advisor...sory-5134.html

11/9/2004 - libgd2
arbitrary code execution fix

"infamous41md" discovered several integer overflows in the PNG
image decoding routines of the GD graphics library. This could
lead to the execution of arbitrary code on the victim's machine.
http://www.linuxsecurity.com/advisor...sory-5135.html

Distribution: Fedora

11/8/2004 - udev-039-10.FC3.1 update
arbitrary code execution fix

Due to debugging code left accidently in the FC3 udev package,
SIGCHLD signals are blocked in udev, which prevents getting the
proper exit status in udev.rules. This means no cdrom symlinks are
created and pam_console does not apply desktop user ownerships to
any cdrom devices.
http://www.linuxsecurity.com/advisor...sory-5102.html

11/8/2004 - initscripts-7.93.5-1 update
arbitrary code execution fix

This update fixes some minor bugs discovered after the final freeze date.
http://www.linuxsecurity.com/advisor...sory-5103.html

11/8/2004 - hotplug-2004_04_01-8 update
arbitrary code execution fix

This update fixes it so that the sg module gets loaded by hotplug
for non-disk, non-optical devices.
http://www.linuxsecurity.com/advisor...sory-5104.html

11/8/2004 - ipsec-tools-0.3.3-2 update
arbitrary code execution fix

This update fixes the use of 'setkey' when reading from stdin (the
'-c' argument).
http://www.linuxsecurity.com/advisor...sory-5105.html

11/8/2004 - kde-i18n-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5106.html

11/8/2004 - kdeaddons-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5107.html

11/8/2004 - kdeadmin-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5108.html

11/8/2004 - kdeartwork-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5109.html

11/8/2004 - kdebase-3.3.1-4.1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5110.html

11/8/2004 - kdebindings-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5111.html

11/8/2004 - kdeedu-3.3.1-2.1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5112.html

11/8/2004 - kdegames-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5113.html

11/8/2004 - kdegraphics-3.3.1-2.1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5114.html

11/8/2004 - kdelibs-3.3.1-2.2 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5115.html

11/8/2004 - kdemultimedia-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5116.html

11/8/2004 - kdenetwork-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5117.html

11/8/2004 - kdepim-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5118.html

11/8/2004 - kdesdk-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5119.html

11/8/2004 - kdetoys-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5120.html

11/8/2004 - kdeutils-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5121.html

11/8/2004 - kdevelop-3.1.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5122.html

11/8/2004 - kdewebdev-3.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5123.html

11/8/2004 - arts-1.3.1-1 update
arbitrary code execution fix

KDE 3.3.1 update
http://www.linuxsecurity.com/advisor...sory-5124.html

11/8/2004 - gpdf-2.8.0-8 update
arbitrary code execution fix

GPdf includes the gpdf application, a Bonobo control for PDF
display which can be embedded in Nautilus, and a Nautilus property
page for PDF files.
http://www.linuxsecurity.com/advisor...sory-5125.html

11/8/2004 - wireless-tools-27-0.pre25.3 update
arbitrary code execution fix

Fixes a memory leak during wireless scans that affects
NetworkManager.
http://www.linuxsecurity.com/advisor...sory-5126.html

11/8/2004 - redhat-artwork-0.96-2 update
arbitrary code execution fix

This update fixes issues when using redhat-artwork on 64-bit
platforms, having both 32 and 64 bit versions installed.
http://www.linuxsecurity.com/advisor...sory-5127.html

11/8/2004 - gnome-media-2.8.0-3.FC3.1 update
arbitrary code execution fix

GNOME (GNU Network Object Model Environment) is a user-friendly
set of GUI applications and desktop tools to be used in
conjunction with a window manager for the X Window System. The
gnome-media package will install media features like the GNOME CD
player.
http://www.linuxsecurity.com/advisor...sory-5128.html

11/8/2004 - zip-2.3-26.2 update
arbitrary code execution fix

A buffer overflow has been found in zip which will lead to a
buffer overflow when a user try to create a zip archive which
contains very long filenames.
http://www.linuxsecurity.com/advisor...sory-5131.html

11/8/2004 - zip-2.3-26.3 update
arbitrary code execution fix

A buffer overflow has been found in zip which will lead to a
buffer overflow when a user try to create a zip archive which
contains very long filenames.
http://www.linuxsecurity.com/advisor...sory-5132.html

11/9/2004 - gnumeric-1.2.13-8.fc3 update
arbitrary code execution fix

64bit excel {im|ex}port backport fixes
http://www.linuxsecurity.com/advisor...sory-5136.html

11/10/2004 - system-config-users-1.2.27-0.fc2.1 update
arbitrary code execution fix

system-config-users is a graphical utility for administrating
users and groups. It depends on the libuser library.
http://www.linuxsecurity.com/advisor...sory-5140.html

11/10/2004 - openoffice.org-1.1.2-11.5.fc3 update
arbitrary code execution fix

The fixes in this update are detailed in the changelog entry below.
http://www.linuxsecurity.com/advisor...sory-5141.html

11/10/2004 - openoffice.org-1.1.2-11.4.fc2 update
arbitrary code execution fix

The fixes in this update are detailed in the changelog entry below.
http://www.linuxsecurity.com/advisor...sory-5142.html

11/10/2004 - jwhois-3.2.2-6.FC3.1 update
arbitrary code execution fix

This update fixes a crash when a processing a query requires more
than one redirection.
http://www.linuxsecurity.com/advisor...sory-5143.html

11/11/2004 - ruby-1.8.1-6.FC2.0 update
arbitrary code execution fix

Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is
simple, straight-forward, and extensible.
http://www.linuxsecurity.com/advisor...sory-5144.html

11/11/2004 - ruby-1.8.1-7.FC3.1 update
arbitrary code execution fix

Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is
simple, straight-forward, and extensible.
http://www.linuxsecurity.com/advisor...sory-5145.html

11/11/2004 - glibc-2.3.3-27.1 update
arbitrary code execution fix

The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs.
http://www.linuxsecurity.com/advisor...sory-5153.html

11/11/2004 - system-config-users-1.2.27-0.fc3.1 update
arbitrary code execution fix

system-config-users is a graphical utility for administrating
users and groups. It depends on the libuser library.
http://www.linuxsecurity.com/advisor...sory-5154.html

11/11/2004 - libxml2-2.6.16-2 update
arbitrary code execution fix

This update to libxml2 fixes a variety of bugs found in 2.6.15,
notably #137968.
http://www.linuxsecurity.com/advisor...sory-5155.html

11/11/2004 - libxml2-2.6.16-3 update
arbitrary code execution fix

This update to libxml2 fixes a variety of bugs found in 2.6.15,
notably #137968.
http://www.linuxsecurity.com/advisor...sory-5156.html

11/11/2004 - gd-2.0.21-5.20.1 update
arbitrary code execution fix

Several buffer overflows were reported in various memory
allocation calls. An attacker could create a carefully crafted
image file in such a way that it could cause ImageMagick to
execute arbitrary code when processing the image.
http://www.linuxsecurity.com/advisor...sory-5157.html

11/11/2004 - gd-2.0.28-1.30.1 update
arbitrary code execution fix

Several buffer overflows were reported in various memory
allocation calls. An attacker could create a carefully crafted
image file in such a way that it could cause ImageMagick to
execute arbitrary code when processing the image.
http://www.linuxsecurity.com/advisor...sory-5158.html

11/11/2004 - unarj-2.63a-7 update
arbitrary code execution fix

A buffer overflow bug has been discovered in unarj when handling
long file names contained in an archive. An attacker could create
an archive with a specially crafted path which could cause unarj
to crash or execute arbitrary instructions.
http://www.linuxsecurity.com/advisor...sory-5159.html

Distribution: Gentoo

11/6/2004 - GPdf, KPDF, KOffice Vulnerabilities in included xpdf
arbitrary code execution fix

The original fix introduced new vulnerabilities on 64-bit
platforms. New fixed packages are available. Updated sections
follow.
http://www.linuxsecurity.com/advisor...sory-5090.html

11/6/2004 - Xpdf, CUPS Multiple integer overflows
arbitrary code execution fix

The original fix introduced new vulnerabilities on 64-bit
platforms. New fixed packages are available. Updated sections follow.
http://www.linuxsecurity.com/advisor...sory-5091.html

11/6/2004 - Gallery
Cross-site scripting vulnerability

Gallery is vulnerable to cross-site scripting attacks.
http://www.linuxsecurity.com/advisor...sory-5092.html

11/6/2004 - ImageMagick
EXIF buffer overflow

ImageMagick contains an error in boundary checks when handling
EXIF information, which could lead to arbitrary code execution.
http://www.linuxsecurity.com/advisor...sory-5093.html

11/7/2004 - zgv
Multiple buffer overflows

zgv contains multiple buffer overflows that can potentially lead
to the execution of arbitrary code.
http://www.linuxsecurity.com/advisor...sory-5094.html

11/7/2004 - Portage, Gentoolkit Temporary file vulnerabilities
Multiple buffer overflows

dispatch-conf (included in Portage) and qpkg (included in
Gentoolkit) are vulnerable to symlink attacks, potentially
allowing a local user to overwrite arbitrary files with the rights
of the user running the script.
http://www.linuxsecurity.com/advisor...sory-5095.html

11/7/2004 - Kaffeine, gxine Remotely exploitable buffer overflow
Multiple buffer overflows

Kaffeine and gxine both contain a buffer overflow that can be
exploited when accessing content from a malicious HTTP server with
specially crafted headers.
http://www.linuxsecurity.com/advisor...sory-5096.html

11/8/2004 - OpenSSL, Groff Insecure tempfile handling
Multiple buffer overflows

groffer, included in the Groff package, and the der_chop script,
included in the OpenSSL package, are both vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary
files with the rights of the user running the utility.
http://www.linuxsecurity.com/advisor...sory-5097.html

11/9/2004 - zip
Path name buffer overflow

zip contains a buffer overflow when creating a ZIP archive of
files with very long path names. This could lead to the execution
of arbitrary code.
http://www.linuxsecurity.com/advisor...sory-5137.html

11/9/2004 - mtink
Insecure tempfile handling

mtink is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files with the rights of the
user running the utility.
http://www.linuxsecurity.com/advisor...sory-5138.html

11/10/2004 - Apache
2.0 Denial of Service by memory consumption

A flaw in Apache 2.0 could allow a remote attacker to cause a
Denial of Service.
http://www.linuxsecurity.com/advisor...sory-5139.html

11/11/2004 - pavuk
Multiple buffer overflows

Pavuk contains multiple buffer overflows that can allow a remote
attacker to run arbitrary code.
http://www.linuxsecurity.com/advisor...sory-5151.html

11/11/2004 - ez-ipupdate Format string vulnerability
Multiple buffer overflows

ez-ipupdate contains a format string vulnerability that could lead
to execution of arbitrary code.
http://www.linuxsecurity.com/advisor...sory-5152.html

11/11/2004 - samba
Remote Denial of Service

An input validation flaw in Samba may allow a remote attacker to
cause a Denial of Service by excessive consumption of CPU cycles.
http://www.linuxsecurity.com/advisor...sory-5160.html

11/11/2004 - Davfs2, lvm-user Insecure tempfile handling
Remote Denial of Service

Davfs2 and the lvmcreate_initrd script (included in the lvm-user
package) are both vulnerable to symlink attacks, potentially
allowing a local user to overwrite arbitrary files with the rights
of the user running them.
http://www.linuxsecurity.com/advisor...sory-5161.html

Distribution: Mandrake

11/5/2004 - shadow
security bypass vulnerability fix

A vulnerability in the shadow suite was discovered by Martin
Schulze that can be exploited by local users to bypass certain
security restrictions due to an input validation error in the
passwd_check() function. This function is used by the chfn and
chsh tools.
http://www.linuxsecurity.com/advisor...sory-5084.html

11/5/2004 - libxml
libxml2 multiple vulnerabilities fix

Multiple buffer overflows were reported in the libxml XML parsing
library. These vulnerabilities may allow remote attackers to
execute arbitray code via a long FTP URL that is not properly
handled by the xmlNanoFTPScanURL() function, a long proxy URL
containing FTP data that is not properly handled by the
xmlNanoFTPScanProxy() function, and other overflows in the code
that resolves names via DNS.
http://www.linuxsecurity.com/advisor...sory-5085.html

11/8/2004 - ruby
remote DoS vulnerability fix

Andres Salomon noticed a problem with the CGI session management
in Ruby. The CGI:Session's FileStore implementations store session
information in an insecure manner by just creating files and
ignoring permission issues (CAN-2004-0755).
http://www.linuxsecurity.com/advisor...sory-5129.html

11/10/2004 - webmin
problem with some modules fix

There was a problem with two modules in the webmin package that
did not work correctly: the cron and backup modules. The updates
packages fix the problem so the modules will again work.
http://www.linuxsecurity.com/advisor...sory-5146.html

11/11/2004 - ez-ipupdate format string vulnerability fix
problem with some modules fix

Ulf Harnhammar discovered a format string vulnerability in
ez-ipupdate, a client for many dynamic DNS services. The updated
packages are patched to protect against this problem.
http://www.linuxsecurity.com/advisor...sory-5147.html

11/11/2004 - speedtouch
format string vulnerability fix

The Speedtouch USB driver contains a number of format string
vulnerabilities due to improperly made syslog() system calls.
These vulnerabilities can be abused by a local user to potentially
allow the execution of arbitray code with elevated privileges.
http://www.linuxsecurity.com/advisor...sory-5148.html

11/11/2004 - samba
DoS vulnerability fix

Karol Wiesek discovered a bug in the input validation routines in
Samba 3.x used to match filename strings containing wildcard
characters. This bug may allow a user to consume more than normal
amounts of CPU cycles which would impact the performance and
response of the server.
http://www.linuxsecurity.com/advisor...sory-5149.html

Distribution: Trustix

11/5/2004 - apache
buffer overflow

Potential buffer overflow with escaped characters in SSI tag
string. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0940 to this issue.
http://www.linuxsecurity.com/advisor...sory-5087.html

11/8/2004 - php, postfix, kernel, sqlgrey, sqlite package fixes
buffer overflow

PHP: Wrong "extension_dir" leads to problems loading modules.
Postfix: Fixed a missing define that prevented dynamic loading of modules.
http://www.linuxsecurity.com/advisor...sory-5100.html