Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : Zope (MDKSA-2000:026)

Previous versions of Zope have a serious security flaw in one of the base classes in the DocumentTemplate package that is inadequately protected. This flaw allows the contents of DHTML Documents or DHTML Methods to be changed remotely or through DHTML code without forcing proper user...

Mandrake Linux Security Advisory : diffutils (MDKSA-2001:008-1)

WireX discovered a potential temporary file race condition in the sdiff program within the diffutils package. This update corrects the problem. Update : The previous updates had a conflicting man page with the man-pages package which prevented MandrakeUpdate from updating the...

Mandrake Linux Security Advisory : php (MDKSA-2001:013)

There are two security problems with php4 as shipped in Linux-Mandrake 7.2. It is possible to specify PHP directives on a per-directory basis under Apache and a remote attacker could carefully craft an HTTP request that would cause the next page to be served with the wrong values for these...

Mandrake Linux Security Advisory : slrn (MDKSA-2001:028)

A buffer overflow exists in versions of the slrn news reader prior to 0.9.6.3pl4 as reported by Bill Nottingham. This problem exists in the wrapping/unwrapping functions and a long header in a message might overflow a buffer which could result in execution of arbitrary code encoded in the...

Mandrake Linux Security Advisory : mutt (MDKSA-2001:031)

A format string vulnerability was present in the IMAP code in versions of the mutt email client previous to 1.2.5. This had the effect that a compromised or malicious IMAP server could possibly execute code on the local...

Mandrake Linux Security Advisory : Zope (MDKSA-2001:049)

Another problem was discovered in Zope that fixes a problem with ZClasses. Any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. The Zope Hotfix.....

Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)

A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be.....

Mandrake Linux Security Advisory : esound (MDKSA-2000:051)

A problem exists with the esound daemon, which is used in GNOME and responsible for multiplexing access to audio devices. Versions of esound prior to and including 0.2.19 create a world-writable directory in /tmp called .esd which is owned by the user running esound. This directory is used to...

Mandrake Linux Security Advisory : mod_perl (MDKSA-2000:046)

The configuration file, /etc/httpd/conf/addon-modules/mod_perl.conf contained an Options directive that was not entirely secure and allowed people to browse the /perl/ directory. This update adds the '-Indexes' directive to the Options command, thus making the directory non-...

Mandrake Linux Security Advisory : apache (MDKSA-2000:060-2)

The Apache web server comes with a module called mod_rewrite which is used to rewrite URLs presented by the client prior to further processing. There is a flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on the server system if they contain regular expression...

Mandriva Linux Security Advisory : libxslt (MDVSA-2012:109)

A vulnerability has been discovered and corrected in libxslt : The XSL implementation in libxslt allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors (CVE-2012-2825). The updated packages have been patched to correct this...

Mandriva Linux Security Advisory : wireshark (MDVSA-2012:080)

Multiple vulnerabilities was found and corrected in Wireshark : It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by...

Mandriva Linux Security Advisory : arpwatch (MDVSA-2012:113)

A vulnerability has been discovered and corrected in arpwatch : arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon...

Mandriva Linux Security Advisory : wireshark (MDVSA-2012:134)

Multiple vulnerabilities was found and corrected in Wireshark : The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into.....

Mandrake Linux Security Advisory : netscape (MDKSA-2000:027-1)

Previous versions of Netscape, from version 3.0 to 4.73 contain a serious overflow flaw due to improper input verification in Netscape's JPEG processing code. The way Netscape processed JPEG comments trusted the length parameter for comment fields. By manipulating this value, it was possible to...

Mandriva Linux Security Advisory : krb5 (MDVSA-2011:159)

Multiple vulnerabilities has been found and corrected in krb5 : The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash).....

Mandriva Linux Security Advisory : libreoffice (MDVSA-2011:172)

Multiple vulnerabilies has been discovered and corrected in libreoffice : Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file (CVE-2011-2685). oowriter in OpenOffice.org 3.3.0 and...

Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:091)

Security issues were identified and fixed in libreoffice : An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code (CVE-2012-1149). An integer overflow flaw,...

Mandriva Linux Security Advisory : systemd (MDVSA-2012:030)

A vulnerability has been found and corrected in systemd : A TOCTOU race condition was found in the way the systemd-logind login manager of the systemd, a system and service manager for Linux, performed removal of particular records related with user session upon user logout. A local attacker could....

Mandriva Linux Security Advisory : libotr (MDVSA-2012:131)

A vulnerability was found and corrected in libotr : Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted...

Mandrake Linux Security Advisory : mod_php3 (MDKSA-2000:048)

A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file uploads. PHP saves uploaded files in a temporary directory on the server, using a temporary name that is referenced as the variable $FOO where 'FOO' is the name of the file input tag in the submitted form. Many PHP scripts...

Mandriva Linux Security Advisory : dhcp (MDVSA-2012:115)

Multiple vulnerabilities has been discovered and corrected in ISC DHCP : An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an...

Mandriva Linux Security Advisory : libexif (MDVSA-2012:106)

Multiple vulnerabilities has been discovered and corrected in libexif : A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive...

Mandrake Linux Security Advisory : bind (MDKSA-2002:043)

A buffer overflow vulnerability exists in different implementations of the DNS resolver libraries. A remote attacker able to sent malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a DoS (Denial of Service) on a vulnerable system. The named...

Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2012:117)

A vulnerability has been discovered and corrected in python-pycrypto : PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute-force...

Mandriva Linux Security Advisory : php (MDVSA-2012:108)

Multiple vulnerabilities has been discovered and corrected in php : Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688). The...

Mandrake Linux Security Advisory : gnorpm (MDKSA-2000:055)

Versions of GnoRPM prior to 0.95 used files in the /tmp directory in an insecure manner. If GnoRPM is run as root, a local user can exploit this behaviour to trick GnoRPM into writing to arbitrary files anywhere on the...

Mandrake Linux Security Advisory : apcupsd (MDKSA-2000:077)

A problem exists with the apcupsd daemon. During startup, apcupsd creates a PID file in /var/run with the ID of the daemon process. This file is used by the shutdown script to kill the daemon process. The /var/run/apcupsd.pid file is created with mode 666 permissions, meaning it is...

Mandriva Linux Security Advisory : wireshark (MDVSA-2011:164)

This advisory updates wireshark to the latest version (1.6.3), fixing several security issues : An uninitialized variable in the CSN.1 dissector could cause a crash (CVE-2011-4100). Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a...

Mandriva Linux Security Advisory : wireshark (MDVSA-2012:015)

Multiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark (1.6.5 ) which is not vulnerable to these...

Mandrake Linux Security Advisory : kon2 (MDKSA-2000:028)

There is a vulnerable suid program called fld. This program accepts option input from a text file and it is possible to input arbitrary code into the stack, thus spawning a root...

Mandrake Linux Security Advisory : nss_ldap (MDKSA-2000:066-1)

A race condition exists in versions of nss_ldap prior to version 121. On a system running nscd, a malicious user can cause the system to hang. Update : Due to a new packaging scheme, the updates have been re-released with the appropriate revision...

Mandrake Linux Security Advisory : netscape (MDKSA-2000:080)

A buffer overflow exists in the HTML parser code of the Netscape web browser in all versions prior to and including 4.75. This buffer overflow can be exploited by a remote attacker or web...

Mandrake Linux Security Advisory : webmin (MDKSA-2001:016)

Previous versions of webmin would create temporary files insecurely on several occasions. This could be exploited by a local attacker to overwrite or create arbitrary files and possibly gain root...

Mandrake Linux Security Advisory : MandrakeUpdate (MDKSA-2000:034)

There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins...

Mandrake Linux Security Advisory : kdesu (MDKSA-2000:008)

A vulnerability in kdesud will allow any user to exploit a buffer overflow. This user then can have a root group access on the machine, by exploiting a bug in the kdesud...

Mandrake Linux Security Advisory : usermode (MDKSA-2000:020)

A bug existed in the usermode package that permitted users to reboot or halt the system without having root access. This update removes those files associated with allowing users access to reboot, shutdown, halt, or poweroff the...

Mandrake Linux Security Advisory : bash1 (MDKSA-2000:075)

The bash1 shell program has the same << vulnerability that tcsh has and incorrectly creates temporary files without the O_EXCL flag. This vulnerability does not exist in bash2 which uses the O_EXCL flag when creating temporary...

Mandrake Linux Security Advisory : ghostscript (MDKSA-2000:074)

The ghostscript package uses mktemp instead of mkstemp to create temporary files. It also uses improper LD_RUN_PATH values, which causes it to search for libraries in the current...

Mandrake Linux Security Advisory : Zope (MDKSA-2000:083)

There is an issue involving security registration of 'legacy' names for certain object constructors such as the constructors for DTML Method Objects. Security was not being applied correctly for the legacy names, making it possible to call those constructors without the permissions that should...

Mandrake Linux Security Advisory : slocate (MDKSA-2000:085)

Michael Kaempf reported a security problem in slocate (a secure version of locate, a tool to quickly locate files on a filesystem) on bugtraq which was originally discovered by zorgon. He discovered that there was a bug in the database reading code which made it overwrite an internal structure...

Mandrake Linux Security Advisory : gnupg (MDKSA-2000:087)

When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned...

Mandrake Linux Security Advisory : getty_ps (MDKSA-2001:004)

WireX discovered a potential temporary file race condition in the getty_ps program. This update corrects the...

Mandrake Linux Security Advisory : squid (MDKSA-2001:003)

WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. Usually this will only happen if you are running a development version of squid or if the clock on your system is incorrect. This...

Mandrake Linux Security Advisory : perl-Digest-MD5 (MDKSA-2002:035)

A bug exists in the UTF8 interaction between the perl-Digest-MD5 module and perl that results in UTF8 strings having improper MD5 digests. The 2.20 version of the module corrects this...

Mandrake Linux Security Advisory : xinetd (MDKSA-2002:053)

A vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of...

Mandrake Linux Security Advisory : man (MDKSA-2000:015)

Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions. It is found in versions 1.5e and higher of man, and handles temporary files insecurely. Local users may gain a variety of privileges depending on...

Mandrake Linux Security Advisory : pine (MDKSA-2000:073-1)

By adding specific headers to messages, the pine mail reader could be made to exit with an error message when users attempted to manipulate mail folders containing those messages. Update : The previous announcement did not make mention of another vulnerability in pine 4.21 and previous in that it.....

Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)

The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or.....

Mandrake Linux Security Advisory : xinitrc (MDKSA-2000:052)

A problem exists in the /etc/X11/Xsession file which disables the Xauthority mechanism of the localhost. This means that anyone logged into the localhost can arbitrarily connect to an X server running on the localhost. This is only a problem with systems that allow remote logins and is not a...