Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : gnupg (MDKSA-2006:228)

A 'stack overwrite' vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : samba (MDKSA-2007:034)

A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. (CVE-2007-0452) The....

Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166)

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

Mandrake Linux Security Advisory : openldap (MDKSA-2006:171)

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). Packages have been patched to correct this...

Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that....

CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf ) This advisory contains the full-detailed information regarding the vulnerability...

Interview:USSR

USSR Labs USSR Labs (their website http://www.ussrback.com, their slogan is "USSR is back", that is, "USSR is back", their symbol is a bulldog in a strict collar) broke into the world of computer security relatively recently, but very decisive. Somewhere, probably last fall (interview taken in...

Mandrake Linux Security Advisory : bind (MDKSA-2006:163)

A vulnerability in BIND was discovered where it did not sufficiently verify particular requests and responses from other name servers and users. This could be exploited by sending a specially crafted packet to crash the name server. Updated packages have been patched to address these...

Mandrake Linux Security Advisory : wireshark (MDKSA-2006:128)

A number of vulnerabilities have been discovered in the Wireshark (formerly Ethereal) network analyzer. These issues have been corrected in Wireshark version 0.99.2 which is provided with this...

Mandrake Linux Security Advisory : php (MDKSA-2006:162)

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before....

Mandrake Linux Security Advisory : musicbrainz (MDKSA-2006:157-1)

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow....

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155)

Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that...

Mandrake Linux Security Advisory : freeciv (MDKSA-2006:135)

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in th...

Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)

A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:160)

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. In...

Mandrake Linux Security Advisory : php (MDKSA-2006:144)

A vulnerability was discovered in the sscanf function that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read. Updated packages have been patched to correct these...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1)

Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). Local exploitation of an integer overflow vulnerability in the...

Mandrake Linux Security Advisory : openssl (MDKSA-2006:161)

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue,.....

Mandrake Linux Security Advisory : ruby (MDKSA-2006:134)

A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions. Updated packages have been patched to.....

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:149)

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031). The update allows the local admin to...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program. Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future.....

Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:129)

An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. Updated packages have been.....

Mandrake Linux Security Advisory : sudo (MDKSA-2006:159)

Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2006:130)

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. This issue does not affect...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:148)

An integer overflow flaw was discovered in how xorg-x11/XFree86 handles PCF files. A malicious authorized client could exploit the issue to cause a DoS (crash) or potentially execute arbitrary code with root privileges on the xorg-x11/XFree86 server. Updated packages are patched to address this...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:158)

MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. (CVE-2006-4380) There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This...

Mandrake Linux Security Advisory : apache (MDKSA-2006:133)

Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling. In order for this to be exploitable, a number of conditions need to be met including a) running a vulnerable version of Apache (1.3.28+, 2.0.46+, or 2.2.0+),.....

Mandrake Linux Security Advisory : kernel (MDKSA-2006:124)

A race condition in the Linux kernel 2.6.17.4 and earlier allows local users to obtain root privileges due to a race condition in the /proc filesystem. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and...

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided...

Mandrake Linux Security Advisory : mailman (MDKSA-2006:165)

A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941). As well, a number of XSS (cross-site scripting) issues were...

Mandrake Linux Security Advisory : heartbeat (MDKSA-2006:142)

Two vulnerabilities in heartbeat prior to 2.0.6 was discovered by Yan Rong Ge. The first is that heartbeat would set insecure permissions in an shmget call for shared memory, allowing a local attacker to cause an unspecified denial of service via unknown vectors (CVE-2006-3815). The second is a...

Mandrake Linux Security Advisory : clamav (MDKSA-2006:138)

Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or...

Mandrake Linux Security Advisory : sendmail (MDKSA-2006:156)

Moritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : ncompress (MDKSA-2006:140)

Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:137)

Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library : Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is used to read two unsigned shorts from the input file......

Mandrake Linux Security Advisory : gimp (MDKSA-2006:127)

A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp 2.2.x allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. Updated packages have been patched to....

Mandrake Linux Security Advisory : kernel (MDKSA-2006:151)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to and including 2.6.16-rc2, when running on x86_64 systems with preemption enabled, local users can cause a DoS (oops) via multiple ptrace tasks that perform single steps (CVE-2006-1066). Prior to 2.6.16, a.....

Mandrake Linux Security Advisory : libtunepimp (MDKSA-2006:126)

Kevin Kofler discovered multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote user-complicit attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2)...

Mandrake Linux Security Advisory : webmin (MDKSA-2006:125)

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files. NOTE: This is a different issue than CVE-2006-3274. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : libwmf (MDKSA-2006:132)

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. Updated packages have been patched....

Mandrake Linux Security Advisory : gnupg (MDKSA-2006:141)

An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : wireshark (MDKSA-2006:152)

Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were discovered in versions of wireshark less than 0.99.3, as well as an off-by-one error in the IPsec ESP preference parser if compiled with ESP decryption support. This updated provides wireshark 0.99.3a which is not vulnerable to these...

CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal

(The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal...

CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features

(The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP Internet Graphics Service (IGS) Undocumented Features Vulnerability Class:...

CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf) This advisory contains the full-detailed information...

CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_B uffer_Overflow.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP Internet Graphics Service (IGS)...

CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_B uffer_Overflow.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP Internet Graphics Service (IGS)...

[CYBSEC] TippingPoint detection bypass

CYBSEC S.A. www.cybsec.com Pre-Advisory Name: TippingPoint detection bypass Vulnerability Class: Design flaw Release Date: 07/24/2006 Affected Platforms: All TippingPoint appliances with TOS <= 2.2.3.6514 Local / Remote: Remote Severity: High Author: Andres Riancho Vendor Status: Confirmed,...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:123)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The kernel did not clear sockaddr_in.sin_zero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt() is...

Mandrake Linux Security Advisory : php (MDKSA-2006:122)

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. One instance in gd_io_dp.c does not appear to be corrected in...