Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:121)

Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an...

Mandrake Linux Security Advisory : samba (MDKSA-2006:120)

A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated...

CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Microsoft...

Mandrake Linux Security Advisory : ppp (MDKSA-2006:119)

Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root. This could possibly lead to privilege escalation...

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)

OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. (CVE-2006-2198) An unspecified vulnerability in Java Applets in...

Mandrake Linux Security Advisory : libmms (MDKSA-2006:117-1)

Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Libmms uses the same...

Mandrake Linux Security Advisory : mutt (MDKSA-2006:115)

A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. Updated packages have been patched to address this...

Mandrake Linux Security Advisory : libwmf (MDKSA-2006:114-1)

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. (CVE-2004-0941) Integer overflows were reported in the GD...

Mandrake Linux Security Advisory : gd (MDKSA-2006:112)

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. gd-2.0.15 in Corporate 3.0 is not affected by...

Mandrake Linux Security Advisory : tetex (MDKSA-2006:113)

Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow....

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:111)

Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been...

Mandrake Linux Security Advisory : wv2 (MDKSA-2006:109)

A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108)

A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI....

Mandrake Linux Security Advisory : arts (MDKSA-2006:107)

A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their...

Mandrake Linux Security Advisory : gnupg (MDKSA-2006:110)

A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : spamassassin (MDKSA-2006:103)

A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd. By default,...

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:102)

A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a...

Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:099-1)

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747) Multiple integer overflows.....

Mandrake Linux Security Advisory : gdm (MDKSA-2006:100)

A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list. The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root's. The updated.....

Mandrake Linux Security Advisory : sendmail (MDKSA-2006:104)

A vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : kdebase (MDKSA-2006:105)

A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. The updated packages have been patched to correct...

Mandrake Linux Security Advisory : openldap (MDKSA-2006:096)

A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname. Packages have been patched to correct this...

Mandrake Linux Security Advisory : postgresql (MDKSA-2006:098)

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of 'Encoding-Based SQL...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:097)

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is....

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:095)

A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid, and there may not be a common scenario under which tiffsplit is called with attacker-controlled command line....

Mandrake Linux Security Advisory : evolution (MDKSA-2006:094)

Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the 'Load images if sender is in address book' option in enabled in Edit | Preferences | Mail Preferences | HTML. Packages have been patched to correct this...

Mandrake Linux Security Advisory : dia (MDKSA-2006:093)

A format string vulnerability in Dia allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a...

Mandrake Linux Security Advisory : hostapd (MDKSA-2006:088)

Hostapd 0.3.7 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Packages have been patched to correct this...

Mandrake Linux Security Advisory : mpg123 (MDKSA-2006:092)

An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. Packages have been patched to correct this...

Mandrake Linux Security Advisory : kphone (MDKSA-2006:089)

Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Packages have been patched to correct this...

Mandrake Linux Security Advisory : php (MDKSA-2006:091)

An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow (CVE-2006-1990). The substr_compare() function in PHP 5.x and 4.4.2 could allow attackers to.....

Mandrake Linux Security Advisory : kernel (MDKSA-2006:087)

Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. The provided packages are patched to fix this vulnerability. Users who may be running netfilter on important servers are encouraged to upgrade to these updated kernels......

CYBSEC-SAPBC2.txt

...

SKYPE-SB/2006-001: Improper handling of URI arguments

SKYPE-SB/2006-001: Improper handling of URI arguments Bulletin title: Improper handling of URI arguments Bulletin ID: SKYPE-SB/2006-001 Bulletin status: FINAL Date of announcement: 2006-05-19 08:00:00 +0000 Products affected: Skype for Windows Vulnerability type: Argument handling...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:086)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS...

[Full-disclosure] CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Local Privilege Escalation in SAP sapdba Command Vulnerability Class:.....

CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector)

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Phishing_Vector_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP BC (Business Connector) Vulnerability Class: Phishing Vector / Improper...

CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector)

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC (Business Connector) Vulnerability Class:...

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:082)

Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : gdm (MDKSA-2006:083)

A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. Packages have been patched to correct this...

Mandrake Linux Security Advisory : xine-ui (MDKSA-2006:085)

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. Packages have been patched to correct this...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:081-1)

A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. Update : Rafael Bermudez noticed that the patch for 2006 was mis-applied. This update resolves that...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:084)

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. (CVE-2006-1516) sql_parse.cc in MySQL 4.0.x up to...

Mandrake Linux Security Advisory : clamav (MDKSA-2006:080)

Ulf Harnhammar discovered that the freshclam tool does not do a proper check for the size of header data received from a web server. This could potentially allow a specially prepared HTTP server to exploit freshclam clients connecting to a database mirror and causing a DoS. The updated packages...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)

A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other...

Mandrake Linux Security Advisory : ruby (MDKSA-2006:079)

A vulnerability in how ruby's HTTP module uses blocking sockets was reported by Yukihiro Matsumoto. By sending large amounts of data to a server application using this module, a remote attacker could exploit it to render the application unusable and not respond to other client requests. The...

Mandrake Linux Security Advisory : ethereal (MDKSA-2006:077)

A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0 which is provided with this...

Mandrake Linux Security Advisory : php (MDKSA-2006:074)

A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996)...

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)

A number of vulnerabilities have been discovered in the Mozilla Firefox browser that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other...

Mandrake Linux Security Advisory : sash (MDKSA-2006:070)

Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially crafted...