Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : openvpn (MDKSA-2006:069)

A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv...

Mandrake Linux Security Advisory : kaffeine (MDKSA-2006:065)

Marcus Meissner discovered Kaffeine contains an unchecked buffer while creating HTTP request headers for fetching remote RAM playlists, which allows overflowing a heap allocated buffer. As a result, remotely supplied RAM playlists can be used to execute arbitrary code on the client machine....

Mandrake Linux Security Advisory : clamav (MDKSA-2006:067)

Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that...

Mandrake Linux Security Advisory : mplayer (MDKSA-2006:068)

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char....

Mandrake Linux Security Advisory : freeradius (MDKSA-2006:066)

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:064)

MySQL allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : php (MDKSA-2006:063)

A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc....

Mandrake Linux Security Advisory : dia (MDKSA-2006:062)

Three buffer overflows were discovered by infamous41md in dia's xfig import code. This could allow for user-complicit attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid color index, number of points, or depth. Updated packages have been patched to correct...

Mandrake Linux Security Advisory : freeradius (MDKSA-2006:060)

An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via 'Insufficient input validation' in the EAP-MSCHAPv2 state machine module. Updated packages have been patched to correct this...

Mandrake Linux Security Advisory : sendmail (MDKSA-2006:058)

A race condition was reported in sendmail in how it handles asynchronous signals. This could allow a remote attacker to be able to execute arbitrary code with the privileges of the user running sendmail. The updated packages have been patched to correct this problem via a patch provided by the...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:059)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : sysctl.c in the Linux kernel prior to 2.6.14.1 allows local users to cause a Denial of Service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:056)

Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files. Updated packages have.....

Mandrake Linux Security Advisory : cairo (MDKSA-2006:057)

GNOME Evolution allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains 'Content-Disposition: inline' in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually...

Mandrake Linux Security Advisory : gnupg (MDKSA-2006:055)

Another vulnerability, different from that fixed in MDKSA-2006:043 (CVE-2006-0455), was discovered in gnupg in the handling of signature files. This vulnerability is corrected in gnupg 1.4.2.2 which is being provided with this...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:054)

Marcelo Ricardo Leitner discovered the official published kpdf patches for several previous xpdf vulnerabilities were lacking some hunks published by upstream xpdf. As a result, kpdf is still vulnerable to certain carefully crafted pdf files. Although previous updates captured most of these...

Mandrake Linux Security Advisory : freeciv (MDKSA-2006:053)

A Denial of Service vulnerability was discovered in the civserver component of the freeciv game on certain incoming packets. The updated packages have been patched to fix this...

Mandrake Linux Security Advisory : mplayer (MDKSA-2006:048)

Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. The updated packages have...

Mandrake Linux Security Advisory : unzip (MDKSA-2006:050)

A buffer overflow was foiund in how unzip handles file name arguments. If a user could tricked into processing a specially crafted, excessively long file name with unzip, an attacker could execute arbitrary code with the user's privileges. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:052)

The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass JavaScript security settings and obtain sensitive information or cause a crash via an e-mail containing a JavaScript URI in the SRC attribute of an IFRAME tag, which is executed when the....

Mandrake Linux Security Advisory : metamail (MDKSA-2006:047)

Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail. The updated packages....

[Full-disclosure] [INetCop Security Advisory] Global Hauri Virobot cookie exploit

======================================== INetCop Security Advisory #2006-0x82-028 ======================================== Title: Global Hauri Virobot cookie exploit 0x01. Description Virobot Unix/Linux Server is anti virus program that develop in Global Hauri. (Product in Unix of SUN...

Mandrake Linux Security Advisory : tar (MDKSA-2006:046)

Gnu tar versions 1.14 and above have a buffer overflow vulnerability and some other issues including : Carefully crafted invalid headers can cause buffer overrun. Invalid header fields go undiagnosed. Some valid time strings are ignored. The updated packages have been patched to...

Mandrake Linux Security Advisory : bluez-hcidump (MDKSA-2006:041)

Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : gnupg (MDKSA-2006:043)

Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:040)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The udp_v6_get_port function in udp.c, when running IPv6, allows local users to cause a Denial of Service (infinite loop and crash) (CVE-2005-2973). The mq_open system call in certain situations can decrement a...

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:042)

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks. The updated packages have...

CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Arbitrary File Read/Delete in SAP BC (Business Connector) Vulnerability...

CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC

(The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf ) CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Phishing Vector in SAP BC (Business Connector) Vulnerability Class: Phishing Vector /...

Mandrake Linux Security Advisory : gnutls (MDKSA-2006:039)

Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these...

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:037)

Mozilla and Mozilla Firefox allow remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. (CVE-2005-4134) The JavaScript interpreter...

Mandrake Linux Security Advisory : groff (MDKSA-2006:038)

The Trustix Secure Linux team discovered a vulnerability in the groffer utility, part of the groff package. It created a temporary directory in an insecure way which allowed for the exploitation of a race condition to create or overwrite files the privileges of the user invoking groffer. Likewise,....

Mandrake Linux Security Advisory : php (MDKSA-2006:035)

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : openssh (MDKSA-2006:034)

A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename. The provided...

Mandrake Linux Security Advisory : poppler (MDKSA-2006:030)

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the....

Mandrake Linux Security Advisory : php (MDKSA-2006:028)

Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207) Multiple...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:031)

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as...

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:033)

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this...

Mandrake Linux Security Advisory : libast (MDKSA-2006:029)

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : xpdf (MDKSA-2006:032)

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : bzip2 (MDKSA-2006:026)

A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep. As well, the bzip2 package provided with Mandriva Linux...

Mandrake Linux Security Advisory : gzip (MDKSA-2006:027)

Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more...

Mandrake Linux Security Advisory : perl-Net_SSLeay (MDKSA-2006:023)

Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to...

Mandrake Linux Security Advisory : net-snmp (MDKSA-2006:025)

The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker.....

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:024)

The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601) A format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3, and other...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:021)

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an.....

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2006:020)

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite.....

Mandrake Linux Security Advisory : kdelibs (MDKSA-2006:019)

A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:018)

A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to...

Mandrake Linux Security Advisory : wine (MDKSA-2006:014)

A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly....

Mandrake Linux Security Advisory : hylafax (MDKSA-2006:015)

Patrice Fournier discovered the faxrcvd/notify scripts (executed as the uucp/fax user) run user-supplied input through eval without any attempt at sanitising it first. This would allow any user who could submit jobs to HylaFAX, or through telco manipulation control the representation of callid...