Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : cups (MDKSA-2005:165)

A vulnerability in CUPS would treat a Location directive in cupsd.conf as case-sensitive, allowing attackers to bypass intended ACLs via a printer name containing uppercase or lowecase letters that are different from that which was specified in the Location directive. This issue only affects...

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:131)

A number of vulnerabilities were discovered in versions of Ethereal prior to version 0.10.12, including : The SMB dissector could overflow a buffer or exhaust memory (CVE-2005-2365). iDefense discovered that several dissectors are vulnerable to format string overflows (CVE-2005-2367). A number of.....

Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)

Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory when....

Mandrake Linux Security Advisory : wxPythonGTK (MDKSA-2005:144)

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. wxPythonGTK uses an....

Mandrake Linux Security Advisory : slocate (MDKSA-2005:147)

A bug was discovered in the way that slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its filesystem scan, resulting in an incomplete...

Mandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The gnumeric packages use a private copy.....

Mandrake Linux Security Advisory : fetchmail (MDKSA-2005:126)

A buffer overflow was discovered in fetchmail's POP3 client which could allow a malicious server to send a carefully crafted message UID, causing fetchmail to crash or potentially execute arbitrary code as the user running fetchmail. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : clamav (MDKSA-2005:125)

Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilities in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats. By sending a specially crafted file, an attacker could execute arbitrary code with the permissions of the user running Clam AV. This update provides clamav...

Mandrake Linux Security Advisory : libtiff (MDKSA-2005:142)

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. The updated...

Mandrake Linux Security Advisory : gaim (MDKSA-2005:139)

Yet more vulnerabilities have been discovered in the gaim IM client. Invalid characters in a sent file can cause Gaim to crash on some systems (CVE-2005-2102); a remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings...

Mandrake Linux Security Advisory : ucd-snmp (MDKSA-2005:137)

A Denial of Service vulnerability was discovered in the way that ucd-snmp uses network stream protocols. A remote attacker could send a ucd-snmp agent a specially crafted packet that would cause the agent to crash. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : xpdf (MDKSA-2005:134)

A vulnerability in the xpdf PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause xpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : evolution (MDKSA-2005:141)

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. (CVE-2005-2549) A...

Mandrake Linux Security Advisory : lm_sensors (MDKSA-2005:149)

Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root. The...

Mandrake Linux Security Advisory : squid (MDKSA-2005:162)

Two vulnerabilities were recently discovered in squid : The first is a DoS possible via certain aborted requests that trigger an assertion error related to 'STOP_PENDING' (CVE-2005-2794). The second is a DoS caused by certain crafted requests and SSL timeouts (CVE-2005-2796). The updated packages.....

cybsecApps.txt

...

CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability

CYBSEC S.A. www.cybsec.com Advisory Name: Multiple Vendor Web Vulnerability Scanner Arbitrary ============= Script Injection Vulnerability Vulnerability Class: Script Injection Release Date: 09.01.2005 Affected Applications: N-Stealth Commercial Edition < 5.8.0.38 N-Stealth Free Edition <...

CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability

CYBSEC S.A. www.cybsec.com Advisory Name: Multiple Vendor Web Vulnerability Scanner Arbitrary ============= Script Injection Vulnerability Vulnerability Class: Script Injection Release Date: 09.01.2005 Affected Applications: N-Stealth Commercial Edition < 5.8.0.38 N-Stealth Free Edition <...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:122)

The Kate and Kwrite programs create a file backup before saving a modified file. These backup files are created with default system permissions, even if the original file had more strict permissions set. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : shorewall (MDKSA-2005:123)

A vulnerability was discovered in all versions of shorewall where a client accepted by MAC address filtering is able to bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client is positively identified through...

Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:121)

Rob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the 'ssl start_tls' setting in ldap.conf. As well, a bug in nss_ldap in Corporate Server and.....

Mandrake Linux Security Advisory : krb5 (MDKSA-2005:119)

A number of vulnerabilities have been corrected in this Kerberos update : The rcp protocol would allow a server to instruct a client to write to arbitrary files outside of the current directory. The Kerberos-aware rcp could be abused to copy files from a malicious server (CVE-2004-0175). Gael...

Mandrake Linux Security Advisory : dhcpcd (MDKSA-2005:117)

'infamous42md' discovered that the dhcpcd DHCP client could be tricked into reading past the end of the supplied DHCP buffer, which could lead to the daemon crashing. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : ruby (MDKSA-2005:118)

A vulnerability was discovered in ruby version 1.8 that could allow for the execution of arbitrary commands on a server running the ruby xmlrpc server. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : leafnode (MDKSA-2005:114)

A number of vulnerabilities in the leafnode NNTP server package have been found : A vulnerability in the fetchnews program that could under some circumstances cause a wait for input that never arrives, which in turn would cause fetchnews to hang (CVE-2004-2068). Two vulnerabilities in the...

Mandrake Linux Security Advisory : cpio (MDKSA-2005:116-1)

A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete (CVE-2005-1111). A vulnerability has.....

Mandrake Linux Security Advisory : mplayer (MDKSA-2005:115)

Two heap overflows were discovered in mplayer's code handling the RealMedia RTSP and Microsoft Media Services streams over TCP (MMST). These vulnerabilities could allow for a malicious server to execute arbitrary code on the client computer with the permissions of the user running MPlayer. The...

Mandrake Linux Security Advisory : clamav (MDKSA-2005:113)

Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. The updated packages have been patched to correct the...

Mandrake Linux Security Advisory : zlib (MDKSA-2005:112)

Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)

Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create...

Mandrake Linux Security Advisory : kernel-2.4 (MDKSA-2005:111)

Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert...

Mandrake Linux Security Advisory : php-pear (MDKSA-2005:109)

A vulnerability was discovered by GulfTech Security in the PHP XML RPC project. This vulnerability is considered critical and can lead to remote code execution. The vulnerability also exists in the PEAR XMLRPC implementation. Mandriva ships with the PEAR XMLRPC implementation and it has been...

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:107)

A heap-based buffer overflow was found in the way that ImageMagick parses PNM files. If an attacker can trick a victim into opening a specially crafted PNM file, the attacker could execute arbitrary code on the victim's machine (CVE-2005-1275). As well, a Denial of Service vulnerability was found.....

Mandrake Linux Security Advisory : spamassassin (MDKSA-2005:106)

A Denial of Service bug was discovered in SpamAssassin. An attacker could construct a particular message that would cause SpamAssassin to consume CPU resources. If a large number of these messages were sent, it could lead to a DoS. SpamAssassin 3.0.4 was released to correct this vulnerability, as.....

Mandrake Linux Security Advisory : squid (MDKSA-2005:104)

A bug was found in the way that Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious...

Mandrake Linux Security Advisory : dbus (MDKSA-2005:105)

Dan Reed discovered a vulnerability in the D-BUS system for sending messages between applications. He found that a user can send and listen to messages on another user's per-user session bus if they knew the address of the socket. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : sudo (MDKSA-2005:103)

A race condition was discovered in sudo by Charles Morris. This could lead to the escalation of privileges if /etc/sudoers allowed a user to execute selected programs that were then followed by another line containing the pseudo-command 'ALL'. By creating symbolic links at a certain time, that...

Mandrake Linux Security Advisory : gedit (MDKSA-2005:102)

A vulnerability was discovered in gEdit where it was possible for an attacker to create a file with a carefully crafted name which, when opened, executed arbitrary code on the victim's computer. It is highly unlikely that a user would open such a file, due to the file name, but could possibly be...

Mandrake Linux Security Advisory : gaim (MDKSA-2005:099)

More vulnerabilities have been discovered in the gaim IM client. The first is a remote crash with the Yahoo! protocol (CVE-2005-1269) and the second is a remote DoS in the MSN protocol (CVE-2005-1934). These problems have been corrected in gaim 1.3.1 which is provided with this...

Mandrake Linux Security Advisory : tcpdump (MDKSA-2005:101)

A Denial of Service vulnerability was found in tcpdump during the processing of certain network packages. Because of this flaw, it was possible for an attacker to inject a carefully crafted packet onto the network which would crash a running tcpdump session. The updated packages have been patched.....

DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow'

DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow' Author: Kevin Finisterre Vendor: http://www.globalhauri.com Product: 'ViRobot Linux (and Unix?) Server' References: http://www.digitalmunition.com/DMA[2005-0614a].txt Description: HAURI, Inc. is a leading anti-virus solution...

Mandrake Linux Security Advisory : rsh (MDKSA-2005:100)

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server. The updated packages have been patched to.....

Mandrake Linux Security Advisory : wget (MDKSA-2005:098)

Two vulnerabilities were found in wget. The first is that an HTTP redirect statement could be used to do a directory traversal and write to files outside of the current directory. The second is that HTTP redirect statements could be used to overwrite dot ('.') files, potentially overwriting the...

Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)

Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CVE-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The....

Mandrake Linux Security Advisory : a2ps (MDKSA-2005:097)

The fixps and psmandup scripts, part of the a2ps package, are vulnerable to symlink attacks which could allow a local attacker to overwrite arbitrary files. The updated packages have been patched to correct the...

Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:094)

Two buffer overflow vulnerabilities were discovered in the MMS and Real RTSP stream handlers in the Xine libraries. If an attacker can trick a user to connect to a malicious MMS or RTSP video/audio stream source with any application using this library, they could crash the client and possibly even....

Mandrake Linux Security Advisory : postgresql (MDKSA-2005:093)

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user.....

[SA15543] PHPMailer "Data()" Denial of Service Vulnerability

Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ TITLE: PHPMailer "Data()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA15543 VERIFY ADVISORY:...

Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704). He...

CYBSEC - PHPMailer Infinite Loop Denial of Service

CYBSEC S.A. www.cybsec.com Advisory Name: PHPMailer Infinite Loop Denial of Service Vulnerability Class: Denial of Service Release Date: 05.27.2005 Affected Applications: PHPMailer <= 1.72 Affected Platforms: Platform-Independent: Tested on Apache 2.0.52 / PHP 4.3.11 & PHP 5.0.4 Local /...