Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : cdrdao (MDKSA-2005:089)

The cdrdao package contains two vulnerabilities; the first allows local users to read arbitrary files via the show-data command and the second allows local users to overwrite arbitrary files via a symlink attack on the ~/.cdrdao configuration file. This can also lead to elevated privileges (a root....

Mandrake Linux Security Advisory : bzip2 (MDKSA-2005:091)

A race condition in the file permission restore code of bunzip2 was discovered by Imran Ghory. While a user was decompressing a file, a local attacker with write permissions to the directory containing the compressed file could replace the target file with a hard link which would cause bunzip2 to.....

Mandrake Linux Security Advisory : gzip (MDKSA-2005:092)

Several vulnerabilities have been discovered in the gzip package : Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CVE-2005-0758) A race condition in gzip 1.2.4, 1.3.3, and...

Mandrake Linux Security Advisory : nasm (MDKSA-2005:090)

A buffer overflow in nasm was discovered by Josh Bressers. If an attacker could trick a user into assembling a malicious source file, they could use this vulnerability to execute arbitrary code with the privileges of the user running nasm. The provided packages have been patched to correct these...

Mandrake Linux Security Advisory : mozilla (MDKSA-2005:088)

A number of security vulnerabilities were fixed in the Mozilla Firefox 1.0.4 and Mozilla Suite 1.7.8 releases. Patches have been backported where appropriate; Corporate 3.0 is receiving the new Mozilla Suite 1.7.8 release. The following issues have been fixed in both Mozilla Firefox and Mozilla...

Mandrake Linux Security Advisory : gaim (MDKSA-2005:086)

More vulnerabilities have been found in the gaim instant messaging client. A stack-based buffer overflow bug was found in how gaim processes a message containing a URL; a remote attacker could send a carefully crafted message to cause the execution of arbitrary code on the user's machine...

Mandrake Linux Security Advisory : gnutls (MDKSA-2005:084)

Two vulnerabilities were discovered in the GnuTLS library. The first is a vulnerability in the way GnuTLS does record packet parsing; the second is a flaw in the RSA key export functionality. These could be exploited by a remote attacker to cause a Denial of Service to any program using the GnuTLS....

Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:085)

A buffer overflow in the PCX decoder of kimgio was discovered by Bruno Rohee. If an attacker could trick a user into loading a malicious PCX image with any KDE application, he could cause the execution of arbitrary code with the privileges of the user opening the image. The provided packages have.....

Mandrake Linux Security Advisory : tcpdump (MDKSA-2005:087)

A number of Denial of Service vulnerabilities were discovered in the way that tcpdump processes certain network packets. If abused, these flaws can allow a remote attacker to inject a carefully crafted packet onto the network, crashing tcpdump. The provided packages have been patched to correct...

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:083)

A number of vulnerabilities were discovered in previous version of Ethereal that have been fixed in the 0.10.11 release, including : The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,...

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2005:082)

AD-LAB discovered a heap overflow in the StgCompObjStream::Load() function when OpenOffice.org processes DOC documents. If an attacker created a malicious DOC document that contained a specially crafted header, it could execute arbitrary code with the rights of the user running OpenOffice.org. The....

Mandrake Linux Security Advisory : XFree86 (MDKSA-2005:081)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is....

Mandrake Linux Security Advisory : squid (MDKSA-2005:078)

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser...

Mandrake Linux Security Advisory : perl (MDKSA-2005:079)

Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already...

Mandrake Linux Security Advisory : xpm (MDKSA-2005:080)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute...

Mandrake Linux Security Advisory : xli (MDKSA-2005:076)

A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CVE-2005-0638). It was also found that insufficient validation of.....

Mandrake Linux Security Advisory : gnome-vfs2 (MDKSA-2005:074)

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the gnome-vfs2 code. The updated...

Mandrake Linux Security Advisory : cvs (MDKSA-2005:073)

A buffer overflow and memory access problem in CVS have been discovered by the CVS maintainer. The updated packages have been patched to correct the...

Mandrake Linux Security Advisory : cdrecord (MDKSA-2005:077)

Javier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), a symbolic link attack could be used to create or overwrite arbitrary files....

Mandrake Linux Security Advisory : libcdaudio1 (MDKSA-2005:075)

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the libcdaudio1 code. The updated...

Mandrake Linux Security Advisory : php (MDKSA-2005:072)

A number of vulnerabilities are addressed in this PHP update : Stefano Di Paolo discovered integer overflows in PHP's pack(), unpack(), and shmop_write() functions which could allow a malicious script to break out of safe mode and execute arbitrary code with privileges of the PHP interpreter...

Mandrake Linux Security Advisory : gaim (MDKSA-2005:071)

More vulnerabilities have been discovered in the gaim instant messaging client : A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash (CVE-2005-0965). A bug was...

Mandrake Linux Security Advisory : MySQL (MDKSA-2005:070)

A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character ('_') to have the ability to grant privileges to other databases with similar names. This problem was previously discovered and fixed, but a new case where the problem...

Mandrake Linux Security Advisory : gdk-pixbuf (MDKSA-2005:069)

A bug was discovered in the way that gdk-pixbuf processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gdk-pixbuf. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : gtk+2.0 (MDKSA-2005:068)

A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : sharutils (MDKSA-2005:067)

Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. Ulf Harnhammar discovered that shar does not check the data length returned by the wc command....

Mandrake Linux Security Advisory : grip (MDKSA-2005:066)

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065)

A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CVE-2005-0397). As well, Andrei Nigmatulin discovered a heap-based...

Mandrake Linux Security Advisory : libexif (MDKSA-2005:064)

A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : htdig (MDKSA-2005:063)

A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2005:062)

A bug was discovered in the way that the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : krb5 (MDKSA-2005:061)

Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitrary code on the victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Kerberos package...

Mandrake Linux Security Advisory : MySQL (MDKSA-2005:060)

A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server : If an authenticated user had INSERT privileges on the 'mysql' database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the user running the...

Mandrake Linux Security Advisory : evolution (MDKSA-2005:059)

It was discovered that certain types of messages could be used to crash the Evolution mail client. Fixes have been applied to correct this...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)

A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication...

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:053)

A number of issues were discovered in Ethereal versions prior to 0.10.10, which is provided by this update. Matevz Pustisek discovered a buffer overflow in the Etheric dissector (CVE-2005-0704); the GPRS-LLC dissector could crash if the 'ignore cipher bit' was enabled (CVE-2005-0705); Diego Giago.....

Mandrake Linux Security Advisory : openslp (MDKSA-2005:055)

An audit by the SUSE Security Team of critical parts of the OpenSLP package revealed various buffer overflow and out of bounds memory access issues. These problems can be triggered by remote attackers by sending malformed SLP packets. The packages have been patched to prevent these...

Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)

The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called 'quick scan' and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated...

Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2005:054)

A buffer overflow was discovered in cyrus-sasl's digestmd5 code. This could lead to a remote attacker executing code in the context of the service using SASL authentication. This vulnerability was fixed upstream in version 2.1.19. The updated packages are patched to deal with this...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2005:052)

Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like kdegraphics, that use embedded versions of xpdf. (CVE-2005-0206) In addition, previous libtiff updates...

Mandrake Linux Security Advisory : gaim (MDKSA-2005:049)

Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parses not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages (CVE-2005-0208 and CVE-2005-0473). As well, insufficient input...

Mandrake Linux Security Advisory : cyrus-imapd (MDKSA-2005:051)

Several overruns have been fixed in the IMAP annote extension as well as in cached header handling which can be run by an authenticated user. As well, additional bounds checking in fetchnews was improved to avoid exploitation by a peer news...

Mandrake Linux Security Advisory : curl (MDKSA-2005:048)

'infamous41md' discovered a buffer overflow vulnerability in libcurl's NTLM authorization base64 decoding. This could allow a remote attacker using a prepared remote server to execute arbitrary code as the user running curl. The updated packages are patched to deal with these...

Mandrake Linux Security Advisory : gftp (MDKSA-2005:050)

A vulnerability in gftp could allow a malicious FTP server to overwrite files on the local system as the user running gftp due to improper handling of filenames containing slashes. The updated packages are patched to deal with these...

Mandrake Linux Security Advisory : uim (MDKSA-2005:046)

Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in 'immodule for Qt' enabled Qt applications. The updated packages are...

Mandrake Linux Security Advisory : squid (MDKSA-2005:047)

The squid developers discovered that a remote attacker could cause squid to crash via certain DNS responses. The updated packages are patched to fix the...

Mandrake Linux Security Advisory : postgresql (MDKSA-2005:040)

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : A flaw in the LOAD command could be abused by a local user to load arbitrary shared libraries and as a result execute arbitrary code with the privileges of the user running the postgresql server (CVE-2005-0227). A...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:045)

A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email. As well, Davide Madrisan...

Mandrake Linux Security Advisory : rwho (MDKSA-2005:039)

A vulnerability in rwhod was discovered by 'Vlad902' that can be abused to crash the listening process (the broadcasting process is not affected). This vulnerability only affects little endian architectures. The updated packages have been patched to correct the...

Mandrake Linux Security Advisory : emacs (MDKSA-2005:038)

Max Vozeler discovered several format string vulnerabilities in the movemail utility in Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The updated packages have been patched to correct the...