Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : mplayer (MDKSA-2004:157)

A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the.....

Mandrake Linux Security Advisory : ethereal (MDKSA-2004:152)

A number of vulnerabilities were discovered in Ethereal : Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash (CVE-2004-1139) An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space...

Mandrake Linux Security Advisory : aspell (MDKSA-2004:153)

A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : php (MDKSA-2004:151)

A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the.....

[Full-Disclosure] Multiple XSS Vulnerabilities in several UBB.Thread Versions

Vendor: Infopop URL: http://www.infopop.com/ tested Versions: 6.2.3 & 6.5 remote: yes vendor notified: 06 Dec 2004 at 01:08 AM Vendor response: 06/07 Dec 2004 01:33 AM/06:08 PM Update status: ..in process ============================================================ Summary: ~~~~~~~ UBBThreads is a....

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)

Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB...

Mandrake Linux Security Advisory : iproute2 (MDKSA-2004:148)

Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this...

Mandrake Linux Security Advisory : postgresql (MDKSA-2004:149)

The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. The updated packages have been patched to prevent this...

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)

A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. The updated packages have been patched to prevent this...

Mandrake Linux Security Advisory : nfs-utils (MDKSA-2004:146)

SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the 'SIGPIPE' signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. The updated packages have been patched to...

Mandrake Linux Security Advisory : openssl (MDKSA-2004:147)

The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack. The updated packages have been patched to prevent this...

Mandrake Linux Security Advisory : gzip (MDKSA-2004:142)

The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. A similar problem was fixed last year (CVE-2003-0367) in which this same.....

Mandrake Linux Security Advisory : rp-pppoe (MDKSA-2004:145)

Max Vozeler discovered that when pppoe, part of the rp-pppoe package, is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid, nor is it meant to be run setuid. Regardless, the packages have been patched to prevent this...

Mandrake Linux Security Advisory : lvm (MDKSA-2004:144)

The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script. The updated packages...

Mandrake Linux Security Advisory : zip (MDKSA-2004:141)

A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an archive containing a specially crafted path name. By doing so, arbitrary code could be executed...

Mandrake Linux Security Advisory : a2ps (MDKSA-2004:140)

The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. The updated packages have been patched to prevent this...

Mandrake Linux Security Advisory : cyrus-imapd (MDKSA-2004:139)

A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, a buffer overflow could be exploited to execute arbitrary attacker-supplied code. Another exploitable buffer overflow...

Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:137-1)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

Mandrake Linux Security Advisory : samba (MDKSA-2004:136)

Steffan Esser discovered that invalid bounds checking in reply to certain trans2 requests could result in a buffer overrun in smbd. This can only be exploited by a malicious user able to create files with very specific Unicode filenames on a samba share. The updated packages have been patched to...

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)

A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. This vulnerability is due to improper enforcement of the field length...

Mandrake Linux Security Advisory : sudo (MDKSA-2004:133)

Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the...

Mandrake Linux Security Advisory : apache (MDKSA-2004:134)

A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated.....

Mandrake Linux Security Advisory : gd (MDKSA-2004:132)

Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow....

Mandrake Linux Security Advisory : speedtouch (MDKSA-2004:130)

The Speedtouch USB driver contains a number of format string vulnerabilities due to improperly made syslog() system calls. These vulnerabilities can be abused by a local user to potentially allow the execution of arbitrary code with elevated privileges. The updated packages have been patched to...

Mandrake Linux Security Advisory : samba (MDKSA-2004:131)

Karol Wiesek discovered a bug in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts of CPU cycles which would impact the performance and response of the server. In some cases it...

Mandrake Linux Security Advisory : ez-ipupdate (MDKSA-2004:129)

Ulf Harnhammar discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. The updated packages are patched to protect against this...

Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)

Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CVE-2004-0755). The ruby developers have corrected a problem in the ruby CGI.....

Mandrake Linux Security Advisory : iptables (MDKSA-2004:125)

Faheem Mitha discovered that the iptables tool would not always load the required modules on its own as it should have, which could in turn lead to firewall rules not being loaded on system startup in some cases. The updated packages are patched to prevent this...

Mandrake Linux Security Advisory : shadow-utils (MDKSA-2004:126)

A vulnerability in the shadow suite was discovered by Martin Schulze that can be exploited by local users to bypass certain security restrictions due to an input validation error in the passwd_check() function. This function is used by the chfn and chsh tools. The updated packages have been...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2004:124)

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 : Stack overflows (CVE-2004-0687) : Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in...

Mandrake Linux Security Advisory : libxml/libxml2 (MDKSA-2004:127)

Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitrary code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly...

Mandrake Linux Security Advisory : mod_ssl/apache2-mod_ssl (MDKSA-2004:122)

A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this...

Mandrake Linux Security Advisory : netatalk (MDKSA-2004:121)

The etc2ps.sh script, part of the netatalk package, creates files in /tmp with predicatable names which could allow a local attacker to use symbolic links to point to a valid file on the filesystem which could lead to the overwriting of arbitrary files if etc2ps.sh is executed by someone with...

Mandrake Linux Security Advisory : gaim (MDKSA-2004:117)

A vulnerability in the MSN protocol handler in the gaim instant messenger application was discovered. When receiving unexpected sequences of MSNSLP messages, it is possible that an attacker could trigger an internal buffer overflow which could lead to a crash or even code execution as the user...

Mandrake Linux Security Advisory : perl-Archive-Zip (MDKSA-2004:118)

Recently, it was noticed that several antivirus programs miss viruses that are contained in ZIP archives with manipulated directory data. The global archive directory of these ZIP file have been manipulated to indicate zero file sizes. Archive::Zip produces files of zero length when decompressing.....

Mandrake Linux Security Advisory : MySQL (MDKSA-2004:119)

A number of problems have been discovered in the MySQL database server : Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method (CVE-2004-0457). Oleksandr Byelkin discovered that the 'ALTER TABLE ... RENAME' would check the...

Mandrake Linux Security Advisory : perl-MIME-tools (MDKSA-2004:123)

There's a bug in MIME-tools, where it mis-parses things like boundary=''. Some viruses use an empty boundary, which may allow unapproved parts through MIMEDefang. The updated packages are patched to fix this problem. As well, the Updated perl-MIME-tools requires MIME::Base64 version 3.03. Since...

Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:120)

Carlos Barros discovered two buffer overflow vulnerabilities in mpg123; the first in the getauthfromURL() function and the second in the http_open() function. These vulnerabilities could be exploited to possibly execute arbitrary code with the privileges of the user running mpg123. The provided...

Mandrake Linux Security Advisory : cups (MDKSA-2004:116)

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2004:115)

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like kpdf which have embedded versions of xpdf. These can result in writing an...

Mandrake Linux Security Advisory : gpdf (MDKSA-2004:114)

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like gpdf which have embedded versions of xpdf. These can result in writing an...

Mandrake Linux Security Advisory : gaim (MDKSA-2004:110)

More vulnerabilities have been discovered in the gaim instant messenger client. The vulnerabilities pertinent to version 0.75, which is the version shipped with Mandrakelinux 10.0, are: installing smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in.....

Mandrake Linux Security Advisory : xpdf (MDKSA-2004:113)

Chris Evans discovered numerous vulnerabilities in the xpdf package : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably...

Mandrake Linux Security Advisory : squid (MDKSA-2004:112)

iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap...

Mandrake Linux Security Advisory : cvs (MDKSA-2004:108)

iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS...

Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)

A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 : 'Send page' heap overrun JavaScript clipboard access buffer overflow when displaying VCard BMP integer overflow javascript: link dragging ...

Mandrake Linux Security Advisory : libtiff (MDKSA-2004:109)

Several vulnerabilities have been discovered in the libtiff package : Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CVE-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow....

Mandrake Linux Security Advisory : xine-lib (MDKSA-2004:105)

A number of string overflows were discovered in the xine-lib program, some of which can be used for remote buffer overflow exploits that lead to the execution of arbitrary code with the permissions of the user running a xine-lib-based media application. xine-lib versions 1-rc2 through, and...

Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2004:106)

A vulnerability was discovered in the libsasl library of cyrus-sasl. libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious 'library' that would get executed with the effective ID of SASL when anything calls libsasl. The provided packages...