Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : samba (MDKSA-2004:104)

Karol Wiesek discovered a bug in the input validation routines used to convert DOS path names to path names on the Samba host's file system. This bug can be exploited to gain access to files outside of the share's path as defined in the smb.conf configuration file. This vulnerability exists in all....

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:103)

A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. The way that OpenOffice.org created temporary files, which used the user's umask to create the file, could potentially allow for other users to have...

Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:100)

A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 (CVE-2004-0805). As well, an older vulnerability in...

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:102)

Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or video file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious...

Mandrake Linux Security Advisory : webmin (MDKSA-2004:101)

A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside. The updated packages are patched to....

Mandrake Linux Security Advisory : kernel (MDKSA-2001:079-2)

Alexander Viro discovered a vulnerability in the devfs implementation that is shipped with Mandrake Linux 8.1. We are aware of the problem and are currently working on a solution. As a workaround, until an update becomes available, please boot with the devfs=nomount option. Rafal Wojtczuk found a.....

Mandrake Linux Security Advisory : openssh (MDKSA-2001:033-2)

There are several weaknesses in various implementations of the SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including.....

Mandrake Linux Security Advisory : apache (MDKSA-2002:039-2)

[ Please note that this advisory supersedes the previous MDKSA-2002:039 and MDKSA-2002:039-1 advisories. ] MandrakeSoft is urging all users of Mandrake Linux to update their Apache installations immediately. What was previously thought to have been a DoS-only condition has now been proven to be...

Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:098)

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived) : Stack overflows (CVE-2004-0687) : Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow....

Mandrake Linux Security Advisory : gdk-pixbuf/gtk+2 (MDKSA-2004:095-1)

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CVE-2004-0753). Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CVE-2004-0782 and CVE-2004-0783). Chris Evans also...

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)

Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests. Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly...

Mandrake Linux Security Advisory : squid (MDKSA-2004:093)

A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this...

Mandrake Linux Security Advisory : cups (MDKSA-2004:097)

Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:099)

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 : Stack overflows (CVE-2004-0687) : Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in...

Mandrake Linux Security Advisory : printer-drivers (MDKSA-2004:094)

The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of...

Mandrake Linux Security Advisory : samba (MDKSA-2004:092)

Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd's ASN.1 parsing that allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. As a result, it is possible to use up....

Mandrake Linux Security Advisory : imlib2 (MDKSA-2004:089)

Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this...

Mandrake Linux Security Advisory : cdrecord (MDKSA-2004:091)

Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. The updated packages are patched to fix the...

Mandrake Linux Security Advisory : zlib (MDKSA-2004:090)

Due to a Debian bug report, a Denial of Service vulnerability was discovered in the zlib compression library versions 1.2.x, in the inflate() and inflateBack() functions. Older versions of zlib are not affected. Once the updated packages have been installed, all programs linked against zlib must...

Mandrake Linux Security Advisory : krb5 (MDKSA-2004:088)

A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:087)

A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit...

Mandrake Linux Security Advisory : gaim (MDKSA-2004:081)

Sebastian Krahmer discovered two remotely exploitable buffer overflow vulnerabilities in the gaim instant messenger. The updated packages are patched to correct the...

Mandrake Linux Security Advisory : libpng (MDKSA-2004:079)

Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL pointer crash in png_handle_iCCP (which is also duplicated in multiple...

Mandrake Linux Security Advisory : shorewall (MDKSA-2004:080)

The shorewall package has a vulnerability when creating temporary files and directories, which could allow non-root users to overwrite arbitrary files on the system. The updated packages are patched to fix the problem. As well, for Mandrakelinux 10.0, the updated packages have been fixed to start.....

Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)

A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly...

Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)

A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth...

Mandrake Linux Security Advisory : qt3 (MDKSA-2004:085)

Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and.....

Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)

An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while.....

Mandrake Linux Security Advisory : spamassassin (MDKSA-2004:084)

Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to...

Mandrake Linux Security Advisory : kolab-server (MDKSA-2004:052)

Luca Villani reported the disclosure of critical configuration information within Kolab, the KDE Groupware server. The affected versions store OpenLDAP passwords in plain text. The heart of Kolab is an engine written in Perl that rewrites configuration for certain applications based on templates......

Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)

Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a....

Mandrake Linux Security Advisory : ethereal (MDKSA-2003:051)

A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a remote attacker to use specially crafted SOCKS packets to cause a denial of service (DoS) and possibly execute arbitrary code. A similar vulnerability also exists in the NTLMSSP code in Ethereal 0.9.9 and earlier, due to a.....

Mandrake Linux Security Advisory : samba (MDKSA-2003:032)

The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a.....

Mandrake Linux Security Advisory : gtkhtml (MDKSA-2003:046)

A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this...

Mandrake Linux Security Advisory : MySQL (MDKSA-2003:057)

In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the 'SELECT * INTO OUTFILE' operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in...

Mandrake Linux Security Advisory : metamail (MDKSA-2004:014)

Two format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these...

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:043)

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The updated packages provide a patched mod_ssl to correct these...

Mandrake Linux Security Advisory : python (MDKSA-2004:019)

A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt. If python 2.2 is built without IPv6 support, an attacker could configure their name server to let a hostname resolve to a special IPv6 address, which could contain a memory address where shellcode is...

Mandrake Linux Security Advisory : mc (MDKSA-2004:039)

Several vulnerabilities in Midnight Commander were found by Jacub Jelinek. This includes several buffer overflows (CVE-2004-0226), as well as a format string issue (CVE-2004-0232), and an issue with temporary file and directory creation (CVE-2004-0231). Most of the included fixes are backports...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:050)

Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel (CVE-2004-0228). As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes...

Mandrake Linux Security Advisory : utempter (MDKSA-2004:031-1)

Steve Grubb discovered two potential issues in the utempter program : 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another...

Mandrake Linux Security Advisory : gaim (MDKSA-2004:006-1)

A number of vulnerabilities were discovered in the gaim instant messenger program by Steffan Esser, versions 0.75 and earlier. Thanks to Jacques A. Vidrine for providing initial patches. Multiple buffer overflows exist in gaim 0.75 and earlier: When parsing cookies in a Yahoo web connection; YMSG.....

Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)

Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:047)

A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the....

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)

A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch...

Mandrake Linux Security Advisory : perl-CGI (MDKSA-2003:084)

Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the...

Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092)

A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform;.....

Mandrake Linux Security Advisory : sendmail (MDKSA-2003:086)

A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are....

Mandrake Linux Security Advisory : glibc (MDKSA-2003:107)

A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems....

Mandrake Linux Security Advisory : MySQL (MDKSA-2003:094)

A buffer overflow was discovered in MySQL that could be executed by any user with 'ALTER TABLE' privileges on the 'mysql' database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The 'mysql' database is used....