Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:075)

Ralf S. Engelschall found a remaining risky call to ssl_log while reviewing code for another issue reported by Virulent. The updated packages are patched to correct the...

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in...

Mandrake Linux Security Advisory : uucp (MDKSA-2001:078)

Zen Parse discovered that an argument handling problem that exists in the uucp package can allow a local attacker to gain access to the uucp user or...

Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)

In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and...

Mandrake Linux Security Advisory : zlib (MDKSA-2003:033)

Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary...

Mandrake Linux Security Advisory : kernel (MDKSA-2003:038-1)

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this...

Mandrake Linux Security Advisory : evolution (MDKSA-2003:045)

Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving...

Mandrake Linux Security Advisory : sendmail (MDKSA-2003:042-1)

Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:079)

Vulnerabilities were discovered in the KIO subsystem support for various network protocols. The implementation of the rlogin protocol affects all KDE versions from 2.1 up to 3.0.4, while the flawed implementation of the telnet protocol only affects KDE 2.x. They allow a carefully crafted URL in an....

Mandrake Linux Security Advisory : sendmail (MDKSA-2003:028)

A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2003:011)

A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of...

Mandrake Linux Security Advisory : vim (MDKSA-2003:012)

A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update...

Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)

A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that...

Mandrake Linux Security Advisory : php (MDKSA-2003:019)

A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system...

Mandrake Linux Security Advisory : lynx (MDKSA-2003:023)

A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be...

Mandrake Linux Security Advisory : apache (MDKSA-2003:103)

A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess....

Mandrake Linux Security Advisory : openssl (MDKSA-2003:098)

Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the...

Mandrake Linux Security Advisory : sane (MDKSA-2003:099)

Several vulnerabilities were discovered in the saned daemon, a part of the sane package, which allows for a scanner to be used remotely. The IP address of the remote host is only checked after the first communication occurs, which causes the saned.conf restrictions to be ignored for the first...

Mandrake Linux Security Advisory : cups (MDKSA-2003:104)

A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be...

Mandrake Linux Security Advisory : cvs (MDKSA-2004:048)

Stefan Esser discovered that malformed 'Entry' lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory in a way that can be remotely exploited. The updated packages contain a patch to correct the...

Mandrake Linux Security Advisory : cvs (MDKSA-2004:058)

Another vulnerability was discovered related to 'Entry' lines in cvs, by the development team (CVE-2004-0414). As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including : A double-free condition in the server code is.....

Mandrake Linux Security Advisory : rsync (MDKSA-2004:042)

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this...

Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:054)

A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The...

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:055)

A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to...

Mandrake Linux Security Advisory : apache (MDKSA-2004:065)

A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache). This can only be exploited, however, if mod_proxy is actually in...

Mandrake Linux Security Advisory : samba (MDKSA-2003:044)

An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of.....

Mandrake Linux Security Advisory : ghostscript (MDKSA-2003:065)

A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is...

Mandrake Linux Security Advisory : phpgroupware (MDKSA-2003:077)

Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is...

Mandrake Linux Security Advisory : libuser (MDKSA-2004:044)

Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. The updated packages provide a patched libuser to correct these...

Mandrake Linux Security Advisory : ethereal (MDKSA-2004:067)

Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace....

Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CVE-2004-0003). A local root vulnerability was discovered in the isofs component of the...

Mandrake Linux Security Advisory : jabber (MDKSA-2004:005)

A vulnerability was found in the jabber program where a bug in the handling of SSL connections could cause the server process to crash, resulting in a DoS (Denial of Service). The updated packages are patched to correct the...

Mandrake Linux Security Advisory : postgresql (MDKSA-2002:062-1)

Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone......

Mandrake Linux Security Advisory : php (MDKSA-2003:082-1)

A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the...

Mandrake Linux Security Advisory : postgresql (MDKSA-2003:102)

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions....

Mandrake Linux Security Advisory : kernel (MDKSA-2003:110)

A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable; an exploit is in the wild at this time. The Mandrake Linux 9.2...

Mandrake Linux Security Advisory : rsync (MDKSA-2003:111)

A vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel do_brk() vulnerability to compromise a public rsync server. This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code....

Mandrake Linux Security Advisory : ethereal (MDKSA-2004:002)

Two vulnerabilities were discovered in versions of Ethereal prior to 0.10.0 that can be exploited to make Ethereal crash by injecting malformed packets onto the wire or by convincing a user to read a malformed packet trace file. The first vulnerability is in the SMB dissector and the second is in.....

Mandrake Linux Security Advisory : mutt (MDKSA-2004:010)

A bug in mutt was reported by Neils Heinen that could allow a remote attacker to send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the user running mutt. The updated packages have been patched to correct the...

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:069)

A vulnerability in racoon prior to version 20040408a would allow a remote attacker to cause a DoS (memory consumption) via an ISAKMP packet with a large length field. Another vulnerability in racoon was discovered where, when using RSA signatures, racoon would validate the X.509 certificate but...

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:027)

A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to...

Mandrake Linux Security Advisory : cvs (MDKSA-2004:028)

Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content.....

Mandrake Linux Security Advisory : tcpdump (MDKSA-2004:030)

A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump. These vulnerabilities include : Remote attackers can cause a denial of service (crash) via ISAKMP packets containing a Delete payload with.....

Mandrake Linux Security Advisory : kernel (MDKSA-2004:037)

A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CVE-2004-0229) A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code...

Mandrake Linux Security Advisory : webmin (MDKSA-2002:033)

A vulnerability exists in all versions of Webmin prior to 0.970 that allows a remote attacker to login to Webmin as any user. All users of Webmin are encouraged to upgrade immediately. Users of Mandrake Linux 8.0 and earlier will need to install some additional perl modules for this new version of....

Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)

A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for...

Mandrake Linux Security Advisory : passwd (MDKSA-2001:091)

The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5...

Mandrake Linux Security Advisory : ispell (MDKSA-2001:058)

The ispell program uses mktemp() to open temporary files. This makes it vulnerable to symlink attacks. The program now has a patch from OpenBSD applied that uses mkstemp() instead, and switches gets() to fgets() for dealing with user...

Mandrake Linux Security Advisory : xinetd (MDKSA-2001:055-1)

A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do...

Mandrake Linux Security Advisory : krb5 (MDKSA-2003:043-1)

Multiple vulnerabilities have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilities, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to.....