Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : kernel (MDKSA-2002:041)

A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only....

Mandrake Linux Security Advisory : imlib (MDKSA-2002:029)

Previous versions of imlib, prior to 1.9.13, would fall back to the NetPBM library which is not suitable for loading untrusted images due to various problem in it's code. The new imlib also fixes some problems with arguments passed to malloc(). These problems could allow attackers to construct...

Mandrake Linux Security Advisory : libsafe (MDKSA-2002:026)

Wojciech Purczynski discovered that format string protection in libsafe can be easily bypassed by using flag characters that are implemented in glibc but are not implemented in libsafe. It was also discovered that *printf function wrappers incorrectly parse argument indexing in format strings,...

Mandrake Linux Security Advisory : LPRng (MDKSA-2002:042)

Matthew Caron pointed out that using the LPRng default configuration, the lpd daemon will accept job submissions from any remote host. These updated LPRng packages modify the job submission policy in /etc/lpd.perms to refuse print jobs from remote hosts by...

Mandrake Linux Security Advisory : xchat (MDKSA-2002:051)

In versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that...

Mandrake Linux Security Advisory : gaim (MDKSA-2002:054-1)

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the 'manual' browser command passes an untrusted string to the shell without reliable quoting or escaping......

Mandrake Linux Security Advisory : glibc (MDKSA-2002:061)

A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability...

Mandrake Linux Security Advisory : pine (MDKSA-2001:047-1)

Versions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right....

Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)

A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like...

Mandrake Linux Security Advisory : squid (MDKSA-2001:088)

Vladimir Ivaschenko found a problem in the squid proxy server. Certain FTP requests could cause the squid daemon to abort, making it unavailable for a few seconds. If enough of these requests are sent in a short period of time, the squid daemon will not restart...

Mandrake Linux Security Advisory : openssh (MDKSA-2001:092)

The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support...

Mandrake Linux Security Advisory : openldap (MDKSA-2001:069)

CERT released an advisory that details a number of vulnerabilities as found in a variety of different LDAP implementations. The results of these tests showed one vulnerability in OpenLDAP with slapd not handling packets with certain invalid fields. A malicious attacker could craft such invalid...

Mandrake Linux Security Advisory : webmin (MDKSA-2001:059)

Recently, Caldera found that when webmin starts a system daemon from the web frontend it does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon would also get these...

Mandrake Linux Security Advisory : samba (MDKSA-2001:040-1)

A vulnerability found by Marcus Meissner exists in Samba where it was not creating temporary files safely which could allow local users to overwrite files that they may not have access to. This happens when a remote user queried a printer queue and samba would create a temporary file in which the.....

Mandrake Linux Security Advisory : kdelibs (MDKSA-2001:046-3)

A problem exists with the kdesu component of kdelibs. It created a world-readable temporary file to exchange authentication information and delete it shortly after. This can be abused by a local user to gain access to the X server and could result in a compromise of the account that kdesu would...

Mandrake Linux Security Advisory : vixie-cron (MDKSA-2001:050)

A recent security fix to cron introduced a new problem with giving up privileges before invoking the editor. A malicious local user could exploit this to gain root...

Mandrake Linux Security Advisory : openssh (MDKSA-2002:040-1)

An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9....

Mandrake Linux Security Advisory : dhcpcd (MDKSA-2003:003)

A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables.....

Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)

A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable...

Mandrake Linux Security Advisory : netpbm (MDKSA-2004:011-1)

A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. Update : The patch applied made some calls to the mktemp utility with an...

Mandrake Linux Security Advisory : cups (MDKSA-2002:015)

There is a potential buffer overflow vulnerability in CUPS when reading the names of attributes. This bug affects all versions of CUPS and is fixed upstream in version...

Mandrake Linux Security Advisory : krb5 (MDKSA-2002:057)

The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to...

Mandrake Linux Security Advisory : postfix (MDKSA-2003:081)

Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP.....

Mandrake Linux Security Advisory : dhcp (MDKSA-2002:037)

Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely. By default, these versions of DHCP are compiled with the dns update feature enabled, which allows DHCP to...

Mandrake Linux Security Advisory : printer-drivers (MDKSA-2003:010)

Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of....

Mandrake Linux Security Advisory : rpmdrake (MDKSA-2001:043)

A temporary file vulnerability exists in rpmdrake. This updated rpmdrake corrects the...

Mandrake Linux Security Advisory : proftpd (MDKSA-2002:005)

Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD...

Mandrake Linux Security Advisory : mailman (MDKSA-2004:013)

A cross-site scripting vulnerability was discovered in mailman's administration interface (CVE-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CVE-2003-0991). This affects version 2.0 earler than 2.0.14. Another...

Mandrake Linux Security Advisory : lftp (MDKSA-2003:116)

A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the 'ls' or 'rels' command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream....

Mandrake Linux Security Advisory : mozilla (MDKSA-2004:021)

A number of vulnerabilities were discovered in Mozilla 1.4 : A malicious website could gain access to a user's authentication credentials to a proxy server. Script.prototype.freeze/thaw could allow an attacker to run arbitrary code on your computer. A vulnerability was also discovered in the NSS...

Mandrake Linux Security Advisory : tar (MDKSA-2002:066)

A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a '..' (dot dot) in an extracted...

Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)

A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside.....

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:118)

A vulnerability was discovered in the XDM display manager that ships with XFree86. XDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, XDM may grant local root access to any user with valid login credentials. It...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:089)

Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2002:063)

Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done...

Mandrake Linux Security Advisory : mailman (MDKSA-2004:051)

Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the...

Mandrake Linux Security Advisory : gnupg (MDKSA-2001:045)

GnuPG version 1.0.5 has been released that fixes a few security problems, including a vulnerability that makes it easier for an attacker to recover your private key if they are able to steal your...

Mandrake Linux Security Advisory : ksymoops (MDKSA-2004:060)

Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. The....

Mandrake Linux Security Advisory : php (MDKSA-2004:068)

Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of.....

Mandrake Linux Security Advisory : samba (MDKSA-2004:071)

A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial...

Mandrake Linux Security Advisory : wv (MDKSA-2004:077)

iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. The updated packages are patched to protect against this...

Mandrake Linux Security Advisory : gzip (MDKSA-2002:011)

There are two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server. The patch applied is from the gzip developers and the problems....

Mandrake Linux Security Advisory : php (MDKSA-2002:059)

A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these...

Mandrake Linux Security Advisory : groff (MDKSA-2002:012)

zen-parse discovered an exploitable buffer overflow in groff's preprocessor. If groff is invoked using the LPRng printing system, an attacker can gain rights as the 'lp' user. Likewise, this may be remotely exploitable if lpd is running and remotely accessible and the attacker knows the name of...

Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)

The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:012)

Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing of the font.alias file. The X server, which runs as root, fails to check the length of user-provided input; as a result a malicious user could craft a malformed font.alias file causing a buffer overflow upon parsing,...

Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1)

Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service.....

Mandrake Linux Security Advisory : php (MDKSA-2002:017)

Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this.....

Mandrake Linux Security Advisory : mplayer (MDKSA-2004:026)

A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ('Location:'), and trick MPlayer into executing arbitrary code upon parsing that header. The updated packages contain a patch from the MPlayer development team to correct the....

Mandrake Linux Security Advisory : mpg123 (MDKSA-2003:078)

A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame...