Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : samba (MDKSA-2004:104)

Karol Wiesek discovered a bug in the input validation routines used to convert DOS path names to path names on the Samba host's file system. This bug can be exploited to gain access to files outside of the share's path as defined in the smb.conf configuration file. This vulnerability exists in all....

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:103)

A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. The way that OpenOffice.org created temporary files, which used the user's umask to create the file, could potentially allow for other users to have...

Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:100)

A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 (CVE-2004-0805). As well, an older vulnerability in...

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:102)

Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or video file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious...

Mandrake Linux Security Advisory : webmin (MDKSA-2004:101)

A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside. The updated packages are patched to....

Mandrake Linux Security Advisory : kernel (MDKSA-2001:079-2)

Alexander Viro discovered a vulnerability in the devfs implementation that is shipped with Mandrake Linux 8.1. We are aware of the problem and are currently working on a solution. As a workaround, until an update becomes available, please boot with the devfs=nomount option. Rafal Wojtczuk found a.....

Mandrake Linux Security Advisory : openssh (MDKSA-2001:033-2)

There are several weaknesses in various implementations of the SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including.....

Mandrake Linux Security Advisory : apache (MDKSA-2002:039-2)

[ Please note that this advisory supersedes the previous MDKSA-2002:039 and MDKSA-2002:039-1 advisories. ] MandrakeSoft is urging all users of Mandrake Linux to update their Apache installations immediately. What was previously thought to have been a DoS-only condition has now been proven to be...

Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:098)

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived) : Stack overflows (CVE-2004-0687) : Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow....

Mandrake Linux Security Advisory : gdk-pixbuf/gtk+2 (MDKSA-2004:095-1)

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CVE-2004-0753). Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CVE-2004-0782 and CVE-2004-0783). Chris Evans also...

Mandrake Linux Security Advisory : squid (MDKSA-2004:093)

A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this...

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)

Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests. Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly...

Mandrake Linux Security Advisory : cups (MDKSA-2004:097)

Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:099)

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 : Stack overflows (CVE-2004-0687) : Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in...

Mandrake Linux Security Advisory : printer-drivers (MDKSA-2004:094)

The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of...

Mandrake Linux Security Advisory : samba (MDKSA-2004:092)

Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd's ASN.1 parsing that allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. As a result, it is possible to use up....

Mandrake Linux Security Advisory : imlib2 (MDKSA-2004:089)

Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this...

Mandrake Linux Security Advisory : cdrecord (MDKSA-2004:091)

Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. The updated packages are patched to fix the...

Mandrake Linux Security Advisory : zlib (MDKSA-2004:090)

Due to a Debian bug report, a Denial of Service vulnerability was discovered in the zlib compression library versions 1.2.x, in the inflate() and inflateBack() functions. Older versions of zlib are not affected. Once the updated packages have been installed, all programs linked against zlib must...

Mandrake Linux Security Advisory : krb5 (MDKSA-2004:088)

A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:087)

A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit...

Mandrake Linux Security Advisory : gaim (MDKSA-2004:081)

Sebastian Krahmer discovered two remotely exploitable buffer overflow vulnerabilities in the gaim instant messenger. The updated packages are patched to correct the...

Mandrake Linux Security Advisory : libpng (MDKSA-2004:079)

Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL pointer crash in png_handle_iCCP (which is also duplicated in multiple...

Mandrake Linux Security Advisory : shorewall (MDKSA-2004:080)

The shorewall package has a vulnerability when creating temporary files and directories, which could allow non-root users to overwrite arbitrary files on the system. The updated packages are patched to fix the problem. As well, for Mandrakelinux 10.0, the updated packages have been fixed to start.....

Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)

A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly...

Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)

A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth...

Mandrake Linux Security Advisory : qt3 (MDKSA-2004:085)

Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and.....

Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)

An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while.....

Mandrake Linux Security Advisory : spamassassin (MDKSA-2004:084)

Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to...

Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)

Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a....

Mandrake Linux Security Advisory : ethereal (MDKSA-2003:051)

A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a remote attacker to use specially crafted SOCKS packets to cause a denial of service (DoS) and possibly execute arbitrary code. A similar vulnerability also exists in the NTLMSSP code in Ethereal 0.9.9 and earlier, due to a.....

Mandrake Linux Security Advisory : samba (MDKSA-2003:032)

The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a.....

Mandrake Linux Security Advisory : gtkhtml (MDKSA-2003:046)

A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this...

Mandrake Linux Security Advisory : perl-MailTools (MDKSA-2002:076)

A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in...

Mandrake Linux Security Advisory : openldap (MDKSA-2003:006)

A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally...

Mandrake Linux Security Advisory : kde (MDKSA-2003:004-1)

Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this...

Mandrake Linux Security Advisory : shadow-utils (MDKSA-2003:026)

The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user's primary group. If this is a...

Mandrake Linux Security Advisory : teetx (MDKSA-2002:070)

A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071)

A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed.....

Mandrake Linux Security Advisory : apache (MDKSA-2002:068)

A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically 'apache') is able to send arbitrary processes a USR1 signal as root....

Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:020)

Ed Moyle discovered a buffer overflow in mod_ssl's session caching mechanisms that use shared memory and dbm. This could potentially be triggered by sending a very long client certificate to the...

Mandrake Linux Security Advisory : openssh (MDKSA-2002:019)

Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client. OpenSSH 3.1 is not vulnerable to this...

Mandrake Linux Security Advisory : nss_ldap (MDKSA-2002:075)

A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the 'host' keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal...

Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)

Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:047)

A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the....

Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)

A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner. A new option to xfsdq was added when.....

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes : Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak...

Mandrake Linux Security Advisory : unzip (MDKSA-2003:073-1)

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two '.' characters. These invalid characters are filtered which results in a '..' sequence. The patch applied to these...

Mandrake Linux Security Advisory : BitchX (MDKSA-2003:069)

A Denial Of Service (DoS) vulnerability was discovered in BitchX that would allow a remote attacker to crash BitchX by changing certain channel modes. This vulnerability has been fixed in CVS and patched in the released...

Mandrake Linux Security Advisory : ethereal (MDKSA-2003:067)

Several vulnerabilities in ethereal were discovered by Timo Sirainen. Integer overflows were found in the Mount and PPP dissectors, as well as one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors. These vulnerabilities were...