Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : openssh (MDKSA-2001:092)

The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support...

Mandrake Linux Security Advisory : openldap (MDKSA-2001:069)

CERT released an advisory that details a number of vulnerabilities as found in a variety of different LDAP implementations. The results of these tests showed one vulnerability in OpenLDAP with slapd not handling packets with certain invalid fields. A malicious attacker could craft such invalid...

Mandrake Linux Security Advisory : passwd (MDKSA-2001:091)

The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5...

Mandrake Linux Security Advisory : ispell (MDKSA-2001:058)

The ispell program uses mktemp() to open temporary files. This makes it vulnerable to symlink attacks. The program now has a patch from OpenBSD applied that uses mkstemp() instead, and switches gets() to fgets() for dealing with user...

Mandrake Linux Security Advisory : xinetd (MDKSA-2001:055-1)

A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do...

Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)

A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for...

Mandrake Linux Security Advisory : LPRng (MDKSA-2002:042)

Matthew Caron pointed out that using the LPRng default configuration, the lpd daemon will accept job submissions from any remote host. These updated LPRng packages modify the job submission policy in /etc/lpd.perms to refuse print jobs from remote hosts by...

Mandrake Linux Security Advisory : xchat (MDKSA-2002:051)

In versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that...

Mandrake Linux Security Advisory : gaim (MDKSA-2002:054-1)

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the 'manual' browser command passes an untrusted string to the shell without reliable quoting or escaping......

Mandrake Linux Security Advisory : glibc (MDKSA-2002:061)

A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability...

Mandrake Linux Security Advisory : openssh (MDKSA-2002:040-1)

An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9....

Mandrake Linux Security Advisory : dhcpcd (MDKSA-2003:003)

A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables.....

Mandrake Linux Security Advisory : tar (MDKSA-2002:066)

A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a '..' (dot dot) in an extracted...

Mandrake Linux Security Advisory : rpmdrake (MDKSA-2001:043)

A temporary file vulnerability exists in rpmdrake. This updated rpmdrake corrects the...

Mandrake Linux Security Advisory : dhcp (MDKSA-2002:037)

Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely. By default, these versions of DHCP are compiled with the dns update feature enabled, which allows DHCP to...

Mandrake Linux Security Advisory : printer-drivers (MDKSA-2003:010)

Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of....

Mandrake Linux Security Advisory : postfix (MDKSA-2003:081)

Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP.....

Mandrake Linux Security Advisory : cups (MDKSA-2002:015)

There is a potential buffer overflow vulnerability in CUPS when reading the names of attributes. This bug affects all versions of CUPS and is fixed upstream in version...

Mandrake Linux Security Advisory : netpbm (MDKSA-2004:011-1)

A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. Update : The patch applied made some calls to the mktemp utility with an...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:118)

A vulnerability was discovered in the XDM display manager that ships with XFree86. XDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, XDM may grant local root access to any user with valid login credentials. It...

Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)

A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside.....

Mandrake Linux Security Advisory : mailman (MDKSA-2004:013)

A cross-site scripting vulnerability was discovered in mailman's administration interface (CVE-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CVE-2003-0991). This affects version 2.0 earler than 2.0.14. Another...

Mandrake Linux Security Advisory : mozilla (MDKSA-2004:021)

A number of vulnerabilities were discovered in Mozilla 1.4 : A malicious website could gain access to a user's authentication credentials to a proxy server. Script.prototype.freeze/thaw could allow an attacker to run arbitrary code on your computer. A vulnerability was also discovered in the NSS...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2002:063)

Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:089)

Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and...

Mandrake Linux Security Advisory : mailman (MDKSA-2004:051)

Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the...

Mandrake Linux Security Advisory : krb5 (MDKSA-2003:043-1)

Multiple vulnerabilities have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilities, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to.....

Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)

A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable...

Mandrake Linux Security Advisory : proftpd (MDKSA-2002:005)

Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD...

Mandrake Linux Security Advisory : lftp (MDKSA-2003:116)

A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the 'ls' or 'rels' command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream....

Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)

A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that...

Mandrake Linux Security Advisory : kernel (MDKSA-2003:038-1)

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this...

Mandrake Linux Security Advisory : krb5 (MDKSA-2002:057)

The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to...

Mandrake Linux Security Advisory : webmin (MDKSA-2001:059)

Recently, Caldera found that when webmin starts a system daemon from the web frontend it does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon would also get these...

Mandrake Linux Security Advisory : ethereal (MDKSA-2004:067)

Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace....

Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CVE-2004-0003). A local root vulnerability was discovered in the isofs component of the...

Mandrake Linux Security Advisory : gnupg (MDKSA-2001:045)

GnuPG version 1.0.5 has been released that fixes a few security problems, including a vulnerability that makes it easier for an attacker to recover your private key if they are able to steal your...

Mandrake Linux Security Advisory : ksymoops (MDKSA-2004:060)

Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. The....

Mandrake Linux Security Advisory : samba (MDKSA-2004:071)

A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial...

Mandrake Linux Security Advisory : wv (MDKSA-2004:077)

iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. The updated packages are patched to protect against this...

Mandrake Linux Security Advisory : gzip (MDKSA-2002:011)

There are two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server. The patch applied is from the gzip developers and the problems....

Mandrake Linux Security Advisory : php (MDKSA-2002:059)

A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these...

Mandrake Linux Security Advisory : groff (MDKSA-2002:012)

zen-parse discovered an exploitable buffer overflow in groff's preprocessor. If groff is invoked using the LPRng printing system, an attacker can gain rights as the 'lp' user. Likewise, this may be remotely exploitable if lpd is running and remotely accessible and the attacker knows the name of...

Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)

The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:012)

Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing of the font.alias file. The X server, which runs as root, fails to check the length of user-provided input; as a result a malicious user could craft a malformed font.alias file causing a buffer overflow upon parsing,...

Mandrake Linux Security Advisory : squid (MDKSA-2002:016-1)

Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service.....

Mandrake Linux Security Advisory : php (MDKSA-2002:017)

Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this.....

Mandrake Linux Security Advisory : mplayer (MDKSA-2004:026)

A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ('Location:'), and trick MPlayer into executing arbitrary code upon parsing that header. The updated packages contain a patch from the MPlayer development team to correct the....

Mandrake Linux Security Advisory : mpg123 (MDKSA-2003:078)

A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)

Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used...