thr3ads.net - Secure testing commits - [Secure-testing-commits] r5924

If this information is useful, please help other people find it:
Share via:
stef-guest at alioth.debian.org
2007-May-26 08:16 UTC
[Secure-testing-commits] r5924 - data/DTSA/advs

Author: stef-guest
Date: 2007-05-26 08:16:55 +0000 (Sat, 26 May 2007)
New Revision: 5924

Added:
   data/DTSA/advs/38-qemu.adv
   data/DTSA/advs/39-samba.adv
Removed:
   data/DTSA/advs/38-samba.adv
   data/DTSA/advs/39-qemu.adv
Modified:
   data/DTSA/advs/40-php4.adv
Log:
update advs, add php5 adv

Copied: data/DTSA/advs/38-qemu.adv (from rev 5923, data/DTSA/advs/39-qemu.adv)
==================================================================---
data/DTSA/advs/38-qemu.adv	                        (rev 0)
+++ data/DTSA/advs/38-qemu.adv	2007-05-26 08:16:55 UTC (rev 5924)
@@ -0,0 +1,40 @@
+source: qemu
+date: May 26th, 2007
+author: Stefan Fritsch
+vuln-type: several vulnerabilities
+problem-scope: local
+debian-specifc: no
+cve:  CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
+vendor-advisory: http://taviso.decsystem.org/virtsec.pdf
+testing-fix: 0.8.2-5lenny1
+sid-fix: 0.9.0-2
+upgrade: apt-get upgrade
+
+Several vulnerabilities have been discovered in the QEMU processor
+emulator, which may lead to the execution of arbitrary code or denial of
+service. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2007-1320
+    Tavis Ormandy discovered that a memory management routine of the Cirrus
+    video driver performs insufficient bounds checking, which might
+    allow the execution of arbitrary code through a heap overflow.
+
+CVE-2007-1321
+    Tavis Ormandy discovered that the NE2000 network driver and the socket
+    code perform insufficient input validation, which might allow the
+    execution of arbitrary code through a heap overflow.
+
+CVE-2007-1322
+    Tavis Ormandy discovered that the "icebp" instruction can be
abused to
+    terminate the emulation, resulting in denial of service.
+
+CVE-2007-1323
+    Tavis Ormandy discovered that the NE2000 network driver and the socket
+    code perform insufficient input validation, which might allow the
+    execution of arbitrary code through a heap overflow.
+
+CVE-2007-1366
+    Tavis Ormandy discovered that the "aam" instruction can be abused
to
+    crash qemu through a division by zero, resulting in denial of
+    service.

Deleted: data/DTSA/advs/38-samba.adv
==================================================================---
data/DTSA/advs/38-samba.adv	2007-05-25 21:21:34 UTC (rev 5923)
+++ data/DTSA/advs/38-samba.adv	2007-05-26 08:16:55 UTC (rev 5924)
@@ -1,33 +0,0 @@
-source: samba
-date: May 22th, 2007
-author: Stefan Fritsch
-vuln-type: several vulnerabilities
-problem-scope: remote
-debian-specifc: no
-cve:  CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
-vendor-advisory: 
-testing-fix: 3.0.24-6lenny2
-sid-fix: 3.0.25-1
-upgrade: apt-get upgrade
-
-Several issues have been identified in Samba, the SMB/CIFS file- and
-print-server implementation for GNU/Linux.
-
-CVE-2007-2444 
-
-When translating SIDs to/from names using Samba local list of user and group
-accounts, a logic error in the smbd daemon''s internal security stack
may result
-in a transition to the root user id rather than the non-root user. The user is
-then able to temporarily issue SMB/CIFS protocol operations as the root user.
-This window of opportunity may allow the attacker to establish addition means
-of gaining root access to the server.
-
-CVE-2007-2446 
-
-Various bugs in Samba''s NDR parsing can allow a user to send specially
crafted
-MS-RPC requests that will overwrite the heap space with user defined data.
-
-CVE-2007-2447 
-
-Unescaped user input parameters are passed as arguments to /bin/sh allowing for
-remote command execution.

Deleted: data/DTSA/advs/39-qemu.adv
==================================================================---
data/DTSA/advs/39-qemu.adv	2007-05-25 21:21:34 UTC (rev 5923)
+++ data/DTSA/advs/39-qemu.adv	2007-05-26 08:16:55 UTC (rev 5924)
@@ -1,40 +0,0 @@
-source: qemu
-date: May 24th, 2007
-author: Stefan Fritsch
-vuln-type: several vulnerabilities
-problem-scope: local
-debian-specifc: no
-cve:  CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
-vendor-advisory: http://taviso.decsystem.org/virtsec.pdf
-testing-fix: 0.8.2-5lenny1
-sid-fix: 0.9.0-2
-upgrade: apt-get upgrade
-
-Several vulnerabilities have been discovered in the QEMU processor
-emulator, which may lead to the execution of arbitrary code or denial of
-service. The Common Vulnerabilities and Exposures project identifies the
-following problems:
-
-CVE-2007-1320
-    Tavis Ormandy discovered that a memory management routine of the Cirrus
-    video driver performs insufficient bounds checking, which might
-    allow the execution of arbitrary code through a heap overflow.
-
-CVE-2007-1321
-    Tavis Ormandy discovered that the NE2000 network driver and the socket
-    code perform insufficient input validation, which might allow the
-    execution of arbitrary code through a heap overflow.
-
-CVE-2007-1322
-    Tavis Ormandy discovered that the "icebp" instruction can be
abused to
-    terminate the emulation, resulting in denial of service.
-
-CVE-2007-1323
-    Tavis Ormandy discovered that the NE2000 network driver and the socket
-    code perform insufficient input validation, which might allow the
-    execution of arbitrary code through a heap overflow.
-
-CVE-2007-1366
-    Tavis Ormandy discovered that the "aam" instruction can be abused
to
-    crash qemu through a division by zero, resulting in denial of
-    service.

Copied: data/DTSA/advs/39-samba.adv (from rev 5923, data/DTSA/advs/38-samba.adv)
==================================================================---
data/DTSA/advs/39-samba.adv	                        (rev 0)
+++ data/DTSA/advs/39-samba.adv	2007-05-26 08:16:55 UTC (rev 5924)
@@ -0,0 +1,33 @@
+source: samba
+date: May 22th, 2007
+author: Stefan Fritsch
+vuln-type: several vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve:  CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
+vendor-advisory: 
+testing-fix: 3.0.24-6+lenny2
+sid-fix: 3.0.25-1
+upgrade: apt-get upgrade
+
+Several issues have been identified in Samba, the SMB/CIFS file- and
+print-server implementation for GNU/Linux.
+
+CVE-2007-2444 
+
+When translating SIDs to/from names using Samba local list of user and group
+accounts, a logic error in the smbd daemon''s internal security stack
may result
+in a transition to the root user id rather than the non-root user. The user is
+then able to temporarily issue SMB/CIFS protocol operations as the root user.
+This window of opportunity may allow the attacker to establish addition means
+of gaining root access to the server.
+
+CVE-2007-2446 
+
+Various bugs in Samba''s NDR parsing can allow a user to send specially
crafted
+MS-RPC requests that will overwrite the heap space with user defined data.
+
+CVE-2007-2447 
+
+Unescaped user input parameters are passed as arguments to /bin/sh allowing for
+remote command execution.

Modified: data/DTSA/advs/40-php4.adv
==================================================================---
data/DTSA/advs/40-php4.adv	2007-05-25 21:21:34 UTC (rev 5923)
+++ data/DTSA/advs/40-php4.adv	2007-05-26 08:16:55 UTC (rev 5924)
@@ -6,7 +6,7 @@
 debian-specifc: no
 cve: CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1718
CVE-2007-1777 CVE-2007-2509
 vendor-advisory: 
-testing-fix: 6:4.4.4-9lenny1
+testing-fix: 6:4.4.4-9+lenny1
 sid-fix: 6:4.4.6-2
 upgrade: apt-get upgrade
Secure testing commits - May 2007 - r5924 - data/DTSA/advs

[Secure-testing-commits] r5924 - data/DTSA/advs
