Author: neilm Date: 2005-09-03 14:41:30 +0000 (Sat, 03 Sep 2005) New Revision: 1796 Added: data/DTSA/advs/2-centericq.adv data/DTSA/advs/3-clamav.adv data/DTSA/advs/4-ekg.adv data/DTSA/advs/5-gaim.adv data/DTSA/advs/6-cgiwrap.adv Log: Added some .advs Added: data/DTSA/advs/2-centericq.adv ==================================================================--- data/DTSA/advs/2-centericq.adv 2005-09-03 13:51:45 UTC (rev 1795) +++ data/DTSA/advs/2-centericq.adv 2005-09-03 14:41:30 UTC (rev 1796) @@ -0,0 +1,35 @@ +dtsa: DTSA-2-1 +source: centericq +date: August 28th, 2005 +author: Joey Hess +vuln-type: multiple vulnerabilities +problem-scope: local and remote +debian-specific: no +cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 +testing-fix: 4.20.0-8etch1 +sid-fix: 4.20.0-9 + +centericq in testing is vulnerable to multiple security holes: + +CAN-2005-2448 + + Multiple endianness errors in libgadu, which is embedded in centericq, + allow remote attackers to cause a denial of service (invalid behaviour in + applications) on big-endian systems. + +CAN-2005-2370 + + Multiple memory alignment errors in libgadu, which is embedded in + centericq, allows remote attackers to cause a denial of service (bus error) + on certain architectures such as SPARC via an incoming message. + +CAN-2005-2369 + + Multiple integer signedness errors in libgadu, which is embedded in + centericq, may allow remote attackers to cause a denial of service + or execute arbitrary code. + +CAN-2005-1914 + + centericq creates temporary files with predictable file names, which + allows local users to overwrite arbitrary files via a symlink attack. Added: data/DTSA/advs/3-clamav.adv ==================================================================--- data/DTSA/advs/3-clamav.adv 2005-09-03 13:51:45 UTC (rev 1795) +++ data/DTSA/advs/3-clamav.adv 2005-09-03 14:41:30 UTC (rev 1796) @@ -0,0 +1,44 @@ +dtsa: DTSA-3-1 +source: clamav +date: August 28th, 2005 +author: Joey Hess +vuln-type: denial of service and privilege escalation +problem-scope: remote +debian-specific: no +cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 +testing-fix: 0.86.2-4etch1 +sid-fix: 0.86.2-1 + +Multiple security holes were found in clamav: + +CAN-2005-2070 + + The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long + timeouts, allows remote attackers to cause a denial of service by keeping + an open connection, which prevents ClamAV from reloading. + +CAN-2005-1923 + + The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote + attackers to cause a denial of service (CPU consumption by infinite loop) + via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, + which causes a zero-length read. + +CAN-2005-2056 + + The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote + attackers to cause a denial of service (application crash) via a crafted + Quantum archive. + +CAN-2005-1922 + + The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote + attackers to cause a denial of service (file descriptor and memory + consumption) via a crafted file that causes repeated errors in the + cli_msexpand function. + +CAN-2005-2450 + + Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file + format processors in libclamav for Clam AntiVirus (ClamAV) allow remote + attackers to gain privileges via a crafted e-mail message. Added: data/DTSA/advs/4-ekg.adv ==================================================================--- data/DTSA/advs/4-ekg.adv 2005-09-03 13:51:45 UTC (rev 1795) +++ data/DTSA/advs/4-ekg.adv 2005-09-03 14:41:30 UTC (rev 1796) @@ -0,0 +1,40 @@ +dtsa: DTSA-4-1 +source: ekg +date: August 28th, 2005 +author: Joey Hess +vuln-type: multiple vulnerabilities +problem-scope: local and remote +debian-specific: no +cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 +testing-fix: 1:1.5+20050808+1.6rc3-0etch1 +sid-fix: 1:1.5+20050808+1.6rc3-1 + +Multiple vulnerabilities were discovered in ekg: + +CAN-2005-1916 + + Eric Romang discovered insecure temporary file creation and arbitrary + command execution in a contributed script that can be exploited by a local + attacker. + +CAN-2005-1851 + + Marcin Owsiany and Wojtek Kaniewski discovered potential shell command + injection in a contributed script. + +CAN-2005-1850 + + Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file + creation in contributed scripts. + +CAN-2005-1852 + + Multiple integer overflows in libgadu, as used in ekg, allows remote + attackers to cause a denial of service (crash) and possibly execute + arbitrary code via an incoming message. + +CAN-2005-2448 + + Multiple endianness errors in libgadu in ekg allow remote attackers to + cause a denial of service (invalid behaviour in applications) on + big-endian systems. Added: data/DTSA/advs/5-gaim.adv ==================================================================--- data/DTSA/advs/5-gaim.adv 2005-09-03 13:51:45 UTC (rev 1795) +++ data/DTSA/advs/5-gaim.adv 2005-09-03 14:41:30 UTC (rev 1796) @@ -0,0 +1,31 @@ +dtsa: DTSA-5-1 +source: gaim +date: August 28th, 2005 +author: Joey Hess +vuln-type: multiple remote vulnerabilities +problem-scope: remote +debian-specific: no +cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 +testing-fix: 1:1.4.0-5etch2 +sid-fix: 1:1.4.0-5 + +Multiple security holes were found in gaim: + +CAN-2005-2102 + + The AIM/ICQ module in Gaim allows remote attackers to cause a denial of + service (application crash) via a filename that contains invalid UTF-8 + characters. + +CAN-2005-2370 + + Multiple memory alignment errors in libgadu, as used in gaim and other + packages, allow remote attackers to cause a denial of service (bus error) + on certain architectures such as SPARC via an incoming message. + +CAN-2005-2103 + + Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers + to cause a denial of service (application crash) and possibly execute + arbitrary code via an away message with a large number of AIM substitution + strings, such as %t or %n. Added: data/DTSA/advs/6-cgiwrap.adv ==================================================================--- data/DTSA/advs/6-cgiwrap.adv 2005-09-03 13:51:45 UTC (rev 1795) +++ data/DTSA/advs/6-cgiwrap.adv 2005-09-03 14:41:30 UTC (rev 1796) @@ -0,0 +1,26 @@ +dtsa: DTSA-6-1 +source: cgiwrap +date: August 28th, 2005 +author: Neil McGovern +vuln-type: multiple vulnerabilities +problem-scope: remote +debian-specific: no +cve: +testing-fix: 3.9-3.0etch1 +sid-fix: 3.9-3.1 + +Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap: + +Minimum UID does not include all system users + + The CGIwrap program will not seteuid itself to uids below the ''minimum'' uid + to prevent scripts from being misused to compromise the system. However, + the Debian package sets the minimum uid to 100 when it should be 1000. + +CGIs can be used to disclose system information + + The cgiwrap (and php-cgiwrap) package installs some debugging CGIs + (actually symbolink links, which link to cgiwrap and are called ''cgiwrap'' + and ''nph-cgiwrap'' or link to php-cgiwrap). These CGIs should not be + installed in production environments as they disclose internal and + potentially sensible information.