[Secure-testing-commits] r2945 - data/DTSA/advs

Neil McGovern neilm at costa.debian.org
Mon Dec 5 14:55:43 UTC 2005 

Author: neilm
Date: 2005-12-05 14:55:43 +0000 (Mon, 05 Dec 2005)
New Revision: 2945

Modified:
   data/DTSA/advs/22-uim.adv
   data/DTSA/advs/23-centericq.adv
   data/DTSA/advs/24-inkscape.adv
   data/DTSA/advs/25-smb4k.adv
   data/DTSA/advs/26-trackballs.adv
Log:
Filled in the .advs


Modified: data/DTSA/advs/22-uim.adv
===================================================================
--- data/DTSA/advs/22-uim.adv	2005-12-05 11:56:05 UTC (rev 2944)
+++ data/DTSA/advs/22-uim.adv	2005-12-05 14:55:43 UTC (rev 2945)
@@ -1,13 +1,16 @@
-source: xxx
-date: Bloptember 99th, 1990
-author: xxx
-vuln-type: xxx
-problem-scope: remote/local
-debian-specifc: yes/no
-cve: xxx xxx
-vendor-advisory: 
-testing-fix: xxx
-sid-fix: xxx
-upgrade: apt-get install xxx
+source: uim
+date: December 5th, 2005
+author: Neil McGovern
+vuln-type: local privilege escalation
+problem-scope: local
+debian-specifc: no
+cve: CVE-2005-3149
+testing-fix:  1:0.4.7-2.0etch1
+sid-fix: 1:0.4.7-2
+upgrade: apt-get upgrade
 
-xxx multiline description here
+CVE-2005-3149
+
+	Masanari Yamamoto discovered that incorrect use of environment
+	variables in uim. This bug causes privilege escalation if setuid/setgid
+	applications was linked to libuim.

Modified: data/DTSA/advs/23-centericq.adv
===================================================================
--- data/DTSA/advs/23-centericq.adv	2005-12-05 11:56:05 UTC (rev 2944)
+++ data/DTSA/advs/23-centericq.adv	2005-12-05 14:55:43 UTC (rev 2945)
@@ -1,13 +1,16 @@
-source: xxx
-date: Bloptember 99th, 1990
-author: xxx
-vuln-type: xxx
-problem-scope: remote/local
-debian-specifc: yes/no
-cve: xxx xxx
-vendor-advisory: 
-testing-fix: xxx
-sid-fix: xxx
-upgrade: apt-get install xxx
+source: centericq
+date: December 5th, 2005
+author: Neil McGovern
+vuln-type: buffer overflow
+problem-scope: local
+debian-specifc: no
+cve: CVE-2005-3863
+testing-fix: 4.21.0-6.0etch1
+sid-fix: 4.21.0-6
+upgrade: apt-get upgrade
 
-xxx multiline description here
+CVE-2005-3863
+
+	Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H
+	Research Team discovered a buffer overflow in kkstrtext.h of the ktools
+	library, which is included in centericq.

Modified: data/DTSA/advs/24-inkscape.adv
===================================================================
--- data/DTSA/advs/24-inkscape.adv	2005-12-05 11:56:05 UTC (rev 2944)
+++ data/DTSA/advs/24-inkscape.adv	2005-12-05 14:55:43 UTC (rev 2945)
@@ -1,13 +1,16 @@
-source: xxx
-date: Bloptember 99th, 1990
-author: xxx
-vuln-type: xxx
-problem-scope: remote/local
-debian-specifc: yes/no
-cve: xxx xxx
-vendor-advisory: 
-testing-fix: xxx
-sid-fix: xxx
-upgrade: apt-get install xxx
+source: inkscape
+date: December 5th, 2005
+author: Neil McGovern
+vuln-type: buffer overflow
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2005-3737
+testing-fix: 0.43-0.0etch1
+sid-fix: 0.43-1
+upgrade: apt-get install inkscape
 
-xxx multiline description here
+CVE-2005-3737
+
+	Joxean Koret discovered that inkscape is vulnerable in the SVG importer
+	(style.cpp), which might allow remote attackers to execute arbitrary code
+	via a SVG file with long CSS style property values.

Modified: data/DTSA/advs/25-smb4k.adv
===================================================================
--- data/DTSA/advs/25-smb4k.adv	2005-12-05 11:56:05 UTC (rev 2944)
+++ data/DTSA/advs/25-smb4k.adv	2005-12-05 14:55:43 UTC (rev 2945)
@@ -1,13 +1,19 @@
-source: xxx
-date: Bloptember 99th, 1990
-author: xxx
-vuln-type: xxx
-problem-scope: remote/local
-debian-specifc: yes/no
-cve: xxx xxx
-vendor-advisory: 
-testing-fix: xxx
-sid-fix: xxx
-upgrade: apt-get install xxx
+source: smb4k
+date: December 5th, 2005
+author: Neil McGovern
+vuln-type: access validation error
+problem-scope: local
+debian-specifc: no
+cve: CVE-2005-2851
+vendor-advisory: http://smb4k.berlios.de
+testing-fix: 0.6.4-0.0etch1
+sid-fix: 0.6.4-1
+upgrade: apt-get install smb4k
 
-xxx multiline description here
+CVE-2005-2851
+
+	 A vulnerability leading to unauthorized file access has been found. A
+	 pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile
+	 will cause Smb4k to write the contents of these files to the target of the
+	 symlink, as Smb4k does not check for the existence of these files before
+	 writing to them. 

Modified: data/DTSA/advs/26-trackballs.adv
===================================================================
--- data/DTSA/advs/26-trackballs.adv	2005-12-05 11:56:05 UTC (rev 2944)
+++ data/DTSA/advs/26-trackballs.adv	2005-12-05 14:55:43 UTC (rev 2945)
@@ -1,13 +1,17 @@
-source: xxx
-date: Bloptember 99th, 1990
-author: xxx
-vuln-type: xxx
+source: trackballs
+date: December 5th, 2005
+author: Neil McGovern
+vuln-type: symlink attack
 problem-scope: remote/local
 debian-specifc: yes/no
-cve: xxx xxx
+cve:
 vendor-advisory: 
-testing-fix: xxx
-sid-fix: xxx
-upgrade: apt-get install xxx
+testing-fix: 1.1.1-0.0etch1
+sid-fix: 1.1.1-1
+upgrade: apt-get upgrade
 
-xxx multiline description here
+Ulf Harnhammar notices that that trackballs follows symlinks when running as
+gid games. It writes to files such as $HOME/.trackballs/[USERNAME].gmr and
+$HOME/.trackballs/settings without checking if they are symlinks somewhere
+else. This can be abused for overwriting or creating files wherever the games
+group is allowed to do so.

More information about the Secure-testing-commits mailing list