[Secure-testing-commits] r1796 - data/DTSA/advs

Neil McGovern neilm at costa.debian.org
Sat Sep 3 14:41:30 UTC 2005 

Author: neilm
Date: 2005-09-03 14:41:30 +0000 (Sat, 03 Sep 2005)
New Revision: 1796

Added:
   data/DTSA/advs/2-centericq.adv
   data/DTSA/advs/3-clamav.adv
   data/DTSA/advs/4-ekg.adv
   data/DTSA/advs/5-gaim.adv
   data/DTSA/advs/6-cgiwrap.adv
Log:
Added some .advs


Added: data/DTSA/advs/2-centericq.adv
===================================================================
--- data/DTSA/advs/2-centericq.adv	2005-09-03 13:51:45 UTC (rev 1795)
+++ data/DTSA/advs/2-centericq.adv	2005-09-03 14:41:30 UTC (rev 1796)
@@ -0,0 +1,35 @@
+dtsa: DTSA-2-1
+source: centericq
+date: August 28th, 2005
+author: Joey Hess
+vuln-type: multiple vulnerabilities
+problem-scope: local and remote
+debian-specific: no
+cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914
+testing-fix: 4.20.0-8etch1
+sid-fix: 4.20.0-9
+
+centericq in testing is vulnerable to multiple security holes:
+
+CAN-2005-2448
+
+  Multiple endianness errors in libgadu, which is embedded in centericq,
+  allow remote attackers to cause a denial of service (invalid behaviour in
+  applications) on big-endian systems.
+
+CAN-2005-2370
+
+  Multiple memory alignment errors in libgadu, which is embedded in
+  centericq, allows remote attackers to cause a denial of service (bus error)
+  on certain architectures such as SPARC via an incoming message.
+
+CAN-2005-2369
+
+  Multiple integer signedness errors in libgadu, which is embedded in
+  centericq, may allow remote attackers to cause a denial of service
+  or execute arbitrary code.
+
+CAN-2005-1914
+
+  centericq creates temporary files with predictable file names, which
+  allows local users to overwrite arbitrary files via a symlink attack.

Added: data/DTSA/advs/3-clamav.adv
===================================================================
--- data/DTSA/advs/3-clamav.adv	2005-09-03 13:51:45 UTC (rev 1795)
+++ data/DTSA/advs/3-clamav.adv	2005-09-03 14:41:30 UTC (rev 1796)
@@ -0,0 +1,44 @@
+dtsa: DTSA-3-1
+source: clamav
+date: August 28th, 2005
+author: Joey Hess
+vuln-type: denial of service and privilege escalation
+problem-scope: remote
+debian-specific: no
+cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450
+testing-fix: 0.86.2-4etch1
+sid-fix: 0.86.2-1
+
+Multiple security holes were found in clamav:
+
+CAN-2005-2070
+
+  The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long
+  timeouts, allows remote attackers to cause a denial of service by keeping
+  an open connection, which prevents ClamAV from reloading.
+
+CAN-2005-1923
+
+  The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote
+  attackers to cause a denial of service (CPU consumption by infinite loop)
+  via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff,
+  which causes a zero-length read.
+
+CAN-2005-2056
+
+  The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote
+  attackers to cause a denial of service (application crash) via a crafted
+  Quantum archive.
+
+CAN-2005-1922
+
+  The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote
+  attackers to cause a denial of service (file descriptor and memory
+  consumption) via a crafted file that causes repeated errors in the
+  cli_msexpand function.
+
+CAN-2005-2450
+
+  Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file
+  format processors in libclamav for Clam AntiVirus (ClamAV) allow remote
+  attackers to gain privileges via a crafted e-mail message.

Added: data/DTSA/advs/4-ekg.adv
===================================================================
--- data/DTSA/advs/4-ekg.adv	2005-09-03 13:51:45 UTC (rev 1795)
+++ data/DTSA/advs/4-ekg.adv	2005-09-03 14:41:30 UTC (rev 1796)
@@ -0,0 +1,40 @@
+dtsa: DTSA-4-1
+source: ekg
+date: August 28th, 2005
+author: Joey Hess
+vuln-type: multiple vulnerabilities
+problem-scope: local and remote
+debian-specific: no
+cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448
+testing-fix: 1:1.5+20050808+1.6rc3-0etch1
+sid-fix: 1:1.5+20050808+1.6rc3-1
+
+Multiple vulnerabilities were discovered in ekg:
+
+CAN-2005-1916
+
+  Eric Romang discovered insecure temporary file creation and arbitrary
+  command execution in a contributed script that can be exploited by a local
+  attacker.
+
+CAN-2005-1851
+
+  Marcin Owsiany and Wojtek Kaniewski discovered potential shell command
+  injection in a contributed script.
+
+CAN-2005-1850
+
+  Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file
+  creation in contributed scripts.
+
+CAN-2005-1852
+
+  Multiple integer overflows in libgadu, as used in ekg, allows remote
+  attackers to cause a denial of service (crash) and possibly execute
+  arbitrary code via an incoming message.
+
+CAN-2005-2448
+
+  Multiple endianness errors in libgadu in ekg allow remote attackers to
+  cause a denial of service (invalid behaviour in applications) on
+  big-endian systems.

Added: data/DTSA/advs/5-gaim.adv
===================================================================
--- data/DTSA/advs/5-gaim.adv	2005-09-03 13:51:45 UTC (rev 1795)
+++ data/DTSA/advs/5-gaim.adv	2005-09-03 14:41:30 UTC (rev 1796)
@@ -0,0 +1,31 @@
+dtsa: DTSA-5-1
+source: gaim
+date: August 28th, 2005
+author: Joey Hess
+vuln-type: multiple remote vulnerabilities
+problem-scope: remote
+debian-specific: no
+cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103
+testing-fix: 1:1.4.0-5etch2
+sid-fix: 1:1.4.0-5
+
+Multiple security holes were found in gaim:
+
+CAN-2005-2102
+
+  The AIM/ICQ module in Gaim allows remote attackers to cause a denial of
+  service (application crash) via a filename that contains invalid UTF-8
+  characters.
+
+CAN-2005-2370
+
+  Multiple memory alignment errors in libgadu, as used in gaim and other
+  packages, allow remote attackers to cause a denial of service (bus error)
+  on certain architectures such as SPARC via an incoming message.
+
+CAN-2005-2103
+
+  Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers
+  to cause a denial of service (application crash) and possibly execute
+  arbitrary code via an away message with a large number of AIM substitution
+  strings, such as %t or %n.

Added: data/DTSA/advs/6-cgiwrap.adv
===================================================================
--- data/DTSA/advs/6-cgiwrap.adv	2005-09-03 13:51:45 UTC (rev 1795)
+++ data/DTSA/advs/6-cgiwrap.adv	2005-09-03 14:41:30 UTC (rev 1796)
@@ -0,0 +1,26 @@
+dtsa: DTSA-6-1
+source: cgiwrap
+date: August 28th, 2005
+author: Neil McGovern
+vuln-type: multiple vulnerabilities
+problem-scope: remote
+debian-specific: no
+cve: 
+testing-fix: 3.9-3.0etch1
+sid-fix: 3.9-3.1
+
+Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap:
+
+Minimum UID does not include all system users
+
+  The CGIwrap program will not seteuid itself to uids below the 'minimum' uid
+  to prevent scripts from being misused to compromise the system. However,
+  the Debian package sets the minimum uid to 100 when it should be 1000.
+
+CGIs can be used to disclose system information
+
+  The cgiwrap (and php-cgiwrap) package installs some debugging CGIs
+  (actually symbolink links, which link to cgiwrap and are called 'cgiwrap'
+  and 'nph-cgiwrap' or link to php-cgiwrap). These CGIs should not be
+  installed in production environments as they disclose internal and
+  potentially sensible information.

More information about the Secure-testing-commits mailing list