A sudo rosszul kezeli a csoport megadásokat a Runas_Alias-ban, amikor egy csoport is szerepel benne. Ha a támadó a csoport tagja, akkor akár root-ként is futtathat programokat. Az OpenSSL rutinkönytár egy API hiba miatt tévesen elfogadott hibás DSA vagy ECDSA kulcsokat is. A valgrind az aktuális könyvtárban is keresi a konfigurációs állományát, így a támadó létrehozhat egyet és abban számára kedvező search path-t adhat meg (így az áldozat közreműködésével kódot futtathat a rendszeren). Az xterm megfelelő escape szekvencia hatására megadott karaktersorozatot az input pufferbe helyez. E mellett biztonsági okokból még számtalan hasonló escape szekvenciát letiltottak. A KTorrent hozzáférés vezérlése nem működik a web felületen át, a támadó tetszőleges torrent állományt feltölthet és elkezdheti a letöltésüket. A web felület egyébként más hibát is tartalmaz, a rossz paraméter ellenőrzés miatt tetszőleges php kód futtatható. Két biztonsági hibát is találtak az emacs és xemacs editorokban: amennyiben az .flc állomány mellet a source is rendelkezésre áll, és a source-ban a font-lock-support-mode paramétert fast-lock-mode-ra állítják, akkor az .flc állományban szereplő LISP kód figyelmeztetés nélkül végrehajtódik. A python interface-e is hibás, ugyanis a python alapértelmezetten az aktuális könyvtárat a search path elejére teszi.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Privilege escalation Date: February 06, 2009 Bugs: #256633 ID: 200902-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in sudo may allow for privilege escalation. Background ========== sudo allows a system administrator to give users the ability to run commands as other users. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/sudo < 1.7.0 >= 1.7.0 Description =========== Harald Koenig discovered that sudo incorrectly handles group specifications in Runas_Alias (and related) entries when a group is specified in the list (using %group syntax, to allow a user to run commands as any member of that group) and the user is already a member of that group. Impact ====== A local attacker could possibly run commands as an arbitrary system user (including root). Workaround ========== There is no known workaround at this time. Resolution ========== All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.0" References ========== [ 1 ] CVE-2009-0034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Certificate validation error Date: February 12, 2009 Bugs: #251346 ID: 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in the OpenSSL certificate chain validation might allow for spoofing attacks. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 0.9.8j >= 0.9.8j Description =========== The Google Security Team reported that several functions incorrectly check the result after calling the EVP_VerifyFinal() function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. Impact ====== A remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j" References ========== [ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Valgrind: Untrusted search path Date: February 12, 2009 Bugs: #245317 ID: 200902-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code. Background ========== Valgrind is an open-source memory debugger. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/valgrind < 3.4.0 >= 3.4.0 Description =========== Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Impact ====== A local attacker could prepare a specially crafted .valgrindrc file and entice a user to run Valgrind from the directory containing that file, resulting in the execution of arbitrary code with the privileges of the user running Valgrind. Workaround ========== Do not run "valgrind" from untrusted working directories. Resolution ========== All Valgrind users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/valgrind-3.4.0" References ========== [ 1 ] CVE-2008-4865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4865 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: xterm: User-assisted arbitrary commands execution Date: February 12, 2009 Bugs: #253155 ID: 200902-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in the processing of special sequences in xterm may lead to arbitrary commands execution. Background ========== xterm is a terminal emulator for the X Window system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-terms/xterm < 239 >= 239 Description =========== Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String (DECRQSS) sequences. Impact ====== A remote attacker could entice a user to display a file containing specially crafted DECRQSS sequences, possibly resulting in the remote execution of arbitrary commands with the privileges of the user viewing the file. Workaround ========== There is no known workaround at this time. Resolution ========== All xterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/xterm-239" References ========== [ 1 ] CVE-2008-2383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: KTorrent: Multiple vulnerabilitites Date: February 23, 2009 Bugs: #244741 ID: 200902-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in the web interface plugin in KTorrent allow for remote execution of code and arbitrary torrent uploads. Background ========== KTorrent is a BitTorrent program for KDE. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-p2p/ktorrent < 2.2.8 >= 2.2.8 Description =========== The web interface plugin does not restrict access to the torrent upload functionality (CVE-2008-5905) and does not sanitize request parameters properly (CVE-2008-5906) . Impact ====== A remote attacker could send specially crafted parameters to the web interface that would allow for arbitrary torrent uploads and remote code execution with the privileges of the KTorrent process. Workaround ========== Disabling the web interface plugin will prevent exploitation of both issues. Click "Plugins" in the configuration menu and uncheck the checkbox left of "WebInterface", then apply the changes. Resolution ========== All KTorrent users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/ktorrent-2.2.8" References ========== [ 1 ] CVE-2008-5905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5905 [ 2 ] CVE-2008-5906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5906 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU Emacs, XEmacs: Multiple vulnerabilities Date: February 23, 2009 Bugs: #221197, #236498 ID: 200902-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities were found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. One also affects edit-utils in XEmacs. Background ========== GNU Emacs and XEmacs are highly extensible and customizable text editors. edit-utils are miscellaneous extensions to XEmacs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/emacs < 22.2-r3 >= 22.2-r3 *>= 21.4-r17 < 19 2 app-xemacs/edit-utils < 2.39 >= 2.39 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Morten Welinder reports about GNU Emacs and edit-utils in XEmacs: By shipping a .flc accompanying a source file (.c for example) and setting font-lock-support-mode to fast-lock-mode in the source file through local variables, any Lisp code in the .flc file is executed without warning (CVE-2008-2142). Romain Francoise reported a security risk in a feature of GNU Emacs related to interacting with Python. The vulnerability arises because Python, by default, prepends the current directory to the module search path, allowing for arbitrary code execution when launched from a specially crafted directory (CVE-2008-3949). Impact ====== Remote attackers could entice a user to open a specially crafted file in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp code or arbitrary Python code with the privileges of the user running GNU Emacs or XEmacs. Workaround ========== There is no known workaround at this time. Resolution ========== All GNU Emacs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/emacs-22.2-r3" All edit-utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-xemacs/edit-utils-2.39" References ========== [ 1 ] CVE-2008-2142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142 [ 2 ] CVE-2008-3949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3949 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---