Stack buffer overflow hibát találtak a ganglia cluster monitoring toolkit gmetad daemon-jában. Több biztonsági hibát is találtak az Adobe Flash Player-ben, amik közül a legsúlyosabb kód futtatási lehetőséget ad a támadónak. A shadow csomag login segédprogramja nem megfelelően kezeli a symlink-eket a tty jogosultságainak beállításakor. Ha a támadó hozzáfér az utmp állományhoz, akkor root jogokat szerezhet a rendszeren. SQL injection hibát találtak a Courier Authentication Library-ben. Stack buffer overflow hibát találtak a tmsnc karakterek MSN kliensben. Két SQL injection hibát is találtak a ProFTPD szerverben, a hiba a mod_sql illetve a mod_sql_mysql modulokat érinti.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Ganglia: Execution of arbitrary code Date: March 10, 2009 Bugs: #255366 ID: 200903-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer-overflow in Ganglia's gmetad might lead to the execution of arbitrary code. Background ========== Ganglia is a scalable distributed monitoring system for clusters and grids. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/ganglia < 3.1.1-r2 >= 3.1.1-r2 Description =========== Spike Spiegel reported a stack-based buffer overflow in the process_path() function when processing overly long pathnames in gmetad/server.c. Impact ====== A remote attacker could send a specially crafted request to the gmetad service leading to the execution of arbitrary code or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Ganglia users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-cluster/ganglia-3.1.1-r2" References ========== [ 1 ] CVE-2009-0241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: March 10, 2009 Bugs: #239543, #251496, #260264 ID: 200903-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. Background ========== The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-www/netscape-flash < 10.0.22.87 >= 10.0.22.87 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash Player: * The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873). * The access scope of FileReference.browse() and FileReference.download() allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401). * The Settings Manager controls can be disguised as normal graphical elements. This so-called "clickjacking" vulnerability was disclosed by Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin (CVE-2008-4503). * Matthew Dempsky reported a null-pointer dereference flaw when loading two SWF files compiled with different Flash versions from the same URI (CVE-2008-4546). * Adan Barth (UC Berkely) and Collin Jackson (Stanford University) discovered a flaw occurring when interpreting HTTP response headers (CVE-2008-4818). * Nathan McFeters and Rob Carter of Ernst and Young's Advanced Security Center are credited for finding an unspecified vulnerability facilitating DNS rebinding attacks (CVE-2008-4819). * When used in a Mozilla browser, Adobe Flash Player does not properly interpret jar: URLs, according to a report by Gregory Fleischer of pseudo-flaw.net (CVE-2008-4821). * Alex "kuza55" K. reported that Adobe Flash Player does not properly interpret policy files (CVE-2008-4822). * The vendor credits Stefano Di Paola of Minded Security for reporting that an ActionScript attribute is not interpreted properly (CVE-2008-4823). * Riley Hassell and Josh Zelonis of iSEC Partners reported multiple input validation errors (CVE-2008-4824). * The aforementioned researchers also reported that ActionScript 2 does not verify a member element's size when performing several known and other unspecified actions, that DefineConstantPool accepts an untrusted input value for a "constant count" and that character elements are not validated when retrieved from a data structure, possibly resulting in a null-pointer dereference (CVE-2008-5361, CVE-2008-5362, CVE-2008-5363). * The vendor reported an unspecified arbitrary code execution vulnerability (CVE-2008-5499). * Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the Settings Manager related to "clickjacking" (CVE-2009-0114). * The vendor credits Roee Hay from IBM Rational Application Security for reporting an input validation error when processing SWF files (CVE-2009-0519). * Javier Vicente Vallejo reported via the iDefense VCP that Adobe Flash does not remove object references properly, leading to a freed memory dereference (CVE-2009-0520). * Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team reported an untrusted search path vulnerability (CVE-2009-0521). Impact ====== A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the "non-root domain policy" of Flash, and gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-www/netscape-flash-10.0.22.87" References ========== [ 1 ] CVE-2008-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873 [ 2 ] CVE-2008-4401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4401 [ 3 ] CVE-2008-4503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4503 [ 4 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 5 ] CVE-2008-4818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818 [ 6 ] CVE-2008-4819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819 [ 7 ] CVE-2008-4821 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821 [ 8 ] CVE-2008-4822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822 [ 9 ] CVE-2008-4823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823 [ 10 ] CVE-2008-4824 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824 [ 11 ] CVE-2008-5361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5361 [ 12 ] CVE-2008-5362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5362 [ 13 ] CVE-2008-5363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5363 [ 14 ] CVE-2008-5499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499 [ 15 ] CVE-2009-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0114 [ 16 ] CVE-2009-0519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519 [ 17 ] CVE-2009-0520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520 [ 18 ] CVE-2009-0521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0521 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-23.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Shadow: Privilege escalation Date: March 10, 2009 Bugs: #251320 ID: 200903-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage in Shadow may allow local users to gain root privileges. Background ========== Shadow is a set of tools to deal with user accounts. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/shadow < 4.1.2.2 >= 4.1.2.2 Description =========== Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact ====== A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gain root privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All Shadow users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.2.2" References ========== [ 1 ] CVE-2008-5394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Courier Authentication Library: SQL Injection vulnerability Date: March 11, 2009 Bugs: #252576 ID: 200903-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An SQL injection vulnerability has been discovered in the Courier Authentication Library. Background ========== The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/courier-authlib < 0.62.2 >= 0.62.2 Description =========== It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale Postgres database. Impact ====== A remote attacker could send specially crafted input to an application using the library, possibly resulting in the execution of arbitrary SQL commands. Workaround ========== There is no known workaround at this time. Resolution ========== All Courier Authentication Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/courier-authlib-0.62.2" References ========== [ 1 ] CVE-2008-2380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2380 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TMSNC: Execution of arbitrary code Date: March 12, 2009 Bugs: #229157 ID: 200903-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in TMSNC might lead to the execution of arbitrary code when processing an instant message. Background ========== TMSNC is a Textbased client for the MSN instant messaging protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/tmsnc <= 0.3.2-r1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description =========== Nico Golde reported a stack-based buffer overflow when processing a MSN packet with a UBX command containing a large UBX payload length field. Impact ====== A remote attacker could send a specially crafted message, possibly resulting in the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== Since TMSNC is no longer maintained, we recommend that users unmerge the vulnerable package and switch to another console-based MSN client such as CenterIM or Pebrot: # emerge --unmerge "net-im/tmsnc" References ========== [ 1 ] CVE-2008-2828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2828 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-26.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ProFTPD: Multiple vulnerabilities Date: March 12, 2009 Bugs: #258450 ID: 200903-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in ProFTPD might allow for SQL injection attacks. Background ========== ProFTPD is an advanced and very configurable FTP server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/proftpd < 1.3.2 >= 1.3.2 Description =========== The following vulnerabilities were reported: * Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by mod_sql (CVE-2009-0542). * Some invalid, encoded multibyte characters are not properly handled in mod_sql_mysql and mod_sql_postgres when NLS support is enabled (CVE-2009-0543). Impact ====== A remote attacker could send specially crafted requests to the server, possibly resulting in the execution of arbitrary SQL statements. Workaround ========== There is no known workaround at this time. Resolution ========== All ProFTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.2" References ========== [ 1 ] CVE-2009-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0542 [ 2 ] CVE-2009-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0543 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-27.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---