Advisories, Feburary 22, 2006

Feb 23, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 980-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 22nd, 2006 http://www.debian.org/security/faq

Package : tutos
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2004-2161 CVE-2004-2162
Debian Bug : 318633

Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems:

CVE-2004-2161

An SQL injection vulnerability allows the execution of SQL commands through the link_id parameter in file_overview.php.

CVE-2004-2162

Cross-Site-Scripting vulnerabilities in the search function of the address book and in app_new.php allow the execution of web script code.

The old stable distribution (woody) does not contain tutos packages.

For the stable distribution (sarge) these problems have been fixed in version 1.1.20031017-2+1sarge1.

The unstable distribution (sid) does no longer contain tutos packages.

We recommend that you upgrade your tutos package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.dsc
      Size/MD5 checksum: 575 7babaefc5a7e57afc2fb421d5829c4cf
    http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.tar.gz
      Size/MD5 checksum: 4955293 c9c539f0d5504d69377e326870db18c3

Architecture independent components:

http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1_all.deb
Size/MD5 checksum: 4760050 39bb9b2f3e9655c7060f04a5dac83e09

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200602-11

http://security.gentoo.org/

Severity: Low
Title: OpenSSH, Dropbear: Insecure use of system() call
Date: February 20, 2006
Bugs: #119232
ID: 200602-11

Synopsis

A flaw in OpenSSH and Dropbear allows local users to elevate their privileges via scp.

OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Dropbear is an SSH server and client designed with a small memory footprint that includes OpenSSH scp code.

Affected packages

     Package            /   Vulnerable   /                  Unaffected

  1  net-misc/openssh       < 4.2_p1-r1                   >= 4.2_p1-r1
  2  net-misc/dropbear       < 0.47-r1                      >= 0.47-r1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

To copy from a local filesystem to another local filesystem, scp constructs a command line using 'cp' which is then executed via system(). Josh Bressers discovered that special characters are not escaped by scp, but are simply passed to the shell.

Impact

By tricking other users or applications to use scp on maliciously crafted filenames, a local attacker user can execute arbitrary commands with the rights of the user running scp.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.2_p1-r1"

All Dropbear users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47-r1"

References

[ 1 ] CVE-2006-0225

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200602-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:045
http://www.mandriva.com/security/

Package : MySQL
Date : February 21, 2006
Affected: 10.2

Problem Description:

Eric Romang discovered a temporary file vulnerability in the mysql_install_db script provided with MySQL. This vulnerability only affects versions of MySQL 4.1.x prior to 4.1.12.

The updated packages have been patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636

Updated Packages:

Mandriva Linux 10.2:
68b34c38c82c27ca31d2baed83a7353c 10.2/RPMS/libmysql14-4.1.11-1.2.102mdk.i586.rpm
ff2aa669f4ac39b918d83203269e5bab 10.2/RPMS/libmysql14-devel-4.1.11-1.2.102mdk.i586.rpm
87c04e7a4c16c9cdbe11a4d51ba41b84 10.2/RPMS/MySQL-4.1.11-1.2.102mdk.i586.rpm
26df457cfe6a2297f638e160bbb083d4 10.2/RPMS/MySQL-bench-4.1.11-1.2.102mdk.i586.rpm
a1cd9ffd2a5e9a34c0c2165d63487b8c 10.2/RPMS/MySQL-client-4.1.11-1.2.102mdk.i586.rpm
cd993f9f7f10d0d8386aae1e518501c9 10.2/RPMS/MySQL-common-4.1.11-1.2.102mdk.i586.rpm
e4fe37ca45a8709e87756406887fdc70 10.2/RPMS/MySQL-Max-4.1.11-1.2.102mdk.i586.rpm
0c59d5a6a5e30db8c598efb61a7a3fb9 10.2/RPMS/MySQL-NDB-4.1.11-1.2.102mdk.i586.rpm
b947fbe93342addf36358ca650974636 10.2/SRPMS/MySQL-4.1.11-1.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
774f3aa1d7038fcc14a6a679773f7dba x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.2.102mdk.x86_64.rpm
1df660a23ca509283468f7b8db1ad86f x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.2.102mdk.x86_64.rpm
df70950e1bc6c33ea49968b0f965c01e x86_64/10.2/RPMS/MySQL-4.1.11-1.2.102mdk.x86_64.rpm
67b8d7f07343184737f4ad96b52e01d3 x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.2.102mdk.x86_64.rpm
f78f0e0a7d20f0899b606946a6dbbad0 x86_64/10.2/RPMS/MySQL-client-4.1.11-1.2.102mdk.x86_64.rpm
6c6b4c3f4984bb2ad12cfeb729722e48 x86_64/10.2/RPMS/MySQL-common-4.1.11-1.2.102mdk.x86_64.rpm
06662ba4375fee0ef1e3b246fd2273a4 x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.2.102mdk.x86_64.rpm
7f7ebae4d154a6f0adecc76fa03abc2b x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.2.102mdk.x86_64.rpm
b947fbe93342addf36358ca650974636 x86_64/10.2/SRPMS/MySQL-4.1.11-1.2.102mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:046
http://www.mandriva.com/security/

Package : tar
Date : February 21, 2006
Affected: 10.1, 10.2, 2006.0

Problem Description:

Gnu tar versions 1.14 and above have a buffer overflow vulnerability and some other issues including:

Carefully crafted invalid headers can cause buffer overrun.
Invalid header fields go undiagnosed.
Some valid time strings are ignored.

The updated packages have been patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300

Updated Packages:

Mandriva Linux 10.1:
8bd49b5e60e1736e771e3907789e37bb 10.1/RPMS/tar-1.14-1.1.101mdk.i586.rpm
57dc0115bfe997451de8d05375785395 10.1/SRPMS/tar-1.14-1.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c4ad8f0250fef5da4ba2f9097c6190e2 x86_64/10.1/RPMS/tar-1.14-1.1.101mdk.x86_64.rpm
57dc0115bfe997451de8d05375785395 x86_64/10.1/SRPMS/tar-1.14-1.1.101mdk.src.rpm

Mandriva Linux 10.2:
91ad7217d416f4d07536a08c6762fd8d 10.2/RPMS/tar-1.15.1-2.1.102mdk.i586.rpm
efd8210667f158419143b243c1ee01d7 10.2/SRPMS/tar-1.15.1-2.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
edc3e1b3eec8c5f52aa29c6f7351f563 x86_64/10.2/RPMS/tar-1.15.1-2.1.102mdk.x86_64.rpm
efd8210667f158419143b243c1ee01d7 x86_64/10.2/SRPMS/tar-1.15.1-2.1.102mdk.src.rpm

Mandriva Linux 2006.0:
5300c6bc1aa290f2a8efffff2b3e8b27 2006.0/RPMS/tar-1.15.1-5.1.20060mdk.i586.rpm
275c24b2288e5b9c57d5a1bdef4798ad 2006.0/SRPMS/tar-1.15.1-5.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2c7378971d6b87fad153b8667e800b00 x86_64/2006.0/RPMS/tar-1.15.1-5.1.20060mdk.x86_64.rpm
275c24b2288e5b9c57d5a1bdef4798ad x86_64/2006.0/SRPMS/tar-1.15.1-5.1.20060mdk.src.rpm