Security Digest: January 11, 2005

Jan 12, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 634-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 11th, 2005 http://www.debian.org/security/faq

Package : hylafax
Vulnerability : weak hostname and username validation
Problem-Type : local/remote
Debian-specific: no
CVE ID : CAN-2004-1182

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.

Some installations of hylafax may actually utilise the weak hostname and username validation for authorized uses. For example, hosts.hfaxd entries that may be common are

192.168.0
username:uid:pass:adminpass
user@host

After updating, these entries will need to be modified in order to continue to function. Respectively, the correct entries should be

192.168.0.[0-9]+
username@:uid:pass:adminpass
user@host

Unless such maching of "username" with "otherusername" and "host" with "hostname" is desired, the proper form of these entries should include the delimiter and markers like this

@192.168.0.[0-9]+$
^username@:uid:pass:adminpass
^user@host$

For the stable distribution (woody) this problem has been fixed in version 4.1.1-3.1.

For the unstable distribution (sid) this problem has been fixed in version 4.2.1-1.

We recommend that you upgrade your hylafax packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.1.dsc
Size/MD5 checksum: 739 1f06652425050fe27826e5cc1a6c23ff
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.1.diff.gz
Size/MD5 checksum: 115695 79a4e2c1a5c4d0fc8920b8c86b67d3ba
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
Size/MD5 checksum: 1287689 1ed081750be70a800708699b7568e17e

Architecture independent components:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-3.1_all.deb
Size/MD5 checksum: 318204 e8e94228255e35a1b5ccec1605405a53

Alpha architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_alpha.deb
Size/MD5 checksum: 556274 9e1f383c7d6949a4dd8b36c661ea62fd
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_alpha.deb
Size/MD5 checksum: 1362416 61b25a20d4627904e2d04355724ec7b5

ARM architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_arm.deb
Size/MD5 checksum: 445564 53d052214836978819eda025cb0556af
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_arm.deb
Size/MD5 checksum: 1095574 e109dd83be65856939e4ad9d708e70ff

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_i386.deb
Size/MD5 checksum: 462598 57fb47be9b22cc74f4d72fd1e8230e29
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_i386.deb
Size/MD5 checksum: 1132694 9f8aa28b677b3a6c57182e54d6908262

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_ia64.deb
Size/MD5 checksum: 615696 89157ac78717f6a487a996dccf7e204d
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_ia64.deb
Size/MD5 checksum: 1491800 95a9c52342251ed55f79ffb5baeda567

HP Precision architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_hppa.deb
Size/MD5 checksum: 501548 ff673c6c47e8d64ea0ec9e2b02d51cb5
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_hppa.deb
Size/MD5 checksum: 1231206 aad630516c55efd0ba9843fae532af30

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_m68k.deb
Size/MD5 checksum: 451214 ba331696f8fdaf75794aa43bee08363d
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_m68k.deb
Size/MD5 checksum: 1100004 dbe19e34a750650e659d26424e3b8b66

PowerPC architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_powerpc.deb
Size/MD5 checksum: 450314 30e9b943f372fa583fa040300e8fab8e
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_powerpc.deb
Size/MD5 checksum: 1104150 7ac3cb5c8abd26531e733401bff8c585

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_s390.deb
Size/MD5 checksum: 441190 f965904a1dd15e4fd1f6b79be39eedc2
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_s390.deb
Size/MD5 checksum: 1086806 8c7900e8c59149f95dd6f12bc5f02d9f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_sparc.deb
Size/MD5 checksum: 433580 b05f2aa9f1a6f3ef907b05a5921ed232
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_sparc.deb
Size/MD5 checksum: 1082482 e2dce8bb66267336dca745dab65836ac

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 633-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 11th, 2005 http://www.debian.org/security/faq

Package : bmv
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2003-0014

Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack.

For the stable distribution (woody) this problem has been fixed in version 1.2-14.2.

For the unstable distribution (sid) this problem has been fixed in version 1.2-17.

We recommend that you upgrade your bmv packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.dsc
Size/MD5 checksum: 565 7b056960fafe4fca7c72083788cf5844
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.diff.gz
Size/MD5 checksum: 11811 ab4e7218ce67de842d3a78e1c8e11caf
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
Size/MD5 checksum: 50755 40c881800edac6b1d2ce75ea8da6e6b4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2_i386.deb
Size/MD5 checksum: 21762 b625704138829c0dcd96a25e0a7f365b

These files will probably be moved into the stable distribution on its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200501-18

http://security.gentoo.org/

Severity: Normal
Title: KDE FTP KIOslave: Command injection
Date: January 11, 2005
Bugs: #73759
ID: 200501-18

Synopsis

The FTP KIOslave contains a bug allowing users to execute arbitrary FTP commands.

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDE provided KIOslaves for many protocols in the kdelibs package, one of them being FTP. These are used by KDE applications such as Konqueror.

Affected packages

     Package           /  Vulnerable  /                     Unaffected



  1  kde-base/kdelibs     < 3.3.2-r2                       >= 3.3.2-r2
                                                          *>= 3.2.3-r5

Description

The FTP KIOslave fails to properly parse URL-encoded newline characters.

Impact

An attacker could exploit this to execute arbitrary FTP commands on the server and due to similiarities between the FTP and the SMTP protocol, this vulnerability also allows an attacker to connect to a SMTP server and issue arbitrary commands, for example sending an email.

Workaround

There is no known workaround at this time.

Resolution

All kdelibs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdelibs

Note: There is currently no fixed stable 3.3.x version for sparc.

References

[ 1 ] KDE Security Advisory: ftp kioslave command injection

http://www.kde.org/info/security/advisory-20050101-1.txt

[ 2 ] CAN-2004-1165

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200501-16

http://security.gentoo.org/

Severity: Normal
Title: Konqueror: Java sandbox vulnerabilities
Date: January 11, 2005
Bugs: #72750
ID: 200501-16

Synopsis

The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Konqueror is the KDE web browser and file manager.

Affected packages

     Package           /  Vulnerable  /                     Unaffected

  1  kde-base/kdelibs       < 3.3.2                           >= 3.3.2

Description

Konqueror contains two errors that allow JavaScript scripts and Java applets to have access to restricted Java classes.

Impact

A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command, or access any file with the rights of the user running Konqueror.

Workaround

There is no known workaround at this time.

Resolution

All kdelibs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdelibs

Note: There is currently no fixed stable version for sparc.

References

[ 1 ] KDE Security Advisory: Konqueror Java Vulnerability

http://www.kde.org/info/security/advisory-20041220-1.txt

[ 2 ] CAN 2004-1145

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-16.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200501-17

http://security.gentoo.org/

Severity: Normal
Title: KPdf, KOffice: More vulnerabilities in included Xpdf
Date: January 11, 2005
Bugs: #75203, #75204
ID: 200501-17

Synopsis

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file.

Background

KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE.

Affected packages

     Package               /  Vulnerable  /                 Unaffected



  1  app-office/koffice       < 1.3.5-r1                   >= 1.3.5-r1
  2  kde-base/kdegraphics     < 3.3.2-r1                   >= 3.3.2-r1
                                                          *>= 3.2.3-r3
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdegraphics

Note: There is currently no fixed stable 3.3.x version for sparc.

All KOffice users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose app-office/koffice

References

[ 1 ] GLSA 200412-24

http://www.gentoo.org/security/en/glsa/glsa-200412-24.xml

[ 2 ] CAN-2004-1125

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

[ 3 ] KDE Security Advisory: kpdf Buffer Overflow Vulnerability

http://kde.org/info/security/advisory-20041223-1.txt

[ 4 ] KOffice XPDF Integer Overflow 2

http://koffice.kde.org/security/2004_xpdf_integer_overflow_2.php

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Security Digest: January 11, 2005

Debian GNU/Linux

Gentoo Linux

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License