Home Security

Advisories, May 8, 2006

By

May 9, 2006

Debian GNU/Linux

Debian Security Advisory DSA 1052-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 8th, 2006 http://www.debian.org/security/faq

Package : cgiirc
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2148
Debian Bug : 365680

Several buffer overflows have been discovered in cgiirc, a
web-based IRC client, which could be exploited to execute arbitrary
code.

The old stable distribution (woody) does not contain cgiirc
packages.

For the stable distribution (sarge) these problems have been
fixed in version 0.5.4-6sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 0.5.4-6sarge1.

We recommend that you upgrade your cgiirc package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1.dsc

Size/MD5 checksum: 590
daed94ad35a0ac4935086bfd1379c20f
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1.diff.gz

Size/MD5 checksum: 13507
a885a3704d8313920548f156d764dec6
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4.orig.tar.gz

Size/MD5 checksum: 127545
c32ce6514626729ef8cf30cf7bd1a51e

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_alpha.deb

Size/MD5 checksum: 122974
55a573eb356b35cb32b651ca570d76f6

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_amd64.deb

Size/MD5 checksum: 122526
25977ad46ac501c8c81de1347dac8cc9

ARM architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_arm.deb

Size/MD5 checksum: 122004
594434fc3222bd093b4b202e2e9df1ec

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_i386.deb

Size/MD5 checksum: 122082
e5d18578977303524a6d9c92a314b0cf

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_ia64.deb

Size/MD5 checksum: 123546
b91e34892993e4d176d3fa8ff970f123

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_hppa.deb

Size/MD5 checksum: 122868
96f3c61fa95509d03277209d5549a037

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_m68k.deb

Size/MD5 checksum: 121960
e6a1341cee535289a78ef0e2ca33badd

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_mips.deb

Size/MD5 checksum: 123686
ebebe98b959b9985581338ffa5f60857

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_mipsel.deb

Size/MD5 checksum: 123688
0004985ff0018cad8ff54630b4b96e7d

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_powerpc.deb

Size/MD5 checksum: 122502
d2b6b1cbd8d05baebdbd7febd16edc39

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_s390.deb

Size/MD5 checksum: 122504
833f9eb5d35ec6baac52ceec8193422d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_sparc.deb

Size/MD5 checksum: 122060
e611d3c02896f065d3989a3182cd4fd7

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200605-07

http://security.gentoo.org/

Severity: High
Title: Nagios: Buffer overflow
Date: May 07, 2006
Bugs: #132159
ID: 200605-07

Synopsis

Nagios is vulnerable to a buffer overflow which may lead to
remote execution of arbitrary code.

Background

Nagios is an open source host, service and network monitoring
program.

Affected packages

     Package                   /  Vulnerable  /             Unaffected

  1  net-analyzer/nagios-core        < 1.4                      >= 1.4

Description

Sebastian Krahmer of the SuSE security team discovered a buffer
overflow vulnerability in the handling of a negative HTTP
Content-Length header.

Impact

A buffer overflow in Nagios CGI scripts under certain web
servers allows remote attackers to execute arbitrary code via a
negative content length HTTP header.

Workaround

There is no known workaround at this time.

Resolution

All Nagios users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-1.4"

References

[ 1 ] CVE-2006-2162

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-07.xml

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200605-08

http://security.gentoo.org/

Severity: High
Title: PHP: Multiple vulnerabilities
Date: May 08, 2006
Bugs: #127939, #128883, #131135
ID: 200605-08

Synopsis

PHP is affected by multiple issues, including a buffer overflow
in wordwrap() which may lead to execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into
HTML.

Affected packages

     Package       /  Vulnerable  /                         Unaffected



  1  dev-lang/php       < 5.1.4                               >= 5.1.4
                                                          *>= 4.4.2-r2

Description

Several vulnerabilities were discovered on PHP4 and PHP5 by
Infigo, Tonu Samuel and Maksymilian Arciemowicz. These included a
buffer overflow in the wordwrap() function, restriction bypasses in
the copy() and tempname() functions, a cross-site scripting issue
in the phpinfo() function, a potential crash in the
substr_compare() function and a memory leak in the non-binary-safe
html_entity_decode() function.

Impact

Remote attackers might be able to exploit these issues in PHP
applications making use of the affected functions, potentially
resulting in the execution of arbitrary code, Denial of Service,
execution of scripted contents in the context of the affected site,
security bypass or information leak.

Workaround

There is no known workaround at this point.

Resolution

All PHP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.4"

PHP4 users that wish to keep that version line should upgrade to
the latest 4.x version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =dev-lang/php-4.4.2-r2

References

[ 1 ] CVE-2006-0996

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996

[ 2 ] CVE-2006-1490

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490

[ 3 ] CVE-2006-1990

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990

[ 4 ] CVE-2006-1991

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1991

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200605-09

http://security.gentoo.org/

Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: May 08, 2006
Bugs: #130888
ID: 200605-09

Synopsis

Several vulnerabilities in Mozilla Thunderbird allow attacks
ranging from script execution with elevated privileges to
information leaks.

Background

Mozilla Thunderbird is the next-generation mail client from the
Mozilla project.

Affected packages

     Package                  /  Vulnerable  /              Unaffected



  1  mozilla-thunderbird           < 1.0.8                    >= 1.0.8
  2  mozilla-thunderbird-bin       < 1.0.8                    >= 1.0.8
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

Several vulnerabilities were found and fixed in Mozilla
Thunderbird.

Impact

A remote attacker could craft malicious emails that would
leverage these issues to inject and execute arbitrary script code
with elevated privileges, steal local files or other information
from emails, and spoof content. Some of these vulnerabilities might
even be exploited to execute arbitrary code with the rights of the
user running Thunderbird.

Workaround

There are no known workarounds for all the issues at this
time.

Resolution

All Mozilla Thunderbird users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.8"

All Mozilla Thunderbird binary users should upgrade to the
latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.8"

Note: There is no stable fixed version for the ALPHA
architecture yet. Users of Mozilla Thunderbird on ALPHA should
consider unmerging it until such a version is available.

References

[ 1 ] CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

[ 2 ] CVE-2006-0296

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

[ 3 ] CVE-2006-0748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748

[ 4 ] CVE-2006-0749

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749

[ 5 ] CVE-2006-0884

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884

[ 6 ] CVE-2006-1045

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045

[ 7 ] CVE-2006-1727

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727

[ 8 ] CVE-2006-1728

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728

[ 9 ] CVE-2006-1730

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730

[ 10 ] CVE-2006-1731

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731

[ 11 ] CVE-2006-1732

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732

[ 12 ] CVE-2006-1733

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733

[ 13 ] CVE-2006-1734

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734

[ 14 ] CVE-2006-1735

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735

[ 15 ] CVE-2006-1737

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737

[ 16 ] CVE-2006-1738

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738

[ 17 ] CVE-2006-1739

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739

[ 18 ] CVE-2006-1741

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741

[ 19 ] CVE-2006-1742

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742

[ 20 ] CVE-2006-1790

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790

[ 21 ] Mozilla Foundation Security Advisories

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Ubuntu Linux

Ubuntu Security Notice USN-282-1 May 08, 2006
nagios vulnerability
CVE-2006-2162

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

nagios-common

The problem can be corrected by upgrading the affected package
to version 2:1.3-0+pre6ubuntu0.1 (for Ubuntu 5.04), or
2:1.3-cvs.20050402-4ubuntu3.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary
changes.

Details follow:

The nagios CGI scripts did not sufficiently check the validity
of the HTTP Content-Length attribute. By sending a specially
crafted HTTP request with a negative Content-Length value to the
Nagios server, a remote attacker could exploit this to execute
arbitrary code with web server privileges.

Please note that the Apache 2 web server already checks for
valid Content-Length values, so installations using Apache 2 (the
only web server officially supported in Ubuntu) are not vulnerable
to this flaw.

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-0+pre6ubuntu0.1.diff.gz

Size/MD5: 80281
7d71114ea6d8e11edb79133235e94951
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-0+pre6ubuntu0.1.dsc

Size/MD5: 1010
611221f65f55763d607bd18754f5b46e
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3.orig.tar.gz

Size/MD5: 1625322
414d70e5269d5b8d7c21bf3ee129309f

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-common_1.3-0+pre6ubuntu0.1_all.deb

Size/MD5: 1213184
aef209a60989887c5e4828f8c6e5ed22

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-0+pre6ubuntu0.1_amd64.deb

Size/MD5: 994148
caee3765a8cb8826cbfb83b6a80a93aa
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-0+pre6ubuntu0.1_amd64.deb

Size/MD5: 1006218
331626a1400801648faa72261f72bc0f
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-0+pre6ubuntu0.1_amd64.deb

Size/MD5: 975952
83b6c5a302ed299866fa717020c30d68

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-0+pre6ubuntu0.1_i386.deb

Size/MD5: 872306
fcb37a47f0eff94a77d1a1e30205aeec
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-0+pre6ubuntu0.1_i386.deb

Size/MD5: 882042
08b7590825e1d97807445e11859fb487
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-0+pre6ubuntu0.1_i386.deb

Size/MD5: 857596
0feedae7fd082a9b566bdc52c2a69794

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-0+pre6ubuntu0.1_powerpc.deb

Size/MD5: 1002618
f7267c0a908b37119bd1cc75a82f691a
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-0+pre6ubuntu0.1_powerpc.deb

Size/MD5: 1010332
cd4882a8adaf882be52ca06c03a9f009
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-0+pre6ubuntu0.1_powerpc.deb

Size/MD5: 969694
61692fa210eac3be4acc0ec31db859df

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-cvs.20050402-4ubuntu3.1.diff.gz

Size/MD5: 72940
45eb9bb3f5d319ee26e54911766c3329
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-cvs.20050402-4ubuntu3.1.dsc

Size/MD5: 1039
38ccfb2a73283d3407b9fe60533f98ff
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-cvs.20050402.orig.tar.gz

Size/MD5: 1621251
0f92b7b8e705411b7881d3650cbb5d56

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-common_1.3-cvs.20050402-4ubuntu3.1_all.deb

Size/MD5: 1221180
8d5b4df9c227530749020ffb466ff2f2

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-cvs.20050402-4ubuntu3.1_amd64.deb

Size/MD5: 1029868
c8d76916a6910a2cbfe3ff1ba6ac5719
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-4ubuntu3.1_amd64.deb

Size/MD5: 1041510
623c9b4b2e3ab693c9993ede121488a7
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-cvs.20050402-4ubuntu3.1_amd64.deb

Size/MD5: 1025400
d37f7806f75fecda7f4b3d63491e0939

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-cvs.20050402-4ubuntu3.1_i386.deb

Size/MD5: 878928
9ee514d4b91119f3ba6bfc6c1f62fbea
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-4ubuntu3.1_i386.deb

Size/MD5: 887908
f8365be3ee3dd6aa19fbe61e80a51120
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-cvs.20050402-4ubuntu3.1_i386.deb

Size/MD5: 873662
1c9aa6c22a19b705f7a3702b09fe6986

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-cvs.20050402-4ubuntu3.1_powerpc.deb

Size/MD5: 1015848
74ebefb823c39c2b1cd54d3c8bcf80f3
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-4ubuntu3.1_powerpc.deb

Size/MD5: 1024990
7e1a404b27a63d58644e2faa92f20217
http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-cvs.20050402-4ubuntu3.1_powerpc.deb

Size/MD5: 993116
ba19fcb9ba815eb4f47d8c75cebb8ee0

Ubuntu Security Notice USN-283-1 May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mysql-server
mysql-server-4.1

The problem can be corrected by upgrading the affected package
to version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2
(mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3
(mysql-server-4.1 for Ubuntu 5.10). In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Stefano Di Paola discovered an information leak in the login
packet parser. By sending a specially crafted malformed login
packet, a remote attacker could exploit this to read a random piece
of memory, which could potentially reveal sensitive data.
(CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the
parser for the COM_TABLE_DUMP request. (CVE-2006-1517)

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.diff.gz

Size/MD5: 345474
a03d04b6232f33905f239248035f3c38
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.dsc

Size/MD5: 891
f45ff763a72c15171cad1162886f35de
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz

Size/MD5: 9814467
5eec8f66ed48c6ff92e73161651a492b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.3_all.deb

Size/MD5: 32208
366666fa86a1832df41a6371ab247a13

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_amd64.deb