---

Advisories, October 24, 2006

Debian GNU/Linux


Debian Security Advisory DSA-1199-1 security@debian.org
http://www.debian.org/security/
Noah Meyerhans
October 23, 2006


Package : webmin
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2005-3912 CVE-2006-3392 CVE-2006-4542
BugTraq ID : 15629 18744 19820
Debian Bug : 341394 381537 391284

Several vulnerabilities have been identified in webmin, a
web-based administration toolkit.

CVE-2005-3912

A format string vulnerability in miniserv.pl could allow an
attacker to cause a denial of service by crashing the application
or exhausting system resources, and could potentially allow
arbitrary code execution.

CVE-2006-3392

Improper input sanitization in miniserv.pl could allow an
attacker to read arbitrary files on the webmin host by providing a
specially crafted URL path to the miniserv http server.

CVE-2006-4542

Improper handling of null characters in URLs in miniserv.pl
could allow an attacker to conduct cross-site scripting attacks,
read CGI program source code, list local directories, and
potentially execute arbirary code.

For the stable distribution (sarge), these problems have been
fixed in version 1.180-3sarge1

Webmin is not included in unstable (sid) or testing (etch), so
these problems are not present.

We recommend that you upgrade your webmin (1.180-3sarge1)
package.

Upgrade instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)


Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1.dsc

    Size/MD5 checksum: 703
5e723deaccb3db60794e0cb385666992
  http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180.orig.tar.gz

    Size/MD5 checksum: 2261496
ff19d5500955302455e517cb2942c9d0
  http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1.diff.gz

    Size/MD5 checksum: 31458
f8fe363e7ccd8fe4072d84cd86a3510e

Architecture independent packages:

  http://security.debian.org/pool/updates/main/w/webmin/webmin-core_1.180-3sarge1_all.deb

    Size/MD5 checksum: 1121200
8fa7064325ded44e7f8dbd226b81d9dd
  http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1_all.deb

    Size/MD5 checksum: 1097552
34d96210d581dde8ffea7be82e0897f4

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200610-10


http://security.gentoo.org/


Severity: High
Title: ClamAV: Multiple Vulnerabilities
Date: October 24, 2006
Bugs: #151561
ID: 200610-10


Synopsis

ClamAV is vulnerable to a heap-based buffer overflow potentially
allowing remote execution of arbitrary code and a Denial of
Service.

Background

ClamAV is a GPL virus scanner.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  app-antivirus/clamav      < 0.88.5                      >= 0.88.5

Description

Damian Put and an anonymous researcher reported a potential
heap-based buffer overflow vulnerability in rebuildpe.c responsible
for the rebuilding of an unpacked PE file, and a possible crash in
chmunpack.c in the CHM unpacker.

Impact

By sending a malicious attachment to a mail server running
ClamAV, or providing a malicious file to ClamAV through any other
method, a remote attacker could cause a Denial of Service and
potentially the execution of arbitrary code with the permissions of
the user running ClamAV.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.5"

References

[ 1 ] Original commit log

http://sourceforge.net/project/shownotes.php?release_id=455799

[ 2 ] CVE-2006-4182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200610-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200610-11


http://security.gentoo.org/


Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 24, 2006
Bugs: #145510
ID: 200610-11


Synopsis

OpenSSL contains multiple vulnerabilities including the possible
remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer,
Transport Layer Security protocols and a general-purpose
cryptography library.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  dev-libs/openssl      < 0.9.8d                          >= 0.9.8d
                                                            *>= 0.9.7l

Description

Tavis Ormandy and Will Drewry, both of the Google Security Team,
discovered that the SSL_get_shared_ciphers() function contains a
buffer overflow vulnerability, and that the SSLv2 client code
contains a flaw leading to a crash. Additionally Dr. Stephen N.
Henson found that the ASN.1 handler contains two Denial of Service
vulnerabilities: while parsing an invalid ASN.1 structure and while
handling certain types of public key.

Impact

An attacker could trigger the buffer overflow vulnerability by
sending a malicious suite of ciphers to an application using the
vulnerable function, and thus execute arbitrary code with the
rights of the user running the application. An attacker could also
consume CPU and/or memory by exploiting the Denial of Service
vulnerabilities. Finally a malicious server could crash a SSLv2
client through the SSLv2 vulnerability.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937

[ 2 ] CVE-2006-2940

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940

[ 3 ] CVE-2006-3738

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

[ 4 ] CVE-2006-4343

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200610-12


http://security.gentoo.org/


Severity: High
Title: Apache mod_tcl: Format string vulnerability
Date: October 24, 2006
Bugs: #151359
ID: 200610-12


Synopsis

A format string vulnerabilty has been found in Apache mod_tcl,
which could lead to the remote execution of arbitrary code.

Background

Apache mod_tcl is a TCL interpreting module for the Apache 2.x
web server.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  www-apache/mod_tcl       < 1.0.1                         >= 1.0.1

Description

Sparfell discovered format string errors in calls to the set_var
function in tcl_cmds.c and tcl_core.c.

Impact

A remote attacker could exploit the vulnerability to execute
arbitrary code with the rights of the user running the Apache
server.

Workaround

There is no known workaround at this time.

Resolution

All mod_tcl users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apache/mod_tcl-1.0.1"

References

[ 1 ] CVE-2006-4154

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4154

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200610-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis