Debian GNU/Linux
Debian Security Advisory DSA-1199-1 [email protected]
http://www.debian.org/security/
Noah Meyerhans
October 23, 2006
Package : webmin
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2005-3912 CVE-2006-3392 CVE-2006-4542
BugTraq ID : 15629 18744 19820
Debian Bug : 341394 381537 391284
Several vulnerabilities have been identified in webmin, a
web-based administration toolkit.
CVE-2005-3912
A format string vulnerability in miniserv.pl could allow an
attacker to cause a denial of service by crashing the application
or exhausting system resources, and could potentially allow
arbitrary code execution.
CVE-2006-3392
Improper input sanitization in miniserv.pl could allow an
attacker to read arbitrary files on the webmin host by providing a
specially crafted URL path to the miniserv http server.
CVE-2006-4542
Improper handling of null characters in URLs in miniserv.pl
could allow an attacker to conduct cross-site scripting attacks,
read CGI program source code, list local directories, and
potentially execute arbirary code.
For the stable distribution (sarge), these problems have been
fixed in version 1.180-3sarge1
Webmin is not included in unstable (sid) or testing (etch), so
these problems are not present.
We recommend that you upgrade your webmin (1.180-3sarge1)
package.
Upgrade instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (stable)
Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1.dsc
Size/MD5 checksum: 703
5e723deaccb3db60794e0cb385666992
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180.orig.tar.gz
Size/MD5 checksum: 2261496
ff19d5500955302455e517cb2942c9d0
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1.diff.gz
Size/MD5 checksum: 31458
f8fe363e7ccd8fe4072d84cd86a3510e
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_1.180-3sarge1_all.deb
Size/MD5 checksum: 1121200
8fa7064325ded44e7f8dbd226b81d9dd
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1_all.deb
Size/MD5 checksum: 1097552
34d96210d581dde8ffea7be82e0897f4
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200610-10
Severity: High
Title: ClamAV: Multiple Vulnerabilities
Date: October 24, 2006
Bugs: #151561
ID: 200610-10
Synopsis
ClamAV is vulnerable to a heap-based buffer overflow potentially
allowing remote execution of arbitrary code and a Denial of
Service.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package / Vulnerable / Unaffected
1 app-antivirus/clamav < 0.88.5 >= 0.88.5
Description
Damian Put and an anonymous researcher reported a potential
heap-based buffer overflow vulnerability in rebuildpe.c responsible
for the rebuilding of an unpacked PE file, and a possible crash in
chmunpack.c in the CHM unpacker.
Impact
By sending a malicious attachment to a mail server running
ClamAV, or providing a malicious file to ClamAV through any other
method, a remote attacker could cause a Denial of Service and
potentially the execution of arbitrary code with the permissions of
the user running ClamAV.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.5"
References
[ 1 ] Original commit log
http://sourceforge.net/project/shownotes.php?release_id=455799
[ 2 ] CVE-2006-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-10.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200610-11
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 24, 2006
Bugs: #145510
ID: 200610-11
Synopsis
OpenSSL contains multiple vulnerabilities including the possible
remote execution of arbitrary code.
Background
OpenSSL is a toolkit implementing the Secure Sockets Layer,
Transport Layer Security protocols and a general-purpose
cryptography library.
Affected packages
Package / Vulnerable / Unaffected
1 dev-libs/openssl < 0.9.8d >= 0.9.8d
*>= 0.9.7l
Description
Tavis Ormandy and Will Drewry, both of the Google Security Team,
discovered that the SSL_get_shared_ciphers() function contains a
buffer overflow vulnerability, and that the SSLv2 client code
contains a flaw leading to a crash. Additionally Dr. Stephen N.
Henson found that the ASN.1 handler contains two Denial of Service
vulnerabilities: while parsing an invalid ASN.1 structure and while
handling certain types of public key.
Impact
An attacker could trigger the buffer overflow vulnerability by
sending a malicious suite of ciphers to an application using the
vulnerable function, and thus execute arbitrary code with the
rights of the user running the application. An attacker could also
consume CPU and/or memory by exploiting the Denial of Service
vulnerabilities. Finally a malicious server could crash a SSLv2
client through the SSLv2 vulnerability.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL 0.9.8 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
All OpenSSL 0.9.7 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
References
[ 1 ] CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[ 2 ] CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[ 3 ] CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[ 4 ] CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200610-12
Severity: High
Title: Apache mod_tcl: Format string vulnerability
Date: October 24, 2006
Bugs: #151359
ID: 200610-12
Synopsis
A format string vulnerabilty has been found in Apache mod_tcl,
which could lead to the remote execution of arbitrary code.
Background
Apache mod_tcl is a TCL interpreting module for the Apache 2.x
web server.
Affected packages
Package / Vulnerable / Unaffected
1 www-apache/mod_tcl < 1.0.1 >= 1.0.1
Description
Sparfell discovered format string errors in calls to the set_var
function in tcl_cmds.c and tcl_core.c.
Impact
A remote attacker could exploit the vulnerability to execute
arbitrary code with the rights of the user running the Apache
server.
Workaround
There is no known workaround at this time.
Resolution
All mod_tcl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_tcl-1.0.1"
References
[ 1 ] CVE-2006-4154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4154
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.