[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 145/04 - Five Gentoo Security Advisories
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 145/04 dated 30.03.04 Time: 10:50
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Five Gentoo Security Advisories:
1. UUDeview MIME Buffer Overflow.
2. Multiple remote buffer overflow vulnerabilities in Courier.
3. Multiple remote overflows and vulnerabilities in Ethereal.
4. oftpd DoS vulnerability.
5. Buffer overflow in Midnight Commander.
Detail
======
1. By decoding a MIME archive with excessively long strings for various parameters,
it is possible to crash UUDeview, or cause it to execute arbitrary code.
2. Remote buffer overflow vulnerabilites have been found in Courier-IMAP and Courier
MTA. These exploits may allow the execution of abritrary code, allowing unauthorized
access to a vulnerable system.
3. Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker
to crash the program or run arbitrary code.
4. A remotely-exploitable overflow exists in oftpd, allowing an attacker to crash the
oftpd daemon.
5. A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code
to be run on a user's computer
1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ Severity: Normal
~ Title: UUDeview MIME Buffer Overflow
~ Date: March 26, 2004
~ Bugs: #44859
~ ID: 200403-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) may cause UUDeview to crash or execute arbitrary code.
Background
==========
UUDeview is a program which is used to transmit binary files over the Internet in a text-only format. It is commonly used for email and Usenet attachments. It supports multiple encoding formats, including Base64, BinHex and UUEncoding.
Description
===========
By decoding a MIME archive with excessively long strings for various parameters, it is possible to crash UUDeview, or cause it to execute arbitrary code.
This vulnerability was originally reported by iDEFENSE as part of a WinZip advisory [ Reference: 1 ].
Impact
======
An attacker could create a specially-crafted MIME file and send it via email. When recipient decodes the file, UUDeview may execute arbitrary code which is embedded in the MIME file, thus granting the attacker access to the recipient's account.
Workaround
==========
All users should upgrade to UUDeview 0.5.20:
~ # emerge sync
~ # emerge -pv ">=app-text/uudeview-0.5.20"
~ # emerge ">=app-text/uudeview-0.5.20"
References
==========
~ [ 1 ] http://www.idefense.com/application/poi/display?id=76
~ [ 2 ] http://www.securityfocus.com/bid/9758
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.
2. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple remote buffer overflow vulnerabilities in Courier
Date: March 26, 2004
Bugs: #45584
ID: 200403-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Remote buffer overflow vulnerabilites have been found in Courier-IMAP and Courier MTA. These exploits may allow the execution of abritrary code, allowing unauthorized access to a vulnerable system.
Background
==========
Courier MTA is a multiprotocol mail server suite that provides webmail, mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server that gives IMAP access to local mailboxes.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
net-mail/courier-imap < 3.0.0 >= 3.0.0
net-mail/courier < 0.45 >= 0.45
Description
===========
The vulnerabilities have been found in the 'SHIFT_JIS' converter in 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may supply Unicode characters that exceed BMP (Basic Multilingual Plane) range, causing an overflow.
Impact
======
An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access.
Workaround
==========
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected packages.
Resolution
==========
All users should upgrade to the current version of the affected
packages:
# emerge sync
# emerge -pv ">=net-mail/courier-imap-3.0.0"
# emerge ">=net-mail/courier-imap-3.0.0"
# ** Or; depending on your installation... **
# emerge -pv ">=net-mail/courier-0.45"
# emerge ">=net-mail/courier-0.45"
References
==========
[ 1 ] http://www.securityfocus.com/bid/9845
[ 2 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.
3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple remote overflows and vulnerabilities in Ethereal
Date: March 28, 2004
Bugs: #45543
ID: 200403-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker to crash the program or run arbitrary code.
Background
==========
Quote from http://www.ethereal.com
"Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows."
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
net-analyzer/ethereal <= 0.10.2 >= 0.10.3
Description
===========
There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:
* Thirteen buffer overflows in the following protocol dissectors:
NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.
* A zero-length Presentation protocol selector could make Ethereal
crash.
* A vulnerability in the RADIUS packet dissector which may crash
ethereal.
* A corrupt color filter file could cause a segmentation fault.
Impact
======
These vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user's computer.
Workaround
==========
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.
Resolution
==========
All users should upgrade to the current version of the affected
package:
# emerge sync
# emerge -pv ">=net-analyzer/ethereal-0.10.3"
# emerge ">=net-analyzer/ethereal-0.10.3"
References
==========
[ 1 ] http://www.ethereal.com/appnotes/enpa-sa-00013.html
[ 2 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
[ 3 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
[ 4 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.
4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: oftpd DoS vulnerability
Date: March 29, 2004
Bugs: #45738
ID: 200403-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A remotely-exploitable overflow exists in oftpd, allowing an attacker to crash the oftpd daemon.
Background
==========
Quote from http://www.time-travellers.org/oftpd/
"oftpd is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot() command to hide most of the systems directories from external users - they cannot change into them even if the server is totally compromised! It contains its own directory change code, so that it can run efficiently as a threaded server, and its own directory listing code (most FTP servers execute the system "ls" command to list files)."
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
net-ftp/oftpd <= 0.3.6 >= 0.3.7
Description
===========
Issuing a port command with a number higher than 255 causes the server to crash. The port command may be issued before any authentication takes place, meaning the attacker does not need to know a valid username and password in order to exploit this vulnerability.
Impact
======
This exploit causes a denial of service.
Workaround
==========
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.
Resolution
==========
All users should upgrade to the current version of the affected
package:
# emerge sync
# emerge -pv ">=net-ftp/oftpd-0.3.7"
# emerge ">=net-ftp/oftpd-0.3.7"
References
==========
[ 1 ] http://www.time-travellers.org/oftpd/oftpd-dos.html
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Buffer overflow in Midnight Commander
Date: March 29, 2004
Bugs: #45957
ID: 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code to be run on a user's computer
Background
==========
Midnight Commander is a visual file manager.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
app-misc/mc <= 4.6.0-r4 >= 4.6.0-r5
Description
===========
A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem.
Impact
======
This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process.
Workaround
==========
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.
Resolution
==========
All users should upgrade to the current version of the affected
package:
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"
References
==========
[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Gentoo for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBQGlC7Ipao72zK539AQElvAQAsFjGh+VF5cI4PrFdhbof4tBss8C2+29k
lreIbuptBrgYllfCG3lsnM37GO1FoPdr4D+70mHfBDpyy42CNc5ntkvLvwWOQYEA
JACQN8TpLXaZV+15/nsm5/mk1cQvXL9b/iBTkFcFHtgkwYKnffJr5vSZlXZ+kZ/9
muNcCidAGuk=
=RcNy
-----END PGP SIGNATURE-----