[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 442/06 - Three Gentoo Linux Security Advisories:
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
UNIRAS (UK Government CERT) Briefing - 442/06 dated 30.06.06 time 12:00
UNIRAS is part of NISCC (the UK National Infrastructure Security
Co-ordination Centre)
______________________________________________________________________________
UNIRAS material is also available from its website at www.uniras.gov.uk
Information about NISCC is available from www.niscc.gov.uk
______________________________________________________________________________
Title
=====
Three Gentoo Linux Security Advisories:
1. GLSA 200606-27 - Mutt: Buffer overflow
2. GLSA 200606-28 - Horde Web Application Framework: XSS vulnerability
3. GLSA 200606-29 - Tikiwiki: SQL injection and multiple XSS vulnerabilities
Detail
======
1. TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in
the "browse_get_namespace()" function in browse.c, which can be
triggered when receiving an overly long namespace from an IMAP server.
2. Michael Marek discovered that the Horde Web Application Framework
performs insufficient input sanitizing.
3. Tikiwiki fails to properly sanitize user input before processing it,
including in SQL statements.
1.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mutt: Buffer overflow
Date: June 28, 2006
Bugs: #138125
ID: 200606-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Mutt contains a buffer overflow that could result in arbitrary code
execution.
Background
==========
Mutt is a small but very powerful text-based mail client.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/mutt < 1.5.11-r2 >= 1.5.11-r2
Description
===========
TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in
the "browse_get_namespace()" function in browse.c, which can be
triggered when receiving an overly long namespace from an IMAP server.
Impact
======
A malicious IMAP server can send an overly long namespace to Mutt in
order to crash the application, and possibly execute arbitrary code
with the permissions of the user running Mutt.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mutt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.11-r2"
References
==========
[ 1 ] CVE-2006-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-27.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@xxxxxxxxxx or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
2.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Horde Web Application Framework: XSS vulnerability
Date: June 29, 2006
Bugs: #136830
ID: 200606-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The Horde Web Application Framework is vulnerable to a cross-site
scripting vulnerability.
Background
==========
The Horde Web Application Framework is a general-purpose web
application framework written in PHP, providing classes for handling
preferences, compression, browser detection, connection tracking, MIME,
and more.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/horde < 3.1.1-r1 >= 3.1.1-r1
Description
===========
Michael Marek discovered that the Horde Web Application Framework
performs insufficient input sanitizing.
Impact
======
An attacker could exploit these vulnerabilities to execute arbitrary
scripts running in the context of the victim's browser.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All horde users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.1-r1"
References
==========
[ 1 ] CVE-2006-2195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2195
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-28.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@xxxxxxxxxx or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
3.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Tikiwiki: SQL injection and multiple XSS vulnerabilities
Date: June 29, 2006
Bugs: #136723, #134483
ID: 200606-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
An SQL injection vulnerability and multiple XSS vulnerabilities have
been discovered.
Background
==========
Tikiwiki is a web-based groupware and content management system (CMS),
using PHP, ADOdb and Smarty.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/tikiwiki < 1.9.4 >= 1.9.4
Description
===========
Tikiwiki fails to properly sanitize user input before processing it,
including in SQL statements.
Impact
======
An attacker could execute arbitrary SQL statements on the underlying
database, or inject arbitrary scripts into the context of a user's
browser.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Tikiwiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.4"
References
==========
[ 1 ] CVE-2006-3048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3048
[ 2 ] CVE-2006-3047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3047
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-29.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@xxxxxxxxxx or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
______________________________________________________________________________
For additional information or assistance, please contact our help desk
by telephone. You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx
Office hours:
Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 extension 4511
Fax: +44 (0) 870 487 0749
On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts
______________________________________________________________________________
UNIRAS wishes to acknowledge the contributions of Gentoo for the
information contained in this briefing.
______________________________________________________________________________
This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.
Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQCVAwUBRKUDoYpao72zK539AQFE6AP/XZje9FvKWoqDp7YAYOkPopH8ntQ5DOHI
F2xQHksO2zfLYpFOtAXO8GtgzgXkGrZyHqZ2HqYPtNjbjEm8dZ609l0rG/9y/Hv9
acaci25w4kcE/zV+XbVcuMRduMZTS7DN223px2ONLVzYPrBj/PntO1TmPRx8OO7E
SmhOXUHERwM=
=tQXT
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________