[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 840/06 - OpenPKG - Security Advisories Ruby,dbus, openser, links, w3m



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- ---------------------------------------------------------------------------------------
       UNIRAS (UK Government CERT) Briefing - 840/06 Dated 28.12.06 Time 16:50  

UNIRAS is part of NISCC (the UK National Infrastructure Security  Co-ordination Centre)
---------------------------------------------------------------------------------------
 	UNIRAS material is available from the NISCC website at www.niscc.gov.uk
---------------------------------------------------------------------------------------

Title
=====
OpenPKG Security Advisories
Ruby,dbus, openser, links, w3m

Detail
======
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.040
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.040
Advisory Published:      2006-12-21 10:44 UTC

Issue Id (internal):     OpenPKG-SI-20061221
Issue First Created:     2006-12-21
Issue Last Modified:     2006-12-21
Issue Revision:          05
____________________________________________________________________________

Subject Name:            Ruby
Subject Summary:         Programming Language
Subject Home:            http://www.ruby-lang.org/
Subject Versions:        * < 1.8.5-p2

Vulnerability Id:        CVE-2006-6303
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           denial of service

Description:
    As confirmed by the vendor [0], a Denial of Service (DoS)
    vulnerability exists in the programming language Ruby [1],
    versions before 1.8.5-p2. The "read_multipart" function in the
    Ruby CGI library ("cgi.rb") does not properly detect boundaries
    in MIME "multipart" content, which allows remote attackers to
    cause an infinite loop via specially crafted HTTP requests. Notice
    that this issue is not the same as CVE-2006-5467 (reported in
    OpenPKG-SA-2006.030).

References:
    [0] http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
    [1] http://www.ruby-lang.org/
____________________________________________________________________________

Primary Package Name:    ruby
Primary Package Home:    http://openpkg.org/go/package/ruby

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise       E1.0-SOLID        ruby-1.8.5-E1.0.2
OpenPKG Community        CURRENT           ruby-1.8.5p2-20061204
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP 
public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download 
from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFileEZwQuyWG3rjQRAk38AJ9qLpm6jGFNsihGolInP3cISEUhQACgwOxc
gPjn4lFUDpWQMR+Bly+zkWI=
=dHjJ
- -----END PGP SIGNATURE-----





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.041
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.041
Advisory Published:      2006-12-21 11:19 UTC

Issue Id (internal):     OpenPKG-SI-20061221.02
Issue First Created:     2006-12-21
Issue Last Modified:     2006-12-21
Issue Revision:          02
____________________________________________________________________________

Subject Name:            D-Bus
Subject Summary:         message bus system
Subject Home:            http://www.freedesktop.org/wiki/Software/dbus
Subject Versions:        * < 1.0.2

Vulnerability Id:        CVE-2006-6107
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           local system
Attack Impact:           denial of service

Description:
    Kimmo Hämäläinen found [0] a vendor-confirmed Denial of Service
    (DoS) vulnerability in the D-Bus [1] message bus system, versions
    before 1.0.2. The flaw is in the "match_rule_equal" function in
    "bus/signals.c" and allows local applications to remove match rules
    for other applications and cause a DoS via lost process messages.

References:
    [0] https://bugs.freedesktop.org/show_bug.cgi?id=9142
    [1] http://www.freedesktop.org/wiki/Software/dbus
____________________________________________________________________________

Primary Package Name:    dbus
Primary Package Home:    http://openpkg.org/go/package/dbus

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        2-STABLE-20061018 dbus-1.0.2-2.20061221
OpenPKG Community        2-STABLE          dbus-1.0.2-2.20061221
OpenPKG Community        CURRENT           dbus-1.0.2-20061213
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP 
public key of the OpenPKG GmbH (public key id 61B7AE34) which you can 
download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFil+1ZwQuyWG3rjQRAprBAKChyT+Kf/cmq17O1y6Y0cUzjSlFEACgp+/j
4sOoJB3dAQLFntl9CY/ukk4=
=lzaH
- -----END PGP SIGNATURE-----




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.042
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.042
Advisory Published:      2006-12-26 12:44 UTC

Issue Id (internal):     OpenPKG-SI-20061226.01
Issue First Created:     2006-12-26
Issue Last Modified:     2006-12-26
Issue Revision:          11
____________________________________________________________________________

Subject Name:            OpenSER
Subject Summary:         SIP router
Subject Home:            http://www.openser.org/
Subject Versions:        * <= 1.1.0

Vulnerability Id:        BID:21706
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           local system
Attack Impact:           arbitrary code execution

Description:
    A buffer overflow was discovered [0] in the "parse_expression"
    function of the "permissions" module of the SIP router OpenSER [1],
    versions up to and including 1.1.0. The OpenSER "permissions" module
    is used to determine if a SIP call has appropriate permission to be
    established. The "parse_expression" function is used during parsing
    of the modules local allow/deny configuration files.
    
    The buffer overflow is triggered by parsing a configuration
    line expression consisting of more than 500 characters and
    potentially could lead to the execution of arbitrary code under
    the privileges of the OpenSER process. Successfully exploiting the
    vulnerability requires that the local attacker has write access
    to the configuration files used with the configuration functions
    "allow_routing", "allow_register" and "allow_refer_to".

References:
    [0] http://www.securityfocus.com/archive/1/455097
    [1] http://www.openser.org/
____________________________________________________________________________

Primary Package Name:    openser
Primary Package Home:    http://openpkg.org/go/package/openser

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise       E1.0-SOLID        openser-1.1.0-E1.0.1
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP 
public key of the OpenPKG GmbH (public key id 61B7AE34) which you can 
download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFkQsHZwQuyWG3rjQRApGOAKCVVCW9h1gKay9HA1isBkPhxpgxxACfWJNq
jUBWsY4pWZ+WaOv7IQjnrMQ=
=IyjS
- -----END PGP SIGNATURE-----
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
Project Announcement List                 openpkg-announce@xxxxxxxxxxx



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.043
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.043
Advisory Published:      2006-12-26 13:52 UTC

Issue Id (internal):     OpenPKG-SI-20061226.03
Issue First Created:     2006-12-26
Issue Last Modified:     2006-12-26
Issue Revision:          03
____________________________________________________________________________

Subject Name:            Links
Subject Summary:         Web Browser
Subject Home:            http://links.twibright.com/
Subject Versions:        * < 2.1pre26

Vulnerability Id:        CVE-2006-5925
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           arbitrary code execution

Description:
    Teemu Salmela discovered [0] that the Links [1] character-mode
    web-browser performs insufficient sanitising of URLs based on the
    "smb" scheme, which might lead to the execution of arbitrary shell
    commands. The problem is triggered by the shell meta characters '"'
    and ';' in URLs starting with "smb://" on GET and PUT requests.

References:
    [0] http://marc.theaimsgroup.com/?&m=116355556512780
    [1] http://links.twibright.com/
____________________________________________________________________________

Primary Package Name:    links
Primary Package Home:    http://openpkg.org/go/package/links

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise       E1.0-SOLID        links-2.1pre23-E1.0.1
OpenPKG Community        2-STABLE-20061018 links-2.1pre26-20061222
OpenPKG Community        2-STABLE          links-2.1pre26-20061222
OpenPKG Community        CURRENT           links-2.1pre26-20061130
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP 
public key of the OpenPKG GmbH (public key id 61B7AE34) which you can 
download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFkRstZwQuyWG3rjQRAhcEAKDLyG+aZjAuCIdynhPSyRD+p1q2OgCfZAvl
q/n41WECkhshNQ4FSeQSv9Y=
=MRoK
- -----END PGP SIGNATURE-----
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
Project Announcement List                 openpkg-announce@xxxxxxxxxxx



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.044
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.044
Advisory Published:      2006-12-27 22:47 UTC

Issue Id (internal):     OpenPKG-SI-20061227.01
Issue First Created:     2006-12-27
Issue Last Modified:     2006-12-27
Issue Revision:          05
____________________________________________________________________________

Subject Name:            W3M
Subject Summary:         Web Browser
Subject Home:            http://w3m.sourceforge.net/
Subject Versions:        * <= 0.5.1

Vulnerability Id:        none
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           denial of service

Description:
    A format string bug exists [0] in the textual web browser W3M [0].
    The bug results in a crash of W3M under run-time options "-dump" or
    "-backend" if requesting HTTPS URLs and printf(3) escape sequences
    like "%n%n" occur in the Common Name (CN) of the website X.509
    certificate.

References:
    [0] http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
    [1] http://w3m.sourceforge.net/
____________________________________________________________________________

Primary Package Name:    w3m
Primary Package Home:    http://openpkg.org/go/package/w3m

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise       E1.0-SOLID        w3m-0.5.1-E1.0.1
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP 
public key of the OpenPKG GmbH (public key id 61B7AE34) which you can 
download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFkunlZwQuyWG3rjQRAruIAJ4qzyWLRyREE5/ifuuGBOBlxHZPywCfXQ2W
h1G4gzwoF8urrJtVJek8TnE=
=comE
- -----END PGP SIGNATURE-----
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
Project Announcement List                 openpkg-announce@xxxxxxxxxxx



- ---------------------------------------------------------------------------------------
NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
   (Place an 'X' next to your choice)

	Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
- ---------------------------------------------------------------------------------------

For additional information or assistance, please contact our help desk by telephone.  
You may send Not Protectively Marked information via e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

- ---------------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of OpenPKG for the information contained 

in this briefing.
- ---------------------------------------------------------------------------------------

This notice contains information released by the original author. Some of the 
information may have changed since it was released. If the vulnerability affects you, 
it may be prudent to retrieve the advisory from the site of the original source to 
ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade name, 
trademark manufacturer, or otherwise, does not constitute or imply its endorsement, 
recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors 
expressed within this notice shall not be used for advertising or product endorsement 
purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions 
contained within this briefing notice. In particular, they shall not be liable for 
any loss or damage whatsoever, arising from or in connection with the usage of 
information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has 
contacts with other international Incident Response Teams (IRTs) in order to foster 
cooperation and coordination in incident prevention, to prompt rapid reaction to 
incidents, and to promote information sharing amongst its members and the community at 
large.
- ---------------------------------------------------------------------------------------
<End of UNIRAS Briefing>



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRZP19ml7oeQsXfKvEQJwrwCgrKTiUXFBqIbZKUbOQD/qKC3oIV4An3GL
42jJFinozQv8ls+0hdt4ONPu
=B1f+
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________