Frugalware Security Announcements (FSAs)

• Vulnerable: 1.0.0-1kalgan1
• Unaffected: 1.0.1-1kalgan1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

1. An error in the GSM SMS dissector can be exploited to crash the application.

2. An error in the PANA and KISMET dissectors can be exploited to trigger an application exit.

3. An use-after-free error in the RTMPT dissector can be exploited to crash the application.

• Vulnerable: 2.2.8-1
• Unaffected: 2.2.8-2kalgan1

A vulnerability has been reported in the Apache mod_proxy module, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the “ap_proxy_http_process_response()” function when forwarding interim responses. This can be exploited to consume large amounts of memory by tricking mod_proxy into sending an overly large number of interim responses to the client.

• Vulnerable: 0.60.2-1
• Unaffected: 0.60.6-1kalgan1

A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. potentially bypass authentication. Successful exploitation requires that a MySQL database is used for authentication and that a Non-Latin character set is selected.

• Vulnerable: 1.4.0.90-5
• Unaffected: 1.4.0.90-6kalgan2

Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.

1. An integer overflow error when calculating the size of the glyph exists in the “AllocateGlyph()” function within the Render extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted request.
2. An integer overflow error when calculating the size of the glyph in the “ProcRenderCreateCursor()” function within the Render extension can be exploited to crash the X server via a specially crafted request.
3. An integer overflow error exists in the Render extension when parsing client requests for the “SProcRenderCreateLinearGradient”, “SProcRenderCreateRadialGradient”, or “SProcRenderCreateConicalGradient” functions and can be exploited to corrupt heap memory.
4. Multiple input validation errors in the “SProcSecurityGenerateAuthorization()”, “SProcRecordCreateContext()”, and “SProcRecordRegisterClients()” functions within the Record and Security extensions can be exploited to corrupt heap memory via specially crafted requests. Successful exploitation of vulnerabilities #1, #3, and #4 may allow execution of arbitrary code with privileges of the X server (typically root).
5. An integer overflow error when processing parameters to the “ShmPutImage()” request can be exploited to disclose arbitrary memory of the X server process.

• Bug Tracker URL: http://bugs.frugalware.org/task/3175

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362

• Vulnerable: 0.16-1
• Unaffected: 0.16-2kalgan1

A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash an application using the library. The vulnerability is caused due to a floating point exception within the pretty printing functionality when processing certain Nicon camera lens information. This can be exploited to crash an application linked against the Exiv2 library when a image containing specially-crafted metadata is processed.

• Bug Tracker URL: http://bugs.frugalware.org/task/3135

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696

• Vulnerable: 1.1-1kalgan1
• Unaffected: 1.1.1-1kalgan1

Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

1. Input passed to item names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials.
2. Input passed to contact views is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials.
3. Input passed to unspecified input is not properly sanitised before being returned to the user in the add event screen. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in contact of an affected site.

• Bug Tracker URL: http://bugs.frugalware.org/task/3167

CVEs:

• There is no CVE for this issue, see http://lists.horde.org/archives/announce/2008/000420.html.

• Vulnerable: 5.4.1-4kalgan1
• Unaffected: 5.4.1-4kalgan2

A vulnerability has been reported in Net-SNMP, which can be exploited by malicious people to spoof authenticated SNMPv3 packets. The vulnerability is caused due to an error within the verification of the HMAC digest. This can be exploited to increase the chance of successfully spoofing a packet to 1 in 256 by sending a specially crafted SNMPv3 packet with an incomplete 1 byte HMAC digest. Successful exploitation requires a valid username.

• Vulnerable: 2.6.24-4kalgan2
• Unaffected: 2.6.24-4kalgan3

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error within the ASN.1 BER decoder of the cifs and ip_nat_snmp_basic modules when calculating the buffer size. This can be exploited to cause a crash or potentially execute arbitrary code by sending specially crafted BER encoded data to a vulnerable system.

• Vulnerable: 1.4.4-1
• Unaffected: 1.4.7-1kalgan1

A vulnerability has been reported in Asterisk Addons, which can be exploited by malicious people to cause a DoS (Denial of Service). The problem is that the “ooh323” channel driver extracts memory addresses from incoming TCP packets and uses them in memory operations. This can be exploited to crash an affected application by sending a TCP packet containing invalid memory references.

• Bug Tracker URL: http://bugs.frugalware.org/task/3136

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2543

• Vulnerable: 1.0.1-1
• Unaffected: 1.0.1-2kalgan1

A security issue has been reported in aterm, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.

• Bug Tracker URL: http://bugs.frugalware.org/task/3088

CVEs:

• There is no CVE for this issue.