Frugalware Security Announcements (FSAs)

• Author: vmiklos
• Vulnerable: 1.0.13-2sayshell1
• Unaffected: 1.0.15-1sayshell1

Hendrik-Jan Verheij has discovered a vulnerability in Joomla!, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “mosConfig_absolute_path” parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from external resources. Successful exploitation requires that RG_EMULATION is either switched on or undefined. NOTE: Both situations cause security warnings to be displayed in Joomla!’s administration section.

• Author: vmiklos
• Vulnerable: 3.5.7-3
• Unaffected: 3.5.7-4sayshell1

A weakness has been reported in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The weakness is caused due to an error in KDM when processing certain files, which can be exploited to cause KDM to e.g. consume large amounts of memory or prevent users from logging in.

• Bug Tracker URL: http://bugs.frugalware.org/task/2681

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5963

• Author: vmiklos
• Vulnerable: 1.4.18-1
• Unaffected: 1.4.18-2sayshell1

A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a calculation error when allocating the global file descriptor array and can be exploited to crash an affected server.

• Bug Tracker URL: http://bugs.frugalware.org/task/2804

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983

• Author: vmiklos
• Vulnerable: 9.25-1sayshell1
• Unaffected: 9.26-1sayshell1

Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, or to bypass certain security restrictions.

1. A security issue is caused due to a design error when handling input to file form fields, which can potentially be exploited to trick a user into uploading arbitrary files.
2. An error within the handling of custom comments in image properties can be exploited to execute arbitrary script code in the wrong security context when comments of a malicious image are displayed.
3. An error in the handling of attribute values when importing XML into a document can be exploited to bypass filters and conduct cross-site scripting attacks if these values are used as document content.

• Bug Tracker URL: http://bugs.frugalware.org/task/2805

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082

• Author: vmiklos
• Vulnerable: 7.4-1
• Unaffected: 7.6-1sayshell1

A vulnerability has been reported in PCRE, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. The vulnerability is caused due to a boundary error when processing character classes and can be exploited to cause a buffer overflow via an overly long character class with codepoints greater than 255.

• Bug Tracker URL: http://bugs.frugalware.org/task/2785

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674

• Author: vmiklos
• Vulnerable: 2.11.2.2-1sayshell1
• Unaffected: 2.11.5-1sayshell1

A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the application obtaining parameters via the “$_REQUEST” variable, and using them without proper sanitation in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code via a malicious cookie. Successful exploitation requires that a phpMyAdmin user is tricked into visiting a malicious website.

• Author: vmiklos
• Vulnerable: 0.12-5
• Unaffected: 0.12-6sayshell1

A vulnerability has been reported in Rasterbar Software libtorrent, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the “bdecode_recursive()” function in include/libtorrent/bencode.hpp when processing certain bencoded data. This can be exploited to cause a stack overflow and crash an application using the library by sending specially crafted bencoded messages.

• Author: vmiklos
• Vulnerable: 2.0.0.9-1terminus1
• Unaffected: 2.0.0.12-1sayshell1

Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially to compromise a user’s system. For more information, see FSA374.

• Bug Tracker URL: http://bugs.frugalware.org/task/2775

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419

• Author: vmiklos
• Vulnerable: 0.8.6-8sayshell1
• Unaffected: 0.8.6-8sayshell2

A vulnerability has been reported in VLC Media Player, which can potentially be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the MP4 demuxer (modules/demux/mp4/mp4.c). This can be exploited to overwrite an almost arbitrary memory address via a specially crafted MPEG-4 file. Successful exploitation may allow execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/2819

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984

• Author: vmiklos
• Vulnerable: 0.99.7-1terminus1
• Unaffected: 0.99.8-1sayshell1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors in the SCTP, SNMP, and TFTP dissectors. These can be exploited to cause the application to crash or consume large amounts of memory when processing specially crafted packets that are either captured off the wire or loaded via a capture file.