Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 1.1.1-1
• Unaffected: 1.1.2-1terminus1

Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user’s system.

1. Errors in the JavaScript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
2. An error in the “addEventListener” method can be exploited to inject script into another site, circumventing the browser’s same-origin policy. This could be used to access or modify sensitive information from the other site.
3. An error in the handling of XUL popups can be exploited to spoof parts of the browser such as the location bar.

• Bug Tracker URL: http://bugs.frugalware.org/task/2123

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871

• Author: voroskoi
• Vulnerable: 8.4.14-1
• Unaffected: 8.4.15-1terminus1

Martin Lemburg has reported a security issue in Tcl, which potentially can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to a boundary error within tcl/win/tclWinReg.c when processing overly long registry key names. This can be exploited to cause a buffer overflow by e.g. creating a malicious registry key and enticing another user to query it with an application using Tcl.

• Author: voroskoi
• Vulnerable: 1.5.0.10-1
• Unaffected: 1.5.0.12-1terminus1

A vulnerability has been reported in Mozilla Thunderbird, which can potentially be exploited by malicious people to compromise a user’s system. Errors in the JavaScript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/2124

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868

• Author: voroskoi
• Vulnerable: 0.1.1.26-3terminus1
• Unaffected: 0.1.2.14-1terminus1

lodger has reported a weakness in Tor, which potentially can be exploited by malicious people to expose sensitive information. When building a circuit, Tor checks if an entry guard is exactly the same as an exit guard, but fails to check if they are also part of the same family. This may weaken the Tor security concept and could make it easier to launch certain attacks.

• Author: voroskoi
• Vulnerable: 2.2.38_1-2
• Unaffected: 2.2.45_1-1terminus1

Paul Martin has reported a security issue in xfsdump, which can be exploited by malicious, local users to disclose potentially sensitive information or manipulate data. The security issue is caused due to xfs_fsr creating a temporary directory with insecure permissions within the function “tmp_init()” in fsr/xfs_fsr.c. This can be exploited to read or overwrite files created in this directory or subdirectories, potentially allowing for the disclosure of sensitive information or data manipulation.

• Author: voroskoi
• Vulnerable: 2.3.4-1terminus1
• Unaffected: 2.3.4-1terminus2

Victor Stinner has reported a vulnerability in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to an error when parsing malformed TTF fonts in src/truetype/ttgload.c and may be exploited when processing a specially crafted TTF font.

• Bug Tracker URL: http://bugs.frugalware.org/task/2073

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754

• Author: voroskoi
• Vulnerable: 5.5.3_34685-1
• Unaffected: 5.5.4_44386-1terminus1

Some vulnerabilities have been reported in various VMware products, which can be exploited by malicious users to cause a DoS (Denial of Service) or bypass certain security restrictions.

1. An error exists within the ACPI implementation of the virtual machine process (VMX) when collecting information about running states of virtual machines, which can be exploited to cause the process to read from invalid memory locations.
2. An error within the saving of configuration data in VMDB files can be exploited to store malformed configuration data and cause a DoS on guest operating systems.
3. An error within the handling of general protection faults (GPFs) in Windows guest operating systems can be exploited to crash Windows virtual machines.
4. Errors when debugging applications in a 64-bit Windows guest operating system on a 64-bit host system can be exploited to e.g. cause corrupted stack pointers or kernel bugchecks.
5. A design error within the “Shared Folders” feature can be exploited in a guest system to read and write arbitrary files on a host system. Successful exploitation requires that at least one folder is shared. In order to write to host files, the “read only” option of the shared folder has to be disabled. ESX server is reportedly not affected as it does not use the “Shared Folders” feature.

• Bug Tracker URL: http://bugs.frugalware.org/task/2009

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1069
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1337
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1744
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1876
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1877

• Author: voroskoi
• Vulnerable: 2.10-4
• Unaffected: 2.10-5terminus1

It’s possible to make the ZOO implementation to enter in an infinite loop condition. The vulnerability lies in the algorithm used to locate the files inside the archive. Each file in a ZOO archive is identified by a direntry structure. Those structures are linked between themselves with a ’next’ pointer. This pointer is in fact an offset from the beginning of the file, representing the next direntry structure. By specifying an already processed file, it’s possible to process more than one time this same file. The ZOO parser will then enter an infinite loop condition.

• Author: voroskoi
• Vulnerable: 1.900.1-1
• Unaffected: 1.900.1-2terminus1

A vulnerability has been reported in JasPer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the “jpc_qcx_getcompparms” function when processing JP2 files and can be exploited to crash an application using the library.

• Bug Tracker URL: http://bugs.frugalware.org/task/2066

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721

• Author: voroskoi
• Vulnerable: 0.9.3-1terminus1
• Unaffected: 0.9.3.1-1terminus1

Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).

1. A division by zero error exists within the function “ath_beacon_config()”. This can be exploited to cause a crash by sending a packet with a zero beacon interval to a vulnerable system.
2. An input sanitation error exists within the IO control “ieee80211_ioctl_getwmmparams”. This can be exploited to crash the kernel by calling the IO control with a negative index parameter. This may also allow certain parts of the memory to be disclosed.
3. An input sanitation error exist within the packet parser when parsing nested 802.3 Ethernet frame lengths. This can be exploited to cause a NULL pointer dereference by sending a specially crafted fast frame packet to a vulnerable system.

• Bug Tracker URL: http://bugs.frugalware.org/task/2078

CVEs:

• There is no CVE for these issues