Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 1.3.0-3siwenna1
• Unaffected: 1.3.0-4siwenna1

Evgeny Legerov has reported a vulnerability in the mod_tls module for ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “tls_x509_name_oneline()” function in contrib/mod_tls.c. This can be exploited to cause a buffer overflow by sending specially crafted data to a server. Successful exploitation may allow execution of arbitrary code, but requires that ProFTPD uses the mod_tls module.

• Author: voroskoi
• Vulnerable: 1.14.1-3
• Unaffected: 1.14.1-4siwenna1

A vulnerability has been reported in libgsf, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the “ole_info_read_metabat()” function in gsf/gsf-infile-msole.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted file in an application using the library.

• Author: voroskoi
• Vulnerable: 1.15.1-4
• Unaffected: 1.15.1-5siwenna1

Teemu Salmela has reported a security issue in GNU tar, which can be exploited by malicious people to overwrite arbitrary files. The security issue is caused due to the “extract_archive()” function in extract.c and the “extract_mangle()” function in mangle.c still processing the deprecated “GNUTYPE_NAMES” record type containing symbolic links. This can be exploited to overwrite arbitrary files by e.g. tricking a user into unpacking a specially crafted tar file.

• Author: voroskoi
• Vulnerable: 1.9.2-1
• Unaffected: 1.9.3-1siwenna1

A security issue has been reported in Kile, which can be exploited by malicious, local users to gain knowledge of certain information. The security issue is caused due to backup files being created with default permissions even when the original file had more restrictive permissions set. This can potentially disclose the contents of files edited by other users.

• Bug Tracker URL: http://bugs.frugalware.org/task/1493

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6085

• Author: voroskoi
• Vulnerable: 1.3.0-2siwenna1
• Unaffected: 1.3.0-3siwenna1

Evgeny Legerov has reported a vulnerability in ProFTPD, which potentially can be exploited by malicious user’s to compromise a vulnerable system. The vulnerability is caused due to an off-by-one error within the “sreplace()” function in src/support.c. This can be exploited to cause a buffer overflow by e.g. uploading a malicious “.message” file or sending specially crafted commands to the server. Successful exploitation may allow execution of arbitrary code.

• Author: voroskoi
• Vulnerable: 2.5.17-1
• Unaffected: 2.5.17-2siwenna1

Tavis Ormandy has reported a security issue in FVWM, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to an input validation error in the “evalFolderLine()” function. This can be exploited to execute arbitrary commands by tricking a user into using the “fvwm-menu-directory” command on a specially crafted directory.

• Bug Tracker URL: http://bugs.frugalware.org/task/1485

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5969

• Author: voroskoi
• Vulnerable: 1.3.0-1
• Unaffected: 1.3.0-2siwenna1

A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the “cmd_loop()” function in main.c when the “CommandBufferSize” option is enabled.

• Bug Tracker URL: http://bugs.frugalware.org/task/1484

CVEs:

• There is no CVE for this issue, see: http://secunia.com/advisories/22821

• Author: voroskoi
• Vulnerable: 0.11.1-5
• Unaffected: 0.11.1-6siwenna1

Teemu Salmela has discovered a vulnerability in ELinks, which can be exploited by malicious people to expose sensitive information and manipulate data. The vulnerability is caused due to an error in the validation of “smb://” URLs when ELinks runs smbclient commands. This can be exploited to download and overwrite local files or upload local files to a SMB share by injecting smbclient commands in the “smb://” URL. Successful exploitation allows exposure of sensitive information or manipulation of data, but requires that the user visits a malicious “smb://” URL or gets redirected to such an URL by a malicious URL, and that the user has the smbclient program installed.

• Author: voroskoi
• Vulnerable: 3.6.1-3
• Unaffected: 3.6.1-4siwenna1

Renaud Lifchitz has reported a vulnerability in GNU gv, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “ps_gettext()” function in ps.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PostScript file.

• Bug Tracker URL: http://bugs.frugalware.org/task/1462

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

• Author: voroskoi
• Vulnerable: 4.4.2-4
• Unaffected: 4.4.2-5siwenna1

A vulnerability has been reported in RPM, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing certain RPM packages. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into querying a specially crafted RPM package.

• Bug Tracker URL: http://bugs.frugalware.org/task/1426

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466