Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2005 > Multiple Gentoo Security Advisories

April 2005

Multiple Gentoo Security Advisories

ID: 00353
Ref: 327/2005
Date: 27 April 2005:15:34:44
Version: 1
Title: Multiple Gentoo Security Advisories
Abstract: Description of vulnerabilities concerning KDE kimgio, Kommander, Rootkit Hunter, Convert-UUlib and xine-lib
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KDE kimgio: PCX handling buffer overflow
Date: April 22, 2005
Bugs: #88862
ID: 200504-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KDE fails to properly validate input when handling PCX images,
potentially resulting in the execution of arbitrary code.

Background
==========

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. kimgio is the KDE image handler provided
by kdelibs.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdelibs < 3.3.2-r8 *>= 3.2.3-r9
>= 3.3.2-r8

Description
===========

kimgio fails to properly validate input when handling PCX files.

Impact
======

By enticing a user to load a specially-crafted PCX image in a KDE
application, an attacker could execute arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs

References
==========

[ 1 ] CAN-2005-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
[ 2 ] KDE Security Advisory: kimgio input validation errors
http://www.kde.org/info/security/advisory-20050421-1.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-22.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

**************************************************************************

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Kommander: Insecure remote script execution
Date: April 22, 2005
Bugs: #89092
ID: 200504-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Kommander executes remote scripts without confirmation, potentially
resulting in the execution of arbitrary code.

Background
==========

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. Kommander is a visual dialog editor and
interpreter for KDE applications, part of the kdewebdev package.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdewebdev < 3.3.2-r1 >= 3.3.2-r1

Description
===========

Kommander executes data files from possibly untrusted locations without
user confirmation.

Impact
======

An attacker could exploit this to execute arbitrary code with the
permissions of the user running Kommander.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdewebdev users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r1"

References
==========

[ 1 ] CAN-2005-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0754
[ 2 ] KDE Security Advisory: Kommander untrusted code execution
http://www.kde.org/info/security/advisory-20050420-1.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-23.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

**********************************************************************

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Rootkit Hunter: Insecure temporary file creation
Date: April 26, 2005
Bugs: #90007
ID: 200504-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

Background
==========

Rootkit Hunter is a scanning tool to detect rootkits, backdoors and
local exploits on a local machine. Rootkit Hunter uses downloaded data
files to check file integrity. These files are updated via the
check_update.sh script.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-forensics/rkhunter < 1.2.3-r1 >= 1.2.3-r1

Description
===========

Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux
Security Team have reported that the check_update.sh script and the
main rkhunter script insecurely creates several temporary files with
predictable filenames.

Impact
======

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
rkhunter or the check_update.sh script runs, this would result in the
file being overwritten with the rights of the user running the utility,
which could be the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Rootkit Hunter users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1"

References
==========

[ 1 ] CAN-2005-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1270

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-25.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

***********************************************************************

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Convert-UUlib: Buffer overflow
Date: April 26, 2005
Bugs: #89501
ID: 200504-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A buffer overflow has been reported in Convert-UUlib, potentially
resulting in the execution of arbitrary code.

Background
==========

Convert-UUlib provides a Perl interface to the uulib library, allowing
Perl applications to access data encoded in a variety of formats.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-perl/Convert-UUlib < 1.051 >= 1.051

Description
===========

A vulnerability has been reported in Convert-UUlib where a malformed
parameter can be provided by an attacker allowing a read operation to
overflow a buffer. The vendor credits Mark Martinec and Robert Lewis
with the discovery.

Impact
======

Successful exploitation would permit an attacker to run arbitrary code
with the privileges of the user running the Perl application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Convert-UUlib users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/Convert-UUlib-1.051"

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-26.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

*********************************************************************

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xine-lib: Two heap overflow vulnerabilities
Date: April 26, 2005
Bugs: #89976
ID: 200504-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Two vulnerabilities have been found in xine-lib which could lead to the
remote execution of arbitrary code.

Background
==========

xine-lib is a multimedia library which can be utilized to create
multimedia frontends.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/xine-lib < 1.0-r2 >= 1.0-r2
*>= 1_rc6-r2

Description
===========

Heap overflows have been found in the code handling RealMedia RTSP and
Microsoft Media Services streams over TCP (MMST).

Impact
======

By setting up a malicious server and enticing a user to use its
streaming data, a remote attacker could possibly execute arbitrary code
on the client computer with the permissions of the user running any
multimedia frontend making use of the xine-lib library.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All xine-lib users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib

References
==========

[ 1 ] Xine Advisory XSA-2004-8
http://xinehq.de/index.php/security/XSA-2004-8

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-27.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |