May 2005
Three Gentoo Linux Security Advisories: 1. GLSA 200505-10 - phpBB 2. GLSA 200505-11 - Mozilla Suite, Mozilla Firefox 3. GLSA 200505-12 - PostgreSQL
ID: 00413
Ref: 382/2005
Date: 16 May 2005:13:59:28
Version: 1
Title: Three Gentoo Linux Security Advisories: 1. GLSA 200505-10 - phpBB 2. GLSA 200505-11 - Mozilla Suite, Mozilla Firefox 3. GLSA 200505-12 - PostgreSQL
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo
Title
=====
Three Gentoo Linux Security Advisories:
1. GLSA 200505-10 - phpBB
2. GLSA 200505-11 - Mozilla Suite, Mozilla Firefox
3. GLSA 200505-12 - PostgreSQL
Detail
======
1. phpBB is vulnerable to a cross-site scripting vulnerability due to
improper sanitization of user supplied input. Coupled with poor
validation of BBCode URLs which may be included in a forum post, an
unsuspecting user may follow a posted link triggering the
vulnerability.
2. The Mozilla Suite and Firefox do not properly protect "IFRAME"
JavaScript URLs from being executed in context of another URL in the
history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail
to verify the "IconURL" parameter of the "InstallTrigger.install()"
function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered
that it is possible to bypass JavaScript-injection security checks by
wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).
3. PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn't validate the given arguments
(CAN-2005-1409). It has also been reported that the contrib/tsearch2
module of PostgreSQL misdeclares the return value of some functions as
"internal" (CAN-2005-1410).
1.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: phpBB: Cross-Site Scripting Vulnerability
Date: May 14, 2005
Bugs: #90213
ID: 200505-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
phpBB is vulnerable to a cross-site scripting attack that could allow
arbitrary scripting code execution.
Background
==========
phpBB is an Open Source bulletin board package.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/phpBB < 2.0.15 >= 2.0.15
Description
===========
phpBB is vulnerable to a cross-site scripting vulnerability due to
improper sanitization of user supplied input. Coupled with poor
validation of BBCode URLs which may be included in a forum post, an
unsuspecting user may follow a posted link triggering the
vulnerability.
Impact
======
Successful exploitation of the vulnerability could cause arbitrary
scripting code to be executed in the browser of a user.
Workaround
==========
There are no known workarounds at this time.
Resolution
==========
All phpBB users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phpbb-2.0.15"
References
==========
[ 1 ] BugTraq ID 13344
http://www.securityfocus.com/bid/13344/info/
[ 2 ] SecurityTracker ID 1013918
http://securitytracker.com/id?1013918
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
2.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Suite, Mozilla Firefox: Remote compromise
Date: May 15, 2005
Bugs: #91859, #92393, #92394
ID: 200505-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Several vulnerabilities in the Mozilla Suite and Firefox allow an
attacker to conduct cross-site scripting attacks or to execute
arbitrary code.
Background
==========
The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader. Mozilla Firefox is the next-generation browser
from the Mozilla project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/mozilla-firefox < 1.0.4 >= 1.0.4
2 www-client/mozilla-firefox-bin < 1.0.4 >= 1.0.4
3 www-client/mozilla < 1.7.8 >= 1.7.8
4 www-client/mozilla-bin < 1.7.8 >= 1.7.8
-------------------------------------------------------------------
4 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
The Mozilla Suite and Firefox do not properly protect "IFRAME"
JavaScript URLs from being executed in context of another URL in the
history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail
to verify the "IconURL" parameter of the "InstallTrigger.install()"
function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered
that it is possible to bypass JavaScript-injection security checks by
wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).
Impact
======
A malicious remote attacker could use the "IFRAME" issue to execute
arbitrary JavaScript code within the context of another website,
allowing to steal cookies or other sensitive data. By supplying a
javascript: URL as the "IconURL" parameter of the
"InstallTrigger.Install()" function, a remote attacker could also
execute arbitrary JavaScript code. Combining both vulnerabilities with
a website which is allowed to install software or wrapping javascript:
URLs within the view-source: or jar: pseudo-protocols could possibly
lead to the execution of arbitrary code with user privileges.
Workaround
==========
Affected systems can be protected by disabling JavaScript. However, we
encourage Mozilla Suite or Mozilla Firefox users to upgrade to the
latest available version.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.4"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.4"
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.8"
All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.8"
References
==========
[ 1 ] CAN-2005-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476
[ 2 ] CAN-2005-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477
[ 3 ] Mozilla Foundation Security Advisory 2005-43
http://www.mozilla.org/security/announce/mfsa2005-43.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
3.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PostgreSQL: Multiple vulnerabilities
Date: May 15, 2005
Bugs: #91231
ID: 200505-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
PostgreSQL is vulnerable to Denial of Service attacks and possibly
allows unprivileged users to gain administrator rights.
Background
==========
PostgreSQL is a SQL compliant, open source object-relational database
management system.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/postgresql < 8.0.2-r1 *>= 7.4.7-r2
*>= 8.0.1-r3
>= 8.0.2-r1
Description
===========
PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn't validate the given arguments
(CAN-2005-1409). It has also been reported that the contrib/tsearch2
module of PostgreSQL misdeclares the return value of some functions as
"internal" (CAN-2005-1410).
Impact
======
An attacker could call the character conversion routines with specially
setup arguments to crash the backend process of PostgreSQL or to
potentially gain administrator rights. A malicious user could also call
the misdeclared functions of the contrib/tsearch2 module, resulting in
a Denial of Service or other, yet uninvestigated, impacts.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PostgreSQL users should update to the latest available version and
follow the guide at http://www.postgresql.org/about/news.315
# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql
References
==========
[ 1 ] CAN-2005-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1409
[ 2 ] CAN-2005-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1410
[ 3 ] PostgreSQL Announcement
http://www.postgresql.org/about/news.315
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-12.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0