Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2005 > Mandriva - Two Security Update Advisories

August 2005

Mandriva - Two Security Update Advisories

ID: 00686
Ref: 635/05
Date: 16 August 2005:11:44:00
Version: 1
Title: Mandriva - Two Security Update Advisories
Abstract: 1. Updated gaim packages fix yet more vulnerabilities [MDKSA-2005:139], 2. Updated proftpd packages fix format string vulnerabilities [MDKSA-2005:140]
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Mandriva - Two Security Update Advisories:
1. Updated gaim packages fix yet more vulnerabilities [MDKSA-2005:139]
2. Updated proftpd packages fix format string vulnerabilities [MDKSA-2005:140]


Detail
======

Security update advisory summaries:

1. Yet more vulnerabilities have been discovered in the gaim IM client.
Invalid characters in a sent file can cause Gaim to crash on some
systems (CAN-2005-2102); a remote AIM or ICQ user can cause a buffer
overflow in Gaim by setting an away message containing many AIM
substitution strings (CAN-2005-2103); a memory alignment bug in the
library used by Gaim to access the Gadu-Gadu network can result in
a buffer overflow on non-x86 architecture systems.

2. Two format string vulnerabilities were discovered in ProFTPD. The
first exists when displaying a shutdown message containing the name of
the current directory. The second exists when displaying response
messages to the client using information retrieved from a database
using mod_sql.


Security update advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gaim
Advisory ID: MDKSA-2005:139
Date: August 15th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Yet more vulnerabilities have been discovered in the gaim IM client.
Invalid characters in a sent file can cause Gaim to crash on some
systems (CAN-2005-2102); a remote AIM or ICQ user can cause a buffer
overflow in Gaim by setting an away message containing many AIM
substitution strings (CAN-2005-2103); a memory alignment bug in the
library used by Gaim to access the Gadu-Gadu network can result in
a buffer overflow on non-x86 architecture systems (CAN-2005-2370).

These problems have been corrected in gaim 1.5.0 which is provided with
this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CNA-2005-2370
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
eae023d3ea9c455993f0f3118a39efe7 10.1/RPMS/gaim-1.5.0-0.1.101mdk.i586.rpm
022e79c6c6ef153d6ec2c60be3495150 10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.i586.rpm
180fbe47e768745cffe981918b00c787 10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.i586.rpm
f27fd157c744e763dbf131cc50706456 10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.i586.rpm
d8fd5b1131755eb60710a068a682d67b 10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.i586.rpm
c3a05a2d53eaccf626681119de32dd48 10.1/RPMS/libgaim-remote0-1.5.0-0.1.101mdk.i586.rpm
40ef7656bd292a35c0b0a19606f5fbf4 10.1/RPMS/libgaim-remote0-devel-1.5.0-0.1.101mdk.i586.rpm
c87d6ac4271561d5897e6d0d8789821f 10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
c336fce539378546bb2883b5cfd5fd58 x86_64/10.1/RPMS/gaim-1.5.0-0.1.101mdk.x86_64.rpm
dc651324febed15bf25fe63e089d3ad8 x86_64/10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.x86_64.rpm
10dfe256275aa5482325da802a06ccc6 x86_64/10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.x86_64.rpm
56706dce2dde9072698665ac7956e1dd x86_64/10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.x86_64.rpm
eb9bce3ee007dbb318be873c1b1591d7 x86_64/10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.x86_64.rpm
24df09e5d11bc31dba01407649e2f216 x86_64/10.1/RPMS/lib64gaim-remote0-1.5.0-0.1.101mdk.x86_64.rpm
44bb0ec8c957f5a3a88d5f3977606570 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.101mdk.x86_64.rpm
c87d6ac4271561d5897e6d0d8789821f x86_64/10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
78e555fd3645ebe6b65d597fe4111ce5 10.2/RPMS/gaim-1.5.0-0.1.102mdk.i586.rpm
5d4075c783b839b23df0b59f36526809 10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.i586.rpm
c8261c301e07613f8df955c217cd5959 10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.i586.rpm
c348d7aec2579dfdeac86fdb8a2b7d56 10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.i586.rpm
79aef8848a29533d7ff926bf94768349 10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.i586.rpm
cf2bc6595be035c826df355f5694f09b 10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.i586.rpm
569ac4d9ee83efe4215f8e37c433d730 10.2/RPMS/libgaim-remote0-1.5.0-0.1.102mdk.i586.rpm
3cff6f85a1a4e8b7dfa3e2f3b9aa8183 10.2/RPMS/libgaim-remote0-devel-1.5.0-0.1.102mdk.i586.rpm
81933632048e345262a031727ccc2f88 10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
af600fa897521406d12300a96a3edc5f x86_64/10.2/RPMS/gaim-1.5.0-0.1.102mdk.x86_64.rpm
6ffd17bc6ee6eb26a0b4870f548c7e50 x86_64/10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.x86_64.rpm
c44e769a69b33d3025bc7657fdbb1741 x86_64/10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.x86_64.rpm
7f43078544ed57c3455bad5729f260b7 x86_64/10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.x86_64.rpm
a583e4aeed9af7e557cb8afe977ff975 x86_64/10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.x86_64.rpm
d2df8bad7602db180b62d53aa50baeff x86_64/10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.x86_64.rpm
5546c3363b33949b09f05b42f14416b9 x86_64/10.2/RPMS/lib64gaim-remote0-1.5.0-0.1.102mdk.x86_64.rpm
c56ad5acb7ee4350b538fd86262572e0 x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.102mdk.x86_64.rpm
81933632048e345262a031727ccc2f88 x86_64/10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

Corporate 3.0:
a699d8ab5e69d519041a7123ac905cf6 corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.i586.rpm
91b9147658a2b3a755b1e6b820b6c173 corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.i586.rpm
e7bd6d49890ad51c38c3f1a408eafeb0 corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.i586.rpm
06792dc99f87d5f698dabedad9292627 corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.i586.rpm
a654c2eacca5827a2b06d21c5111c0be corporate/3.0/RPMS/libgaim-remote0-1.5.0-0.1.C30mdk.i586.rpm
4ecc50f7eecd86d6e45310804eb49e24 corporate/3.0/RPMS/libgaim-remote0-devel-1.5.0-0.1.C30mdk.i586.rpm
d12b5c04e37be82ed716d43b7f53bf68 corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
446674193e028268a27c6f595644c265 x86_64/corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.x86_64.rpm
adc0b49cddc2bc09cdfa0876a27aec8d x86_64/corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.x86_64.rpm
b5d8baceacef67ba19379d11bad99ecf x86_64/corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.x86_64.rpm
2ff79f4094d409df7c2503f58442294f x86_64/corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.x86_64.rpm
90e1f44e9436f54ba16c8ea0ca9c022d x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.5.0-0.1.C30mdk.x86_64.rpm
21c80d62a09a0928f39274a9c957b1a8 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.C30mdk.x86_64.rpm
d12b5c04e37be82ed716d43b7f53bf68 x86_64/corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDAUsPmqjQ0CJFipgRAvoBAKDy387T7TYsr5ldW/gWdI2Zz0OvqgCfXrLr
9t3+vAdNpFzSn/CtFZoui5Y=
=q7kA
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: proftpd
Advisory ID: MDKSA-2005:140
Date: August 15th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Two format string vulnerabilities were discovered in ProFTPD. The
first exists when displaying a shutdown message containin the name of
the current directory. This could be exploited by a user who creates
a directory containing format specifiers and sets the directory as the
current directory when the shutdown message is being sent.

The second exists when displaying response messages to the cleint using
information retreived from a database using mod_sql. Note that mod_sql
support is not enabled by default, but the contrib source file has been
patched regardless.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2390
http://secunia.com/advisories/16181
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
9754b8d4357f6843ed9f613d1daeca4e 10.0/RPMS/proftpd-1.2.9-3.3.100mdk.i586.rpm
9009783efdf84c2f92a988e6268f0631 10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.i586.rpm
cef8ec2cd6a3ec3c1e2b737221cbf97c 10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
23c5bf83875f00ab5f554029c6aa9177 amd64/10.0/RPMS/proftpd-1.2.9-3.3.100mdk.amd64.rpm
80b34a20f86d090c0b1f19972f213af8 amd64/10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.amd64.rpm
cef8ec2cd6a3ec3c1e2b737221cbf97c amd64/10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm

Mandrakelinux 10.1:
68039b1c9e9090856e8e93c11edc3c10 10.1/RPMS/proftpd-1.2.10-2.1.101mdk.i586.rpm
0952d937b0d8432eeb365ea07ba267b9 10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.i586.rpm
fafda6527589ac244691743278c5fb2f 10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
1c37bda199475b68dae530c06285222f x86_64/10.1/RPMS/proftpd-1.2.10-2.1.101mdk.x86_64.rpm
4e2c3f72c6bc1710e82f81d919df4a0d x86_64/10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.x86_64.rpm
fafda6527589ac244691743278c5fb2f x86_64/10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm

Mandrakelinux 10.2:
62c9ac6c9f9cefe3ae26d00287430abd 10.2/RPMS/proftpd-1.2.10-9.1.102mdk.i586.rpm
77020ac5c67cf4ed616a4d858cbdca61 10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.i586.rpm
332bc621d075cce043964146d874eefc 10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9077e02a37afaeef184095d5e32d4795 x86_64/10.2/RPMS/proftpd-1.2.10-9.1.102mdk.x86_64.rpm
6f7e7a053d2a8d3872efdd87dcf1227f x86_64/10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.x86_64.rpm
332bc621d075cce043964146d874eefc x86_64/10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm

Corporate 3.0:
ed09c8c53d71e04c21ffaf1d647722c1 corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.i586.rpm
5885b14d6817c11ef29c03aed76cb61f corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.i586.rpm
b71bb2a58e0ac2d224c2fc332fbccdc7 corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
96d72d9503f3b7f86d7b162453f9f25c x86_64/corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.x86_64.rpm
eff847004e164052d380b9937ec641ee x86_64/corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.x86_64.rpm
b71bb2a58e0ac2d224c2fc332fbccdc7 x86_64/corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDAUt5mqjQ0CJFipgRAqCQAKDYxGSSDQIrxuL9LnqxWOo5vl/fwgCdFevV
WMVFZhi3wVbAG3ShLkcuKts=
=VlqT
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |