Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2005 > Gentoo - Four Security Advisories

September 2005

Gentoo - Four Security Advisories

ID: 00809
Ref: 753/05
Date: 20 September 2005:14:04:55
Version: 1
Title: Gentoo - Four Security Advisories
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo

Title
=====

Gentoo - Four Security Advisories:
1. Mailutils: Format string vulnerability in imap4d [GLSA 200509-10]
2. Mozilla Suite, Mozilla Firefox: Buffer overflow [GLSA 200509-11]
3. Apache, mod_ssl: Multiple vulnerabilities [GLSA 200509-12]
4. Clam AntiVirus: Multiple vulnerabilities [GLSA 200509-13]


Detail
======

Security advisory summaries:

1. The imap4d server contains a vulnerability allowing an authenticated
user to execute arbitrary code with the privileges of the imap4d
process.

2. Mozilla Suite and Firefox are vulnerable to a buffer overflow that
might be exploited to execute arbitrary code.

3. mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.

4. Clam AntiVirus is subject to vulnerabilities ranging from Denial of
Service to execution of arbitrary code when handling compressed
executables.


Security advisory content follows:


1.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mailutils: Format string vulnerability in imap4d
Date: September 17, 2005
Bugs: #105458
ID: 200509-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The imap4d server contains a vulnerability allowing an authenticated
user to execute arbitrary code with the privileges of the imap4d
process.

Background
==========

The GNU Mailutils are a collection of mail-related utilities, including
an IMAP4 server (imap4d).

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/mailutils < 0.6-r2 >= 0.6-r2

Description
===========

The imap4d server contains a format string bug in the handling of IMAP
SEARCH requests.

Impact
======

An authenticated IMAP user could exploit the format string error in
imap4d to execute arbitrary code as the imap4d user, which is usually
root.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All GNU Mailutils users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r2"

References
==========

[ 1 ] iDEFENSE 09.09.05 advisory

http://www.idefense.com/application/poi/display?id=303&type=vulnerabilities

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-10.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




2.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Suite, Mozilla Firefox: Buffer overflow
Date: September 18, 2005
Bugs: #105396
ID: 200509-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Mozilla Suite and Firefox are vulnerable to a buffer overflow that
might be exploited to execute arbitrary code.

Background
==========

The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader. Mozilla Firefox is the next-generation browser
from the Mozilla project. They both support Internationalized Domain
Names (IDN), which are domain names represented by local language
characters.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/mozilla-firefox <= 1.0.6-r6 >= 1.0.6-r7
2 www-client/mozilla <= 1.7.11-r2 >= 1.7.11-r3
3 www-client/mozilla-firefox-bin <= 1.0.6-r2 Vulnerable!
4 www-client/mozilla-bin <= 1.7.11 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
4 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

The Mozilla Suite and Firefox are both vulnerable to a buffer overflow
while processing hostnames containing multiple hyphens. Note that
browsers that have disabled IDN support are immune to this flaw.

Impact
======

A remote attacker could setup a malicious site and entice a victim to
visit it, triggering the buffer overflow and potentially resulting in
the execution of arbitrary code with the victim's privileges.

Workaround
==========

You can disable the IDN support by opening the "about:config" page in
the browser and manually toggling the "network.IDN" property to
"false". Alternatively, you can install a security patch by following
the patching instructions given in References.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/mozilla-firefox-1.0.6-r7"

All Mozilla Suite users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.11-r3"

There are no fixed Mozilla Firefox or Mozilla Suite binaries yet. Users
of the mozilla-bin or mozilla-firefox-bin packages should either switch
to the source-based versions or apply the workaround.

References
==========

[ 1 ] CAN-2005-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871
[ 2 ] Mozilla Foundation patching instructions
https://addons.mozilla.org/messages/307259.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




3.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Apache, mod_ssl: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #103554, #104807
ID: 200509-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.

Background
==========

The Apache HTTP server is one of the most popular web servers on the
Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3
and is also included in Apache 2.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/mod_ssl < 2.8.24 >= 2.8.24
2 net-www/apache < 2.0.54-r15 >= 2.0.54-r15
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

mod_ssl contains a security issue when "SSLVerifyClient optional" is
configured in the global virtual host configuration (CAN-2005-2700).
Also, Apache's httpd includes a PCRE library, which makes it vulnerable
to an integer overflow (CAN-2005-2491).

Impact
======

Under a specific configuration, mod_ssl does not properly enforce the
client-based certificate authentication directive, "SSLVerifyClient
require", in a per-location context, which could be potentially used by
a remote attacker to bypass some restrictions. By creating a specially
crafted ".htaccess" file, a local attacker could possibly exploit
Apache's vulnerability, which would result in a local privilege
escalation.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All mod_ssl users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24"

All Apache 2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/apache-2.0.54-r15"

References
==========

[ 1 ] CAN-2005-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
[ 2 ] CAN-2005-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




4.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Clam AntiVirus: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #106279
ID: 200509-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Clam AntiVirus is subject to vulnerabilities ranging from Denial of
Service to execution of arbitrary code when handling compressed
executables.

Background
==========

Clam AntiVirus is a GPL anti-virus toolkit, designed for integration
with mail servers to perform attachment scanning. Clam AntiVirus also
provides a command line scanner and a tool for fetching updates of the
virus database.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav < 0.87 >= 0.87

Description
===========

Clam AntiVirus is vulnerable to a buffer overflow in "libclamav/upx.c"
when processing malformed UPX-packed executables. It can also be sent
into an infinite loop in "libclamav/fsg.c" when processing
specially-crafted FSG-packed executables.

Impact
======

By sending a specially-crafted file an attacker could execute arbitrary
code with the permissions of the user running Clam AntiVirus, or cause
a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Clam AntiVirus users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87"

References
==========

[ 1 ] CAN-2005-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919
[ 2 ] CAN-2005-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920
[ 3 ] Clam AntiVirus: Release Notes
http://sourceforge.net/project/shownotes.php?release_id=356974

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |