November 2005
Gentoo - Four Security Advisories
ID: 00987
Ref: 925/05
Date: 07 November 2005:11:13:29
Version: 1
Title: Gentoo - Four Security Advisories
Abstract: 1. giflib: Multiple vulnerabilities [GLSA 200511-03] , 2. ClamAV: Multiple vulnerabilities [GLSA 200511-04] , 3. fetchmail: Password exposure in fetchmailconf [GLSA 200511-06] , 4. OpenVPN: Multiple vulnerabilities [GLSA 200511-07]
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo
Title
=====
Gentoo - Four Security Advisories
1. giflib: Multiple vulnerabilities [GLSA 200511-03]
2. ClamAV: Multiple vulnerabilities [GLSA 200511-04]
3. fetchmail: Password exposure in fetchmailconf [GLSA 200511-06]
4. OpenVPN: Multiple vulnerabilities [GLSA 200511-07]
Detail
======
Security advisory summaries:
1. giflib may dereference NULL or write out of bounds when processing
malformed images, potentially resulting in Denial of Service or
arbitrary code execution.
2. ClamAV has many security flaws which make it vulnerable to remote
execution of arbitrary code and a Denial of Service.
3. fetchmailconf fails to properly handle file permissions, temporarily
exposing sensitive information to other local users.
4. The OpenVPN client is potentially vulnerable to the execution of
arbitrary code and the OpenVPN server is vulnerable to a Denial of
Service issue.
Security advisory content follows:
1.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: giflib: Multiple vulnerabilities
Date: November 04, 2005
Bugs: #109997
ID: 200511-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
giflib may dereference NULL or write out of bounds when processing
malformed images, potentially resulting in Denial of Service or
arbitrary code execution.
Background
==========
giflib is a library for reading and writing GIF images.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/giflib < 4.1.4 >= 4.1.4
Description
===========
Chris Evans and Daniel Eisenbud independently discovered two
out-of-bounds memory write operations and a NULL pointer dereference in
giflib.
Impact
======
An attacker could craft a malicious GIF image and entice users to load
it using an application making use of the giflib library, resulting in
an application crash or potentially the execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All giflib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/giflib-4.1.4"
References
==========
[ 1 ] CVE-2005-2974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974
[ 2 ] CVE-2005-3350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200511-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
2.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: ClamAV: Multiple vulnerabilities
Date: November 06, 2005
Bugs: #109213
ID: 200511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
ClamAV has many security flaws which make it vulnerable to remote
execution of arbitrary code and a Denial of Service.
Background
==========
ClamAV is a GPL anti-virus toolkit, designed for integration with mail
servers to perform attachment scanning. ClamAV also provides a command
line scanner and a tool for fetching updates of the virus database.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav < 0.87.1 >= 0.87.1
Description
===========
ClamAV has multiple security flaws: a boundary check was performed
incorrectly in petite.c, a buffer size calculation in unfsg_133 was
incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a
possible infinite loop in cabd_find was fixed in cabd.c . In addition
to this, Marcin Owsiany reported that a corrupted DOC file causes a
segmentation fault in ClamAV.
Impact
======
By sending a malicious attachment to a mail server that is hooked with
ClamAV, a remote attacker could cause a Denial of Service or the
execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All ClamAV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1"
References
==========
[ 1 ] CAN-2005-3239
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
[ 2 ] CAN-2005-3303
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
[ 3 ] ClamAV release notes
http://sourceforge.net/project/shownotes.php?release_id=368319
[ 4 ] Zero Day Initiative advisory
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200511-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
3.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: fetchmail: Password exposure in fetchmailconf
Date: November 06, 2005
Bugs: #110366
ID: 200511-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
fetchmailconf fails to properly handle file permissions, temporarily
exposing sensitive information to other local users.
Background
==========
fetchmail is a utility that retrieves and forwards mail from remote
systems using IMAP, POP, and other protocols. It ships with
fetchmailconf, a graphical utility used to create configuration files.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/fetchmail < 6.2.5.2-r1 >= 6.2.5.2-r1
Description
===========
Thomas Wolff discovered that fetchmailconf opens the configuration file
with default permissions, writes the configuration to it, and only then
restricts read permissions to the owner.
Impact
======
A local attacker could exploit the race condition to retrieve sensitive
information like IMAP/POP passwords.
Workaround
==========
Run "umask 077" to temporarily strengthen default permissions, then run
"fetchmailconf" from the same shell.
Resolution
==========
All fetchmail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2-r1"
References
==========
[ 1 ] Fetchmail Security Advisory
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
[ 2 ] CVE-2005-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200511-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
4.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200511-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenVPN: Multiple vulnerabilities
Date: November 06, 2005
Bugs: #111116
ID: 200511-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The OpenVPN client is potentially vulnerable to the execution of
arbitrary code and the OpenVPN server is vulnerable to a Denial of
Service issue.
Background
==========
OpenVPN is a multi-platform, full-featured SSL VPN solution.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openvpn < 2.0.4 >= 2.0.4
Description
===========
The OpenVPN client contains a format string bug in the handling of the
foreign_option in options.c. Furthermore, when the OpenVPN server runs
in TCP mode, it may dereference a NULL pointer under specific error
conditions.
Impact
======
A remote attacker could setup a malicious OpenVPN server and trick the
user into connecting to it, potentially executing arbitrary code on the
client's computer. A remote attacker could also exploit the NULL
dereference issue by sending specific packets to an OpenVPN server
running in TCP mode, resulting in a Denial of Service condition.
Workaround
==========
Do not use "pull" or "client" options in the OpenVPN client
configuration file, and use UDP mode for the OpenVPN server.
Resolution
==========
All OpenVPN users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.0.4"
References
==========
[ 1 ] CVE-2005-3393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393
[ 2 ] CVE-2005-3409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409
[ 3 ] OpenVPN changelog
http://openvpn.net/changelog.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200511-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0