Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2006 > Three Gentoo Linux Security Advisories: 1. GLSA 200601-02 - KPdf, KWord: Multiple overflows in included Xpdf code 2. GLSA 200601-03 - HylaFAX: Multiple vulnerabilities 3. GLSA 200601-04 - VMware Workstation: Vulnerability in NAT networking

January 2006

Three Gentoo Linux Security Advisories: 1. GLSA 200601-02 - KPdf, KWord: Multiple overflows in included Xpdf code 2. GLSA 200601-03 - HylaFAX: Multiple vulnerabilities 3. GLSA 200601-04 - VMware Workstation: Vulnerability in NAT networking

ID: 00013
Ref: 12/2006
Date: 09 January 2006:13:48:52
Version: 1
Title: Three Gentoo Linux Security Advisories: 1. GLSA 200601-02 - KPdf, KWord: Multiple overflows in included Xpdf code 2. GLSA 200601-03 - HylaFAX: Multiple vulnerabilities 3. GLSA 200601-04 - VMware Workstation: Vulnerability in NAT networking
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo
Title
=====

Three Gentoo Linux Security Advisories:

1. GLSA 200601-02 - KPdf, KWord: Multiple overflows in included Xpdf code

2. GLSA 200601-03 - HylaFAX: Multiple vulnerabilities

3. GLSA 200601-04 - VMware Workstation: Vulnerability in NAT networking

Detail
======

1. KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans.

2. Patrice Fournier discovered that HylaFAX runs the notify script on
untrusted user input. Furthermore, users can log in without a password
when HylaFAX is installed with the pam USE-flag disabled.

3. Tim Shelton discovered that vmnet-natd, the host module providing
NAT-style networking for VMware guest operating systems, is unable to
process incorrect 'EPRT' and 'PORT' FTP requests.


1.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KPdf, KWord: Multiple overflows in included Xpdf code
Date: January 04, 2006
Bugs: #114429, #115851
ID: 200601-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.

Background
==========

KPdf is a KDE-based PDF viewer included in the kdegraphics package.
KWord is a KDE-based word processor also included in the koffice
package.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdegraphics < 3.4.3-r3 >= 3.4.3-r3
2 kde-base/kpdf < 3.4.3-r3 >= 3.4.3-r3
3 app-office/koffice < 1.4.2-r6 >= 1.4.2-r6
4 app-office/kword < 1.4.2-r6 >= 1.4.2-r6
-------------------------------------------------------------------
4 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans.

Impact
======

An attacker could entice a user to open a specially crafted PDF file
with Kpdf or KWord, potentially resulting in the execution of arbitrary
code with the rights of the user running the affected application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdegraphics users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3"

All Kpdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3"

All KOffice users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6"

All KWord users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6"

References
==========

[ 1 ] CAN-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191
[ 2 ] CAN-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
[ 3 ] CAN-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
[ 4 ] CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
[ 5 ] CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
[ 6 ] CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
[ 7 ] CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
[ 8 ] GLSA 200512-08
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
[ 9 ] KDE Security Advisory: kpdf/xpdf multiple integer overflows
http://www.kde.org/info/security/advisory-20051207-2.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


2.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: HylaFAX: Multiple vulnerabilities
Date: January 06, 2006
Bugs: #116389
ID: 200601-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

HylaFAX is vulnerable to arbitrary code execution and unauthorized
access vulnerabilities.

Background
==========

HylaFAX is an enterprise-class system for sending and receiving
facsimile messages and for sending alpha-numeric pages.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/hylafax < 4.2.3-r1 >= 4.2.3-r1

Description
===========

Patrice Fournier discovered that HylaFAX runs the notify script on
untrusted user input. Furthermore, users can log in without a password
when HylaFAX is installed with the pam USE-flag disabled.

Impact
======

An attacker could exploit the input validation vulnerability to run
arbitrary code as the user running HylaFAX, which is usually uucp. The
password vulnerability could be exploited to log in without proper user
credentials.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All HylaFAX users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.3-r1"

References
==========

[ 1 ] CVE-2005-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3538
[ 2 ] CVE-2005-3539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3539
[ 3 ] HylaFAX release announcement
http://www.hylafax.org/content/HylaFAX_4.2.4_release

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



3.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: VMware Workstation: Vulnerability in NAT networking
Date: January 07, 2006
Bugs: #116238
ID: 200601-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

VMware guest operating systems can execute arbitrary code with elevated
privileges on the host operating system through a flaw in NAT
networking.

Background
==========

VMware Workstation is a powerful virtual machine for developers and
system administrators.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 vmware-workstation < 5.5.1.19175 >= 5.5.1.19175
*>= 4.5.3.19414

Description
===========

Tim Shelton discovered that vmnet-natd, the host module providing
NAT-style networking for VMware guest operating systems, is unable to
process incorrect 'EPRT' and 'PORT' FTP requests.

Impact
======

Malicious guest operating systems using the NAT networking feature or
local VMware Workstation users could exploit this vulnerability to
execute arbitrary code on the host system with elevated privileges.

Workaround
==========

Disable the NAT service by following the instructions at
http://www.vmware.com/support/kb, Answer ID 2002.

Resolution
==========

All VMware Workstation users should upgrade to a fixed version:

# emerge --sync
# emerge --ask --oneshot --verbose app-emulation/vmware-workstation

References
==========

[ 1 ] CVE-2005-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459
[ 2 ] VMware Security Response
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |