Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2006 > Gentoo Linux Security Advisories: 1. GLSA 200604-04 - Kaffeine: Buffer overflow 2. GLSA 200604-05 - Doomsday: Format string vulnerability 3. GLSA 200604-06 - ClamAV: Multiple vulnerabilities

April 2006

Gentoo Linux Security Advisories: 1. GLSA 200604-04 - Kaffeine: Buffer overflow 2. GLSA 200604-05 - Doomsday: Format string vulnerability 3. GLSA 200604-06 - ClamAV: Multiple vulnerabilities

ID: 00272
Ref: 271/2006
Date: 10 April 2006:14:25:46
Version: 1
Title: Gentoo Linux Security Advisories: 1. GLSA 200604-04 - Kaffeine: Buffer overflow 2. GLSA 200604-05 - Doomsday: Format string vulnerability 3. GLSA 200604-06 - ClamAV: Multiple vulnerabilities
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo
Title
=====

Gentoo Linux Security Advisories:

1. GLSA 200604-04 - Kaffeine: Buffer overflow

2. GLSA 200604-05 - Doomsday: Format string vulnerability

3. GLSA 200604-06 - ClamAV: Multiple vulnerabilities

Detail
======

1. Kaffeine uses an unchecked buffer when fetching remote RAM playlists
via HTTP.

2. Luigi Auriemma discovered that Doomsday incorrectly implements
formatted printing.

3. ClamAV contains format string vulnerabilities in the logging code
(CVE-2006-1615). Furthermore Damian Put discovered an integer overflow
in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered
that ClamAV can be tricked into performing an invalid memory access
(CVE-2006-1630).



1.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Kaffeine: Buffer overflow
Date: April 05, 2006
Bugs: #127326
ID: 200604-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Kaffeine is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.

Background
==========

Kaffeine is a graphical front-end for the xine-lib multimedia library.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/kaffeine < 0.7.1-r2 >= 0.7.1-r2

Description
===========

Kaffeine uses an unchecked buffer when fetching remote RAM playlists
via HTTP.

Impact
======

A remote attacker could entice a user to play a specially-crafted RAM
playlist resulting in the execution of arbitrary code with the
permissions of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Kaffeine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.7.1-r2"

References
==========

[ 1 ] CVE-2006-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0051
[ 2 ] KDE Security Advisory: Kaffeine buffer overflow
http://www.kde.org/info/security/advisory-20060404-1.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



2.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Doomsday: Format string vulnerability
Date: April 06, 2006
Bugs: #128690
ID: 200604-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Format string vulnerabilities in Doomsday may lead to the execution of
arbitrary code.

Background
==========

Doomsday is a modern gaming engine for popular ID games like Doom,
Heretic and Hexen.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 games-fps/doomsday <= 1.8.6-r1 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.

Description
===========

Luigi Auriemma discovered that Doomsday incorrectly implements
formatted printing.

Impact
======

A remote attacker could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Doomsday server
or client by sending specially crafted strings.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

Doomsday has been masked in Portage pending the resolution of these
issues. All Doomsday users are advised to uninstall the package until
further notice.

# emerge --ask --verbose --unmerge games-fps/doomsday

References
==========

[ 1 ] CVE-2006-1618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1618
[ 2 ] Original advisory by Luigi Auriemma
http://aluigi.altervista.org/adv/doomsdayfs-adv.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



3.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ClamAV: Multiple vulnerabilities
Date: April 07, 2006
Bugs: #128963
ID: 200604-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

ClamAV contains multiple vulnerabilities that could lead to remote
execution of arbitrary code or cause an application crash.

Background
==========

ClamAV is a GPL virus scanner.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav < 0.88.1 >= 0.88.1

Description
===========

ClamAV contains format string vulnerabilities in the logging code
(CVE-2006-1615). Furthermore Damian Put discovered an integer overflow
in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered
that ClamAV can be tricked into performing an invalid memory access
(CVE-2006-1630).

Impact
======

By sending a malicious attachment to a mail server running ClamAV, a
remote attacker could cause a Denial of Service or the execution of
arbitrary code. Note that the overflow in the PE header parser is only
exploitable when the ArchiveMaxFileSize option is disabled.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ClamAV users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.1"

References
==========

[ 1 ] CVE-2006-1614
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614
[ 2 ] CVE-2006-1615
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615
[ 3 ] CVE-2006-1630
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |