Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Nine Gentoo Security Advisories

January 2005

Nine Gentoo Security Advisories

ID: 00066
Ref: 58/2005
Date: 26 January 2005:12:51:01
Version: 1
Title: Nine Gentoo Security Advisories
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo

Title
=====

Nine Gentoo Security Advisories:

1. GLSA 200501-27 - Ethereal: Multiple vulnerabilities

2. GLSA 200501-28 - Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2

3. GLSA 200501-29 - Mailman: Cross-site scripting vulnerability

4. GLSA 200501-30 - CUPS: Stack overflow in included Xpdf code

5. GLSA 200501-31 - teTeX, pTeX, CSTeX: Multiple vulnerabilities

6. GLSA 200501-32 - KPdf, KOffice: Stack overflow in included Xpdf code

7. GLSA 200501-33 - MySQL: Insecure temporary file creation

8. GLSA 200501-35 - Evolution: Integer overflow in camel-lock-helper

9. GLSA 200501-36 - AWStats: Remote code execution

Detail
======

1. Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

2. A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same
issue.

3. Mailman is vulnerable to cross-site scripting attacks.

4. CUPS includes Xpdf code and therefore is vulnerable to the recent stack overflow issue, potentially resulting in the remote execution of arbitrary code.

5. teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to
temporary file handling issues.

6. KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

7. MySQL is vulnerable to symlink attacks, potentially allowing a local user to
overwrite arbitrary files.

8. An overflow in the camel-lock-helper application can be exploited by an attacker to execute arbitrary code with elevated privileges.

9. AWStats fails to validate certain input, which could lead to the remote execution of arbitrary code.


1.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: January 20, 2005
Bugs: #78559
ID: 200501-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

Background
==========

Ethereal is a feature rich network protocol analyzer.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/ethereal < 0.10.9 >= 0.10.9

Description
===========

There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including:

* The COPS dissector could go into an infinite loop (CAN-2005-0006).

* The DLSw dissector could cause an assertion, making Ethereal exit
prematurely (CAN-2005-0007).

* The DNP dissector could cause memory corruption (CAN-2005-0008).

* The Gnutella dissector could cause an assertion, making Ethereal
exit prematurely (CAN-2005-0009).

* The MMSE dissector could free statically-allocated memory
(CAN-2005-0010).

* The X11 dissector is vulnerable to a string buffer overflow
(CAN-2005-0084).

Impact
======

An attacker might be able to use these vulnerabilities to crash Ethereal, perform
DoS by CPU and disk space utilization or even execute arbitrary code with the
permissions of the user running Ethereal, which could be the root user.

Workaround
==========

For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list. However,
it is strongly recommended to upgrade to the latest stable version.

Resolution
==========

All Ethereal users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.9"

References
==========

[ 1 ] CAN-2005-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006
[ 2 ] CAN-2005-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007
[ 3 ] CAN-2005-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008
[ 4 ] CAN-2005-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009
[ 5 ] CAN-2005-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010
[ 6 ] CAN-2005-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084
[ 7 ] Ethereal Release Notes
http://www.ethereal.com/news/item_20050120_01.html

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-27.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and
security of our users machines is of utmost importance to us. Any security concerns
should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




2.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
Date: January 21, 2005
Bugs: #77888, #78128
ID: 200501-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A stack overflow was discovered in Xpdf, potentially resulting in the execution of
arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.

Background
==========

Xpdf is an open source viewer for Portable Document Format (PDF) files. GPdf is a
Gnome-based PDF viewer that includes some Xpdf code.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/xpdf <= 3.00-r7 >= 3.00-r8
2 app-text/gpdf < 2.8.2 >= 2.8.2
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc
insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files.

Impact
======

An attacker could entice an user to open a specially-crafted PDF file which would
trigger a stack overflow, potentially resulting in execution of arbitrary code with
the rights of the user running Xpdf or GPdf.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Xpdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r8"

All GPdf users should also upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.8.2"

References
==========

[ 1 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
[ 2 ] iDEFENSE Advisory

http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=true

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-28.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security
of our users machines is of utmost importance to us. Any security concerns should be
addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




3.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Mailman: Cross-site scripting vulnerability
Date: January 22, 2005
Bugs: #77524
ID: 200501-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Mailman is vulnerable to cross-site scripting attacks.

Background
==========

Mailman is a Python-based mailing list server with an extensive web interface.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/mailman < 2.1.5-r3 >= 2.1.5-r3

Description
===========

Florian Weimer has discovered a cross-site scripting vulnerability in the error
messages that are produced by Mailman.

Impact
======

By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mailman users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"

References
==========

[ 1 ] CAN-2004-1177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-29.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and
security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



4.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: CUPS: Stack overflow in included Xpdf code
Date: January 22, 2005
Bugs: #78249
ID: 200501-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

CUPS includes Xpdf code and therefore is vulnerable to the recent stack overflow issue, potentially resulting in the remote execution of arbitrary code.

Background
==========

The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.1.23-r1 >= 1.1.23-r1

Description
===========

The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks
boundaries when processing /Encrypt /Length tags in PDF files (GLSA 200501-28).

Impact
======

This issue could be exploited by a remote attacker to execute arbitrary code by sending a malicious print job to a CUPS spooler.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All CUPS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1"

References
==========

[ 1 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
[ 2 ] GLSA 200501-28
http://www.gentoo.org/security/en/glsa/glsa-200501-28.xml

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-30.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and
security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




5.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: teTeX, pTeX, CSTeX: Multiple vulnerabilities
Date: January 23, 2005
Bugs: #75801
ID: 200501-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote
execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to
temporary file handling issues.

Background
==========

teTeX is a complete and open source TeX distribution. CSTeX is another TeX distribution including Czech and Slovak support. pTeX is another alternative that allows Japanese publishing with TeX. xdvizilla is an auxiliary script used to integrate DVI file
viewing in Mozilla-based browsers.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/tetex < 2.0.2-r5 >= 2.0.2-r5
2 app-text/cstetex < 2.0.2-r1 >= 2.0.2-r1
3 app-text/ptex < 3.1.4-r2 >= 3.1.4-r2
-------------------------------------------------------------------
3 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889,
CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly.

Impact
======

An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a
valid file somewhere on the filesystem. When xdvizilla is called, this would result in
the file being overwritten with the rights of the user running the script.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All teTeX users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r5"

All CSTeX users should also upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r1"

Finally, all pTeX users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.4-r2"

References
==========

[ 1 ] CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
[ 2 ] CAN-2004-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889
[ 3 ] CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
[ 4 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-31.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns
should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



6.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KPdf, KOffice: Stack overflow in included Xpdf code
Date: January 23, 2005
Bugs: #78619, #78620
ID: 200501-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

Background
==========

KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an
integrated office suite for KDE.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-office/koffice < 1.3.5-r2 >= 1.3.5-r2
2 kde-base/kdegraphics < 3.3.2-r2 >= 3.3.2-r2
*>= 3.2.3-r4
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable
to a new stack overflow, as described in GLSA 200501-28.

Impact
======

An attacker could entice a user to open a specially-crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All KPdf users should upgrade to the latest version of kdegraphics:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdegraphics

All KOffice users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose app-office/koffice

References
==========

[ 1 ] GLSA 200501-18
http://www.gentoo.org/security/en/glsa/glsa-200501-28.xml
[ 2 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
[ 3 ] KDE Security Advisory: kpdf Buffer Overflow Vulnerability
http://www.kde.org/info/security/advisory-20050119-1.txt
[ 4 ] KDE Security Advisory: KOffice PDF Import Filter Vulnerability
http://www.kde.org/info/security/advisory-20050120-1.txt

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-32.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security
of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




7.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Insecure temporary file creation
Date: January 23, 2005
Bugs: #77805
ID: 200501-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

MySQL is vulnerable to symlink attacks, potentially allowing a local user to
overwrite arbitrary files.

Background
==========

MySQL is a fast, multi-threaded, multi-user SQL database server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 4.0.22-r2 >= 4.0.22-r2

Description
===========

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the 'mysqlaccess' script creates temporary files in world-writeable directories with predictable names.

Impact
======

A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When the mysqlaccess script is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2"

References
==========

[ 1 ] CAN-2005-0004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
[ 2 ] Secunia Advisory SA13867
http://secunia.com/advisories/13867/

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-33.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security
of our users machines is of utmost importance to us. Any security concerns should be
addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




8.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Evolution: Integer overflow in camel-lock-helper
Date: January 24, 2005
Bugs: #79183
ID: 200501-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

An overflow in the camel-lock-helper application can be exploited by an attacker to execute arbitrary code with elevated privileges.

Background
==========

Evolution is a GNOME groupware application similar to Microsoft Outlook.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/evolution <= 2.0.2 >= 2.0.2-r1

Description
===========

Max Vozeler discovered an integer overflow in the camel-lock-helper application,
which is installed as setgid mail by default.

Impact
======

A local attacker could exploit this vulnerability to execute malicious code with
the privileges of the 'mail' group. A remote attacker could also setup a malicious POP server to execute arbitrary code when an Evolution user connects to it.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Evolution users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
# ">=mail-client/evolution-2.0.2-r1"

References
==========

[ 1 ] CAN-2005-0102
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-35.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security
of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0




9.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: AWStats: Remote code execution
Date: January 25, 2005
Bugs: #77963
ID: 200501-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

AWStats fails to validate certain input, which could lead to the remote execution of arbitrary code.

Background
==========

AWStats is an advanced log file analyzer and statistics generator.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/awstats < 6.3 >= 6.3

Description
===========

When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open() function call.

Impact
======

A remote attacker could supply AWStats malicious input, potentially allowing the
execution of arbitrary code with the rights of the web server.

Workaround
==========

Making sure that AWStats does not run as a CGI script will avoid the issue, but we
recommend that users upgrade to the latest version, which fixes these bugs.

Resolution
==========

All AWStats users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/awstats-6.3"

References
==========

[ 1 ] AWStats ChangeLog
http://awstats.sourceforge.net/docs/awstats_changelog.txt
[ 2 ] iDEFENSE Advisory
http://www.idefense.com/application/poi/display?id=185

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-36.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be
addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Gentoo for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |