2004.12_Problems with Cups, Getmail, and Mozilla.pdf

NEWS

Insecurity

Insecurity News

Mozilla

Mozilla is an open source Web browser,

advanced email and newsgroup client,

IRC chat client, and HTML editor. Several

recent

Jesse Ruderman discovered a cross-

domain scripting bug in Mozilla. If a

user is tricked into dragging a Javascript

link into another frame or page, it

becomes possible for an attacker to steal

or modify sensitive information from

that site. Additionally, if a user is tricked

into dragging two links in sequence to

another window (not frame), it is possi-

ble for the attacker to execute arbitrary

commands. The Common Vulnerabilities

and Exposures project (cve.mitre.org)

has assigned the name CAN-2004-0905

to this issue.

Gael Delalleau discovered an integer

overflow that affects the BMP handling

code inside Mozilla. An attacker could

create a carefully crafted BMP file in

such a way that it would cause Mozilla

to crash or execute arbitrary code when

the image was viewed. The Common

Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name

CAN-2004-0904 to this issue.

Georgi Guninski discovered a stack-

based buffer overflow in the vCard

display routines. An attacker could cre-

ate a carefully crafted vCard file in such

a way that it would cause Mozilla to

crash or execute arbitrary code when

viewed. The Common Vulnerabilities

and Exposures project (cve.mitre.org)

has assigned the name CAN-2004-0903

to this issue.

Wladimir Palant discovered a flaw in

the way Javascript interacts with the

clipboard. It is possible for an attacker to

use malicious Javascript code to steal

sensitive data which has been copied

into the clipboard. The Common Vulner-

abilities and Exposures project

(cve.mitre.org) has assigned the name

CAN-2004-0908 to this issue.

Georgi Guninski discovered a heap-

based buffer overflow in the “Send Page”

feature. The Common Vulnerabilities and

Exposures project (cve.mitre.org) has

assigned the name CAN-2004-0902 to

this issue.

CUPS

The Common UNIX Printing System

(CUPS) is a print service. Alvaro Martinez

Echevarria reported a bug in the CUPS

Internet Printing Protocol (IPP) implemen-

tation in versions of CUPS prior to 1.1.21.

An attacker could send a carefully crafted

UDP packet to the IPP port, which could

cause CUPS to stop listening to the port

and result in a denial of service. In order

to exploit this bug, an attacker would need

to have the ability to send a UDP packet to

the IPP port (by default 631). The Com-

mon Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name

CAN-2004-0558 to this issue.

getmail

getmail is a reliable fetchmail replace-

ment that supports Maildir, Mboxrd and

external MDA delivery.

David Watson discovered a vulnerabil-

ity in getmail when it is configured to

run as root and deliver mail to the

maildirs/mbox files of untrusted local

users. A malicious local user can then

exploit a race condition, or a similar

symlink attack, and potentially cause

getmail to create or overwrite files in any

directory on the system.

Do not run getmail as a privileged

user; or, in version 4, use an external

MDA with eplicitly configured user and

group privileges. All getmail users

should upgrade to the latest version:

■

Debian reference: DSA-545-1

Gentoo reference: GLSA 200410-06 / cups

Mandrake reference: MDKSA-2004:097

Red Hat reference: RHSA-2004:449-17

Slackware reference: SSA:2004-266-01

Suse reference: SUSE-SA:2004:031

■

Debian reference: DSA-553-1

Gentoo reference: GLSA 200409-32 / get-

mail

Slackware reference: SSA:2004-278-01

Security Posture of Major Distributions

Distributor

Security Sources

Comments

Debian

Info: http://www.debian.org/security/

The current Debian security advisories are included

List: http://lists.debian.org/debian-

on the homepage. Advisories are provided as HTML

security-announce/ Reference: DSA-… 1)

pages with links to the patches. The security advisory

also contains a reference to the mailing list.

Gentoo

Info: http://www.gentoo.org/

The current security advisories for Gentoo are listed on

security/en/glsa/index.xml

the Gentoo security site linked off the homepage.

Forum: http://forums.gentoo.org/

Advisories are provided as HTML pages with the

List: http://www.gentoo.org/main/

coding to emerge the corrected versions.

en/lists.xml Reference: GLSA: … 1)

Mandrake

Info: http://www.mandrakesecure.net

MandrakeSoft runs its own Web site on security topics.

List: http://www.mandrakesecure.net/

Among other things, it includes security advisories

en/mlist.php Reference: MDKSA-… 1)

and references to the mailing lists. The advisories are

HTML pages, but there are no links to the patches.

Red Hat

Info: http://www.redhat.com/errata/

Red Hat files security advisories as so-called Errata:

List: http://www.redhat.com/mailing

Issues for each Red Hat Linux version are then

-lists/ Reference: RHSA-… 1)

grouped. The security advisories are provided in the

form of an HTML page with links to patches.

Slackware

Info: http://www.slackware.com/

The start page contains links to the security mailing

security/ List: http://www.slackware.

list archive. No additional information on Slackware

com/lists/ (slackware-security)

security is available.

Reference: [slackware-security] … 1)

Suse

Info: http://www.suse.de/uk/private/

There is no longer a link to the security page after

support/security/ Patches: http://www.

changes to the Web site. It contains information on the

suse.de/uk/private/download/updates/

mailing list and the advisories. The security patches for

List: suse-security-announce

the individual Suse Linux versions are shown in red on

■

Reference: SUSE-SA … 1)

the general updates site. A short description of the

vulnerability the patch resolves is provided

Red Hat reference: RHSA-2004:486-18

Slackware reference: SSA:2004-266-03

Suse reference: SUSE-SA:2004:036

1) All distributors indicate security mails in the subject line.

December 2004

www.linux-magazine.com

■

Insecurity

NEWS

gtk+

The gtk2 package contains the GIMP

ToolKit (GTK+), a library for creating

graphical user interfaces for the X Win-

dow System.

During testing of a previously fixed

flaw in Qt (CAN-2004-0691), a flaw was

discovered in the BMP image processor

of gtk2. An attacker could create a care-

fully crafted BMP file which would cause

an application to enter an infinite loop

and not respond to user input when the

file was opened by a victim. The Com-

mon Vulnerabilities and Exposures

project (cve.mitre.org) has assigned the

name CAN-2004-0753 to this issue.

During a security audit Chris Evans dis-

covered a stack and a heap overflow in

the XPM image decoder. An attacker

could create a carefully crafted XPM file

which could cause an application linked

with gtk2 to crash or possibly execute ar-

bitrary code when the file was opened by

a victim. (CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer

overflow in the ICO image decoder.

An attacker could create a carefully

crafted ICO file which could cause an

application linked with gtk2 to crash

when the file was opened by a victim.

(CAN-2004-0788)

OpenOffice.org

OpenOffice.org is an office productivity

suite that includes desktop applications

such as a word processor, spreadsheet,

presentation manager, formula editor,

and drawing program.

Secunia Research reported an issue

with the handling of temporary files in

OpenOffice.org. A malicious local user

could use this flaw to access the contents

of another user’s open documents. The

Common Vulnerabilities and Exposures

project (cve.mitre.org) has assigned the

name CAN-2004-0752 to this issue.

All users of OpenOffice.org are

advised to upgrade to the updated

OpenOffice.org packages, which contain

a backported patch to correct this

issue.

XFree86

XFree86 is an open source implementa-

tion of the X Window System. It provides

the basic low-level functionality that full

fledged graphical user interfaces (GUIs)

such as GNOME and KDE are designed

upon.

During a source code audit, Chris

Evans discovered several stack overflow

flaws and an integer overflow flaw in the

X.Org libXpm library used to decode

XPM (X PixMap) images. An attacker

who knows about this problem could

create a carefully crafted XPM file that

would cause an application to crash or

potentially execute arbitrary code if the

file was opened by a victim. The Com-

mon Vulnerabilities and Exposures

project (cve.mitre.org) has assigned the

names CAN-2004-0687, CAN-2004-0688,

and CAN-2004-0692 to these XFree86

security issues.

A flaw was found in the X Display

Manager (XDM). XDM opened a

chooserFd TCP socket even if the Display-

Manager.requestPort parameter was set

to 0. The effect of this situation is that it

allows authorized users to access a com-

puter remotely via X, even if the

administrator of the computer has con-

figured XDM to refuse a connection to

the computer. Although XFree86 4.3.0

was not vulnerable to this issue, Red Hat

Enterprise Linux 3 contained a back-

ported patch which introduced this flaw.

The Common Vulnerabilities and Expo-

sures project (cve.mitre.org) has

assigned the name CAN-2004-0419 to

this issue.

■

Mandrake reference: MDKSA-2004:103

Red Hat reference: RHSA-2004:446-08

SpamAssassin

SpamAssassin provides a way to reduce

unsolicited commercial email (SPAM)

from incoming email.

A denial of service bug has been found

in SpamAssassin versions below 2.64. A

malicious attacker could construct a

message in such a way that would cause

SpamAssassin to stop responding. This

denial of service attack would potentially

preventing the delivery or filtering of

email. The Common Vulnerabilities and

Exposures project (cve.mitre.org) has

assigned the name CAN-2004-0796 to

this issue.

Users of SpamAssassin should update

their systems to include the update pack-

age that addresses this problem. The

updated package contains a backported

patch that is not vulnerable to this denial

of service attack.

■

Debian reference: DSA-549-1

Red Hat reference: RHSA-2004:466-12

Slackware reference: SSA:2004-266-02

Suse reference: SUSE-SA:2004:033

webmin

webmin is a web-based administration

toolkit. Ludwig Nussel discovered a

problem when a temporary directory is

used but without checking for the previ-

ous owner. ■

Debian reference: DSA-544-1

Mandrake reference: MDKSA-2004:101

■

Debian reference: DSA-561-1

Gentoo reference: GLSA 200409-34 / X

Mandrake reference: MDKSA-2004:099

Red Hat reference: RHSA-2004:478-13

Suse reference: SUSE-SA:2004:034

Red Hat reference: RHSA-2004:451-05

This message is business critical.

But would your present anti-spam

solution block it?

With Sophos PureMessage, it’s business as usual.

• Block spam at your gateway – not business

• Ensure high detection and low false positives

• Easily control your own policies and rules

•Empower your users. Reduce business risk

For your

Have Greg ping me the bare figures

from finance and I bet I bring this

hot baby home!!

Thanks. JT.

, fully supported evaluation of Sophos

PureMessage for Unix/Linux or Windows/Exchange

call

free

01235 559933 or

www.sophos.com/trypm

■

visit

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: