SUSE Security Announcement: gaim (SuSE-SA:2004:004)
"Stefan Esser found
12 vulnerabilities in gaim that can lead to a remote system compromise
with the privileges of the user running GAIM."
|
|
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: gaim
Announcement-ID: SuSE-SA:2004:004
Date: Thrusday, Jan 29th 2004 10:30 MET
Affected products: 8.0, 8.1, 8.2, 9.0
SuSE Linux Desktop 1.0
Vulnerability Type: remote system compromise
Severity (1-10): 5
SUSE default package: no
Cross References:
Content of this advisory:
1) security vulnerability resolved:
- two buffer overflows
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- kernel binaries for SLES8 AMD64
- mc
- mod_gzip
- tripwire
- XDM (XFree86, xf86)
- 3ddiag
- mod_auth_shadow
- cvsup
- nmap
- netpbm
- zebra
- quagga
- tcpdump
- mod_python
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
Gaim is a multi-protocol instant-messaging client. Stefan Esser found
12 vulnerabilities in gaim that can lead to a remote system compromise
with the privileges of the user running GAIM.
The GAIM package that SUSE LINUX ships is affected by just two of these
bug:
- Yahoo Packet Parser Overflow
- HTTP Proxy Connect Overflow
The first vulnerability is easy to exploit and results in a classic stack
overflow which can be used to execute arbitrary code.
The latter vulnerability requires the gaim client use a HTTP proxy under
the control of the attacker. The exploitation of this bug results in
arbitrary code execution too.
There is no known workaround.
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, to apply the update use the command "rpm -Fhv file.rpm".
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
Intel i386 Platform:
SuSE-9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gaim-0.67-65.i586.rpm
09f8d12dd52e246cf32dca8ad3374f39
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gaim-0.67-65.i586.patch.rpm
3a633e341b9e56facdbe0250b55dd33a
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/gaim-0.67-65.src.rpm
5ee6a86077c0297a64815532782f7a54
SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gaim-0.59.8-60.i586.rpm
7a269744304f72bf951c7bd6974560f2
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gaim-0.59.8-60.i586.patch.rpm
e7b18f0da02c1c4392dc1b03e835a827
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/gaim-0.59.8-60.src.rpm
ae7d7b1c9735696244547a0d6a5ee92e
SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/gaim-0.59-158.i586.rpm
22b1d4be5737906f8ff0975918279034
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/gaim-0.59-158.i586.patch.rpm
7644020869e92cc980b881efebf9d617
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/gaim-0.59-158.src.rpm
cd1532f71a79ed32d016d456a844ff4b
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/gnm3/gaim-0.50-187.i386.rpm
7dcb581b78bf8ab61e82bf0836a4357e
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/gnm3/gaim-0.50-187.i386.patch.rpm
5a6f596538edc56e0b3a70a23200c21e
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/gaim-0.50-187.src.rpm
d38c8da629941eecef7f75d6a5ea9e80
______________________________________________________________________________
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- kernel binaries for SLES8 AMD64
Due to a human failure the kernel binaries of SuSE Linux Enterprise
Server 8 for AMD64 lack the fix described in SuSE-SA:2004:003. The
kernel-source packages and the packages for IA64 are *not* affected.
New packages are available at our maintenance-web.
- mc
By using a special combination of links in archive files it is possible
to execute arbitrary commands while mc tries to open it in its VFS.
New packages are available on our FTP servers.
- mod_gzip (apache-contrib)
The apache module mod_gzip is vulnerable to remote code execution
while running in debug-mode. We do not ship this module in debug-mode
but future versions will include the fix.
Additionally the mod_gzip code was audited to fix more possibly security
related bugs.
After more testing a new apache-contrib RPM package will be released.
- tripwire
Tripwire is a file integrity checker. The version of tripwire included
with SuSE Linux 9.0 crashs when a requested file does not exists.
New packages are available on our FTP servers.
- XDM (XFree86, xf86)
A missing check for failure conditions in the PAM code of XDM
can lead to local root access in conjunction with Kerberos or
other authentication methods.
New packages are available on our FTP servers.
- 3ddiag
Some 3ddiag scripts handle temporary files in an insecure manner.
Thanks to Stefan Nordhausen
for reporting some of these issues.
New packages are available on our FTP servers.
- mod_auth_shadow (apache-contrib)
This apache module ignores account expiration dates.
The update will be released together with mod_gzip.
- cvsup
cvsup uses a library path which is world-writeable. This behavior
can lead to local privilege escalation.
Thanks to Matthias Andree for notifying us.
Upcoming SuSE Linux versions have an automatic check enabled to detect
these types of bugs.
New packages are available on our FTP servers.
- nmap
Due to a bad interaction between kernel and user-space for pre-
calculated IP checksums nmap did not work on SUSE LINUX 9.0.
New packages are available on our FTP servers.
- netpbm
Some tools in the netpbm suite create files in an insecure manner
that
|
This topic does not have any threads posted yet!
You cannot post until you login.