Frugalware Security Announcements (FSAs)

Author: Miklos Vajna Vulnerable: 3.3.7-1haven1 Unaffected: 3.3.8.1-1haven1 A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the setup script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. NOTE: Successful exploitation requires that installation best-practices have not been followed and the setup scripts have not been deleted after a successful installation.

Author: Miklos Vajna Vulnerable: 3.3.7-1haven1 Unaffected: 3.3.8.1-1haven1 A vulnerability has been reported in Phpmyadmin, which can be exploited by malicious people to perform an XSS attack. See http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php for details. Bug Tracker URL: http://bugs.frugalware.org/task/4381 CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4329

Author: Miklos Vajna Vulnerable: 1.4.1-1haven1 Unaffected: 1.4.2-1haven1 A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion error in the “dissect_unknown_ber()” function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet. Bug Tracker URL: http://bugs.frugalware.org/task/4380 CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3445

Author: Miklos Vajna Vulnerable: 1.4.1-1haven1 Unaffected: 1.4.2-1haven1 Two vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). A boundary error in “dissect_ldss_transfer()” in epan/dissectors/packet-ldss.c can be exploited to cause a heap-based buffer overflow. An error in the ZigBee ZCL Discover Attribute Response dissector can be exploited to cause an infinite loop. Bug Tracker URL: http://bugs.frugalware.org/task/4380 CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4301

Author: Miklos Vajna Vulnerable: 3.2.1-4 Unaffected: 3.2.1-5haven1 Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user’s system. An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. A short integer overflow error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Author: Miklos Vajna Vulnerable: 3.3.5-1 Unaffected: 3.3.5.1-1haven1 Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the “field_str” parameter to db_search.php , the “delimiter” parameter to db_sql.php, the “sort” parameter to db_structure.php, the “db” parameter to js/messages.php, the “sort_by” parameter to server_databases.php, the “checkprivs”, “dbname”, “pred_tablename”, “selected_usr[]”, “tablename”, and “username” parameters to server_privileges.php, the “DefaultLang” parameter to setup/config.

Author: Miklos Vajna Vulnerable: 5.22-2locris1 Unaffected: 5.23-1locris1 A weakness and a vulnerability have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. The weakness is caused due to an error in the upload module, which does not properly check uploaded file names for case sensitivity and grants access to the earlier uploaded file.

Author: Miklos Vajna Vulnerable: 5.x_2.3-1 Unaffected: 5.x_2.4-1locris1 Some vulnerabilities have been reported in the Pathauto module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the “[bookpathalias]”, “[catalias]”, and “[termalias]” tokens is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed.

Author: Miklos Vajna Vulnerable: 6.16-1locris1 Unaffected: 6.19-1locris1 A weakness and some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. A vulnerability in the OpenID module is caused due to incorrect protocol implementation. This can be exploited to harvest positive assertions from OpenID providers and e.g. bypass the login mechanism by replaying intercepted assertions.

Author: Miklos Vajna Vulnerable: 6.x_2.7-1locris1 Unaffected: 6.x_2.8-1locris1 A vulnerability has been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to the CCK “Node Reference” not properly validating field access levels on the source field of the backend URL, which can be exploited to view node titles and IDs of otherwise restricted nodes. Bug Tracker URL: http://bugs.