diff options
| author | Neil McGovern <neilm@debian.org> | 2005-12-05 14:55:43 +0000 |
|---|---|---|
| committer | Neil McGovern <neilm@debian.org> | 2005-12-05 14:55:43 +0000 |
| commit | 6833ff9da1067e3c345b8946aaf1ca2d986f4e41 (patch) | |
| tree | 33a37304aa463d5f42cfba7100e1896264ce9287 /data/DTSA/advs | |
| parent | 4fdb2b1fd60401360a2a8c5f984d9a11eeb07d46 (diff) | |
Filled in the .advs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2945 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
| -rw-r--r-- | data/DTSA/advs/22-uim.adv | 27 | ||||
| -rw-r--r-- | data/DTSA/advs/23-centericq.adv | 27 | ||||
| -rw-r--r-- | data/DTSA/advs/24-inkscape.adv | 27 | ||||
| -rw-r--r-- | data/DTSA/advs/25-smb4k.adv | 30 | ||||
| -rw-r--r-- | data/DTSA/advs/26-trackballs.adv | 22 |
5 files changed, 76 insertions, 57 deletions
diff --git a/data/DTSA/advs/22-uim.adv b/data/DTSA/advs/22-uim.adv index ccb3f89e57..e535251567 100644 --- a/data/DTSA/advs/22-uim.adv +++ b/data/DTSA/advs/22-uim.adv @@ -1,13 +1,16 @@ -source: xxx -date: Bloptember 99th, 1990 -author: xxx -vuln-type: xxx -problem-scope: remote/local -debian-specifc: yes/no -cve: xxx xxx -vendor-advisory: -testing-fix: xxx -sid-fix: xxx -upgrade: apt-get install xxx +source: uim +date: December 5th, 2005 +author: Neil McGovern +vuln-type: local privilege escalation +problem-scope: local +debian-specifc: no +cve: CVE-2005-3149 +testing-fix: 1:0.4.7-2.0etch1 +sid-fix: 1:0.4.7-2 +upgrade: apt-get upgrade -xxx multiline description here +CVE-2005-3149 + + Masanari Yamamoto discovered that incorrect use of environment + variables in uim. This bug causes privilege escalation if setuid/setgid + applications was linked to libuim. diff --git a/data/DTSA/advs/23-centericq.adv b/data/DTSA/advs/23-centericq.adv index ccb3f89e57..4f4797dbf1 100644 --- a/data/DTSA/advs/23-centericq.adv +++ b/data/DTSA/advs/23-centericq.adv @@ -1,13 +1,16 @@ -source: xxx -date: Bloptember 99th, 1990 -author: xxx -vuln-type: xxx -problem-scope: remote/local -debian-specifc: yes/no -cve: xxx xxx -vendor-advisory: -testing-fix: xxx -sid-fix: xxx -upgrade: apt-get install xxx +source: centericq +date: December 5th, 2005 +author: Neil McGovern +vuln-type: buffer overflow +problem-scope: local +debian-specifc: no +cve: CVE-2005-3863 +testing-fix: 4.21.0-6.0etch1 +sid-fix: 4.21.0-6 +upgrade: apt-get upgrade -xxx multiline description here +CVE-2005-3863 + + Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H + Research Team discovered a buffer overflow in kkstrtext.h of the ktools + library, which is included in centericq. diff --git a/data/DTSA/advs/24-inkscape.adv b/data/DTSA/advs/24-inkscape.adv index ccb3f89e57..9747d73d17 100644 --- a/data/DTSA/advs/24-inkscape.adv +++ b/data/DTSA/advs/24-inkscape.adv @@ -1,13 +1,16 @@ -source: xxx -date: Bloptember 99th, 1990 -author: xxx -vuln-type: xxx -problem-scope: remote/local -debian-specifc: yes/no -cve: xxx xxx -vendor-advisory: -testing-fix: xxx -sid-fix: xxx -upgrade: apt-get install xxx +source: inkscape +date: December 5th, 2005 +author: Neil McGovern +vuln-type: buffer overflow +problem-scope: remote +debian-specifc: no +cve: CVE-2005-3737 +testing-fix: 0.43-0.0etch1 +sid-fix: 0.43-1 +upgrade: apt-get install inkscape -xxx multiline description here +CVE-2005-3737 + + Joxean Koret discovered that inkscape is vulnerable in the SVG importer + (style.cpp), which might allow remote attackers to execute arbitrary code + via a SVG file with long CSS style property values. diff --git a/data/DTSA/advs/25-smb4k.adv b/data/DTSA/advs/25-smb4k.adv index ccb3f89e57..1c4ed743c4 100644 --- a/data/DTSA/advs/25-smb4k.adv +++ b/data/DTSA/advs/25-smb4k.adv @@ -1,13 +1,19 @@ -source: xxx -date: Bloptember 99th, 1990 -author: xxx -vuln-type: xxx -problem-scope: remote/local -debian-specifc: yes/no -cve: xxx xxx -vendor-advisory: -testing-fix: xxx -sid-fix: xxx -upgrade: apt-get install xxx +source: smb4k +date: December 5th, 2005 +author: Neil McGovern +vuln-type: access validation error +problem-scope: local +debian-specifc: no +cve: CVE-2005-2851 +vendor-advisory: http://smb4k.berlios.de +testing-fix: 0.6.4-0.0etch1 +sid-fix: 0.6.4-1 +upgrade: apt-get install smb4k -xxx multiline description here +CVE-2005-2851 + + A vulnerability leading to unauthorized file access has been found. A + pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile + will cause Smb4k to write the contents of these files to the target of the + symlink, as Smb4k does not check for the existence of these files before + writing to them. diff --git a/data/DTSA/advs/26-trackballs.adv b/data/DTSA/advs/26-trackballs.adv index ccb3f89e57..455aeb6a6d 100644 --- a/data/DTSA/advs/26-trackballs.adv +++ b/data/DTSA/advs/26-trackballs.adv @@ -1,13 +1,17 @@ -source: xxx -date: Bloptember 99th, 1990 -author: xxx -vuln-type: xxx +source: trackballs +date: December 5th, 2005 +author: Neil McGovern +vuln-type: symlink attack problem-scope: remote/local debian-specifc: yes/no -cve: xxx xxx +cve: vendor-advisory: -testing-fix: xxx -sid-fix: xxx -upgrade: apt-get install xxx +testing-fix: 1.1.1-0.0etch1 +sid-fix: 1.1.1-1 +upgrade: apt-get upgrade -xxx multiline description here +Ulf Harnhammar notices that that trackballs follows symlinks when running as +gid games. It writes to files such as $HOME/.trackballs/[USERNAME].gmr and +$HOME/.trackballs/settings without checking if they are symlinks somewhere +else. This can be abused for overwriting or creating files wherever the games +group is allowed to do so. |