Debian.org - Debian Security Advisories

DSA-2065 kvirc - several vulnerabilities

29.06.2010 02:45 Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack.

DSA-2064 xulrunner - several vulnerabilities

29.06.2010 02:45 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-2062 sudo - missing input sanitization

19.06.2010 15:15 Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.

DSA-2061 samba - memory corruption

19.06.2010 15:15 Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.

DSA-2063 pmount - insecure temporary file

19.06.2010 15:15 Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.

DSA-2060 cacti - insufficient input sanitization

14.06.2010 05:00 Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.

DSA-2059 pcsc-lite - buffer overflow

11.06.2010 12:01 It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root.

DSA-2058 glibc, eglibc - multiple vulnerabilities

10.06.2010 16:30 Several vulnerabilities have been discovered in the GNU C Library and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-2057 mysql-dfsg-5.0 - several vulnerabilities

07.06.2010 20:15 Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-2056 zonecheck - missing input sanitizing

07.06.2010 17:00 It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks.

DSA-2054 bind9 - DNS cache poisoning

07.06.2010 17:00 Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.

DSA-2055 openoffice.org - macro execution

07.06.2010 17:00 It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft® Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component.