Trojan horse
A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).
The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).
OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Additional packages are also being provided due to dependencies.
This advisory updates wireshark to the latest version (1.6.2), fixing
several security issues:
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9
and 1.6.x before 1.6.2 allows local users to gain privileges via a
Trojan horse Lua script in an unspecified directory (CVE-2011-3360).
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the
CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize
a certain structure member, which allows remote attackers to cause
a denial of service (application crash) via a malformed packet
A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).
The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
C.
--
BOFH excuse #442:
Trojan horse ran out of hay
Multiple vulnerabilities has been found and corrected in imagemagick:
Untrusted search path vulnerability in configure.c in ImageMagick
before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows
local users to gain privileges via a Trojan horse configuration file
in the current working directory (CVE-2010-4167).
A flaw was found in the way ImageMagick processed images with malformed
Exchangeable image file format (Exif) metadata. An attacker could
create a specially-crafted image file that, when opened by a victim,
A vulnerability has been found and corrected in tomboy:
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and
earlier place a zero-length directory name in the LD_LIBRARY_PATH,
which allows local users to gain privileges via a Trojan horse shared
library in the current working directory. NOTE: vector 1 exists
because of an incorrect fix for CVE-2005-4790.2 (CVE-2010-4005).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
service (application crash) or possibly execute arbitrary code via
crafted typography information in a Microsoft Word .DOC file that
triggers an out-of-bounds write (CVE-2010-3454).
soffice places a zero-length directory name in the LD_LIBRARY_PATH,
which allows local users to gain privileges via a Trojan horse shared
library in the current working directory (CVE-2010-3689).
Heap-based buffer overflow in Impress allows remote attackers to cause
a denial of service (application crash) or possibly execute arbitrary
code via a crafted PNG file in an ODF or Microsoft Office document,
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using sudoedit,
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Problem Description:
A vulnerability has been identified and corrected in valgrind:
Untrusted search path vulnerability in valgrind before 3.4.0
allows local users to execute arbitrary programs via a Trojan horse
.valgrindrc file in the current working directory, as demonstrated
using a malicious --db-command options. NOTE: the severity of this
issue has been disputed, but CVE is including this issue because
execution of a program from an untrusted directory is a common
scenario. (CVE-2008-4865)
Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).
OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Further this update provides following bug fixes:
Problem Description:
A vulnerability was discovered and corrected in mono:
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8
and earlier allows local users to gain privileges via a Trojan horse
shared library in the current working directory (CVE-2010-4159).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).
OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Addittionaly this update provides following bug fixes:
A vulnerability was discovered and corrected in gnucash:
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3999).
The affected /usr/bin/gnc-test-env file has been removed to mitigate
the CVE-2010-3999 vulnerability as gnc-test-env is only used for
tests and while building gnucash.
Problem Description:
Multiple vulnerabilities has been found and corrected in dstat:
Multiple untrusted search path vulnerabilities in dstat before 0.7.0
allow local users to gain privileges via a Trojan horse Python module
in (1) the current working directory or (2) a certain subdirectory
of the current working directory (CVE-2009-3894, CVE-2009-4081).
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
A vulnerability has been found and corrected in banshee:
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and
earlier place a zero-length directory name in the LD_LIBRARY_PATH,
which allows local users to gain privileges via a Trojan horse shared
library in the current working directory (CVE-2010-3998).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).
OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Addittionaly this update provides following bug fixes:
---[ Software Description ]
Trend Micro(TM) Internet Security Pro provides comprehensive protection
against viruses, Trojan horse programs, worms, and other threats, including
network viruses and rootkits. It also blocks spyware, hackers, phishing
fraud attempts, and unwanted Web sites. It can filter your email messages
for spam as well.
---[ Vulnerability Description ]
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using sudoedit,
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
This updates provides a security update to the OpenOffice.org described
as follow:
OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Addittionaly this update provides following bug fixes:
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,
and release branches branch-1-4 through branch-1-9, when producing a
distribution tarball for a package that uses Automake, assign insecure
permissions (777) to directories in the build tree, which introduces
a race condition that allows local users to modify the contents of
package files, introduce Trojan horse programs, or conduct other
attacks before the build is complete (CVE-2009-4029).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
|
