ID

VAR-200502-0025

CVE

CVE-2004-0975

TITLE

OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability

DESCRIPTION

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL include der_chop The script contains a flaw that creates a temporary file in an inappropriate way for security reasons, so there is a vulnerability that is subject to symbolic link attacks.der_chop An arbitrary file may be created or overwritten with the privileges of the user executing the script. OpenSSL is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. OpenSSL is an open source SSL suite. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: gzip Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21996 VERIFY ADVISORY: http://secunia.com/advisories/21996/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: gzip 1.x http://secunia.com/product/4220/ DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A boundary error within the "make_table()" function in unlzh.c can be used to modify certain stack data. tricking a user or automated system into unpacking a specially crafted archive file. tricking a user or automated system into unpacking a specially crafted "pack" archive file. 3) A buffer overflow within the "make_table()" function of gzip's LZH support can be exploited to cause a DoS and potentially to compromise a vulnerable system by e.g. tricking a user or automated system into unpacking an archive containing a specially crafted decoding table. 4) A NULL pointer dereference within the "huft_build()" function and an infinite loop within the LZH handling can be exploited to cause a DoS by e.g. tricking a user or automated system into unpacking a specially crafted archive file. The vulnerabilities have been reported in version 1.3.5. Other versions may also be affected. SOLUTION: Do not unpack untrusted archive files. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy, Google Security Team ORIGINAL ADVISORY: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 OTHER REFERENCES: US-CERT VU#554780: http://www.kb.cert.org/vuls/id/554780 US-CERT VU#381508: http://www.kb.cert.org/vuls/id/381508 US-CERT VU#773548: http://www.kb.cert.org/vuls/id/773548 US-CERT VU#933712: http://www.kb.cert.org/vuls/id/933712 US-CERT VU#596848 http://www.kb.cert.org/vuls/id/596848 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-333A Apple Releases Security Update to Address Multiple Vulnerabilities Original release date: November 29, 2006 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.x and 10.4.x * Apple Mac OS X Server version 10.3.x and 10.4.x * Apple Safari web browser These vulnerabilities affect both Intel-based and PowerPC-based Apple systems. Overview Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed. I. Description Apple Security Update 2006-007 addresses a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, and other products. Further details are available in the related vulnerability notes. This security update also addresses previously known vulnerabilities in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. The OpenSSL vulnerabilities are documented in multiple vulnerability notes. Information is also available through the OpenSSL vulnerabilities page. Information about the vulnerabilities in gzip is available in a series of vulnerability notes. II. Impact The impacts of these vulnerabilities vary. For specific details, see the appropriate vulnerability notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. Solution Install updates Install Apple Security Update 2006-007. This and other updates are available via Apple Update or via Apple Downloads. IV. References * Vulnerability Notes for Apple Security Update 2006-007 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007> * Vulnerability Notes for OpenSSL Security Advisory [28th September 2006] - <http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928> * Vulnerability Note VU#845620 - <http://www.kb.cert.org/vuls/id/845620> * Vulnerability Note VU#933712 - <http://www.kb.cert.org/vuls/id/933712> * Vulnerability Note VU#381508 - <http://www.kb.cert.org/vuls/id/381508> * Vulnerability Note VU#554780 - <http://www.kb.cert.org/vuls/id/554780> * Vulnerability Note VU#596848 - <http://www.kb.cert.org/vuls/id/596848> * Vulnerability Note VU#773548 - <http://www.kb.cert.org/vuls/id/773548> * About the security content of Security Update 2006-007 - <http://docs.info.apple.com/article.html?artnum=304829> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Apple Downloads - <http://www.apple.com/support/downloads/> * OpenSSL: OpenSSL vulnerabilities - <http://www.openssl.org/news/vulnerabilities.html> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-333A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-333A Feedback VU#191336" in the subject. _________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 29, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6 lJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz iN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7 xr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf 8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q A580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg== =f7N+ -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

Design Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

The individual or individuals responsible for the discovery of this issue is currently unknown; Trustix security engineers are credited with these discoveries.

SOURCES

LAST UPDATE DATE

2024-09-17T22:53:53.948000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE