SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libXpm Vendors:   X.org
(Mandrake Issues Fix) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012302
SecurityTracker URL:  http://securitytracker.com/id/1012302
CVE Reference:   CVE-2004-0914   (Links to External Site)
Date:  Nov 23 2004
Impact:   Denial of service via local system, Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): R6.8.1 and prior versions
Description:   Several vulnerabilities were reported in libXpm. A user can create a specially crafted image file that, when processed by libXpm, may cause the application to crash or execute arbitrary code.

The vendor reported that the code contains multipel integer overflows, memory access errors, input validation errors, and logic errors. A remote user may be able to execute shell commands, traverse the directory, and cause denial of service conditions.

Petr Mladek and Thomas Biege are credited with reporting these flaws.

Impact:   A user can create an image file that, when processed by the target application, will cause denial of service conditions or execute arbitrary code on the target system. the specific impact depends on the application that uses libXpm.
Solution:   Mandrake has issued a fix.

Mandrakelinux 10.0:
6b3453de798acc7020f5f53f3e160673 10.0/RPMS/libxpm4-3.4k-27.2.100mdk.i586.rpm
0b26896ede6846a74aab29ff67bb4eb6 10.0/RPMS/libxpm4-devel-3.4k-27.2.100mdk.i586.rpm
37b8b1901d808934e8e1084264bde60b 10.0/SRPMS/xpm-3.4k-27.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ab8ec33b42a021ba05aac29b26b91cb3 amd64/10.0/RPMS/lib64xpm4-3.4k-27.2.100mdk.amd64.rpm
fecd9804be4b8c16f2bcda27c041d13a amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.2.100mdk.amd64.rpm
37b8b1901d808934e8e1084264bde60b amd64/10.0/SRPMS/xpm-3.4k-27.2.100mdk.src.rpm

Mandrakelinux 10.1:
492e768f18555e1d6096e9061c356ebd 10.1/RPMS/libxpm4-3.4k-28.1.101mdk.i586.rpm
a84d8584c9c58e08d6e01c52fc6a3de1 10.1/RPMS/libxpm4-devel-3.4k-28.1.101mdk.i586.rpm
0e2425dfa7b33b9446661cf10c2f3d2d 10.1/SRPMS/xpm-3.4k-28.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
956f34afe9c71f8ed439722a8edee292 x86_64/10.1/RPMS/lib64xpm4-3.4k-28.1.101mdk.x86_64.rpm
d8941408e789d6dc6b70073f1fe7b689 x86_64/10.1/RPMS/lib64xpm4-devel-3.4k-28.1.101mdk.x86_64.rpm
0e2425dfa7b33b9446661cf10c2f3d2d x86_64/10.1/SRPMS/xpm-3.4k-28.1.101mdk.src.rpm

Corporate Server 2.1:
8af4abbd31cc4fd1ba232ed697664b16 corporate/2.1/RPMS/libxpm4-3.4k-21.2.C21mdk.i586.rpm
b45e47efe6bc3d1de784e72a10319b24 corporate/2.1/RPMS/libxpm4-devel-3.4k-21.2.C21mdk.i586.rpm
fbb74336950e487af490ac5748a81d8a corporate/2.1/SRPMS/xpm-3.4k-21.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
bfde0d277eb562d59883803b3b81f2ed x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.2.C21mdk.x86_64.rpm
29248a40d731e6379fa6f18c4ec2e41c x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.2.C21mdk.x86_64.rpm
fbb74336950e487af490ac5748a81d8a x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.2.C21mdk.src.rpm

Mandrakelinux 9.2:
2a7e4bacd58df0abe0b6c379c491ba19 9.2/RPMS/libxpm4-3.4k-27.2.92mdk.i586.rpm
fc1495046860e6b6a1c50db6b8584613 9.2/RPMS/libxpm4-devel-3.4k-27.2.92mdk.i586.rpm
52842751cd00ab528d5195ee073183dd 9.2/SRPMS/xpm-3.4k-27.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
c6072becb352417e46e8f4c0f0c60448 amd64/9.2/RPMS/lib64xpm4-3.4k-27.2.92mdk.amd64.rpm
9afa723c45efcfec02ae432c1642fb66 amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.2.92mdk.amd64.rpm
52842751cd00ab528d5195ee073183dd amd64/9.2/SRPMS/xpm-3.4k-27.2.92mdk.src.rpm

Vendor URL:  x.org/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 10.1, 9.2, Corporate Server 2.1

Message History:   This archive entry is a follow-up to the message listed below.
Nov 17 2004 libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Full-Disclosure] MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libxpm4
 Advisory ID:            MDKSA-2004:137
 Date:                   November 22nd, 2004

 Affected versions:	 10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 The XPM library which is part of the XFree86/XOrg project is used         
 by several GUI applications to process XPM image files.                      
 
 A source code review of the XPM library, done by Thomas Biege of the 
 SuSE Security-Team revealed several different kinds of bugs. These bugs 
 include integer overflows, out-of-bounds memory access, shell command 
 execution, path traversal, and endless loops.
 
 These bugs can be exploited by remote and/or local attackers to gain 
 access to the system or to escalate their local privileges, by using a
 specially crafted xpm image.
 
 Updated packages are patched to correct all these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6b3453de798acc7020f5f53f3e160673  10.0/RPMS/libxpm4-3.4k-27.2.100mdk.i586.rpm
 0b26896ede6846a74aab29ff67bb4eb6  10.0/RPMS/libxpm4-devel-3.4k-27.2.100mdk.i586.rpm
 37b8b1901d808934e8e1084264bde60b  10.0/SRPMS/xpm-3.4k-27.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 ab8ec33b42a021ba05aac29b26b91cb3  amd64/10.0/RPMS/lib64xpm4-3.4k-27.2.100mdk.amd64.rpm
 fecd9804be4b8c16f2bcda27c041d13a  amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.2.100mdk.amd64.rpm
 37b8b1901d808934e8e1084264bde60b  amd64/10.0/SRPMS/xpm-3.4k-27.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 492e768f18555e1d6096e9061c356ebd  10.1/RPMS/libxpm4-3.4k-28.1.101mdk.i586.rpm
 a84d8584c9c58e08d6e01c52fc6a3de1  10.1/RPMS/libxpm4-devel-3.4k-28.1.101mdk.i586.rpm
 0e2425dfa7b33b9446661cf10c2f3d2d  10.1/SRPMS/xpm-3.4k-28.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 956f34afe9c71f8ed439722a8edee292  x86_64/10.1/RPMS/lib64xpm4-3.4k-28.1.101mdk.x86_64.rpm
 d8941408e789d6dc6b70073f1fe7b689  x86_64/10.1/RPMS/lib64xpm4-devel-3.4k-28.1.101mdk.x86_64.rpm
 0e2425dfa7b33b9446661cf10c2f3d2d  x86_64/10.1/SRPMS/xpm-3.4k-28.1.101mdk.src.rpm

 Corporate Server 2.1:
 8af4abbd31cc4fd1ba232ed697664b16  corporate/2.1/RPMS/libxpm4-3.4k-21.2.C21mdk.i586.rpm
 b45e47efe6bc3d1de784e72a10319b24  corporate/2.1/RPMS/libxpm4-devel-3.4k-21.2.C21mdk.i586.rpm
 fbb74336950e487af490ac5748a81d8a  corporate/2.1/SRPMS/xpm-3.4k-21.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 bfde0d277eb562d59883803b3b81f2ed  x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.2.C21mdk.x86_64.rpm
 29248a40d731e6379fa6f18c4ec2e41c  x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.2.C21mdk.x86_64.rpm
 fbb74336950e487af490ac5748a81d8a  x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.2.C21mdk.src.rpm

 Mandrakelinux 9.2:
 2a7e4bacd58df0abe0b6c379c491ba19  9.2/RPMS/libxpm4-3.4k-27.2.92mdk.i586.rpm
 fc1495046860e6b6a1c50db6b8584613  9.2/RPMS/libxpm4-devel-3.4k-27.2.92mdk.i586.rpm
 52842751cd00ab528d5195ee073183dd  9.2/SRPMS/xpm-3.4k-27.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 c6072becb352417e46e8f4c0f0c60448  amd64/9.2/RPMS/lib64xpm4-3.4k-27.2.92mdk.amd64.rpm
 9afa723c45efcfec02ae432c1642fb66  amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.2.92mdk.amd64.rpm
 52842751cd00ab528d5195ee073183dd  amd64/9.2/SRPMS/xpm-3.4k-27.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBoro/mqjQ0CJFipgRAq9/AKCqr4Ajy/U5AtWrjeCLiTzL01N0bACg7ZP9
cuNroP3+yd7y3eD9LujZ47U=
=Mmol
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC