Lubomir Kundrak

**Name of the Vulnerable Software and Affected Versions** Lynx versions prior to 2.8.6rel.4 Lynx version 2.8.4 Lynx version 2.8.5 **Description** The issue allows local users to execute arbitrary code via malicious files in the current working directory, specifically (1) .mailcap and (2) mime.types files. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For Lynx versions prior to 2.8.6rel.4, update to version 2.8.6rel.4 or later. For Lynx version 2.8.4, update to a version later than 2.8.4. For Lynx version 2.8.5, update to a version later than 2.8.5. As a temporary workaround, consider restricting access to the current working directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Perlbal versions prior to 1.70 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a zero-byte chunked upload when buffered upload is enabled. **Recommendations** For versions prior to 1.70, update to version 1.70 or later to resolve the issue. As a temporary workaround, consider disabling buffered upload until a patch is available.

**Name of the Vulnerable Software and Affected Versions** xine-lib versions 1.1.11 and earlier **Description** The issue is related to multiple integer overflows that can trigger heap-based buffer overflows, potentially allowing remote attackers to execute arbitrary code. This can be achieved through various crafted file types, including .FLV, .MOV, .RM, .MVE, .MKV, and .CAK files, which exploit overflows in specific demuxer files such as demux flv.c, demux qt.c, demux real.c, demux wc3movie.c, ebml.c, and demux film.c. **Recommendations** For xine-lib versions 1.1.11 and earlier, update to a version later than 1.1.11 to resolve the issue. As a temporary workaround, consider avoiding the use of the affected demuxer files until a patch is available. Restrict access to the vulnerable demuxers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The SWORD Project Diatheke versions 1.5.9 and earlier **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `range` parameter. This can lead to unauthorized access and control of the system. **Recommendations** For versions 1.5.9 and earlier, consider restricting access to the `diatheke.pl` script until a patch is available, and avoid using the `range` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** wyrd version 1.4.3b **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `wyrd-tmp.[USERID]` temporary file. **Recommendations** For wyrd version 1.4.3b, consider restricting access to the temporary file `wyrd-tmp.[USERID]` to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mantis versions prior to 1.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gnome-screensaver version 2.20.0 **Description** The notify feature in gnome-screensaver might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. **Recommendations** For gnome-screensaver version 2.20.0, consider disabling the notify feature as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** teTeX versions prior to 2007 TeXlive versions prior to 2007 **Description** The issue allows local users to obtain sensitive information and modify certain data by creating specific temporary files before they are processed by dviljk, which can then be read or modified in place. **Recommendations** For teTeX versions prior to 2007, update to a version newer than 2007 to resolve the issue. For TeXlive versions prior to 2007, update to a version newer than 2007 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** teTeX versions prior to 2007 TeXlive versions prior to 2007 **Description** The issue is related to a stack-based buffer overflow in the hpc.c file of dvips, which can be exploited by user-assisted attackers. This can be achieved through a DVI file containing a long href tag, potentially allowing the execution of arbitrary code. **Recommendations** For teTeX versions prior to 2007, update to a version newer than 2007. For TeXlive versions prior to 2007, update to a version newer than 2007.

**Name of the Vulnerable Software and Affected Versions** balsa versions prior to 2.3.20 **Description** A stack-based buffer overflow issue exists in the `ir fetch seq` function. This could potentially allow remote IMAP servers to execute arbitrary code by sending a long response to a FETCH command. **Recommendations** For versions prior to 2.3.20, update to version 2.3.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ir fetch seq` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: libsndfile versions prior to 1.0.17 Description: The issue is related to a heap-based buffer overflow in the `flac buffer copy` function, which may allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data. This could potentially lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. Recommendations: For libsndfile versions prior to 1.0.17, update to version 1.0.17 or later to resolve the issue. As a temporary workaround, consider restricting access to FLAC files or avoiding the use of the `flac buffer copy` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: lighttpd versions prior to 1.4.18 Description: The issue is related to a buffer overflow in the fcgi env add function, which allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length. This can be achieved by overwriting the `SCRIPT FILENAME` variable. Recommendations: For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: CUPS versions prior to 1.3.5 CUPS service as used in SUSE Linux before 20070720 Description: The issue allows remote attackers to cause problems, including a denial of service, via unspecified vectors related to an incomplete fix that introduced a different problem in SSL negotiation. Multiple vulnerabilities in the CUPS package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For CUPS versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. For the CUPS service as used in SUSE Linux before 20070720, update to a version released after 20070720 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mutt version 1.4.2 **Description** The issue is related to a buffer overflow that might allow local users to execute arbitrary code. This occurs when the GECOS field contains "&" characters, triggering the overflow during alias expansion. **Recommendations** For Mutt version 1.4.2, update to a version that fixes this issue to prevent potential code execution.

**Name of the Vulnerable Software and Affected Versions** lha (affected versions not specified) **Description** The issue is related to the insecure creation of temporary files by lharc.c in lha, potentially allowing local users to read or write files by creating a file before LHA is invoked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elinks version 0.11.1 **Description** The issue is related to an untrusted search path vulnerability in the add filename to string function. This allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory. The vulnerability can be leveraged to conduct format string attacks. **Recommendations** For Elinks version 0.11.1, consider restricting access to the `add filename to string` function in `intl/gettext/loadmsgcat.c` until a patch is available. Avoid using untrusted gettext message catalogs (.po files) in "../po" directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GConf version 2.14.0 Description: The issue allows local users to cause a denial of service by creating directories ahead of time, preventing other users from using Gnome. This occurs because the GConf daemon creates temporary files under directories with names based on the username. Recommendations: For GConf version 2.14.0, consider setting the GCONF GLOBAL LOCKS environment variable to prevent the creation of temporary files under user-based directories as a temporary workaround. Restrict access to the directories where temporary files are created to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU tar versions 1.15.1 through 1.16 **Description** The issue allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE NAMES record with a symbolic link. This is due to improper handling by the extract archive function in extract.c and the extract mangle function in mangle.c. **Recommendations** For GNU tar versions 1.15.1 through 1.16, consider restricting the use of tar files that contain GNUTYPE NAMES records with symbolic links until a patch is available. As a temporary workaround, avoid using the extract archive function and extract mangle function in extract.c and mangle.c, respectively, to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox versions 1.5.0.7 and 2.0 Seamonkey version 1.1b Description: The issue allows remote attackers to cause a denial of service by creating a range object using `createRange`, calling `selectNode` on a `DocType` node, then calling `createContextualFragment` on the range, triggering a null dereference. Recommendations: For Firefox versions 1.5.0.7 and 2.0, consider disabling the `createRange` function until a patch is available. For Seamonkey version 1.1b, restrict access to the `createContextualFragment` method to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick versions prior to 1.1.7 ImageMagick versions prior to 6.0.7 **Description** The issue is related to multiple buffer overflows that can be triggered by user-assisted attacks, potentially leading to a denial of service and possibly the execution of arbitrary code. This can occur through the processing of certain image types, specifically DCM images handled by the `ReadDCMImage` function in `coders/dcm.c`, or PALM images handled by the `ReadPALMImage` function in `coders/palm.c`. **Recommendations** For GraphicsMagick versions prior to 1.1.7, update to version 1.1.7 or later. For ImageMagick versions prior to 6.0.7, update to version 6.0.7 or later.