Max Vozeler

Name of the Vulnerable Software and Affected Versions: zabbix versions prior to 20061006 Description: The issue concerns multiple format string vulnerabilities that could allow attackers to cause a denial of service, potentially leading to an application crash, and possibly execute arbitrary code. This is achieved through format string specifiers in information that would be recorded in the system log using functions such as `zabbix log` or `zabbix syslog`. Recommendations: For versions prior to 20061006, update to a version released after 20061006 to resolve the issue. As a temporary workaround, consider restricting the use of `zabbix log` and `zabbix syslog` functions until a patch is available.

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 20061006 Description: The issue is related to multiple buffer overflows that can cause a denial of service, potentially leading to application crashes, and may allow the execution of arbitrary code. This is achieved by sending long strings to the `zabbix log` and `zabbix syslog` functions. Recommendations: For versions prior to 20061006, update to a version released after 20061006 to resolve the issue. As a temporary workaround, consider restricting input to the `zabbix log` and `zabbix syslog` functions to prevent long strings from being processed.

**Name of the Vulnerable Software and Affected Versions** scponly versions 4.1 and earlier **Description** The issue allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD PRELOAD to modify expected function calls in the setuid application. Additionally, multiple vulnerabilities in the scponly package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For scponly versions 4.1 and earlier, consider upgrading to a version later than 4.1 to resolve the issue. As a temporary workaround, consider restricting the use of LD PRELOAD mechanisms and setuid applications to minimize the risk of exploitation. Avoid using setuid applications in chroot directories until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** rssh versions 2.0.0 through 2.2.3 rssh versions prior to 2.3.0 **Description** The issue allows local users to bypass access restrictions and gain root privileges. It may lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally. **Recommendations** For versions 2.0.0 through 2.2.3, update to version 2.3.0 or later to resolve the issue. For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rssh chroot helper` command until a patch is available.

**Name of the Vulnerable Software and Affected Versions** maildrop versions prior to 1.5.3 **Description** The issue allows local users to gain privileges via command line arguments because lockmail in maildrop does not drop privileges before executing commands. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pstotext versions prior to 1.8g **Description** The issue arises from the improper use of the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files. This allows remote attackers to execute arbitrary commands via a malicious PostScript file. **Recommendations** For versions prior to 1.8g, update to version 1.8g or later to resolve the issue. As a temporary workaround, consider restricting access to the pstotext functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** netpbm (affected versions not specified) **Description** The issue concerns the pstopnm function in netpbm, which fails to properly utilize the "-dSAFER" option when invoking Ghostscript for converting PostScript files into PBM, PGM, or PNM files. This oversight enables external attackers, with user assistance, to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emacs versions 20.x through 21.3 XEmacs versions prior to 21.4 **Description** The issue is related to a format string vulnerability in the movemail utility. This vulnerability allows remote malicious POP3 servers to execute arbitrary code via crafted packets. **Recommendations** For Emacs versions 20.x through 21.3, update to a version later than 21.3 to resolve the issue. For XEmacs versions prior to 21.4, update to version 21.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Evolution versions 2.0.2 and earlier **Description** The issue allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1. This leads to a zero byte memory allocation and a buffer overflow in the camel-lock-helper. **Recommendations** For Evolution versions 2.0.2 and earlier, update to a version later than 2.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the camel-lock-helper until a patch is available.

**Name of the Vulnerable Software and Affected Versions** yardradius version 1.0.20 **Description** The issue affects the yardradius package in Debian GNU/Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. It can be exploited remotely. A buffer overflow in the `process menu` function allows remote attackers to execute arbitrary code. **Recommendations** For yardradius version 1.0.20, consider disabling the `process menu` function as a temporary workaround until a patch is available. Restrict access to the yardradius package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cdrtools versions prior to 2.01 **Description** The issue allows local users to gain privileges due to improper handling of privileges when executing a program specified in the `RSH` environment variable. **Recommendations** For versions prior to 2.01, consider removing the setuid root bit from the cdrecord executable to prevent privilege escalation until a fixed version can be installed.