Exploitalert - Database of Exploits

New xzgv packages fix arbitrary code execution

CVE	Category	Price	Severity
CVE-2006-1060	CWE-122	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2006-04-22

CPE
cpe:cpe:/a:xzgv:new-packages-fix-arbitrary-code-execution

CVSS	EPSS	EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.02192	0.50148

CVSS vector description

Metric	Value	Metric Description	Value Description
Attack vector	Network	AV	The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity	Low	AC	The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required	None	PR	The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
User Interaction	None	UI	The vulnerable system can be exploited without interaction from any human user, other than the attacker. Examples include: a remote attacker is able to send packets to a target system a locally authenticated attacker executes code to elevate privileges
Scope	Unchanged	S	An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality	High	C	There is total information disclosure, resulting in all data on the system being revealed to the attacker, or there is a possibility of the attacker gaining control over confidential data.
Integrity	High	I	There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the attacker being able to modify any file on the target system.
Availability	High	A	There is a total shutdown of the affected resource. The attacker can deny access to the system or data, potentially causing significant loss to the organization.

http://cxsecurity.com/ascii/WLB-2006040080

Debian Security Advisory DSA 1038-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Martin Schulze April 22nd, 2006 http://www.debian.org/security/faq - ------------------------------------------------------------------------ -- Package : xzgv Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2006-1060 Andrea Barisani discovered that xzgv, a picture viewer for X with a thumbnail-based selector, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 0.7-6woody3. For the stable distribution (sarge) this problem has been fixed in version 0.8-3sarge1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your xzgv package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.dsc Size/MD5 checksum: 581 1a95ff78280e98e448b19807e6dacd14 http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.dif f.gz Size/MD5 checksum: 7188 3af533cd6791a61c35cac448cdf7bd86 http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz Size/MD5 checksum: 296814 9a376cc01cf486a2a8901fbc8b040d29 Alpha architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_alp ha.deb Size/MD5 checksum: 199802 8d2c31ecea7c0821a463930a795e4363 ARM architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_arm .deb Size/MD5 checksum: 187280 3e9a89fcb5bca1c3b0cd5afa88b0a628 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_i38 6.deb Size/MD5 checksum: 185464 60cc2843ea8611650074c3b6247c9a68 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_ia6 4.deb Size/MD5 checksum: 220106 81b23a2fef7ea3c0d1e45d531494acce HP Precision architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_hpp a.deb Size/MD5 checksum: 195672 de3c3a653cee6c8a810554179e07dc22 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_m68 k.deb Size/MD5 checksum: 181774 8a51dbe9d11e85c1a50831c2035c1a0d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mip s.deb Size/MD5 checksum: 188680 10ff84344193db70d24e438f48554fc6 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mip sel.deb Size/MD5 checksum: 187718 5ba8e5fa9b7e2b54cb1f11f867431ee5 PowerPC architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_pow erpc.deb Size/MD5 checksum: 189770 909d2af6f68d5d7c49ecbacd2b187293 IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_s39 0.deb Size/MD5 checksum: 189282 22d9c8dad8cf2a577fca2a208e9ed745 Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_spa rc.deb Size/MD5 checksum: 189208 5daa878f409a61f2ea519ac8d1ca5730 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.dsc Size/MD5 checksum: 642 ae7ee0519ba25087b0dbd809a5a1db43 http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.dif f.gz Size/MD5 checksum: 8762 2f40bca80610715c3a48c7cd68733cc4 http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8.orig.tar.gz Size/MD5 checksum: 302801 e392277f1447076402df2e3d9e782cb2 Alpha architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_alp ha.deb Size/MD5 checksum: 210012 6938839b55f3a36a3732a9743ae1a7df AMD64 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_amd 64.deb Size/MD5 checksum: 201782 6b4d5abca89ec0dd92e2f34dd21a51e8 ARM architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_arm .deb Size/MD5 checksum: 194364 a80549d3f3f2e05ad37b45ff087d19c6 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_i38 6.deb Size/MD5 checksum: 195816 69b8d384068d9fc7061997c63bd3075e Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_ia6 4.deb Size/MD5 checksum: 223934 eb187eba5a5aa8bada015cab8d50bde1 HP Precision architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_hpp a.deb Size/MD5 checksum: 202856 931a992b298cc192afcd164f2c379148 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_m68 k.deb Size/MD5 checksum: 189288 61005b854fabb24ee582d66644e39e73 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mip s.deb Size/MD5 checksum: 196818 a3ccaeb5207c03483ab2073134afff84 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mip sel.deb Size/MD5 checksum: 195800 7d63b90f48fda8dc6004ebd65f2b280c PowerPC architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_pow erpc.deb Size/MD5 checksum: 198764 ad327072b62b9901450585abd7d687a0 IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_s39 0.deb Size/MD5 checksum: 200516 4a1a716179571f70adb1fa1685b374a6 Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_spa rc.deb Size/MD5 checksum: 195544 cc23e85b70d38954c3d0e92cc209e2dc These files will probably be moved into the stable distribution on its next update. - ------------------------------------------------------------------------ --------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFESengW5ql+IAeqTIRAvQoAJ4zsax+2KVU1gLhcgWanTI3P7/qBgCaA5x0 JI7zwCVH/xWBKS4iJZICtT8= =utK/ -----END PGP SIGNATURE-----

Impressum