Debian: mozart unsafe mailcap configuration

    Date07 Jul 2003
    CategoryDebian
    2049
    Posted ByLinuxSecurity Advisories
    A malicious Oz program could execute arbitrary codeunder the uid of a user running a MIME-aware client program if theuser selected a file .
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 342-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    July 7th, 2003                           http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozart
    Vulnerability  : unsafe mailcap configuration
    Problem-Type   : remote
    Debian-specific: yes
    
    mozart, a development platform based on the Oz language, includes MIME
    configuration data which specifies that Oz applications should be
    passed to the Oz interpreter for execution.  This means that file
    managers, web browsers, and other programs which honor the mailcap
    file could automatically execute Oz programs downloaded from untrusted
    sources.  Thus, a malicious Oz program could execute arbitrary code
    under the uid of a user running a MIME-aware client program if the
    user selected a file (for example, choosing a link in a web browser).
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.2.3.20011204-3woody1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.2.5.20030212-2.
    
    We recommend that you update your mozart package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1.dsc
          Size/MD5 checksum:      737 db77a39aa2f010ec8834a711401f362b
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1.diff.gz
          Size/MD5 checksum:    13985 dca9c9a8e6d7df6e8c8629f7a6c593c7
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204.orig.tar.gz
          Size/MD5 checksum: 11750595 6dd46e253d42fb3b28f92fbe679f0cca
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/m/mozart/mozart-doc-html_1.2.3.20011204-3woody1_all.deb
          Size/MD5 checksum:  3715030 a9560d20cf60681d7e886ed67fafc39c
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_i386.deb
          Size/MD5 checksum:  2603488 bf5ee9d14f658391b5b52635490b5f9b
         http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_i386.deb
          Size/MD5 checksum:   453818 38da640e3bc647ea2118caea3be5383a
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_m68k.deb
          Size/MD5 checksum:  2693506 773a378bf0d495ff06377fa6447a5bdd
         http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_m68k.deb
          Size/MD5 checksum:   455708 cd8bbdea2e3cb0c78a3fb536349457f3
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_powerpc.deb
          Size/MD5 checksum:  2713842 a2fe0fbe15568cced1ab30ca3afbb5f5
         http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_powerpc.deb
          Size/MD5 checksum:   461030 d0fb02a21bed8c59c23d1f2c4ba225e3
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_sparc.deb
          Size/MD5 checksum:  2616888 adf887815d1f6a8544ef89cce8967bb6
         http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_sparc.deb
          Size/MD5 checksum:   452178 8767035f4d1e4df343b5b38c8b2a91e0
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.