Welcome to Security Alerts, an overview of recent Unix and open source
security advisories. In this column, we look at buffer overflows in
mutt, groff, OpenServer's lpstat, and mIRC; and problems in Plesk,
OpenLDAP, mrtgconfig, dnrd, Perdition, DeleGate, BSCW, Oracle9iAS Web Cache, and FreeBSD's AIO.
The email client mutt has a buffer overflow that can be exploited by a
remote attacker to execute code with the permissions of the user
running mutt.
Users should watch their vendor for an updated mutt package that
repairs this problem.
Plesk is a Web-based front end for administrating Unix-based Web servers that is written in PHP. Versions of Plesk before 2.0 have a vulnerability that can allow an attacker to read the source of all of the PHP files in Plesk and obtain information (such as passwords).
PLESK recommends that users upgrade to version 2.0 and turn off the UserDir directive in their Web server.
A problem in OpenLDAP can be used to make unauthorized changes to non-mandatory fields in the database. In the 2.0.8 and later versions of OpenLDAP only authenticated users can exploit this problem but in versions earlier than 2.0.8 anonymous users can abuse this problem. OpenLDAP versions 1.2.x are not vulnerable to this problem.
It is recommended that users upgrade OpenLDAP to version 2.0.21 or newer.
mrtgconfig is a Web-based front end for the Multi Router Traffic
Grapher (MRTG). MRTG monitors network traffic and creates HTML pages
with the statistics. mrtgconfig has a path discloser vulnerability
and also can be manipulated into displaying the first line of any file
on the system that is readable by the user executing the Web
server. Version 0.5.9 of mrtgconfig has been reported to be vulnerable
to these problems.
Users should watch mrtgconfig's home page for a repaired version.
The proxy DNS daemon dnrd has a vulnerability that can be used to
crash the server and, under some circumstances, may be exploitable to
gain additional permissions.
Users should watch their vendor for an updated package.
Perdition, a mail-retrieval proxy server, is vulnerable to a format-string bug in the required library vanessa_logger. This vulnerability
can be used by a remote attacker to execute arbitrary code on the
server with the permissions of the user executing Perdition. Version
0.0.1 of the library vanessa_logger is reported to be vulnerable.
It is recommended that users disable Perdition until the vanessa_logger
library has been upgraded to version 0.0.2 or newer. It is reported
that the vanessa_logger library can be found here. It is also
recommended that Perdition be executed using the --username and
--group options to cause it to run with normal user permissions.
DeleGate is a multi-purpose application-level gateway, or proxy server. Versions 7.7.1 and 7.7.0 are vulnerable to a cross-site scripting vulnerability that can be used by an attacker to execute arbitrary scripts in the victim's browser.
Users should upgrade to DeleGate version 7.8.0.
BSCW (Basic Support for Cooperative Work), a Web-based groupware server, has a problem in the default configuration that allows users to register accounts on the server, and a vulnerability related to unfiltered shell meta characters that can be used by an attacker to execute arbitrary commands on the server with the permissions of the user running the Web server.
It is recommended that users decide if self-registration is acceptable and configure the system appropriately, and that they watch for a patch for the unfiltered shell meta characters vulnerability.
The Oracle9iAS Web Cache is vulnerable to an attack that can be used by a local attacker to overwrite files with the permissions of the Oracle user, gain access to the Oracle account, and obtain the password for the Web Cache administrator account.
Users should contact Oracle for a patch to repair this problem.
The grn preprocessor that is part of the groff document-formatting
system has a buffer overflow that may be exploitable to gain
additional privileges.
|
Related Reading 
Learning Red Hat Linux |
Affected users should upgrade to a repaired version as soon as possible. If printing is not needed on the system, users should consider removing or disabling the printing system.
AIO is a POSIX standard for asynchronous I/O. Under some conditions, AIO under FreeBSD can be exploited to gain additional privileges. AIO is not enabled by default in the FreeBSD kernel.
The security requirements of the system should be considered before AIO is enabled on a FreeBSD machine.
The lpstat commands supplied with OpenServer versions 5.0.6a and
earlier have a buffer overflow that can be used by a local attacker to
gain additional privileges.
Caldera recommends that users upgrade the lpstat command as soon as
possible, or remove its set group id bit.
The windows IRC client mIRC has a buffer overflow that can be
exploited by a specially-crafted IRC server to execute arbitrary code
on the user's machine. It is possible to create a Web page that, when
viewed with Internet Explorer, will execute mIRC and connect it to the
specified IRC server. This vulnerability affects all versions of mIRC
prior to version 6.0.
Anyone with mIRC installed on their machine should remove it or
upgrade it to version 6.0 as soon as possible.
The time daemon in.timed that is supplied with all versions of
UnixWare 7 and with version 8.0.0 of Open Unix does not enforce null
termination of strings. This may be exploitable as part of a denial-of-service attack.
Caldera recommends that affected users upgrade the in.timed binary or, if timed is not needed, disable the binary.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.