Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in Qt, SpamAssassin, MySQL,
rsync, NetBSD ftpd, Xine-lib, KDE, Adobe Acrobat Reader, Gaim, and xv.
Qt, a C++ application development framework, is reported to have a buffer overflow in its image parsers that may affect any application linked against Qt and that processes BMP, XPM, GIF, and JPEG images. The attacker can exploit this vulnerability by carefully constructing a BMP, XPM, GIF, or JPEG image which then must be viewed or browsed by the victim using a tool linked with Qt. Successful exploits of this vulnerability may result in arbitrary code being executed. Examples of tools affected by this vulnerability are QT-based image viewers and the Konqueror web browser.
It is recommended that users upgrade to Qt version 3.3.3 or newer as soon as possible.
SpamAssassin uses a set of filters to identify and process spam by discarding, storing in a folder, or marking (in the subject line) email as spam. It is highly configurable and used by many users. SpamAssassin is reported to be vulnerable, in some cases, to a denial-of-service attack that uses malformed email messages to crash SpamAssassin. The vulnerability is reported to affect versions 2.5x and 2.6x of SpamAssassin.
Users should upgrade to SpamAssassin version 2.64 or newer as soon as possible or should watch their vendors for a updated package.
The mysqlhotcopy script distributed with the MySQL database is
reported to be vulnerable to a temporary-file, symbolic-link-based race condition
that may be exploitable by a local attacker to overwrite arbitrary files with
the permissions of the user account executing the mysqlhotcopy script.
Affected users should watch for a repaired version of MySQL. Debian has released repaired packages.
rsyncA path-sanitizing bug in all versions of rsync prior to 2.6.3pre1
may be exploitable, under some conditions, to read and write to files outside
of the specified directory path. rsync is only vulnerable when it is running in
daemon mode and configured with chroot = false.
Users should upgrade to version 2.6.3pre1 or newer of rsync as soon as possible.
It is also suggested that rsync be configured to run in a chrooted environment
(i.e. chroot = true) and that rsync be configured to run with the minimum user
permissions necessary. If it is not possible to upgrade, rsync chroot = true
should be set. Updated packages have been released for Gentoo Linux, Linux Netwosix,
Trustix Secure Linux, Debian GNU/Linux, tinysofa, SuSE Linux, and Mandrake Linux.
ftpdThe FTP daemon distributed with NetBSD 1.6.2 and other versions is vulnerable
to an attack on the FTP daemon that can be exploited by an attacker to gain
FTP access as the root user. With FTP access as the root user, an attacker
has many ways to gain remote root shell access to the machine. Versions
of FTP vulnerable to this problem include all versions of lukemftpd, NetBSD-ftpd
before 20040809, and versions of tnftpd before 20040810. NetBSD has disabled
FTP by default in all versions from NetBSD-1.5.3 to the current version.
Affected users should upgrade their FTP daemon to a repaired version, disable
FTP, or add a -r switch to the FTP daemon in the /etc/inetd.conf file and then
reload inetd. The -r switch causes the FTP daemon to permanently drop root permissions
once the user logs in.
Xine-lib, used by the free Linux media player Xine, has a buffer overflow in
the vcd:// buffer that can be used by a remote attacker who uses a carefully
crafted playlist file to exploit the buffer overflow and execute arbitrary code
with the permissions of the user running Xine. Code to exploit the buffer overflow
has been released to the public.
Users should watch for repaired version of Xine-lib and exercise care when viewing playlists and other files using Xine.
Bugs in the mcoputils code and the dcopserver code in the KDE libraries can
be exploited in a temporary-file, symbolic-link race-condition-based attack that
can result in an attacker overwriting arbitrary files, causing a denial of service.
It is recommended that users upgrade KDE as soon as possible.
The Adobe Acrobat Reader application for Unix systems is used to display PDF (Portable Document Format) files. The code that handles uudecoding in the Adobe Acrobat Reader does not check the length of the filename of the encoded file before it copies it into a fixed-size buffer. The resulting buffer overflow can be exploited by a remote attacker to execute arbitrary code if the attacker can trick the victim into opening a carefully crafted PDF file.
Users should upgrade to version 5.0.9 of the Adobe Acrobat Reader as soon as possible and should exercise care in opening untrusted PDF files.
The Gaim instant messenger client is reported to be vulnerable to multiple buffer overflows, including one in the code that handles MSN protocol parsing. Some of these buffer overflows may be exploitable by a remote attacker to execute arbitrary code with the permissions of the user running Gaim.
Users should watch their vendors for a repaired version of Gaim.
xvThe xv image viewer is reported to be have multiple buffer-overflow bugs that
may be exploitable by a remote attacker to execute arbitrary code, if a user
views a carefully constructed image file sent by the attacker. These buffer
overflows were reported to affect version 3.10a of xv.
Users should watch their vendors for a repaired version of xv.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.