Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in the Linux kernel, LISTSERV,
gdb, FreeRADIUS, shtool, mailutils, Qpopper, davfs2, libmagick6, picasm, cheetah,
and ppxp.
gdbshtoolmailutilsdavfs2libmagick6picasmppxpNew problems reported in the Linux kernel include: an information disclosure
where one thread can read information from other threads on the same processor,
a bug in the fib_seq_start() function that a local user could exploit to crash
the system, a problem in the code that generates core files for ELF binary
executables that could result in arbitrary code being executed with root permissions,
a bug in the key_user_lookup() function that could be used to crash SMP machines,
and a bug in the code that handles raw and pktcdvd devices that could be used
under some circumstances to execute code with root permissions.
All Linux users should watch their vendors for repaired kernel packages. Repaired packages have been released for Ubuntu Linux versions 4.10 and 5.04.
LISTSERV is a multi-platform mailing list management application that was first released in 1986. The LISTSERV software is reported to be vulnerable to several unspecified bugs that, if exploited, can result in arbitrary code being executed or cause a denial of service.
Users are encouraged to upgrade LISTSERV to version 14.3 level set 2005a or newer as soon as possible.
gdbgdb, the GNU debugger, is vulnerable to a buffer overflow that, under some
conditions, could result in arbitrary code executing with the permissions of
the victim. Additionally, gdb is reported to load startup files from the current
working directory.
Affected users should watch their vendors for a repaired version.
The FreeRADIUS server is an open source RADIUS server that provides additional functionality, including PAM authentication support and Apache authentication support. FreeRADIUS is vulnerable to a SQL injection-based attack and multiple buffer overflows. These vulnerabilities may be exploitable by a remote attacker as part of a denial-of-service attack or to execute arbitrary SQL commands.
Users of FreeRADIUS should watch their vendors for a repaired version.
shtoolGNU shtool is reported to be vulnerable to a temporary-file, symbolic-link
race condition that could be used by a local attacker, under some conditions,
to overwrite arbitrary files on the system with the permissions of the user
running shtool or an application that uses shtool. This vulnerability is reported
to affect version 2.0.1 and earlier of shtool.
Affected users should watch their vendors for an updated version of shtool.
mailutilsThe GNU mailutils imap4d daemon is reported to contain a format-string-based
vulnerability and a buffer overflow in the fetch_io() function; both may
be exploitable by a remote attacker, under some conditions, and result in the
execution of arbitrary code with root permissions. In addition, the imap4d daemon
is reported to be vulnerable to a denial-of-service attack. These vulnerabilities
are reported to affect version 0.6 of mailutils.
The mail command that is distributed with the GNU mailutils package is reported
to be vulnerable to a remote attack that uses a flaw in the header_get_field_name()
function to execute arbitrary code with the permissions of the user running
mail. The remote attacker would conduct this attack by sending the victim a
carefully crafted email that the victim then attempts to read using the mail
command.
Version GNU mailutils 0.6.90 repairs these vulnerabilities and has can be obtained from ftp://alpha.gnu.org/gnu/mailutils.
|
Also in Security Alerts: |
The POP3 email server Qpopper is reported to have several vulnerabilities that may result in files being created or overwritten with root permissions, or in files created with world- or group-writable permissions.
Users should upgrade Qpopper to version 4.0.5-r3 or newer. Debian and Gentoo have released updated packages that repair this problem.
davfs2The Linux implementation of the davfs2 filesystem is reported to improperly
support Unix filesystem permissions. The davfs2 filesystem allows the mounting
of a WebDAV server as a local filesystem. davfs2 is known to be distributed
with Mandrake Linux 9.0 and the unstable Debian.
Affected users should decide what level of risk these bugs present to their systems and consider not mounting the WebDAV server until the bugs have been repaired.
libmagick6The libmagick6 image-processing library is vulnerable to multiple denial-of-service attacks. The vulnerabilities are in code in the PNM image decoder and
the XWD decoder.
Users should watch their vendors for a repaired version of the library. Updated packages have been released for Ubuntu Linux versions 4.10 and 5.04.
picasmThe PIC16Cxx, 2c508, 12c509, and other assembler picasms are reported to be
vulnerable to several buffer overflows that could be exploited by an attacker
who creates carefully crafted code files that the victim then attempts to assemble.
If successfully exploited, arbitrary code is then executed with the victim's
permissions.
All users of picasm should upgrade to version 1.12c as soon as possible and
should exercise care before assembling code from an untrusted source.
The Python-based Cheetah code generator will insecurely import code located in the system temporary directory (/tmp). Under some conditions, this could result in arbitrary code being executed with the permissions of the victim.
Users of Cheetah should upgrade to version 0.9.17rc1 or newer as soon as possible.
ppxpThe PPP daemon ppxp can, under some circumstances, be manipulated into opening
a root shell by an unauthorized user. This problem occurs during the opening
of a log file.
Debian has released a repaired version of ppxp. Users of other distributions
should watch their vendors for a updated version.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
|
Related Reading SSH, The Secure Shell: The Definitive Guide |
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.