Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in the Linux kernel, Mac OS X,
bzip2, WordPress, WebSphere, Peercast, PHPMailer, Binutils, Popper Webmail, Dzip,
and FreeBSD's gzip.
bzip2gzipSeveral problems in the Linux kernel have been announced, including a bug
in ptrace() on AMD64 platforms that could be used to crash the system, a bug
in mmap() that may be exploitable to execute arbitrary code or to crash the
system, a root exploit using a Bluetooth socket, and a potential root exploit
in the 32-bit DRM ioctl functions.
All users should watch their vendors for updated Linux kernel packages and then upgrade as soon as possible.
Apple has released a new security update for Mac OS X named "Security
Update 2005-006." This update repairs a directory traversal bug in the
Bluetooth code and in PHP for both 10.3.* and 10.4.* systems. It also repairs
problems in Mac OS X 10.4.*, including a root vulnerability in the CoreGraphics
Window Server, a temporary-file race condition vulnerability in launchd that
can be trivially exploited to gain root permissions, buffer overflows in the
AFP Server, a bug in CoreGraphics, a bug in PDFKit, a permissions-based race
condition in the cache folder and Dashboard system widgets, a bug in the MCX
client, export restriction problems in the NFS server, and a buffer overflow
in vpnd (the VPN server).
It is recommended that users of Mac OS X upgrade as soon as possible.
bzip2The compression tool bzip2 is reported to be vulnerable to a race condition
in the code that sets the file permissions of files as they are uncompressed.
Users should watch their vendors for a updated version of bzip2. Debian has
released a repaired package.
WordPress is a "state-of-the-art semantic personal publishing platform." Another way to describe it would be as software used to publish a blog. WordPress was named "Web Application of the Year" by ArsTechnica. Multiple problems in WordPress may, under some conditions, be exploitable by a remote attacker in a SQL injection attack, or in a cross-site, scripting-based attack.
All users of WordPress should upgrade to version 1.5.1.2 or newer as soon as possible.
The IBM WebSphere Application Server 5.0 is reported to be vulnerable to a buffer overflow in the WebSphere Application Server Administrative Console when the "global security option" is enabled. Successfully exploiting the buffer overflow could allow a remote attacker to execute code with the permissions of user account running the application server.
IBM is reported to have released WebSphere Application Server 5.0.2 Cumulative Fix 11 to repair this buffer overflow. One possible workaround is to use a firewall tool to block unauthorized access to TCP ports 9080, 9090, and 9043.
Peercast is a peer-to-peer streaming media tool released under the GPL license. Version 0.1211 and earlier are vulnerable to a format-string-based attack that could be exploited to crash the server or to execute arbitrary code on the server with the permission of the user running Peercast.
All users of Peercast should upgrade to the latest available version.
|
Also in Security Alerts: |
PHPMailer is a full-featured email transfer class for PHP. PHPMailer is reported
to have been used to implement email in many different projects, including
eGroupWare, Mambo Open Source, PostNuke, MyPHPNuke, Mantis, Moodle, OOPS, Sourdough, Open Source Suite CRM,
Xaraya, Ciao EmailList Manager, Owl Intranet Knowledgebase, pLiMa (php List
Manager), phplist, Octeth Email Manager Pro, phpwebtools, sendcard, 68 Mailer,
and Coppermine Photo Gallery.
A remotely exploitable denial-of-service vulnerability has been reported in
PHPMailer. The vulnerability is caused by a bug in the SMTP-Class Data() function.
Users of PHPMailer or an affected application that uses PHPMailer should watch for a repaired version and upgrade as soon as possible.
GNU Binutils is a collection of programming utilities that include as, ld,
addr2line, ar, c++filt, gprof, nlmconv, nm, objcopy, objdump, ranlib, readelf,
size, strings, strip, and windres. A buffer overflow in code contained in the
BFD (Binary File Descriptor) parser may be exploitable if victim uses one of
these tools on a file that the attacker has crafted to exploit the buffer overflow.
All affected users should watch their vendors for an upgraded version and upgrade as soon as possible.
Popper Webmail, a web-based email client written in PHP, is vulnerable to an attack that can be exploited by a remote attacker to execute arbitrary code with the permissions of the user account running the web server. The vulnerability is caused by a bug in the file childwindow.inc.php. This vulnerability is reported to affect all versions of Popper Webmail through version 1.41-r2.
One possible workaround is to set the value of register_globals to
off in the system php.ini configuration file. Affected users should consider
disabling Popper Webmail until it has been repaired.
Dzip is a compression and decompression tool designed to work with Quake demo recordings. Dzip reportedly will extract files to arbitrary locations. This can be exploited by a remote attacker who creates a compressed file that will cause problems when it is uncompressed with Dzip.
It is recommended that users watch their vendors for a new version and not use Dzip to uncompress files from untrusted sources until it has been upgraded. A repaired version is available for Gentoo Linux.
gzipFreeBSD has released a repaired version of gzip. This new version of gzip
fixes a directory-traversal vulnerability and a file-permission-based race
vulnerability. All FreeBSD users should upgrade gzip.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
|
Related Reading SSH, The Secure Shell: The Definitive Guide |
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.