Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in Apache, bzip2, Cisco devices,
fetchmail, Netpbm, Ethereal, Proftpd, pstotext, apt-cacher, Compress::Zlib, Gopher,
nbSMTP, and PowerDNS.
bzip2fetchmailpstotextapt-cachernbSMTPThe Apache web server is vulnerable to an attack when it is configured as
an HTTP proxy. This attack uses Transfer-Encoding: chunked and Content-Length
header headers and can result in traffic bypassing a firewall, cross-site scripting attacks, and web cache "poisoning" attacks. Both versions
2.0.45 and 1.3.29 have been reported to be vulnerable to this attack.
Affected users should watch their vendors for a repaired version of Apache.
bzip2bzip2 is a file compression utility. The utility bzgrep, included with bzip2
does not properly handle shell meta-characters in input file names.
It is recommended that users exercise great care in using bzgrep until the
bzip2 package has been repaired.
Cisco has announced that any Cisco devices that are running Cisco IOS or Cisco IOS XR and have at least one interface configured for IPv6 are vulnerable to a denial-of-service (DoS) attack that may also lead to arbitrary code being executed on the machine.
Affected users should contact Cisco for updated software. A possible workaround, if IPV6 is not needed, is to disable IPV6 on all interfaces.
fetchmailfetchmail, a tool used to retrieve email from POP, IMAP, ETRN, and ODMR mail servers, is reported to be vulnerable to a denial-of-service attack
that may, under some conditions, also cause arbitrary code to be executed with
the permissions of the user account running fetchmail.
The attack is conducted by using a carefully constructed email message to crash
fetchmail when the email is retrieved.
Version 6.2.5.2 is available to repair this vulnerability. Fetchmail's home page seems to now be fetchmail.berlios.de. It also seems to be no longer being maintained by Eric Raymond. Instead, the new maintainers are Matthias Andree and Rob Funk.
Netpbm is a collection of graphics utilities and libraries. The pstopnm utility
included with Netpbm converts files in PostScript format to PNM images. A problem
in pstopnm may be exploited by a remote attacker who creates a carefully crafted
PostScript file that, when converted with pstopnm by the victim, could result
in arbitrary code being executed.
It has been reported that this problem is repaired in Netpbm version 10.28.
Ethereal, an open source network sniffer, contains several format-string-based vulnerabilities in various dissectors. These vulnerabilities can be exploited by a remote attacker by sending carefully crafted packets that are dissected by Ethereal directly from the network or from a file containing recorded network traffic.
All users should upgrade to Ethereal 0.10.12 as soon as possible.
The FTP daemon Proftpd is reported to be vulnerable to several format-string-based bugs that may be exploitable by a remote user to cause a denial-of-service attack or execute arbitrary code with root permissions.
All affected users should watch their vendors for a repaired version of Proftpd.
A possible workaround is to avoid using %C, %R, or %U in
the shutdown message and not setting SQLShowInfo.
pstotextpstotext is a utility that converts PostScript and PDF files into text. A
remote attacker can create a PostScript file that, when converted with pstotext,
will execute arbitrary commands with the victim's permissions.
Users should watch for their vendors to release a repaired version of pstotext
and should not use it to convert files from untrusted sources until it has
been repaired.
apt-cacherapt-cacher provides caching of Debian packages. An unspecified bug may be
exploitable by a remote attacker and allow the execution of arbitrary commands
with the permissions of the www-data user account. The woody distribution of
Debian does not include this package.
Users of the sarge or sid distributions of Debian should upgrade apt-cacher
as soon as possible.
Compress::Zlib is a Perl module that contains a local copy of the zlib compression
library that is vulnerable to a buffer overflow that an attacker can exploit
to execute arbitrary code with the victim's permissions.
It is recommended that Compress::Zlib not be used until it has been upgraded
to a version that has a repaired copy of the zlib compression library.
|
Also in Security Alerts: |
Gopher is a client for the Gopher Distributed Hypertext protocol. The version distributed with Debian Linux is reported to be vulnerable to a temporary-file, symbolic-link race condition that could result in local files being overwritten with the victim's permissions. It is not known if other versions are vulnerable.
If you are still using Gopher, and are using it on a multiuser machine, then you should upgrade as soon as possible.
nbSMTPnbSMTP is a small SMTP (email) client designed to be run inside of chroot
jails and other small environments, such as embedded systems, laptops, or workstations.
nbSMTP is vulnerable to a format-string-based vulnerability that may be exploitable
by a remote attacker to execute arbitrary code with the permissions of the
user account running nbSMTP.
All users of nbSMTP are encouraged to upgrade to version 1.0 as soon as possible.
PowerDNS, or pdns, is a name server that can use DNS configuration information
from Bind zone files, relational databases, and LDAP directories. pdns has
been reported to be vulnerable to several denial-of-service attacks.
It is recommended that users upgrade to version 2.9.18 of PowerDNS or watch their vendors for an updated version.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
|
Related Reading Computer Privacy Annoyances |
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.