Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in MySQL, umount, KDE's kcheckpass,
GNOME Workstation Command Center, X.org, Squid, TWiki, ncompress, grip, Turquoise
SuperStat, gtkdiskfree, and LessTif.
umountkcheckpassgwcc)ncompressgtkdiskfreeThe MySQL database is vulnerable to an attack that under some conditions can
allow an authenticated user to execute arbitrary code with the permissions
of the user account running the database. This vulnerability is caused by a
buffer overflow in the init_syms function. Versions of MySQL affected by the
buffer overflow include 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta.
All users of MySQL should upgrade to version 4.0.25, 4.1.13, or 5.0.7-beta as soon as possible.
umountThe umount command can under some circumstances be abused by a local attacker
to gain root permissions. This problem is caused by an unintended consequence
of umount's -r command-line parameter.
Users should watch their vendors for an updated linux-utils package.
kcheckpassThe kcheckpass utility distributed with KDE is reported to be vulnerable to
a bug in the lock-file-handling code that, if exploited, could result in an attacker
gaining root access.
All users should watch their vendors for updated KDE packages that repair this
problem. Debian has released packages for sarge and sid.
gwcc)gwcc is the GNOME Workstation Command Center. It is a graphical front end
that runs a collection of network and system utilities, and is reported to
be vulnerable to an attack based on a temporary-file symbolic-link race condition
that can be exploited by a local attacker to overwrite arbitrary files on the
system with the permissions of the victim running gwcc.
It is recommended that gwcc not be used on multiuser systems until it has
been repaired.
The X.org X Window System server is vulnerable to a buffer overflow in code that handles pixmaps. An attacker who creates a very large pixmap may cause a buffer overflow and execute arbitrary code with root permissions.
Users should watch their vendors for repaired X.org packages. Mandriva has released updated packages for Mandrake Linux 10.0, 10.1, 10.2, Corporate 3.0, and Corporate Server 2.1.
Squid, the free, open source web proxy cache server, contains bugs in code
that deals with aborting a request and when handling malformed requests in sslConnectTimeout.
These bugs may be exploitable as part of a denial-of-service attack against
the proxy server.
Users should watch their vendors for a repaired version of Squid. Novell has released updated packages for SuSE Linux 9.0, 9.1, 9.2, and 9.3; SUSE Linux Enterprise Server 8 and 9; and Open Enterprise Server 9.
TWiki is a structured Wiki written using Perl. TWiki has a bug in its history
function that can be exploited by a remote attacker to execute arbitrary shell
commands. The history or revision control function accepts user input, but does
not check this input for shell meta-characters.
A hotfix to repair this problem is available. Users should go to twiki.org for more information.
ncompressncompress is a file compression utility that is designed as a fast replacement
to the standard Unix compress utility. ncompress is reported to be vulnerable
to an attack based on a temporary-file symbolic-link race condition that can be exploited
by any local attacker to overwrite arbitrary files on the system with the permissions
of user compressing or uncompressing files with ncompress. The report states
that all versions of ncompress through version 4.2.4-r1 are vulnerable to this
attack.
Users of multiuser systems should either replace ncompress with the standard
compress utility or with gzip until ncompress has been patched.
Grip, a graphical front end for CD rippers, is reported to be vulnerable to a buffer overflow in code that handles the data returned from CDDB servers. A CDDB server controlled by an attacker can respond to a query from Grip, causing a buffer overflow and execution of arbitrary code on the victim's machine.
All users of Grip should upgrade as soon as possible to a repaired version. The Fedora Legacy project has released a repaired version of Grip for Fedora Core 1, Red Hat Linux 7.3, and Red Hat Linux 9.
|
Also in Security Alerts: |
Turquoise SuperStat gathers statistics about Usenet news spools and Fidonet message areas. Turquoise SuperStat has a buffer overflow in code relating to the date parser that under some conditions may be exploitable by a remote attacker to execute arbitrary code with the permissions of the victim.
It is recommended that users upgrade to version 2.2.4 of Turquoise SuperStat as soon as possible.
gtkdiskfreegtkdiskfree is vulnerable to an attack based on a temporary-file symbolic-link race condition that can be exploited by a local attacker to overwrite arbitrary
files on the system with the permissions of the victim.
No current website or information on gtkdiskfree could be found. Anyone using
it should consider disabling it until it has been patched or replaced.
LessTif is a clone of OSF/Motif. OSF/Motif is a standard user interface toolkit for building X Window applications under Linux and Unix. Both LessTif versions 1 and 2 are reported to be vulnerable to multiple buffer overflows due to bugs in code that reads a XPM image file. An attacker could use a carefully crafted XPM file to exploit this vulnerability. This problem in the XPM code affected a wide range of applications and was not specific to LessTif.
Affected users should watch their vendors for updated libraries. It should be noted that some distributions fixed this problem in LessTif version 2 last year. It should be noted that LessTif 1 has been flagged as obsolete and should be replaced with LessTif 2.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
|
Related Reading Security and Usability |
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.