FTP Buffer Overflows
Pages: 1, 2
Solaris Xsun
The Solaris Xsun application has a buffer overflow that can be exploited by a local user to execute arbitrary code with elevated permissions. The SPARC version of Solaris has Xsun installed "set user group root," while the X86 versions of Solaris have Xsun installed "set user ID root."
If Xsun is executed via dtlogin or xdm, users can remove the set user ID and set group ID bits without losing any functionality. Users
should watch the Sun web site for a patch.
Alcatel ADSL-Ethernet Bridges
A set of problems in the Alcatel ADSL-Ethernet bridge can allow a remote attacker to modify the bridge's configuration, upload new firmware, and stop it from communicating with the ADSL provider. The following problems have been reported. By default, these devices ship with no password set; if the password was set by the user, it can be retrieved by an attacker using TFTP. There is also a cryptographic back door that can be used to bypass the password and other security features.
Users should check the Alcatel web site for updated firmware.
|
Alerts this week: • Pine • Netscape • mkpasswd • Alcatel ADSL-Ethernet Bridges • HylaFAX • cfingerd |
HylaFAX
HylaFAX is an application used to send and receive facsimiles, and send alphanumeric pages. It has been reported that there is a format string bug in HylaFAX that may be exploited to gain root privileges.
Anyone using HylaFAX should watch for confirmation and a fix for this problem.
cfingerd
Cfingerd, a configurable replacement for the finger daemon, has a
format string vulnerability that can be used by a remote attacker to
obtain root privileges. This vulnerability affects version 1.4.3 and
earlier.
Users of cfingerd should disable the daemon until a fix has been made
to the software.
SCO OpenServer
Buffer overflows have been found in SCO OpenServer 5.0.00 through 5.0.6. Applications found to have buffer overflows include:
/usr/bin/accept/usr/bin/cancel/usr/mmdf/bin/deliver/usr/bin/disable/usr/bin/enable/usr/lib/libcurses.a/usr/bin/lp/usr/lib/lpadmin/usr/lib/lpfilter/usr/lib/lpforms/usr/lib/lpmove/usr/lib/lpshut/usr/bin/lpstat/usr/lib/lpusers/usr/bin/recon/usr/bin/reject/usr/bin/rmail/usr/lib/sendmail/usr/bin/tput
All administrators of affected SCO OpenServer systems should install the SSE072B patch dated April 11, 2001.
Trend Micro Interscan VirusWall
Trend Micro Interscan VirusWall, a real-time virus detection and clean-up tool that runs on Linux and other Unix systems, has several bugs that could allow a remote attacker to obtain root privileges.
Users should upgrade to Interscan VirusWall version 3.6 as soon as possible.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
