Buffer overflows in OpenUnix 8 utilities and the Solaris printer daemon
09/04/2001Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in snmpXdmid, OpenUnix 8 utilities, TrollFTPD, gdm, the Solaris printer daemon, and the HP-UX line printer daemon; and vulnerabilities in xinetd, gnut, NetBSD sendmsg, Mambo Site Server, phpBB, Macromedia ColdFusion Server, JavaServer WDK, and BSCW.
Alerts this week:
• xinetd
• gnut
• phpBB
• Macromedia ColdFusion Server
• gdm
• BSCW
xinetd
A security audit of xinetd, a replacement for the inetd super server by Solar Designer and others, has resulted in the fixing of many security and reliability related bugs.
All users of xinetd should upgrade to version 2.3.3 or newer as soon as possible.
gnut
gnut, a console- and Web-based Gnutella client available for Linux and Windows, is vulnerable to an HTML injection attack. This attack is conducted by sharing a file with HTML embedded into the file name.
All users of gnut should upgrade to version 0.4.27 or newer.
Solaris snmpXdmid
The snmpXdmid daemon is an agent that functions as part of the Solstice Enterprise Agent Desktop Management Interface package. It maps Simple Network Management Interface requests to equivalent Desktop Management Interface requests. Versions of snmpXdmid supplied with Solaris 2.6, 7, and 8 have a buffer overflow that can be exploited remotely to execute arbitrary code with the permissions of the root user.
Users should apply the appropriate patch from Sun.
NetBSD sendmsg
The NetBSD function call sendmsg() can be used by a malicious user to panic the system, causing a denial of service. It has been announced that all versions of NetBSD from 1.3 on are vulnerable to this denial-of-service attack.
It is recommended that users upgrade any NetBSD machines to NetBSD systems dated July 1, 2001, or newer; rebuild the kernel; and reboot the system.
Mambo Site Server
Mambo Site Server is a content management tool written using PHP and MySQL. A design flaw in the use of global variables can be exploited to gain administrative control over Mambo.
Users of Mambo should watch for an updated version that repairs this problem.
OpenUnix 8 Buffer Overflows
It has been reported that there are buffer overflows in the OpenUnix 8 utilities dtaction, dtprintinfo, and dtsession.
Users of OpenUnix 8 should watch Caldera for patches to fix these problems.
phpBB
phpBB, a Web-based bulletin board program, has several vulnerabilities that can lead to increased permissions and allow arbitrary commands to be executed on the server with the permissions of the user executing the Web server.
Users of phpBB should upgrade to version 1.4.1 or newer.
Macromedia ColdFusion Server
Vulnerabilities have been found in two example applications that ship with Macromedia ColdFusion. These vulnerabilities can be used to view files, create files, and execute commands on the server running ColdFusion. ColdFusion Servers 4.x for Windows, Solaris, HP-UX, and Linux have been reported to be vulnerable. Version 5 of ColdFusion Server has been reported as not vulnerable.
Macromedia recommends that example applications and documentation not be installed on production servers, that the /CFDOCS directory tree be removed from all production servers, and that users read the Macromedia ColdFusion "Best Security Practices" document available from the Allaire Web site.
Pages: 1, 2 |
