OpenOffice Irritation
by Noel Davis10/20/2003
Welcome to Security Alerts, an overview of recent Unix and open source
security advisories. In this column, we look at problems in
OpenOffice, slocate, fetchmail, GDM, Tomcat, ircd, HPUX's dtprintinfo
OpenOffice
A denial-of-service attack against the OpenOffice office suite (when it
is running with remote access enabled) has been reported. In the
report, the attacker connects to a port that OpenOffice opens when
it is started with the command line soffice "-accept=socket,
host=<ip>, port=8100;" and sends to the port a series of characters.
Reportedly, after receiving the series of characters, OpenOffice then
crashes and opens its error report dialog window.
Users of OpenOffice who configure it for remote access should watch for an updated version of OpenOffice that provides protection from this type of attack, and should consider protecting the port opened by OpenOffice from attack using a tool such as a firewall.
slocate
slocate (Secure Locate) is a more secure version of the utility
locate. Like locate, it allows a user to quickly search for files on a
system, but it also stores ownership and file permissions, so users
will not find files that they should have been unable to see.
slocate is reported to be vulnerable to a buffer overflow that may be
exploitable by a local attacker to execute arbitrary code. If slocate
is installed with a set user or group id bit, this vulnerability could
be exploited to gain additional permissions. A utility program to
automate the exploitation of the vulnerability in slocate has been
released to the public.
Users should upgrade to version 2.7 or newer of slocate as soon as
possible. If it is not possible to upgrade, or if slocate is not being
used on the system, users should consider removing or disabling it.
|
Related Reading 
Linux Security Cookbook |
fetchmail
fetchmail is a tool used to retrieve email from a POP-, IMAP-, ETRN-, or
ODMR- capable mail server. A denial-of-service attack against
fetchmail has been released that involves the attacker using a
carefully constructed email message to crash fetchmail when email is
retrieved. The denial-of-service attack is reported to work against
fetchmail version 6.2.4. It is not known if any other versions are
affected.
Users of fetchmail should watch for a version that repairs this bug.
A patched version of fetchmail has been released for Mandrake Linux
9.2.
GDM
GDM, the Gnome Display Manager, is used to log in to X and start up new
X Window sessions, similar to xdm. Two denial-of-service
vulnerabilities have been reported in GDM. In the first denial-of-service attack, the remote attacker sends an unusual amount of data to
GDM and fills up its receive buffer, causing the program to stop
responding. In the second denial-of-service attack, the attacker
connects to GDM, sends a command, and then does not read the
response, causing GDM's send buffer to stop responding.
It is recommended that users upgrade to repaired GDM packages or versions 2.4.4.4 or 2.4.1.7 of GDM as soon as possible.
Tomcat
The Apache Tomcat server is an application server that provides Java servlet and JavaServer Pages technologies. Apache Tomcat 4.0.x is reported to be vulnerable to a remote denial-of-service attack that is conducted by sending several malformed requests to Tomcat's HTTP connector, resulting in Tomcat rejecting HTTP requests.
Users should watch for a repaired version of Tomcat. Debian has released updated Tomcat packages for Debian GNU/Linux.
ircd
A buffer overflow in ircd can be used by an attacker to crash any
ircd server that the attacker can directly connect to using a client.
This vulnerability is reported to affect IRCnet ircd from the 2.10
series through 2.10.3p3.
Affected IRC servers should be upgraded to version 2.10.3p4 of ircd.
HPUX dtprintinfo
dtprintinfo is a graphical print queue/job viewer. The version of
dtprintinfo released with HPUX B.11.00 has a buffer overflow in the
code that handles environmental variables, which may be exploitable by a
local attacker to execute code with root permissions.
Affected users should watch HP for a security announcement containing
details on how to patch or update dtprintinfo to repair this buffer
overflow. HPUX users who are not using dtprintinfo should consider
disabling it until it has been repaired. If the printing system is
not being used on the system, disabling or removing it should be
considered.
|
Also in Security Alerts: |
Gallery
Gallery is a picture manager web application, written in PHP, designed for the creation of photo albums. Gallery is reported to be vulnerable, under some conditions, to a bug that can be exploited by a remote attacker to execute PHP code on the server running Gallery. This bug only affects Gallery on Unix servers when it is in the "configuration mode," but Windows systems are reported to still be vulnerable when in the normal "running" mode. Gallery versions 1.4, 1.4-pl1, and 1.4.1 prior to build 145 are reported to be vulnerable.
The Gallery development team recommends that users upgrade to Gallery 1.4-pl2 as soon as possible. A workaround, until Gallery has been upgraded, is to remove the file gallery/setup/index.php. It should be noted that removing this file will remove the configuration wizard functionality until the file has been restored or Gallery upgraded.
Openserver Xsco
Openserver's X Window X11 server Xsco is vulnerable to a buffer
overflow in the code that handles the command-line parameter -co. A
local attacker can, by exploiting this buffer overflow, execute
arbitrary code with root permissions.
Users should contact SCO for the location of repaired Xsco packages.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
