Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts Squid Trouble

by Noel Davis
07/15/2002

Welcome to Security Alerts, an overview of recent Unix and open source security advisories.

In this column, we look at buffer overflows in Squid, mod-ssl, the Solaris Volume Manager, ATPhttpd, iPlanet, and kcms_configure; and problems in the CDE ToolTalk Database Server, the Linux kernel, nn, Icecast, NcFTP, and Sharp's Zaurus handheld computer.

CDE ToolTalk Database Server

The ToolTalk Database Server component of the Common Desktop Environment (CDE) has a flaw that may be exploitable by a remote attacker to create or delete files and execute arbitrary commands or code.

The Tooltalk server is also vulnerable to a symbolic-link race condition attack that can be exploited by a local attacker to create or write to arbitrary files as the root user. It is possible that this vulnerability can be used to obtain increased privileges.

Users should watch their vendor for an update that repairs these flaws, and should consider disabling the CDE ToolTalk Database Server, or blocking connections to the service using a firewall and limiting access to the server.

Squid

It has been reported that, under some circumstances, the Squid proxy server can forward the proxy authentication credentials improperly. This is reported to occur when the proxy server is configured to require a login to connect to some sites but not others. This is reported to affect versions 2.4.STABLE6 and earlier of Squid.

In addition, several buffer overflows and other problems have been reported in Squid including: buffer overflows in the MSNT auth helper, several buffer overflows in the gopher client, a problem in the FTP data channel, and possible buffer overflows when parsing FTP directories.

A patch has been released that restricts the forwarding to sites that are configured as cache_peers. A suggested workaround is that if authentication is required on any sites, it be required for all sites.

Related Reading

The Networking CD Bookshelf
By O'Reilly Media, Inc.

Users should watch their vendor for an updated version of Squid.

mod-ssl

The Apache module mod-ssl has a problem in its handling of .htaccess files that may result in a buffer overflow that can be exploited by an attacker to execute arbitrary code with the permission of the user running the Web server.

Users should upgrade to a repaired version of mod-ssl as soon as possible. A possible workaround is to set AllowOverride to None. This workaround will affect all .htaccess file directives and may have unforeseen effects.

Sun Solaris Volume Manager

The Solaris Volume Manager vold is vulnerable to a buffer overflow that can be exploited, under some conditions, by a local attacker to execute arbitrary code as the user running vold (normally, root).

Users should apply the patch available from Sun as soon as possible.

Linux Kernel

The Linux kernel is vulnerable to a denial-of-service attack based on opening all of the available file descriptors, including the reserved file descriptors. This problem is reported to affect Linux 2.4.x kernels.

This problem can be mitigated by enforcing user resource allocation limits and by increasing the number of reserve descriptors by changing the value of NR_RESERVED_FILES in fs.h.

nn

The Usenet news reader nn is vulnerable to a format-string-based attack by malicious news servers that can be used to execute code on the client's machine.

It is recommended that users upgrade to version 6.6.4 of nn as soon as possible.

Icecast

The Icecast streaming audio server has a directory-traversal vulnerability that can be used to gather information about the file systems outside the Web root.

It is recommended that users watch for a repair for this vulnerability.

NcFTP

NcFTP, an FTP client, will honor PORT commands when being used through a proxy server. Under some conditions, this can be exploited by an attacker that controls the proxy server to hijack the FTP session.

Affected users should upgrade NcFTP to the latest available version as soon as possible.

ATPhttpd

ATPhttpd is a small caching Web server designed for serving a large amount of static content very quickly. ATPhttpd is vulnerable to several buffer overflows that can be used by a remote attacker to execute arbitrary code with the permissions of the user running ATPhttpd.

Users should watch their vendor for an update to ATPhttpd.

Sharp Zaurus

It is reported that the Linux-based Sharp Zaurus handheld computer has a vulnerability that can be exploited to gain complete control over the Zaurus file system. The Zaurus uses FTP to sync with a PC, and this FTP interface is bound to every network interface configured on the device. The FTP interface runs with root permissions and does not authenticate connections. This leaves any device that uses ethernet or PPP for a network connection vulnerable to attack.

Affected users should protect their device by connecting behind a firewall. Users should also watch for an update that corrects this problem.

iPlanet

The iPlanet Web server is vulnerable to a buffer overflow in the search component that can be exploited remotely to execute arbitrary code with the permissions of the user running the Web server. The default installation of iPlanet does not enable the search component.

It is recommended that users contact Sun for a patch for this problem.

Solaris kcms_configure

An exploit program has been released that automates the exploitation of a buffer overflow in the Solaris application kcms_configure for both SPARC and X86 architectures. kcms_configure is part of the Kodak Color Management System and is installed set user id root. This is an old vulnerability, fixed in Sunsolve patch 111400-01.

Users should check their system and verify that Sunsolve patch 111400-01 has been applied. Users should also consider removing the set user id bit from kcms_configure if it is not needed.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.