Welcome to Security Alerts, an overview of recent Unix and open source
security advisories. In this column, we look at problems in
Concurrent Versions System (CVS), DHCP,
slocate, Vim, Linux printer
mpg123, Astaro Security Linux firewall, and phpLinks.
Concurrent Versions System, or CVS, is a very popular source code version control system that is released as open source. CVS is vulnerable to a double-free-based attack that can be exploited to execute arbitrary code on the server with the permissions of the user running CVS (some installations may run the CVS server as root). In addition, this vulnerability can be used by an anonymous read-only CVS user to commit changes to the CVS tree.
Users should upgrade to CVS version 1.5 as soon as possible, and
should consider disabling CVS until it has been upgraded. It is also
recommended that CVS be set up to run chrooted and that users connect
using SSH and not the
The Vim editor has a vulnerability that can be used to execute
arbitrary commands via
libcall feature. Versions 6.0 and
6.1 of Vim are reported to be affected. An attacker can create a file
that contains lines that will be executed when the file is edited with
Vim. Users who read email messages or log files using Vim should
exercise special care.
It is recommended that users upgrade to a repaired version as soon as
possible. Adding the line "
set modelines=0" to .vimrc will disable
the processing of the modlines. Users should consider leaving
modlines disabled after upgrading Vim.
Problems have been reported in the Internet Software Consortium's DHCP server.
dhcp's code that handles dynamic DNS requests contains buffer
overflows that can be exploited to gain access to the server when
dynamic DNS is enabled.
dhcp3 server is vulnerable to buffer overflows in error functions
minires library that can be exploited by a remote attacker to
execute code with the permission of the user running
It is recommended that users watch their vendor for updated packages.
The problem with dynamic DNS can be worked around by disabling dynamic
DNS and restarting the
slocate, an application used to index and find files, has a buffer
overflow that can be exploited by local attackers to execute arbitrary
code with increased privileges when
slocate has been installed with
user id or
set group id bits set. A script to automate the
sclocate is reported to have been written, and may have
Users should upgrade to version 2.7 or newer of
slocate as soon as
possible. If it is not possible to upgrade or if
slocate is not being
used on the system, users should consider removing or disabling it.
Vulnerabilities have been reported in the Linux printer drivers
mtink is vulnerable due to a buffer overflow in
the code that handles the
HOME environmental variable.
escputil has a
buffer overflow in the code that processes the
line argument (this vulnerability is only exploitable when the driver
set user id or
set group id).
ml85p is vulnerable to
a temporary file, symbolic-link race condition but is only executable
by root or the
m185p's vulnerability may be exploited to gain root permissions when an attacker has gained
sys permissions by
exploiting another vulnerability.
Users should watch their vendor for an update package that repairs these vulnerabilities.
susehelp CGI scripts are vulnerable to attacks that can be used
to execute arbitrary code with the permissions of the
Systems that are not running a web server or have
so that it does not allow access by remote systems are not vulnerable.
SuSE recommends that users upgrade the
susehelp packages. Users who
do not use
susehelp should consider removing or disabling the package.
fnord, a small web server, has a buffer overflow that is reported to
not be exploitable.
The buffer overflow is repaired in version 1.7 of
fnord and it is
recommended that users upgrade.
mpg123 is a command-line-based MPG music player. It is reported to be
vulnerable to a buffer overflow that can be exploited, under some
conditions, to execute arbitrary code. This vulnerability is reported
to only affect versions after 0.59r and any CVS versions downloaded
after Oct. 25th, 2000.
Affected users should downgrade to version 0.59r until the current
mpg123 has been patched to repair this problem.
The Astaro Security Linux firewall's web proxy has a vulnerability that can be used to connect to hosts using the firewall as a relay. Examples of how this can be abused include: sending spam, connecting to unauthorized hosts protected by the firewall, and scanning a network.
Users should install patch 3.215 and then manually restrict the ports that the proxy server is allowed to connect to or deny ports to which the server should not connect.
phpLinks, an open source Web-based link management system, has a
problem with the
include/add.php script that can be used by a remote
attacker to inject code that when viewed by the administrator will
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.