Welcome to Security Alerts, an overview of recent Unix and open source
security advisories. In this column, we look at problems in Apache,
PHP, CUPS, ghostscript,
glibc, Apache Portable Runtime,
mod_gzip, Batalla Naval, and Xmame.
The Apache web server is vulnerable to multiple denial-of-service
attacks. These denial-of-service attacks include an attack launched
mod_dav (versions 2.0.37 through 2.0.45) and an attack that used
flaws in the code of the
apr_password_validate() function (versions
2.0.40 through 2.0.45).
The Apache Software Foundation has released Apache 2.0.46. This version fixes the denial-of-service attacks and many other bugs. Affected users are encouraged to upgrade.
A new version of PHP has been released that repairs several buffer overflows, fixes problems in the 64-bit code, repairs some problems with Berkeley db libraries, adds a disable_classes option to the php.ini file, and repairs many other bugs. It is highly recommended that users upgrade as soon as possible.
CUPS (Common Unix Printing System) is vulnerable to a remote denial-of-service attack that will stop it from servicing print jobs.
Users should upgrade to CUPS 1.1.19 as soon as possible or watch their vendor for an updated package.
Users of systems that have the printing sub-system installed but not used should consider disabling or removing the printing system.
ghostscript is an interpreter for the PostScript language and is often used in the printing sub-system to print PostScript files on
non-PostScript capable printers. ghostscript contains a bug that can
be exploited using a carefully crafted file and result in the
execution of arbitrary commands. This bug affects ghostscript when
-dSAFER command line argument but does not affect
ghostscript when the Red Hat
-dPARANOIDSAFER argument is used.
It is recommended that users upgrade to version 7.07 of ghostscript, apply a patch to their version, or watch their vendor for updated packages. Packages have been announced for Red Hat Linux that contain a version of ghostscript with a back-ported patch.
A buffer overflow has been discovered in the
xdrmem_getbytes() function call in the
glibc library. It has been reported that this
buffer overflow can be exploited by a remote attacker if the system is running any RPC based services and a local attacker if they can
execute an RPC client.
Users should watch their vendor for an updated
glibc package that
repairs this buffer overflow. If RPC services are not needed they
should be disabled.
The Apache Portable Runtime is a free c library that provides a system portability layer to as many operating systems as it can. The
apr_psprintf() function in the library contains a bug that may under
some condition be exploitable to execute arbitrary code. Several
projects other than the Apache web server are known to be using the
library including: some Covalent commercial products, Flood load test
tool, JXTA-C, Tomcat's
mod_webapp, Subversion, and OPENdj.
A patch has been released that repairs this bug. It is recommended that users apply this patch or obtain a repaired version of the library (such as the one distributed with Apache HTTP Server 2.0.46).
gps, a graphical tool used to watch system processes similar to the ps
command, has several bugs, including: a problem with
rgpsp that can be
exploited under some conditions to allow any host to connect
regardless of what is configured in /etc/rgpsp.conf; several possible
buffer overflows that may under some conditions be exploitable to
execute arbitrary code; and a problem with parsing command lines in
Version 1.1.0 of
gps has been released and fixes these problems.
Users should upgrade as soon as possible and should consider disabling
gps until if it can not be upgraded immediately.
mod_gzip, a web page acceleration module for the Apache web server
that compresses web pages before sending them to the user, has several
serious bugs that are reported to be expressed only when
been compiled in debug mode. These vulnerabilities are a buffer
overflow in the code that handles logging the file name, a format
string vulnerability in the logging code, and a temporary file symbolic
link race condition.
mod_gzip compiled in the debug mode should recompile it
selecting its normal mode. Affected users should watch for a version
with a repaired debug mode. The repaired version of
reported to be delayed until the next normal release of
Also in Security Alerts:
Batalla Naval is a networked, multi player battleship game with robots. The server component gbnserver is reported to be vulnerable to a buffer overflow that a remote attacker can exploit to execute arbitrary code with the permissions of the user account running the server. The buffer overflow is reported to affect the Gnome version of the server, it is not known if the earlier version of the software is vulnerable. A script to automate the exploitation of this vulnerability has been released to the public.
It is recommended that users watch for a repaired version of Batalla Naval and either not run the server until it has been repaired or protect it using a firewall and only allow trusted hosts to connect.
Xmame is an X11 port of MAME (the Multiple Arcade Machine Emulator). A buffer overflow has been reported that may be exploitable by a local attacker to execute arbitrary code with the permissions of the user account running Xmame. A program has been released that is reported to automate the exploitation of Xmame.
Users should watch for an update to Xmame that repairs this overflow and should consider removing any set user or group bits from the game.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.