Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts OpenOffice Irritation

by Noel Davis
10/20/2003

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in OpenOffice, slocate, fetchmail, GDM, Tomcat, ircd, HPUX's dtprintinfo, and Openserver's Xsco.

OpenOffice

A denial-of-service attack against the OpenOffice office suite (when it is running with remote access enabled) has been reported. In the report, the attacker connects to a port that OpenOffice opens when it is started with the command line soffice "-accept=socket, host=<ip>, port=8100;" and sends to the port a series of characters. Reportedly, after receiving the series of characters, OpenOffice then crashes and opens its error report dialog window.

Users of OpenOffice who configure it for remote access should watch for an updated version of OpenOffice that provides protection from this type of attack, and should consider protecting the port opened by OpenOffice from attack using a tool such as a firewall.

slocate

slocate (Secure Locate) is a more secure version of the utility locate. Like locate, it allows a user to quickly search for files on a system, but it also stores ownership and file permissions, so users will not find files that they should have been unable to see. slocate is reported to be vulnerable to a buffer overflow that may be exploitable by a local attacker to execute arbitrary code. If slocate is installed with a set user or group id bit, this vulnerability could be exploited to gain additional permissions. A utility program to automate the exploitation of the vulnerability in slocate has been released to the public.

Users should upgrade to version 2.7 or newer of slocate as soon as possible. If it is not possible to upgrade, or if slocate is not being used on the system, users should consider removing or disabling it.

Related Reading

Linux Security Cookbook
By Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

fetchmail

fetchmail is a tool used to retrieve email from a POP-, IMAP-, ETRN-, or ODMR- capable mail server. A denial-of-service attack against fetchmail has been released that involves the attacker using a carefully constructed email message to crash fetchmail when email is retrieved. The denial-of-service attack is reported to work against fetchmail version 6.2.4. It is not known if any other versions are affected.

Users of fetchmail should watch for a version that repairs this bug. A patched version of fetchmail has been released for Mandrake Linux 9.2.

GDM

GDM, the Gnome Display Manager, is used to log in to X and start up new X Window sessions, similar to xdm. Two denial-of-service vulnerabilities have been reported in GDM. In the first denial-of-service attack, the remote attacker sends an unusual amount of data to GDM and fills up its receive buffer, causing the program to stop responding. In the second denial-of-service attack, the attacker connects to GDM, sends a command, and then does not read the response, causing GDM's send buffer to stop responding.

It is recommended that users upgrade to repaired GDM packages or versions 2.4.4.4 or 2.4.1.7 of GDM as soon as possible.

Tomcat

The Apache Tomcat server is an application server that provides Java servlet and JavaServer Pages technologies. Apache Tomcat 4.0.x is reported to be vulnerable to a remote denial-of-service attack that is conducted by sending several malformed requests to Tomcat's HTTP connector, resulting in Tomcat rejecting HTTP requests.

Users should watch for a repaired version of Tomcat. Debian has released updated Tomcat packages for Debian GNU/Linux.

ircd

A buffer overflow in ircd can be used by an attacker to crash any ircd server that the attacker can directly connect to using a client. This vulnerability is reported to affect IRCnet ircd from the 2.10 series through 2.10.3p3.

Affected IRC servers should be upgraded to version 2.10.3p4 of ircd.

HPUX dtprintinfo

dtprintinfo is a graphical print queue/job viewer. The version of dtprintinfo released with HPUX B.11.00 has a buffer overflow in the code that handles environmental variables, which may be exploitable by a local attacker to execute code with root permissions.

Affected users should watch HP for a security announcement containing details on how to patch or update dtprintinfo to repair this buffer overflow. HPUX users who are not using dtprintinfo should consider disabling it until it has been repaired. If the printing system is not being used on the system, disabling or removing it should be considered.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

Gallery

Gallery is a picture manager web application, written in PHP, designed for the creation of photo albums. Gallery is reported to be vulnerable, under some conditions, to a bug that can be exploited by a remote attacker to execute PHP code on the server running Gallery. This bug only affects Gallery on Unix servers when it is in the "configuration mode," but Windows systems are reported to still be vulnerable when in the normal "running" mode. Gallery versions 1.4, 1.4-pl1, and 1.4.1 prior to build 145 are reported to be vulnerable.

The Gallery development team recommends that users upgrade to Gallery 1.4-pl2 as soon as possible. A workaround, until Gallery has been upgraded, is to remove the file gallery/setup/index.php. It should be noted that removing this file will remove the configuration wizard functionality until the file has been restored or Gallery upgraded.

Openserver Xsco

Openserver's X Window X11 server Xsco is vulnerable to a buffer overflow in the code that handles the command-line parameter -co. A local attacker can, by exploiting this buffer overflow, execute arbitrary code with root permissions.

Users should contact SCO for the location of repaired Xsco packages.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.