Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Linux AMD64 Kernel Bug

by Noel Davis
12/29/2004

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at a Linux 2.4 kernel bug on AMD64 machines, problems in Samba, changepassword.cgi, MPlayer, the MIT Kerberos 5 administration library, logcheck, Sybase Adaptive Server Enterprise, Konqueror, Debian debmake, Xpdf, and xzgv.

Linux 2.4 Kernel Bug on AMD64 Machines

A bug in the 32-bit compatibility system-call handler in the AMD64 Linux 2.4 kernel can be trivially exploited by a local attacker to gain root permissions. This bug is not reported to affect Linux 2.6 kernels, or kernels compiled for other platforms.

Affected users should watch their vendors for an upgraded Linux kernel package and should upgrade as soon as one becomes available.

Samba

Samba is an open source server software package that provides file and print services to SMB/CIFS clients. It has been reported that Samba is vulnerable to several integer-based buffer overflows that, under some conditions, could be exploited by a remote attacker to execute arbitrary code on the server with, in many cases, root permissions.

Users should watch their vendors for repaired Samba packages or should upgrade to Samba 3.0.10 or later as soon as possible.

changepassword.cgi

changepassword.cgi is a web-based Yellow Pages, Samba, and Squid password changing script written in C. It is vulnerable to a local attack that can be exploited to execute arbitrary code with root permissions. This vulnerability is caused by the insecure use of the system() function call when it is used to call the make command.

All users of changepassword.cgi should disable it until a secure version has been installed.

MPlayer

The Linux/Unix video player MPlayer supports many video formats, including MPEG, VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, and PVA. Multiple buffer overflows have been reported in MPlayer that may, under some conditions, be exploitable by a remote attacker to execute code with the victim's permissions. These vulnerabilities include buffer overflows in the Real RTSP, Real pnm, MMST streaming code, and in the BMP demuxer and mp3lib code.

It is recommended that users of MPlayer watch their vendors for an updated package and consider not playing movies from untrusted sources until it has been repaired.

MIT Kerberos 5 Administration Library

The MIT Kerberos 5 administration library libkadm5srv is vulnerable to a buffer-overflow-based attack that may be exploitable by a remote attacker to execute arbitrary code on the host running the Kerberos Key Distribution Center. Successfully exploiting this vulnerability compromises the entire Kerberos realm. An administrator must have performed one of several specific password policy changes and the attacker must be able to authenticate to Kerberos to exploit this vulnerability.

Users should apply the available patch or watch for a repaired version of Kerberos 5. A possible workaround is to increase any password history count on any policy that has been lowered below its prior maximum value.

logcheck

logcheck is a utility that scans the system logs and mails the results of the scan to the system administrator. logcheck is reported to be vulnerable to a temporary-file symbolic-link race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system with root permissions.

Affected users should disable logcheck until it has been repaired.

Sybase Adaptive Server Enterprise

The Sybase Adaptive Server Enterprise database server is reported to be vulnerable to several undisclosed vulnerabilities that were only described as "high risk."

These vulnerabilities are reported to be repaired in Sybase Adaptive Server Enterprise 12.5.3. Affected users should contact Sybase for additional information and recommendations.

Konqueror

The Konqueror web browser is reported to have a vulnerability in its Java and JavaScript code that could result in an untrusted Java applet escalating its permissions (escaping the sandbox). Under some conditions, this can result in files being read or written with the permissions of the user running the web browser.

The KDE maintainers recommend upgrading to KDE 3.3.2. Users of binary packages should watch their vendors for an upgraded or patched version of KDE that repairs this problem. Users should consider disabling Java in Konqueror until they have upgraded.

Debian debmake

The utility debmake distributed with Debian GNU/Linux contains a script named debstd that is vulnerable to a temporary-file-symbolic-link-based attack that can be exploited by a local attacker to overwrite arbitrary files with the victim's permissions.

Affected users should upgrade to Debian 3.6.10.woody.1 or 3.77.

Xpdf

Xpdf is a PDF reader for Unix systems running the X Window System. A bug in the Gfx::doImage() function can be exploited by a remote attacker who creates a carefully crafted PDF file. If this file is opened by the victim, it will cause a buffer overflow and result in arbitrary code being executed with the victim's permissions.

A patch and repaired binaries to repair this problem have been released by the maintainers. Users should upgrade or watch their vendors for a repaired version. Users should exercise care over what files they download and open on their systems.

xzgv

xzgv is an X-Window-system-based image viewing utility. A buffer overflow in xzgv may, under some conditions, be exploitable by a remote attacker who creates a carefully crafted image file that, when viewed with xzvg, will exploit the buffer overflow and execute arbitrary code. The vulnerability is reported to affect all versions through 0.8 (the latest version at the time of this writing).

The author of xzgv has released a patch as a temporary measure until there is a "more comprehensive fix."

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to LinuxDevCenter.com

Copyright © 2009 O'Reilly Media, Inc.