Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Apache Trouble

by Noel Davis
08/11/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in Apache, bzip2, Cisco devices, fetchmail, Netpbm, Ethereal, Proftpd, pstotext, apt-cacher, Compress::Zlib, Gopher, nbSMTP, and PowerDNS.

Apache

The Apache web server is vulnerable to an attack when it is configured as an HTTP proxy. This attack uses Transfer-Encoding: chunked and Content-Length header headers and can result in traffic bypassing a firewall, cross-site scripting attacks, and web cache "poisoning" attacks. Both versions 2.0.45 and 1.3.29 have been reported to be vulnerable to this attack.

Affected users should watch their vendors for a repaired version of Apache.

bzip2

bzip2 is a file compression utility. The utility bzgrep, included with bzip2 does not properly handle shell meta-characters in input file names.

It is recommended that users exercise great care in using bzgrep until the bzip2 package has been repaired.

Cisco DoS

Cisco has announced that any Cisco devices that are running Cisco IOS or Cisco IOS XR and have at least one interface configured for IPv6 are vulnerable to a denial-of-service (DoS) attack that may also lead to arbitrary code being executed on the machine.

Affected users should contact Cisco for updated software. A possible workaround, if IPV6 is not needed, is to disable IPV6 on all interfaces.

fetchmail

fetchmail, a tool used to retrieve email from POP, IMAP, ETRN, and ODMR mail servers, is reported to be vulnerable to a denial-of-service attack that may, under some conditions, also cause arbitrary code to be executed with the permissions of the user account running fetchmail.
The attack is conducted by using a carefully constructed email message to crash fetchmail when the email is retrieved.

Version 6.2.5.2 is available to repair this vulnerability. Fetchmail's home page seems to now be fetchmail.berlios.de. It also seems to be no longer being maintained by Eric Raymond. Instead, the new maintainers are Matthias Andree and Rob Funk.

Netpbm

Netpbm is a collection of graphics utilities and libraries. The pstopnm utility included with Netpbm converts files in PostScript format to PNM images. A problem in pstopnm may be exploited by a remote attacker who creates a carefully crafted PostScript file that, when converted with pstopnm by the victim, could result in arbitrary code being executed.

It has been reported that this problem is repaired in Netpbm version 10.28.

Ethereal

Ethereal, an open source network sniffer, contains several format-string-based vulnerabilities in various dissectors. These vulnerabilities can be exploited by a remote attacker by sending carefully crafted packets that are dissected by Ethereal directly from the network or from a file containing recorded network traffic.

All users should upgrade to Ethereal 0.10.12 as soon as possible.

Proftpd

The FTP daemon Proftpd is reported to be vulnerable to several format-string-based bugs that may be exploitable by a remote user to cause a denial-of-service attack or execute arbitrary code with root permissions.

All affected users should watch their vendors for a repaired version of Proftpd. A possible workaround is to avoid using %C, %R, or %U in the shutdown message and not setting SQLShowInfo.

pstotext

pstotext is a utility that converts PostScript and PDF files into text. A remote attacker can create a PostScript file that, when converted with pstotext, will execute arbitrary commands with the victim's permissions.

Users should watch for their vendors to release a repaired version of pstotext and should not use it to convert files from untrusted sources until it has been repaired.

apt-cacher

apt-cacher provides caching of Debian packages. An unspecified bug may be exploitable by a remote attacker and allow the execution of arbitrary commands with the permissions of the www-data user account. The woody distribution of Debian does not include this package.

Users of the sarge or sid distributions of Debian should upgrade apt-cacher as soon as possible.

Compress::Zlib

Compress::Zlib is a Perl module that contains a local copy of the zlib compression library that is vulnerable to a buffer overflow that an attacker can exploit to execute arbitrary code with the victim's permissions.

It is recommended that Compress::Zlib not be used until it has been upgraded to a version that has a repaired copy of the zlib compression library.

Debian Gopher

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

Gopher is a client for the Gopher Distributed Hypertext protocol. The version distributed with Debian Linux is reported to be vulnerable to a temporary-file, symbolic-link race condition that could result in local files being overwritten with the victim's permissions. It is not known if other versions are vulnerable.

If you are still using Gopher, and are using it on a multiuser machine, then you should upgrade as soon as possible.

nbSMTP

nbSMTP is a small SMTP (email) client designed to be run inside of chroot jails and other small environments, such as embedded systems, laptops, or workstations. nbSMTP is vulnerable to a format-string-based vulnerability that may be exploitable by a remote attacker to execute arbitrary code with the permissions of the user account running nbSMTP.

All users of nbSMTP are encouraged to upgrade to version 1.0 as soon as possible.

PowerDNS

PowerDNS, or pdns, is a name server that can use DNS configuration information from Bind zone files, relational databases, and LDAP directories. pdns has been reported to be vulnerable to several denial-of-service attacks.

It is recommended that users upgrade to version 2.9.18 of PowerDNS or watch their vendors for an updated version.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Computer Privacy Annoyances

Related Reading

Computer Privacy Annoyances
By Dan Tynan

Read more Security Alerts columns.

Return to LinuxDevCenter.com

Copyright © 2009 O'Reilly Media, Inc.