Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in
sudo, Ethereal, Apache
uim, Curl, and
sudo, a powerful tool that permits a user to execute commands as the superuser
or as another user, does not properly reset the
variables. This flaw can be exploited by a local attacker under some conditions
to gain unauthorized permissions. This flaw is reported to affect
1.3.1 through 1.6.8.
It is recommended that users upgrade to version 1.6.8p11 of
sudo as soon as
It is incredibly difficult to create a utility that allows a user to perform
a limited number of commands with root permissions without causing security
problems. All users should decide if they need to continue to use
carefully considering its risks and benefits. If
sudo is used, a careful watch
for vulnerabilities should be kept.
The open source network sniffer Ethereal is vulnerable to multiple buffer overflows that may be exploitable by a remote attacker by sending carefully crafted packets, which are then processed by Ethereal either by reading the packet directly from the network or from a packet trace file. These buffer overflows were found in the SLIMP3, AgentX, and SRVLOC protocol dissectors.
Ethereal is also vulnerable to multiple denial-of-service vulnerabilities due to problems in the ISAKMP, FC-FCS, RSVP, ISIS LSP, BER, IrDA, SCSI, sFlow, RTnet, SigComp UDVM, X11, SMB, ONC RPC, and WSP dissectors.
All users are encouraged to upgrade to version 0.10.13 as soon as possible.
mod_auth_shadow module for the Apache web server will cause Apache to
use shadow authenticating in every directory that uses the "require group" directive.
Under some circumstances, this could be abused by a remote attacker to bypass
security restrictions placed on the directory. This problem only affects systems
with "AuthShadow on" configured in Apache.
Affected users should upgrade to version 1.5 or 2.1 of
soon as possible. Patched versions have been released for Mandriva Linux versions
10.1, 10.2, and 2006.0 and Debian GNU/Linux 3.0 (woody) and 3.1 (sarge).
fetchmailconf configuration utility, written using Python and Tkinter, is
vulnerable to a race condition that could potentially expose a user's password
to other users on the system.
The race condition can be repaired by upgrading to version 1.43.2 of
or by upgrading
fetchmail to version 6.2.9-rc.
lynx, a text-mode web browser, is reported to contain a buffer overflow in
HTrjis(). The function can overflow if Asian characters are received
during a connection to an NNTP server. The buffer overflow was reported to
lynx versions 2.8.2 through 2.8.5.
Affected users should watch their vendors for a repaired version of
has released repaired packages.
The bug tracking system Mantis contains multiple vulnerabilities that may be exploitable by a remote attacker executing arbitrary code with the permissions of the user account running the web server or running arbitrary SQL commands. There is also a cross-site scripting vulnerability in Mantis.
All users should upgrade to version 1.0.0rc2 or newer as soon as possible and should consider disabling Mantis if it cannot be immediately upgraded.
pnmtopng utility distributed with Netpbm is vulnerable to a buffer
overflow when using the
-trans command-line option. It may be
exploitable by a remote attacker if they can trick the victim into opening
a carefully constructed PNM file. Netpbm is a set of graphics conversion tools.
Debian and Mandriva have released patched versions of Netpbm. Users of other distributions should watch their vendors for a repaired version.
gnump3d is a streaming audio server that supports OGG and MP3 files. A bug
gnump3d may be exploitable by a remote attacker to read arbitrary files
on the server. In addition, under some conditions, there may be a cross-site
scripting type vulnerability in
All users of
gnump3d should upgrade to version 2.9.7 or newer.
The open source web proxy cache server Squid is vulnerable to a denial-of-service attack that uses a flaw in the code in the
Patches have been released to repair this vulnerability.
Also in Security Alerts:
unzip utility will extract set user id and set group id files from a .zip
archive without removing the bits or warning the user. Under some circumstances,
this could be exploited by a local attacker to gain the victim's permissions.
It is recommended that
unzip be upgraded to version 5.52 or newer.
uim, a multilingual input method library, is vulnerable to an attack that
uses environmental variables and may result if a set user id or set group id
application is linked to
uim in a local attack executing arbitrary code with
the victim's permissions. Immodule-enabled Qt is reported to be vulnerable.
Users should watch their vendors for a set of repaired packages.
The command line tool Curl is used to transfer files using multiple internet protocols, including HTTP, FTP, HTTPS, FTPS, GOPHER, DICT, and LDAP. It also supports many methods of authenticating to remote servers, including Windows-based servers. When Curl is used with NT LAN Manager (NTLM) authentication to authenticate, it is vulnerable to a buffer overflow located in the code that handles the Windows user name.
All users of Curl or
libcurl should upgrade to version 7.15.0 or newer as
soon as possible.
imlib, an image loading and rendering library for X11, is reported to have
a buffer overflow that may be exploited to execute code on the victim's machine.
All users should watch their vendors for an updated
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.