Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Apache Insecurity Reveals Directory Contents

03/20/2001

Welcome to Security Alerts, an overview of recent Unix and open-source security advisories. In this column, we look at buffer overflows in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, and imapd; format string vulnerabilities in icecast, mutt, Half-Life Dedicated Server, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin, FTPFS, and Ikonboard.

Apache

In some circumstances, the Apache web server may display a directory listing when it should display an error message. It has been reported that all versions of Apache prior to 1.3.19 are affected.

The Apache Software Foundation and the Apache Server Project have released version 1.3.19 of the Apache web server. It is strongly recommended that all users of older versions upgrade to 1.3.19. No further releases are planned for the Apache 1.2.x series.

Glob vulnerabilities

Alerts this week:

Apache

Glob Vulnerabilities

icecast

mutt

Half-Life Dedicated Server

Solaris SNMP

SGML Tools

vBulletin

Mesa

ipop2d, ipop3d, and imap

FreeBSD cfengine

FTPFS

Ikonboard


Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

An attacker can use the globbing (wildcard) functionality available in some FTP daemons for a remote denial-of-service attack. This attack has been tested against ProFTP and PureFTPD. It has also been reported that some shells have this bug and can be exploited by a local user.

It is recommended that users watch their vendors for updates.

icecast

Icecast is a streaming-audio broadcasting system that uses MPEG audio-compression technology. It has several remotely exploitable buffer overflows and format string vulnerabilities that can be used to execute arbitrary code on the server with the permissions of the user executing icecast.

Users of icecast should upgrade to version 1.3.10 or newer as soon as possible.

mutt

The mail client "mutt," has a format string vulnerability that can be used by a compromised or malicious IMAP server to execute arbitrary code with the permissions of the user running mutt. This vulnerability affects versions prior to 1.2.5.

Users of mutt should upgrade to version 1.2.5 or newer.

Half-Life Dedicated Server

The dedicated server for the Half-Life multi-user game has a buffer overflow and a format string vulnerability that can be exploited to execute arbitrary commands with the permissions of the user executing the server. This problem affects both the Linux and the Windows versions of the server. The buffer overflow can only be exploited by users who have access levels that permit the use of the exec or map commands. There is also a buffer overflow in the code that parses the configuration files during startup.

Users of the Half-Life Dedicated Server should only give trusted users access levels that permit executing the map and exec commands, and should watch the Sierra web site for updates. In addition, due to the buffer overflow in the configuration-file parsing code, they should only load modifications from trusted sources.

Solaris SNMP

There is a buffer overflow in the version of the Solaris SNMP (Simple Network Management Protocol) agent installed on the System Server Processor of a Sun E10K as part of the SUNWsspop package. It is possible but unlikely that this buffer overflow can be exploited to gain root privileges.

Sun recommends that an E10K's SSPs be installed on a dedicated network and that only essential accounts are allowed on the SSP machines. The buffer overflow should be fixed in future releases of the SUNWsspop package.

SGML-Tools

SGML-Tools, a Standard Generalized Markup Language tools package included in many Linux distributions, does not securely create temporary files. This could allow other users of the system to read files being converted.

A version has been released that creates the temporary files securely.

vBulletin

vBulletin is a web-based forum system written in PHP. An attacker can use a carefully crafted URL to execute arbitrary PHP code as the user running the web server. This vulnerability affects versions prior to 1.1.5 and 2.0 beta 2.

It is recommended that users upgrade to version 1.1.6 or 2.0 beta3.

Mesa

The 3D graphics library Mesa creates temporary files insecurely. This can be used by an attacker in a symbolic-link attack to overwrite arbitrary files on the system. This problem only affects the Utah-glx component of the Mesa package.

Users of the Mesa package should upgrade to a patched version as soon as possible.

ipop2d, ipop3d, and imap

Caldera Systems has announced that there are buffer overflows in OpenLinux 2.3's ipop2d, ipop3d, and imapd daemons. Due to a misconfiguration, these buffer overflows can allow a remote user to execute arbitrary commands as the user "nobody". This problem affects OpenLinux 2.3, OpenLinux eServer 2.3.1, and OpenLinux eDesktop 2.4.

Caldera Systems recommends that users upgrade to the latest packages for their system.

FreeBSD cfengine

A system for configuring and maintaining large networks, cfengine, has several format string vulnerabilities that can be exploited to execute arbitrary commands on the server with the permissions of the user running cfengine (usually root).

Users of cfengine should upgrade to version 1.6.3 or newer. If this is not possible, users should set up access controls to control connections to the cfengine server using the cfengine configuration file or packet filtering with ipfw.

FTPFS

FTPFS is a Linux kernel module that allows the mounting of FTP file servers as read-only file systems. FTPFS does not properly check the bounds of parameters passed to it during the mounting of the FTP server. Under some circumstances this vulnerability could be used by a local user to crash the server.

Users should upgrade to the latest release of the FTPFS module.

Ikonboard

Ikonboard is a web-based forum system written in Perl. A bug in the help.cgi program can be used to read files on the system that are readable by the user executing the web server (usually user "nobody").

The authors of Ikonboard recommend that users upgrade to version 2.1.8.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.