oreilly.comSafari Books Online.Conferences.


FTP Buffer Overflows
Pages: 1, 2

Solaris Xsun

The Solaris Xsun application has a buffer overflow that can be exploited by a local user to execute arbitrary code with elevated permissions. The SPARC version of Solaris has Xsun installed "set user group root," while the X86 versions of Solaris have Xsun installed "set user ID root."

If Xsun is executed via dtlogin or xdm, users can remove the set user ID and set group ID bits without losing any functionality. Users should watch the Sun web site for a patch.

Alcatel ADSL-Ethernet Bridges

A set of problems in the Alcatel ADSL-Ethernet bridge can allow a remote attacker to modify the bridge's configuration, upload new firmware, and stop it from communicating with the ADSL provider. The following problems have been reported. By default, these devices ship with no password set; if the password was set by the user, it can be retrieved by an attacker using TFTP. There is also a cryptographic back door that can be used to bypass the password and other security features.

Users should check the Alcatel web site for updated firmware.

Alerts this week:

FTP Globbing



Midnight Commander

Oracle Application Server

Solaris ipcs


Solaris Xsun

Alcatel ADSL-Ethernet Bridges



SCO OpenServer

Trend Micro Interscan VirusWall


HylaFAX is an application used to send and receive facsimiles, and send alphanumeric pages. It has been reported that there is a format string bug in HylaFAX that may be exploited to gain root privileges.

Anyone using HylaFAX should watch for confirmation and a fix for this problem.


Cfingerd, a configurable replacement for the finger daemon, has a format string vulnerability that can be used by a remote attacker to obtain root privileges. This vulnerability affects version 1.4.3 and earlier.

Users of cfingerd should disable the daemon until a fix has been made to the software.

SCO OpenServer

Buffer overflows have been found in SCO OpenServer 5.0.00 through 5.0.6. Applications found to have buffer overflows include:

  • /usr/bin/accept
  • /usr/bin/cancel
  • /usr/mmdf/bin/deliver
  • /usr/bin/disable
  • /usr/bin/enable
  • /usr/lib/libcurses.a
  • /usr/bin/lp
  • /usr/lib/lpadmin
  • /usr/lib/lpfilter
  • /usr/lib/lpforms
  • /usr/lib/lpmove
  • /usr/lib/lpshut
  • /usr/bin/lpstat
  • /usr/lib/lpusers
  • /usr/bin/recon
  • /usr/bin/reject
  • /usr/bin/rmail
  • /usr/lib/sendmail
  • /usr/bin/tput

All administrators of affected SCO OpenServer systems should install the SSE072B patch dated April 11, 2001.

Trend Micro Interscan VirusWall

Trend Micro Interscan VirusWall, a real-time virus detection and clean-up tool that runs on Linux and other Unix systems, has several bugs that could allow a remote attacker to obtain root privileges.

Users should upgrade to Interscan VirusWall version 3.6 as soon as possible.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Read more Security Alerts columns.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: