LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts Kernel Problems

by Noel Davis
07/28/2003

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in Linux 2.4 kernels, Apache, VMware, BRU, Oracle, fdclone, simi, wimi, phpMyAdmin, nfs-utils, mpg123, and phpGroupWare.

2.4 Kernel Problems

Problems have been reported in the Linux 2.4 kernel that include: a problem in the serial device that can be used by an attacker to gather information (such as possible password lengths or key stroke times); bugs in the execve() function call that can lead to a system crash, or to a user being able to read a restricted file; a problem that may be exploitable by an normal user to bind to UDP ports (such as the ports used by the NFS server); a vulnerability in the /proc file system that may be exploited by local users to gain access to restricted data; a security problem in the STP protocol; a potential denial-of-service attack against the STP protocol; and a vulnerability in the forwarding of packets.

Linux users should watch their vendor for upgraded kernel packages that repair these problems. Red Hat has released kernel packages for Red Hat Linux versions 7.1, 7.2, 7.3, 8.0, and 9. EnGarde Secure Linux has released upgraded packages for EnGarde Secure Community 2 and EnGarde Secure Professional v1.5.

Apache 2.0.47

The Apache web server has a security problem and is vulnerable to several denial-of-service attacks. The security problem is a result of weak encryption being selected instead of the stronger encryption, under some conditions. The denial-of-service vulnerabilities include: a bug in pre-fork MPM can cause a temporary denial-of-service condition, under some circumstances; a problem in the FTP proxy code when the remote host uses IPv6 but the proxy server can not open an IPv6 socket; and a problem with nested redirects and sub-requests that have been bypassed by creating a LimitInternalRecursion configuration directive.

These bugs and problems have been repaired in Apache 2.0.47, and users are encouraged to upgrade as soon as possible.

Related Reading

Linux Security Cookbook
By Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

VMware GSX Server and VMware Workstation

A vulnerability has been discovered, in VMware GSX Server for Linux and VMware Workstation for Linux, that can be exploited by an attacker to execute an arbitrary program with root permissions on the server. This vulnerability is reported to affect VMware GSX Server 2.5.1 for Linux (build 4968), VMware Workstation 4.0 for Linux, and all earlier releases of these two products.

VMware recommends that affected users upgrade VMware Workstation to version 4.0.1, and that VMware GSX Server be upgraded to version 2.5.1 patch 1.

BRU

BRU, the Backup and Restore Utility for Unix, is vulnerable to a buffer overflow that can be exploited by a local attacker to execute arbitrary code with root permissions, if the set user id bit has been set on BRU.

The Tolisgroup recommends that users remove the set user id bit from BRU if it has been set, and upgrade to the latest version from the Tolisgroup.

Oracle

A buffer overflow in the Extproc utility of Oracle has been reported that can be used by a remote attacker to execute arbitrary code with the permissions of the user running oracle (normally the "oracle" user). Also, a buffer overflow has been reported in the Oracle Applications Web Report Review (FNDWRR) program that comes with the Oracle E-Business Suite. The buffer overflow in FNDWRR can be used to execute arbitrary code with the permissions of the user running the web server.

Oracle has released patches to repair these buffer overflows. Affected users should contact Oracle for details and instructions.

fdclone

fdclone, a small file manager written for the Linux console, is vulnerable to a temporary-file-symbolic-link-race-condition-based attack that can be exploited by a local attacker to overwrite arbitrary files on the server with the permissions of the user running fdclone, and to view or alter files that fdclone is being used to view.

Users should watch for a repaired version of fdclone and should consider not using it until it has been updated.

simi and wimi

simi is a MIME library used by the emacs mail client wl mail. wimi is a fork of the simi library. simi and wimi have bugs, in the way they handle temporary files, that can be exploited by a local attacker to overwrite arbitrary files on the server with the permissions of the user reading mail with emacs and wl mail. The bugs are reported to affect semi version 1.14.3.

It is recommended that users watch for versions of simi and wimi that have these bugs repaired.

phpMyAdmin 2.5.2

Version 2.5.2 of the database administration tool phpMyAdmin has been released. This new version repairs problems that include a bug that can be used to display a listing of the phpMyAdmin directory, and path discloser and XSS problems. In addition the password is now encrypted using the blowfish algorithm.

Users are encouraged to upgrade to this new version.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

nfs-utils

A buffer overflow has been found in the nfs-utils package that may be exploitable by a remote attacker to execute arbitrary code with root permissions. This buffer overflow is reported to affect versions of nfs-utils earlier than 1.0.4.

It is recommended that users upgrade to nfs-utils 1.0.4 or newer or watch their vendors for an upgraded or repaired package.

mpg123

The audio playback tool is vulnerable to an attack that uses a carefully crafted .mp3 file that has a zero bit rate.

Users should watch for a repaired version.

phpGroupWare

A flaw in phpGroupWare can be exploited to execute arbitrary PHP code (which can be located on a remote server) on the server, with the permissions of the user running the web server.

All users of phpGroupware should upgrade to version 0.9.14.006 as soon as possible.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to the Linux DevCenter.




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: