Trouble in iptablesby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in Linux
iptables, OpenSSL, PuTTY,
rssh, Quake II Server,
libmagick6, HP Serviceguard, Xpdf, FreeRadius, WVTFTPD,
- OpenSSL 0.9.7e
- Quake II Server
- HP Serviceguard
- GNU tftp
Linux is vulnerable to an integer underflow in the
iptables code that handles
firewall rules, which can be exploited by a remote attacker to crash the server.
To exploit this vulnerability, the attacker would construct a packet that, when
processed by the firewall, would crash the server. Machines without the firewall
enabled are not vulnerable to this attack.
All affected users should upgrade to a repaired version of the Linux kernel or should watch their vendors for a patched version of the kernel for their distribution.
The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking code and bug fixes in code dealing with S/MIME.
The OpenSSL project team strongly recommends all users of OpenSSL upgrade to version 0.9.7e or newer as soon as possible.
PuTTY is a free version of
telnet, SSH, and a Xterm emulator for Windows
and Unix machines. A buffer overflow in the code that handles
packets during a SSH2 connection can be exploited by a remote attacker to execute
arbitrary code on the server with the permissions of the user account running PuTTY.
All users of PuTTY should upgrade to version 0.56 or newer as soon as possible.
rssh, a restricted shell designed to be used with OpenSSH that places a user
chroot jail and only allows the use of
sftp, contains a format-string vulnerability that may be exploitable by a remote attacker to execute
arbitrary commands. In most cases, if this vulnerability is exploited, the attacker
will only gain the ability to issue arbitrary commands with his user account's
permissions. But under some conditions, it may be possible that the attacker
can execute arbitrary commands with root permissions.
All users of
rssh should upgrade to version 2.2.2 or newer as soon as possible.
Quake II Server
The Quake II gaming server is reported to have several vulnerabilities, including remote and local buffer overflows, denial-of-service vulnerabilities, and remote information leaks. It is unclear if the reported buffer overflows can be successfully exploited to execute code on the server.
Users running a Quake II server should consider upgrading to version R1Q2 or some other repaired version.
libmagick6 library contains a buffer overflow in the function that parses
EXIF information. When an application linked against the
attempts to read EXIF information from an image file, a buffer overflow may
occur and lead to the execution of code with the permissions of the user running
Affected users should watch their vendors for a repaired version of the
library or should upgrade to version 6.1.0. A repaired version has been released
for Ubuntu 4.10 Linux.
"HP Serviceguard is a specialized software for protecting mission-critical applications from a wide variety of hardware and software failures." A bug has been reported in HP Serviceguard that may allow a non-privileged user to gain root access. The bug can be exploited by any attacker who can access the subnet on which HP Serviceguard is running.
HP has released patches to repair this bug and all affected users should upgrade as soon as possible. HP also recommends that users read HP's new white paper, "Securing Serviceguard." For more information, users should contact HP or their support vendors.
Xpdf is a PDF reader for Unix and the X Window System. Xpdf and other viewers
that use code derived from Xpdf (
pdftohtml) are reported to
be vulnerable to several buffer overflows that may, under some conditions, be
exploited using a carefully crafted PDF file to execute arbitrary code.
Users should watch their vendors for a repaired version of Xpdf,
pdftohtml. SuSE has released repaired versions for SuSE Linux Enterprise
Server 8 and 9, and SuSE Linux Desktop 1.0.
The FreeRadius open source RADIUS server is reported to be vulnerable to several remote denial-of-service attacks.
All users of FreeRadius should watch their vendors for a updated version and should consider protecting FreeRadius from unauthorized connections by using a firewall.
WVTFTPD, a fast TFTP (Trivial File Transfer Protocol) implementation, is reported to be vulnerable to a buffer overflow that may be exploitable by a remote attacker to execute arbitrary code with the permissions of the root user. This buffer overflow is reported to affect all versions of WVTFTPD before 0.9.1. Code to automate the exploitation of this vulnerability has been released to the public.
All users of WVTFTPD should upgrade to version 0.9.1 or newer as soon as possible and should consider disabling it until it has been upgraded.
tftp contains a buffer overflow that can be exploited by an attacker using
a remote DNS server under their control, or by spoofing DNS replies. Successfully
exploiting the vulnerability can result in arbitrary code being executed with
the permissions of the account under which the application is running.
User should watch for a new version of
inetutils that contains a repaired
pppd is a Unix daemon that implements both the client and server side of PPP
(Point to Point Protocol). It is vulnerable to a buffer overflow that is reported
to only be exploitable in a denial-of-service attack.
Affected users should watch their vendors for an updated version of
Read more Security Alerts columns.
Return to LinuxDevCenter.com