LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

DB2 Problems

by Noel Davis
01/14/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in DB2, SHOUTcast, nasm, Vilistextum, libtiff, wxGTK2, phpGroupWare, Vim, namazu2, and htmlheadline.

DB2 Problems

Several problems have been reported in IBM's DB2 database. These problems include: the XMLFileFromVarchar and XMLFileFromClob functions can be used to write files on the server; the XMLVarcharFromFile and XMLClobFromFile functions can be used to read arbitrary files on the server; there are buffer overflow vulnerabilities in the xmlvarcharfromfile, xmlclobfromfile, xmlfilefromvarchar and xmlfilefromclob functions that can be exploited to execute arbitrary code with the permissions of the user running DB2; the to_char and to_date functions can be used in a denial-of-service attack that will cause DB2 to crash; if DB2 is configured to use satellite administration, then the SATENCRYPT SQL function is vulnerable to a buffer overflow; the JDBC Applet Server is vulnerable to a buffer overflow that can be remotely exploited without authenticating to DB2; there is a buffer overflow in the call and CREATE WRAPPERS functionality; and there are buffer overflows in the libdb2.so.1 library and the db2fmp utility that can both be exploited to execute arbitrary code with root permissions.

All of these vulnerabilities are reported to be repaired in the latest fixpaks from IBM for DB2 7.x and 8.1.

SHOUTcast

SHOUTcast is a streaming audio server developed by Nullsoft. A bug in SHOUTcast may be remotely exploitable to crash the server and possibly, execute arbitrary code with the permissions of the user running SHOUTcast. Code to automate the exploitation of this vulnerability has been released to the public.

Nullsoft strongly urges all users to upgrade to SHOUTcast DNAS 1.9.5 as soon as possible.

nasm

The open source 80x86 assembler nasm is reported to contain a buffer overflow. This buffer overflow can be exploited by an attacker who creates a carefully crafted assembly source code file and then convinces the victim to assemble it.

Affected users should watch their vendors for a repaired version. Mandrake has released a repaired version for Mandrake Linux 10.0 and 10.1.

Vilistextum

The HTML-to-text converter Vilistextum is vulnerable to a buffer overflow that, under certain conditions, can be exploited by a remote attacker and result in arbitrary code being executed with the permissions of the victim. The buffer overflow is in the get_attr() function contained in html.c.

Users should discontinue use of Vilistextum with untrusted data until a repaired version has been installed.

libtiff

libtiff, a library that provides support for Tagged Image File Format (TIFF) images, contains a bug in the code that processes images with the STRIPOFFSETS flag and an additional buffer overflow. Under some conditions, both of these bugs may be exploitable to execute arbitrary code.

Users should watch their vendors for a repaired version of the libtiff library and any other applications that may have been statically linked against a vulnerable version.

wxGTK2

The GTK2 version of the wxWidgets GUI toolkit is vulnerable to several buffer overflows due to the inclusion of vulnerable code from the libtiff graphics library. At least one of the vulnerabilities is reported to be remotely exploitable and can result in code being executed on the victim's machine.

All users should watch their vendors for updated packages for the toolkit and any other applications affected by this vulnerability.

phpGroupWare

phpGroupWare, a web-based application that includes tools including a calendar, address book, to-do list, email, wiki, and news headline reader, is reported to be vulnerable to multiple attacks. These vulnerabilities are reported to include multiple SQL injection attacks, information disclosure vulnerabilities, and multiple cross-site scripting-based attacks.

It is recommended that users upgrade to the latest version of phpGroupWare or watch their vendors for an updated package. It is not clear if the latest version of phpGroupWare repairs all of the disclosed vulnerabilities; users should watch for future releases.

Vim (Vi Improved)

Vim is reported to be vulnerable to an attack that abuses Vim's modline feature to execute arbitrary commands. An attacker conducts this attack by creating and sending to the victim text that contains modlines that will execute when the text it is edited with Vim. Any user who reads email messages or log files with Vim should exercise special care.

It is recommended that users upgrade to a version that has been patched with Bram Moolenaar's vim 6.3.045 patch as soon as possible. Adding the line set modelines=0 to .vimrc may also disable the processing of modlines.

namazu2

namazu2 is a web-based, full-text search engine. It is vulnerable to a cross-site scripting-based attack where the attacker creates a payload script that is indexed by namazu2 and then displayed unchanged (unsanitized) to the victim. Cross-site scripting is a type of attack that uses a web application that does not sanitize its input to pass a JavaScript, ActiveX, HTML, VBScript, Flash, or other script to the victim. This script can conduct many different attacks, such as account hijacking or gathering other information from the victim.

Affected users should watch their vendors for a repaired version of namazu2 or should upgrade to namazu 2.0.14 or newer as soon as possible.

htmlheadline

htmlheadline is vulnerable to a temporary-file, symbolic-link-based race condition that may be exploited by a local user to write to arbitrary files on the system with the permissions of the victim. htmlheadline is a script designed to fetch headlines from web-based news sites.

Affected users should consider disabling htmlheadline until it has been repaired.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: