LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

Perl Trouble

by Noel Davis
02/11/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in Perl, PostgreSQL, ncpfs, Squid, cpio, UW IMAP, ChBg, FireHOL, Clam AntiVirus, and f2c.

Perl

Perl, a popular scripting and data parsing language, is vulnerable to two attacks that may be exploitable by an attacker to overwrite files with root permissions, or to execute arbitrary code with root permissions. Perl's set user id wrapper is supplied with Perl to allow the safe execution of set user id root scripts. An attacker can set the environmental variable PERLIO_DEBUG to an arbitrary file that will be overwritten with Perl debugging messages when the set user id root Perl script is executed. Also, running the set user id root script while PERLIO_DEBUG is set to a very long value can cause a buffer overflow and result in arbitrary code being executed.

Affected users should watch their vendors for an updated version of Perl and should consider disabling set user id scripts until Perl has been updated.

PostgreSQL

The PostgreSQL database server is vulnerable to a local attack that can be exploited to execute arbitrary code with the permissions of the database server. Any authorized user of PostGreSQL can use the LOAD extension command to load an arbitrary shared library that will execute its initialization function.

The PostgreSQL developers have released updated versions of PostgreSQL 8.0, 7.4, 7.3, and 7.2.

ncpfs

ncpfs allows the mounting of NetWare server volumes under Linux and printing to NetWare print queues, and spooling NetWare print queues to the Linux printing system. Multiple vulnerabilities have been announced that can be used by a local attacker to gain root permissions, or be exploited by a remote NetWare host to compromise the local machine. These vulnerabilities include buffer overflows in ncplogin and ncpmap using the -T command line option; nwclient.c does not properly drop its root permissions when executing NetWare client functions; and a buffer overflow in ncplogin may be exploitable by a remote NetWare server.

Users of ncpfs should upgrade to version 2.2.6 or newer as soon as possible, or should watch their vendors for a repaired version. Repaired packages have been released for Mandrake Linux 10.0, 10.1, Corporate Server 2.1, and Corporate Server 3.0; and Gentoo Linux.

Squid

The free open source web proxy cache server Squid runs on Unix systems and has many features, including proxying and caching of HTTP, FTP, and other URL types, proxying for SSL, transparent caching, extensive access controls, HTTP server acceleration, SNMP, and caching of DNS queries. Multiple problems have been announced in Squid, including: authenticated users can bypass access control using a username starting with or trailing a space, several cache poisoning attacks using malformed HTML headers, a cache poisoning attack based on an HTTP response splitting attack, and a buffer overflow vulnerability in code located in wccp.c that may be exploitable by a remote attacker to execute arbitrary code on the server with the permissions of the user account running Squid. Versions of Squid earlier than 2.5.7-r5 are reported to be vulnerable to these problems.

All users of Squid should upgrade to version 2.5.7-r5 or newer as soon as possible.

cpio

cpio, an archiving utility, is reported to create files with incorrect permissions (not properly using the user's umask) when it creates output files with the -O or -F command line parameters.

Users should watch their vendors for an updated version of cpio and should verify that any archive files that have been created have the correct file permissions.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

UW IMAP

UW IMAP is the University of Washington IMAP daemon that supports both POP3 and IMAP. A bug in the UW IMAP code that handles CRAM-MD5 (the "Challenge-Response Authentication Mechanism with MD5") authentication can be exploited by a remote attacker to authenticate to the IMAP daemon as any user of the system if CRAM-MD5 based authentication is configured.

All users of UW IMAP should upgrade to version imap-2004b or newer as soon as possible.

ChBg

ChBg, a highly configurable utility for changing the background picture under X11, is vulnerable to a buffer overflow in the simplify_path function in config.c that can be exploited through a carefully created ChBg scenario file. If a victim uses this scenario file, it will cause a buffer overflow and execute arbitrary code. Version 1.5 and earlier of ChBg are vulnerable to this buffer overflow.

Users should watch their vendors for an update of ChBg and should avoid using scenario files from untrusted sources. It is not clear if the author of ChBg is still maintaining it, as the last update on its SourceForge page was in 2001.

FireHOL

FireHOL is an iptables rule generator. It is vulnerable to a temporary-file symbolic-link race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system with the permission of the user running FireHOL.

It is recommended that all users of FireHol upgrade to FireHOL R5 v1.226 or newer as soon as possible.

Clam AntiVirus

Clam AntiVirus (or ClamAV) can be bypassed by using a base64-encoded image. This problem affects ClamAV version 0.80 and earlier. In addition, a carefully crafted .zip file can be used by a remote attacker to crash the clamd daemon.

Users should upgrade to ClamAV 0.81.

f2c

f2c, a Fortran-to-C translator, is reported to be vulnerable to an attack based on a temporary-file symbolic-link race condition that may be exploitable by a local attacker to overwrite files on the system with the permissions of the victim.

Affected users should watch for an updated version of f2c. Gentoo Linux has released a repaired version.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: