Problems in PCRE, the Linux Kernel, and SILCby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in PCRE, the Linux kernel, SILC, Frox, MPlayer,
backup-manager, Adobe Version Cue, phpGroupWare, and
- Linux Kernel Problems
- Adobe Version Cue
PCRE, the Perl Compatible Regular Expressions library, is vulnerable to a buffer overflow that could result in arbitrary code being executed with the permissions of the user running the application linked against the library. PCRE is reported to be used by Analog, Python, PHP,
gnumeric, KDE, Apache, Postfix,
nmap, Onyx, and Hypermail.
All users of PCRE should upgrade to version 6.2 or newer and should watch for new versions of any application that us linked against PCRE.
Multiple security-related problems have been fixed in the Linux kernel. These
problems include decompression of files on
zisofs filesystems, buffer overflow
zlib decompression, buffer overflow in
sock->sk_policy, and a bug in
the S/390 specific kernel that could be exploited by a local user to power
on and off partitions.
Users should watch their vendors for an up-to-date version of the kernel. Updated kernels have been released for SuSE Linux 9.1, 9.2, and 9.3; SUSE Linux Enterprise Server 9; and Novell Linux Desktop 9.
SILC, Secure Internet Live Conferencing, is reported to be vulnerable to a temporary-file symbolic-link race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system with the victim's permissions. Version 1.0 of the SILC server and version 0.9.12-r3 of the SILC toolkit are reported to be vulnerable.
Affected users should watch for a repaired version of SILC.
Frox is a transparent FTP proxy for FreeBSD. A reported bug in Frox would allow any user to read any file on the system.
It is recommended that Frox be disabled until it has been repaired.
MPlayer is a Linux and Unix multimedia player that supports multiple formats,
including MPEG, VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM,
NuppelVideo, YUV4MPEG, FILM, RoQ, and PVA. A vulnerability in the code that
strf chunks in PCM audio streams may be exploitable by a remote attacker
who creates a video or audio file that will cause arbitrary code to be executed
when the victim plays the file in MPlayer.
All users should upgrade to a repaired version as soon as possible. Gentoo
has released a repaired version. A possible work around is to add
the MPlayer configuration file. Making this change will disable MPlayer's ability
to play uncompressed audio.
pam_ldap, a Pluggable Authentication Module that authenticates to a LDAP server,
will under some conditions authenticate connections that it should have denied
and allow an attacker to bypass security restrictions.
Every user of
pam_ldap should upgrade as soon as possible to
The mail delivery agent
maildrop may, under some conditions, be vulnerable to
an attack that can result in arbitrary code being executed with the mail group's
Users should watch their vendors for a repaired version of
has released patched versions of
lm_sensors provides monitoring of temperature, voltage, and fan status of
a Linux machine. The pwmconfig script included with
lm_sensors is reported
to be vulnerable to a temporary-file symbolic-link based race condition that
may be useable by a remote attacker to overwrite arbitrary files on the system
with, in most cases, root permissions.
It is recommended that
lm_sensors be disabled on multi-user systems until
this vulnerability has been corrected by upgrading to version 2.9.1 or newer.
simpleproxy, a TCP-based proxy server, is reported to have a format-string-based vulnerability that may be exploitable by a remote attacker to execute
arbitrary code with the permissions of the user account running
All users of
simpleproxy should upgrade to version 3.4 as soon as possible
and should consider disabling it until it can be upgraded.
The command line tool
backup-manager is reported to contain two vulnerabilities:
backup files are created with world-readable permissions, allowing an attacker
to view files in the backup that may not be viewable on the system; and a temporary-file symbolic-link race condition when
backup-manager is used to back up
files to a CD.
Affected user should upgrade to version 0.5.8b or newer of
as soon as possible.
Also in Security Alerts:
The Mac OS X version of Adobe Version Cue is vulnerable to a local attack that can result in arbitrary code being executed with root permissions. Also, Adobe Version Cue is vulnerable to a temporary-file symbolic-link race condition that can be exploited to overwrite arbitrary files on the system with root permissions. Adobe Version Cue is a software version-tracking system that is part of Adobe Creative Suite and other Adobe products. Code to automate the exploitation of these vulnerabilities has been released to the public.
Users of Adobe Version Cue should apply the update available from Adobe. A possible work around is to remove the set user id bit from the VCNative utility.
phpGroupWare is a web-based application that includes a calendar, address book, to do list, email, wiki, and news headlines. Several vulnerabilities have been found in phpGroupWare that may be exploitable under some conditions to execute arbitrary PHP code, or in cross-site scripting attacks.
All users of phpGroupWare should upgrade to version 0.9.16.008 as soon as possible.
webcalendar is reported to be vulnerable to an unspecified problem that can
be trivially exploited by a remote attacker to execute arbitrary code with
the permissions of the user account running the web server.
Affected users should watch for a repaired version from their vendors and should
webcalendar until it has been repaired. Debian has released
packages for sarge.
Read more Security Alerts columns.
Return to LinuxDevCenter.com