LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

MySQL Trouble

by Noel Davis
09/22/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in MySQL, umount, KDE's kcheckpass, GNOME Workstation Command Center, X.org, Squid, TWiki, ncompress, grip, Turquoise SuperStat, gtkdiskfree, and LessTif.

MySQL

The MySQL database is vulnerable to an attack that under some conditions can allow an authenticated user to execute arbitrary code with the permissions of the user account running the database. This vulnerability is caused by a buffer overflow in the init_syms function. Versions of MySQL affected by the buffer overflow include 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta.

All users of MySQL should upgrade to version 4.0.25, 4.1.13, or 5.0.7-beta as soon as possible.

umount

The umount command can under some circumstances be abused by a local attacker to gain root permissions. This problem is caused by an unintended consequence of umount's -r command-line parameter.

Users should watch their vendors for an updated linux-utils package.

KDE kcheckpass

The kcheckpass utility distributed with KDE is reported to be vulnerable to a bug in the lock-file-handling code that, if exploited, could result in an attacker gaining root access.

All users should watch their vendors for updated KDE packages that repair this problem. Debian has released packages for sarge and sid.

GNOME Workstation Command Center (AKA gwcc)

gwcc is the GNOME Workstation Command Center. It is a graphical front end that runs a collection of network and system utilities, and is reported to be vulnerable to an attack based on a temporary-file symbolic-link race condition that can be exploited by a local attacker to overwrite arbitrary files on the system with the permissions of the victim running gwcc.

It is recommended that gwcc not be used on multiuser systems until it has been repaired.

X.org

The X.org X Window System server is vulnerable to a buffer overflow in code that handles pixmaps. An attacker who creates a very large pixmap may cause a buffer overflow and execute arbitrary code with root permissions.

Users should watch their vendors for repaired X.org packages. Mandriva has released updated packages for Mandrake Linux 10.0, 10.1, 10.2, Corporate 3.0, and Corporate Server 2.1.

Squid

Squid, the free, open source web proxy cache server, contains bugs in code that deals with aborting a request and when handling malformed requests in sslConnectTimeout. These bugs may be exploitable as part of a denial-of-service attack against the proxy server.

Users should watch their vendors for a repaired version of Squid. Novell has released updated packages for SuSE Linux 9.0, 9.1, 9.2, and 9.3; SUSE Linux Enterprise Server 8 and 9; and Open Enterprise Server 9.

TWiki

TWiki is a structured Wiki written using Perl. TWiki has a bug in its history function that can be exploited by a remote attacker to execute arbitrary shell commands. The history or revision control function accepts user input, but does not check this input for shell meta-characters.

A hotfix to repair this problem is available. Users should go to twiki.org for more information.

ncompress

ncompress is a file compression utility that is designed as a fast replacement to the standard Unix compress utility. ncompress is reported to be vulnerable to an attack based on a temporary-file symbolic-link race condition that can be exploited by any local attacker to overwrite arbitrary files on the system with the permissions of user compressing or uncompressing files with ncompress. The report states that all versions of ncompress through version 4.2.4-r1 are vulnerable to this attack.

Users of multiuser systems should either replace ncompress with the standard compress utility or with gzip until ncompress has been patched.

Grip

Grip, a graphical front end for CD rippers, is reported to be vulnerable to a buffer overflow in code that handles the data returned from CDDB servers. A CDDB server controlled by an attacker can respond to a query from Grip, causing a buffer overflow and execution of arbitrary code on the victim's machine.

All users of Grip should upgrade as soon as possible to a repaired version. The Fedora Legacy project has released a repaired version of Grip for Fedora Core 1, Red Hat Linux 7.3, and Red Hat Linux 9.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

Problems in PCRE, the Linux Kernel, and SILC

Turquoise SuperStat

Turquoise SuperStat gathers statistics about Usenet news spools and Fidonet message areas. Turquoise SuperStat has a buffer overflow in code relating to the date parser that under some conditions may be exploitable by a remote attacker to execute arbitrary code with the permissions of the victim.

It is recommended that users upgrade to version 2.2.4 of Turquoise SuperStat as soon as possible.

gtkdiskfree

gtkdiskfree is vulnerable to an attack based on a temporary-file symbolic-link race condition that can be exploited by a local attacker to overwrite arbitrary files on the system with the permissions of the victim.

No current website or information on gtkdiskfree could be found. Anyone using it should consider disabling it until it has been patched or replaced.

LessTif 1 and 2

LessTif is a clone of OSF/Motif. OSF/Motif is a standard user interface toolkit for building X Window applications under Linux and Unix. Both LessTif versions 1 and 2 are reported to be vulnerable to multiple buffer overflows due to bugs in code that reads a XPM image file. An attacker could use a carefully crafted XPM file to exploit this vulnerability. This problem in the XPM code affected a wide range of applications and was not specific to LessTif.

Affected users should watch their vendors for updated libraries. It should be noted that some distributions fixed this problem in LessTif version 2 last year. It should be noted that LessTif 1 has been flagged as obsolete and should be replaced with LessTif 2.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Security and Usability

Related Reading

Security and Usability
Designing Secure Systems that People Can Use
By Lorrie Faith Cranor, Simson Garfinkel

Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: