LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

XFree86 Trouble

by Noel Davis
10/06/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in XFree86, cfengine, RealPlayer 10, Helix Player, ClamAV, XSun, Xprt, arc, prozilla, AbiWord, Backupninja, Hylafax, ApacheTop, and libsnmp5.

XFree86

A bug in the code that handles pixmaps in XFree86 may be exploitable by a remote attacker to execute arbitrary code on the victim's machine with root permissions. This bug is located in the XCreatePixmap() function.

Users should watch their vendors for updated packages.

cfengine

cfengine is a tool for maintaining the configurations of multiple networked machines. The Debian GNU/Linux administrators reported that cfengine is vulnerable to several attacks based on temporary-file, symbolic-link race conditions, which can be used by a local attacker to overwrite arbitrary files with the permissions of the victim (probably root). Due to the way that Debian back ports patches, it is not clear what versions of cfengine this vulnerability affects.

Users should exercise care until cfengine has been patched and should watch their vendors for a repaired version of cfengine.

RealPlayer 10 and Helix Player

A buffer overflow in the RealPlayer and Helix Player media players may be exploitable by an attacker to execute code with the victim's permissions. This vulnerability is located in code that deals with the timeformat option in .rp (RealPix) and .rt (RealText) formatted files. Versions 10.0.0 through 10.0.5 of RealPlayer 10 and Helix Player for Linux are reported to be vulnerable. It is not known if the players for other Unix operating systems are vulnerable. Versions for Mac OS X and Windows are reported to not be vulnerable. A script to automate the exploitation of this vulnerability has been released to the public.

All Linux users of RealPlayer or Helix Player should upgrade to version 10.0.6 or newer as soon as possible.

ClamAV

The ClamAV anti-virus scanning application is reported to have unspecified vulnerabilities when processing UPX- and FSG-compressed executables. It is possible that these vulnerabilities could lead to a root compromise.

All users of ClamAV should upgrade to version 0.87 or newer as soon as possible.

Solaris Xsun and Xprt

The Solaris applications Xsun and Xprt are vulnerable to unspecified problems that can be exploited by a local attacker to execute arbitrary code with root permissions.

Sun has released patches for Solaris 8, 9, and 10 for both SPARC and x86 versions of the operating system. A patch is not currently available for Solaris 7.

arc

The archiving tool arc is reported to be vulnerable to a temporary-file-symbolic-link-based race condition that may be exploitable by a local attacker to overwrite arbitrary files with the permissions of the victim using arc. In addition, the temporary file that arc creates is readable by other users on the system. This could be exploited to read information from the archive that is protected on the source filesystem.

It is recommended that users exercise care on multi-user machines until arc has been repaired. Users should watch their vendors for a repaired version or replace arc with another archiving tool. Updated packages have been released for some versions of SuSE Linux.

prozilla

prozilla, a download accelerator, has been reported to be vulnerable to a buffer overflow that may be remotely exploitable and allow an attacker to execute arbitrary code.

Debian has released a repaired package for woody. Other Debian distributions are reported to not contain prozilla. Other affected users should watch for repaired packages for their distribution.

AbiWord

The word processor AbiWord contains a buffer overflow in code that handles processing a RTF-formatted file. A remote attacker may be able to create a RTF file that, when opened by the victim, causes a buffer overflow and the execution of arbitrary code.

All users of AbiWord should upgrade to version 2.2.10 or newer as soon as possible. Users should also avoid opening files from untrusted sources until AbiWord has been upgraded.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

MySQL Trouble

Problems in PCRE, the Linux Kernel, and SILC

Backupninja

Backupninja, a backup control utility, is reported to be vulnerable to a temporary-file-symbolic-link-based race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system.

Affected users should watch for a repaired version of Backupninja.

Hylafax

Hylafax is a fax server and client that supports class 1 and 2 fax modems. The xferfaxstats script distributed with Hylafax is vulnerable to a temporary-file-symbolic-link-based race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system with root permissions. The xferfaxstats script is executed monthly by the root user on a default Hylafax installation.

Users should watch for a repaired version of Hylafax.

ApacheTop

ApacheTop is a tool similar to the Unix top command that displays close-to-real-time information about what the Apache web server is doing. A temporary-file-symbolic-link-based race condition in ApacheTop may under some conditions be exploitable to overwrite arbitrary files on the system with the victim's permissions. This vulnerability affects all versions of ApacheTop through version 0.12.5.

A patch to repair this vulnerability is reported to be available at bugs.gentoo.org/attachment.cgi?id=69342.

libsnmp5

The SNMP (Simple Network Management Protocol) library libsnmp5 distributed with Ubuntu Linux is vulnerable under some circumstances to a remote denial-of-service attack. The attack uses TCP packets to crash the snmpd server. It is not known if other Linux distributions are affected by this problem.

Affected users should update their libsnmp5 library as soon as possible.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Digital Identity

Related Reading

Digital Identity
By Phil Windley

Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: