Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Vulnerabilities in Lotus Domino, Zope, and Cisco Secure PIX Firewall

10/15/2001

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in OpenServer applications, Solaris' xlock, dtaction, and SuSE's lprold; and problems in htdig, Lotus Domino, Mandrake and Caldera's uucp, Zope, Cisco Secure PIX Firewall, PHP Nuke, OpenProjects ircd, and Mandrake devfs.

htdig

The Web-based search engine htdig has a vulnerability that can be used by a remote attacker to view files on the system with the permissions of the user executing the Web server. This vulnerability can also be used as part of a denial-of-service attack against the Web server.

Users of htdig should upgrade to the latest packages.

Lotus Domino

Lotus Domino can, under some circumstances, give out information that includes the server's internal IP address. This information can be used by an attacker to plan and execute attacks against a Domino server that is on an internal network behind a firewall doing NAT (Network Address Translation).

It has been reported that adding the line DominoNoBanner=1 to the notes.ini file will solve this problem.

Mandrake and Caldera uucp Packages

Mandrake Linux and Caldera have released updated uucp packages that address a vulnerability that can be used to gain uucp user and group permissions. It is possible, under some conditions, to leverage uucp user permissions into root access. Mandrake Linux reports that versions 7.1, 7.2, 8.0, and Corporate Server 1.0.1 are affected. Caldera has released updated uucp packages for OpenLinux 2.3, OpenLinux eServer 2.3.1, OpenLinux eDesktop 2.4, OpenLinux Server 3.1, and OpenLinux Workstation 3.1.

It is recommended that affected users upgrade their systems as soon as possible.

OpenServer Buffer Overflows

Versions 5.0.6 and earlier of OpenServer are vulnerable to buffer overflows in applications that use scoadmin and sysadmsh. These buffer overflows can be exploited to gain root privileges. Affected applications include:

Caldera recommends that affected systems be upgraded as soon as possible.

Zope

A flaw has been discovered in Zope that can be used by a skilled attacker with Zope access to exceed the permissions they have been granted.

Users of Zope should apply Hotfix_2001-09-28. RedHat has released updated packages that repair this flaw.

Solaris 8 xlock

Sun has released a patch for xlock under Solaris 8 that repairs a buffer overflow that can be used to execute arbitrary code with the permissions of the root user. The patch is reported to be number 108652-40.

Users of Solaris 8 should apply the patch or remove the set user id bit from xlock. Users of Solaris 2.6 and 7 should remove the set user id bit from xlock and continue to watch Sun for a patch.

Cisco Secure PIX Firewall

The Cisco Secure PIX firewall has a feature called mailguard that limits the SMTP commands that can be used on a mail server protected by the firewall. A vulnerability in the mailguard feature can be used to bypass the SMTP command filtering. Versions 6.0(1), 5..2(5), and 5.2(4) of the Cisco Secure PIX firewall are vulnerable.

The firewall is also vulnerable to a denial-of-service attack against the AAA authentication feature. This denial-of-service attack is reported to affect versions 4.0 through 5.3(1) that are using AAA authentication.

A vulnerability in the Cisco PIX Firewall Manager software can be exploited to gain full access to the firewall, if the attacker has access to the management machine.

Cisco has released patches for the vulnerabilities in the Cisco Secure PIX firewall and all users should upgrade as soon as possible. The Firewall Manager has been replaced by the PIX device manager. Cisco recommends that users upgrade to the PIX device manager and has announced that patches will not be released for the Firewall Manager application.

dtaction

There is a buffer overflow in the dtaction command, distributed with Open Unix and Unixware, that can be exploited to gain additional privileges. All versions of Unixware 7.0 and version 8.0.0 of Open Unix have been reported to be affected.

Caldera has released updated dtaction binaries and recommends that affected systems be upgraded.

PHP Nuke

PHP Nuke, an open source Web news and discussion system written in PHP, has vulnerabilities that can be exploited to execute arbitrary code with the permissions of the user executing the Web server, or to log in as another user without knowing their password.

Users of PHP Nuke should watch its Web site for an updated version.

SuSE lprold

Related Reading

Incident ResponseIncident Response
By Kenneth R. van Wyk & Richard Forno
Table of Contents
Index
Sample Chapter
Full Description
Read Online -- Safari

The Line Printer Daemon shipped with the lprold package of SuSE Linux has a buffer overflow that may be exploitable to gain root access, and a vulnerability that can be used by root users on any machine listed in /etc/hosts.lpd or /etc/hosts.equiv to change the ownership of any file on the system. It is reported that SuSE Linux versions 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, and 7.2 are affected by this vulnerability.

SuSE recommends that affected users upgrade their systems to the latest lprold package. No updated packages are available for SuSE Linux 6.1 and 6.2.

OpenProjects ircd

The Internet Relay Chat daemon ircd from OpenProjects has a flaw that can be used to spoof any host name that exists on the Internet. Exploiting this flaw requires the attacker to have control of a name server.

It is recommended that affected users watch the OpenProjects Web site for an update.

Mandrake devfs

Mandrake has reported that there is a vulnerability in the devfs device file system as it is shipped with Mandrake Linux 8.1. No details on this vulnerability were released.

Mandrake recommends that users boot with the devfs=nomount option until they fix the vulnerability.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.