Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Problems with sudo, at, and efax

01/22/2002

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in clanlib, efax, LibGTop, and icecast-server; and problems in sudo, at, cdrdao, Conectiva Linux's MySQL, Open UNIX and UnixWare 7 xterms, Red Hat's Secure Web Server, Mandrake's BIND, xchat, klprfax_filter, and an HP-UX denial-of-service attack.

sudo

sudo, a tool used to allow specified users to execute commands with root permissions, has a vulnerability that can, under some circumstances, be used by a local attacker to execute arbitrary commands as root. This vulnerability is in sudo, but has only been reported to be exploitable on systems that have Postfix installed as the system MTA.

sudo 1.6.4 has been released to fix this vulnerability, and it is recommended that users upgrade as soon as possible.

at

The at command under most versions of Linux has a bug that can, under some circumstances, be exploitable by a local attacker to execute code with root permissions.

Users should watch their vendor for updated at command packages.

clanlib

A buffer overflow in the clanlib game programming library can be exploited to gain additional privileges, if an application that is linked to it is installed set user id or set group id. The SuSE Linux packages for the game Methane are installed set group id to the group "game."

SuSE recommends that users with Methane installed remove the set group id bit from the game. All affected users should watch for an update to the clanlib library.

efax

There is a buffer overflow in the efax program distributed with the kdeutils package of KDE 2.2.1 that, under some circumstances, may be exploitable by a local attacker to execute arbitrary code with the permissions of the root user. To be exploitable, the efax program must be installed set user id root. The only reported situation that by default installs efax as set user id root is when KDE is installed from source.

The buffer overflow is reported to have been fixed in KDE 2.2.2. Affected users should ensure that efax does not have a set user id bit and upgrade it as soon as possible.

cdrdao

cdrdao is used to create audio or mixed-mode CD-R disks in disk-at-once mode. The cdrdao application has several bugs that, when cdrdao is installed, set user id root (which cdrdao is, under Debian Linux) and can be used to read, write, or create arbitrary files on the system. These bugs can be leveraged into root on the system.

Users should remove the set user id bit from cdrdao and should watch for an update to the software.

LibGTop

LibGTop, a Gnome component that is used in monitoring system status, includes the daemon libgtop_daemon, which has buffer-overflow and format-string vulnerabilities that can be exploited remotely to execute arbitrary code as the user executing the daemon. The libgtop_daemon is not started by default under the Gnome desktop.

Affected users should watch their vendor for an update.

Conectiva Linux MySQL

The MySQL package distributed with Conectiva Linux 6.0 and older is configured to log all database queries to a world-readable file. By reading this file, a local attacker can recover sensitive information, including users and passwords.

Conectiva recommends that users upgrade their MySQL packages or change the permissions and ownership of /var/log/mysql*.

Open UNIX and UnixWare 7 xterms

Under UnixWare 7.1.x and Open Unix 8.0.0, xterms saved in prior sessions can gain additional privileges in later sessions and, under UnixWare 7.1.x, they will not honor the value of the LD_LIBRARY_PATH variable.

Caldera recommends that users upgrade affected systems as soon as possible.

Red Hat Secure Web Server

Red Hat has released updated packages for Secure Web Server version 3.2. This new version closes a security problem that could be exploited, with a carefully-crafted request, to view the contents of a directory instead of the index file or an error message.

It is recommended that users update the Secure Web Server with the updated packages, which are supplied as a rhmast file.

icecast-server

icecast-server, an Internet streaming audio server, has a buffer overflow that can be exploited to gain root access and a vulnerability that can be used to download arbitrary files, and is vulnerable to a denial-of-service attack.

These vulnerabilities have been repaired in icecast-server version 1.3.10

Mandrake BIND

Mandrake has released updated packages for Mandrake Linux 8.0 and 8.1 that correct insecure file permissions on some configuration files and executables.

Affected users should install the new BIND packages as soon as possible.

xchat

The xchat IRC client can be manipulated by a remote attacker into sending IRC commands to the IRC server to which the client is connected. This problem has been reported to affect versions of xchat earlier than 1.8.7.

It is recommended that users upgrade to xchat version 1.8.7 or newer.

klprfax_filter

klprfax_filter, an application included with the KDE utilities package that is used to create a printer that will act like a fax device, has been reported to have a temporary-file race condition that can be used by a local attacker to overwrite files on the system with the permissions under which klprfax_filter is executing.

Users of klprfax_filter should consider disabling it until it has been repaired.

HP-UX DOS

Hewlett-Packard has announced a local denial-of-service attack against HP-UX. The denial-of-service attack requires a local account and uses a file system weakness to hang the system. It has been reported to affect HP-UX 10.20 Series 700, 10.20 Series 800, 11.00, 11.04 (VVOS), and 11.11.

Hewlett-Packard recommends that affected users apply the appropriate patch for their OS version.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.