Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in squid, Ethereal,
vfte, YaST Online Update,
oftpd, OpenLDAP, and MPlayer.
The squid caching server is reported to be vulnerable to an attack that can bypass its access control lists by inserting a
NULL character into decoded URLs.
Users should upgrade to Squid-2.5.STABLE5 or newer. In addition to the access control list problem, the 2.5.STABLE5 release also fixes a denial-of-service vulnerability and a buffer overflow that is not thought to be exploitable.
Ethereal is a powerful network protocol analyzer with a graphical interface. Buffer overflows have been found in the code that dissect NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP packets; RADIUS packets; and color filter files. These buffer overflows may be exploitable by a remote attacker to crash Ethereal or to execute arbitrary code.
It is recommended that all users upgrade to version 0.10.3 of Ethereal or newer as soon as possible. It is possible to turn off all of the protocol dissectors, but this is not recommended.
|Linux/Unix System Administration Certification -- Would you like to polish your system administration skills online and receive credit from the University of Illinois? Learn how to administer Linux/Unix systems and gain real experience with a root access account. The four-course series covers the Unix file system, networking, Unix services, and scripting. It's all at the O'Reilly Learning Lab.|
The FreeBSD project uses the KAME IPv6 implementation. A bug in some IPv6 options of the
setsockopt() function call can be exploited to read portions of kernel memory which may result in privileged information being disclosed. In addition this bug may under some circumstances be used as part of a denial of service attack.
Users should upgrade to the
RELENG_5_2 to repair this bug.
The system management utility
monit is vulnerable to buffer overflows in its HTTP interface that may be exploitable by a remote attacker to execute arbitrary code with the permissions of the user id the
monit HTTP interface is running under and under some conditions gain root permissions.
monit team has released version 4.2.1 of
monit and recommends that users upgrade as soon as possible or turn off the HTTP interface in earlier versions.
Under some conditions
texutil is vulnerable to a temporary file symbolic link race condition that could be used to overwrite arbitrary files on the system with the users permissions. The attacker must be able to create a symbolic link in the victims current working directory and the victim must use the
--silent command line option for this vulnerability to be exploitable.
Affected users should watch their vendor for a repaired version of
nstxd is the server that implements NSTX (the Nameserver Transfer Protocol) which is designed to allow IP tunneling using DNS queries and replies to encapsulate the packets. A buffer overflow has been reported in
nstxd that can be used to crash
nstxd and may under some conditions result in arbitrary code being executed with root permissions.
Users should upgrade to version 1.1-beta4 of
nstx as soon as possible.
Also in Security Alerts:
eMule is an open source peer to peer file sharing client. Buffer overflows have been found in the code that handles the web interface and the IRC module that could result under some conditions in arbitrary code being executed with the permissions of the user running eMule.
It is recommended that users upgrade to version 0.42e or newer of eMule. It should be noted that the eMule IRC server name was changed to protect users of the vulnerable versions of eMule and that the new client will connect to the correct IRC server.
The console based editor
vfte contains multiple buffer overflows that can be exploited by a local attacker to execute arbitrary code with root permissions.
vfte is installed with set user id root permissions so that it can access low level console operations.
Users should remove all set user and group id bits from
vfte and should watch their vendor for an updated version. In addition users should consider using the terminal version of
vfte which does not require root permissions to run.
SuSE Linux's YaST Online Update is reported to be vulnerable to a temporary file symbolic link race condition that can be exploited by a local attacker to overwrite arbitrary files on the system with the permissions of the user running YaST Online Update (often root).
Affected users should watch SuSE for an update to YaST Online Update and should exercise care if they choose to use it prior to it being updated.
The anonymous FTP server
oftpd is vulnerable to a denial of service attack when the client uses a very high port number in the
Users should watch their vendor for a repaired version of
MPlayer is a movie player for Unix that supports movie formats such as MPEG, VOB, AVI, OGG/OGM, FLI, RM, NuppelVideo, YUV4MPEG, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FILM, RoQ, and more. There is a bug in the MPlayer HTTP parser that may under some conditions can be exploited by a remote attacker to create a special HTTP header ("Location:") that can cause the victim to execute code located on the attackers system. Releases of MPlayer that are not affected by this problem are: releases before 0.60pre1, 0.92.1, 1.0pre3try2, 0_92 CVS, and HEAD CVS.
It is recommended that MPlayer 1.0pre3 users upgrade to the latest CVS release and that MPlayer 0.92 (and below) users upgrade to the 0.92.1 release or the latest CVS release.
The slapd daemon distributed with OpenLDAP is vulnerable to a remotely exploitable denial of service attack. Failed password operations can cause
slapd to crash when
slapd is using the
back-ldbm back end due to slapd freeing memory that it never allocated.
Users should watch their vendor for an updated version of OpenLDAP.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the LinuxDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.