Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in PHP, Samba,
l2tpd, Domino, APC PowerChute Business Edition,
Webmin, and Lexmark network printers.
Some configurations of PHP may be vulnerable to an attack that, when exploited,
can result in arbitrary code being executed with the permissions of the user
account running the web server. This attack exploits a flaw in the
code of PHP and affects PHP 4.x through 4.3.7, and 5.x through 5.0.0RC3. In
addition, a bug in the
strip_tags() function may result in cross-site scripting
problems in some browsers.
Users should upgrade to version 4.3.8 or 5.0.0 of PHP as soon as possible. Repaired packages have been released by SuSE, Red Hat, Mandrake, Gentoo, Debian, and Conectiva.
Linux Desktop Migration Contest -- Share your open source success
stories and help chart the course for Linux desktop migration. If that's not
reward enough your entry could also win you an all-expense-paid trip to
Barcelona, Spain. Novell and O'Reilly are calling for entries that
describe the benefits realized from a Linux desktop migration, present a
comprehensive migration plan, or provide the most practical tips for
migrating to Linux. The
contest deadline is August 9 so enter
The Samba server and SWAT, the Samba Web Administration Tool, are vulnerable
to buffer overflows that may be exploitable to execute arbitrary code with the
permissions of (in most cases) root. The buffer overflow in SWAT is in the code
that handles decoding base64 characters and can be exploited by a remote attacker
using an invalid base64 character. The Samba server buffer overflow is located
in the code that handles the
mangling method = hash configuration option set
in the smb.conf file. The SWAT overflow is present in versions 3.0.2 through
3.0.4. The Samba server overflow affects versions 2.2.9 through version 2.2.9
and versions v3.0.0 through version 3.0.4.
Affected users of Samba should upgrade to version 3.0.5 or 2.2.10 as soon as
possible. A possible work around is to turn off the SWAT server or select
method = hash2 in the smb.conf configuration file.
mod_ssl distributed with Apache 1.3.x web servers is reported to be vulnerable
to a format-string-based attack that may be exploitable to execute arbitrary
code with the permissions of the web server. The vulnerable code in this attack
is located in the
mod_proxy hook functions.
Users should watch their vendors for an updated package or upgrade to
version 2.8.19 or newer.
There are vulnerabilities in versions of
distributed with HP-UX B11.00, B11.11, B.11.22, and B11.23 that may be exploited
by a remote attacker to execute code with the permissions of the
Users should contact HP for the appropriate patch for their systems.
Ethereal is a powerful network protocol analyzer with a graphical interface used for network troubleshooting, analysis, software development, protocol development, and education. Bugs in the iSNS dissector, SMB SID, and the SNMP dissector may, under some conditions, be exploitable by a remote attacker to crash Ethereal or to execute arbitrary code. These problems are reported to affect all versions of Ethereal prior to version 0.10.5.
All users of Ethereal are encouraged to upgrade to version 0.10.5 as soon as possible. Users unable to upgrade should remove the iSNS dissector, SMB SID, and the SNMP dissector from the list of enabled protocols.
l2tpd, the Layer 2 Tunneling Protocol Daemon, is reported to contain a buffer
overflow in the
write_packet() function in control.c that may be exploitable
by an attacker to execute arbitrary code with the permissions under which
l2tpd is running.
It is recommended that users upgrade to version 0.69-r2 of
It has been reported that Domino 6.5.1 under Linux and Windows is vulnerable to a denial-of-service attack that uses a carefully crafted email that hangs the Domino server when it is viewed by the recipient using Domino Web Access. Other versions of Domino may also be vulnerable.
Users should contact IBM for a hotfix for this vulnerability. Possible workarounds are to limit the maximum message size or to turn off Domino Web Access.
APC's PowerChute Business Edition provides UPS management tools for up to 25 UPS systems, and safe system shutdown during power interruptions for servers and workstations. It is available for Linux, Novell, Solaris, Windows 2003, and Windows XP/2000/NT. All versions of PowerChute Business Edition between 6.0 and 7.0.1 are reported to be at risk from a locally exploitable denial-of-service attack.
Affected users of APC PowerChute Business Edition should upgrade or patch to version 7.0.2 as soon as possible.
A format-string-based vulnerability has been reported in the
package for Debian Linux. This vulnerability may, under some conditions, allow
a remote attacker to execute arbitrary code with the permissions of the
daemon (under Debian, the
telnetd user). It is not clear if this vulnerability
affects other distributions.
Debian users should upgrade their
netkit-telnet-ssl package to the repaired
version as soon as possible.
Webmin is a web-based administration tool for Unix systems that can be used for user accounts, controlling Apache, DNS, file sharing, and more. Webmin has a bug that can be exploited by an unauthorized attacker to read module settings. In addition, on Fedora 2 and other 2.6 kernel-based distributions, using the Disk Quotas module under some conditions may cause the system to hang.
Users should upgrade to Webmin 1.150 or newer as soon as possible.
It has been reported that some Lexmark network printers are subject to a denial-of-service attack against their web servers that will cause the printer's web
server to stop taking requests and become unresponsive. This problem is reportedly
caused by the web server not handling long
HOST arguments (1024 characters is
reported to work) in the HTTP header of a request. This problem is also reported
to affect Dell printers using the same web-server software in their firmware.
Users should watch their vendor for updated firmware for their printer. It may be possible to mitigate this problem somewhat by using a firewall to protect the printer from unauthorized connections.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.