Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Problems in the Kernel, OS X, and WordPress

by Noel Davis
06/17/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in the Linux kernel, Mac OS X, bzip2, WordPress, WebSphere, Peercast, PHPMailer, Binutils, Popper Webmail, Dzip, and FreeBSD's gzip.

Linux Kernel Problems

Several problems in the Linux kernel have been announced, including a bug in ptrace() on AMD64 platforms that could be used to crash the system, a bug in mmap() that may be exploitable to execute arbitrary code or to crash the system, a root exploit using a Bluetooth socket, and a potential root exploit in the 32-bit DRM ioctl functions.

All users should watch their vendors for updated Linux kernel packages and then upgrade as soon as possible.

Mac OS X Security Update

Apple has released a new security update for Mac OS X named "Security Update 2005-006." This update repairs a directory traversal bug in the Bluetooth code and in PHP for both 10.3.* and 10.4.* systems. It also repairs problems in Mac OS X 10.4.*, including a root vulnerability in the CoreGraphics Window Server, a temporary-file race condition vulnerability in launchd that can be trivially exploited to gain root permissions, buffer overflows in the AFP Server, a bug in CoreGraphics, a bug in PDFKit, a permissions-based race condition in the cache folder and Dashboard system widgets, a bug in the MCX client, export restriction problems in the NFS server, and a buffer overflow in vpnd (the VPN server).

It is recommended that users of Mac OS X upgrade as soon as possible.

bzip2

The compression tool bzip2 is reported to be vulnerable to a race condition in the code that sets the file permissions of files as they are uncompressed.

Users should watch their vendors for a updated version of bzip2. Debian has released a repaired package.

WordPress

WordPress is a "state-of-the-art semantic personal publishing platform." Another way to describe it would be as software used to publish a blog. WordPress was named "Web Application of the Year" by ArsTechnica. Multiple problems in WordPress may, under some conditions, be exploitable by a remote attacker in a SQL injection attack, or in a cross-site, scripting-based attack.

All users of WordPress should upgrade to version 1.5.1.2 or newer as soon as possible.

WebSphere

The IBM WebSphere Application Server 5.0 is reported to be vulnerable to a buffer overflow in the WebSphere Application Server Administrative Console when the "global security option" is enabled. Successfully exploiting the buffer overflow could allow a remote attacker to execute code with the permissions of user account running the application server.

IBM is reported to have released WebSphere Application Server 5.0.2 Cumulative Fix 11 to repair this buffer overflow. One possible workaround is to use a firewall tool to block unauthorized access to TCP ports 9080, 9090, and 9043.

Peercast

Peercast is a peer-to-peer streaming media tool released under the GPL license. Version 0.1211 and earlier are vulnerable to a format-string-based attack that could be exploited to crash the server or to execute arbitrary code on the server with the permission of the user running Peercast.

All users of Peercast should upgrade to the latest available version.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

PHPMailer

PHPMailer is a full-featured email transfer class for PHP. PHPMailer is reported to have been used to implement email in many different projects, including eGroupWare, Mambo Open Source, PostNuke, MyPHPNuke, Mantis, Moodle, OOPS, Sourdough, Open Source Suite CRM, Xaraya, Ciao EmailList Manager, Owl Intranet Knowledgebase, pLiMa (php List Manager), phplist, Octeth Email Manager Pro, phpwebtools, sendcard, 68 Mailer, and Coppermine Photo Gallery.

A remotely exploitable denial-of-service vulnerability has been reported in PHPMailer. The vulnerability is caused by a bug in the SMTP-Class Data() function.

Users of PHPMailer or an affected application that uses PHPMailer should watch for a repaired version and upgrade as soon as possible.

GNU Binutils

GNU Binutils is a collection of programming utilities that include as, ld, addr2line, ar, c++filt, gprof, nlmconv, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and windres. A buffer overflow in code contained in the BFD (Binary File Descriptor) parser may be exploitable if victim uses one of these tools on a file that the attacker has crafted to exploit the buffer overflow.

All affected users should watch their vendors for an upgraded version and upgrade as soon as possible.

Popper Webmail

Popper Webmail, a web-based email client written in PHP, is vulnerable to an attack that can be exploited by a remote attacker to execute arbitrary code with the permissions of the user account running the web server. The vulnerability is caused by a bug in the file childwindow.inc.php. This vulnerability is reported to affect all versions of Popper Webmail through version 1.41-r2.

One possible workaround is to set the value of register_globals to off in the system php.ini configuration file. Affected users should consider disabling Popper Webmail until it has been repaired.

Dzip

Dzip is a compression and decompression tool designed to work with Quake demo recordings. Dzip reportedly will extract files to arbitrary locations. This can be exploited by a remote attacker who creates a compressed file that will cause problems when it is uncompressed with Dzip.

It is recommended that users watch their vendors for a new version and not use Dzip to uncompress files from untrusted sources until it has been upgraded. A repaired version is available for Gentoo Linux.

FreeBSD's gzip

FreeBSD has released a repaired version of gzip. This new version of gzip fixes a directory-traversal vulnerability and a file-permission-based race vulnerability. All FreeBSD users should upgrade gzip.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

SSH, The Secure Shell: The Definitive Guide

Related Reading

SSH, The Secure Shell: The Definitive Guide
By Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

Read more Security Alerts columns.

Return to LinuxDevCenter.com

Copyright © 2009 O'Reilly Media, Inc.