Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in XFree86,
10, Helix Player, ClamAV, XSun, Xprt,
prozilla, AbiWord, Backupninja, Hylafax,
A bug in the code that handles pixmaps in XFree86 may be exploitable by a
remote attacker to execute arbitrary code on the victim's machine with root
permissions. This bug is located in the
Users should watch their vendors for updated packages.
cfengine is a tool for maintaining the configurations of multiple networked
machines. The Debian GNU/Linux administrators reported that
cfengine is vulnerable
to several attacks based on temporary-file, symbolic-link race conditions, which can
be used by a local attacker to overwrite arbitrary files with the permissions
of the victim (probably root). Due to the way that Debian back ports patches,
it is not clear what versions of
cfengine this vulnerability affects.
Users should exercise care until
cfengine has been patched and should watch
their vendors for a repaired version of
A buffer overflow in the RealPlayer and Helix Player media players may be
exploitable by an attacker to execute code with the victim's permissions. This
vulnerability is located in code that deals with the
timeformat option in .rp
(RealPix) and .rt (RealText) formatted files. Versions 10.0.0 through 10.0.5
of RealPlayer 10 and Helix Player for Linux are reported to be vulnerable.
It is not known if the players for other Unix operating systems are vulnerable.
Versions for Mac OS X and Windows are reported to not be vulnerable. A script
to automate the exploitation of this vulnerability has been released to the
All Linux users of RealPlayer or Helix Player should upgrade to version 10.0.6 or newer as soon as possible.
The ClamAV anti-virus scanning application is reported to have unspecified vulnerabilities when processing UPX- and FSG-compressed executables. It is possible that these vulnerabilities could lead to a root compromise.
All users of ClamAV should upgrade to version 0.87 or newer as soon as possible.
The Solaris applications Xsun and Xprt are vulnerable to unspecified problems that can be exploited by a local attacker to execute arbitrary code with root permissions.
Sun has released patches for Solaris 8, 9, and 10 for both SPARC and x86 versions of the operating system. A patch is not currently available for Solaris 7.
The archiving tool
arc is reported to be vulnerable to a temporary-file-symbolic-link-based race condition that may be exploitable by a local attacker to overwrite
arbitrary files with the permissions of the victim using
arc. In addition,
the temporary file that
arc creates is readable by other users on the system.
This could be exploited to read information from the archive that is protected
on the source filesystem.
It is recommended that users exercise care on multi-user machines until
has been repaired. Users should watch their vendors for a repaired version or
arc with another archiving tool. Updated packages have been released
for some versions of SuSE Linux.
prozilla, a download accelerator, has been reported to be vulnerable to a
buffer overflow that may be remotely exploitable and allow an attacker to
execute arbitrary code.
Debian has released a repaired package for woody. Other Debian distributions
are reported to not contain
prozilla. Other affected users should watch for
repaired packages for their distribution.
The word processor AbiWord contains a buffer overflow in code that handles processing a RTF-formatted file. A remote attacker may be able to create a RTF file that, when opened by the victim, causes a buffer overflow and the execution of arbitrary code.
All users of AbiWord should upgrade to version 2.2.10 or newer as soon as possible. Users should also avoid opening files from untrusted sources until AbiWord has been upgraded.
Also in Security Alerts:
Backupninja, a backup control utility, is reported to be vulnerable to a temporary-file-symbolic-link-based race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system.
Affected users should watch for a repaired version of Backupninja.
Hylafax is a fax server and client that supports class 1 and 2 fax modems. The xferfaxstats script distributed with Hylafax is vulnerable to a temporary-file-symbolic-link-based race condition that may be exploitable by a local attacker to overwrite arbitrary files on the system with root permissions. The xferfaxstats script is executed monthly by the root user on a default Hylafax installation.
Users should watch for a repaired version of Hylafax.
ApacheTop is a tool similar to the Unix
top command that displays close-to-real-time information about what the Apache web server is doing. A temporary-file-symbolic-link-based race condition in ApacheTop may under some conditions
be exploitable to overwrite arbitrary files on the system with the victim's
permissions. This vulnerability affects all versions of ApacheTop through version
A patch to repair this vulnerability is reported to be available at bugs.gentoo.org/attachment.cgi?id=69342.
The SNMP (Simple Network Management Protocol) library
with Ubuntu Linux is vulnerable under some circumstances to a remote denial-of-service attack. The attack uses TCP packets to crash the
snmpd server. It
is not known if other Linux distributions are affected by this problem.
Affected users should update their
libsnmp5 library as soon as possible.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.