Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at a problems with the Apache web server, the Linux kernel, Systrace,
exim, SuSE Live CD 9.1, Heimdal
k5admind, Kolab, IRIX Networking Security, and NukeJokes.
- Apache httpd 1.3.31
- Linux Kernel
- SuSE Live CD 9.1
- IRIX Networking Security
- Crystal Reports
Apache httpd 1.3.31
Several security problems in the Apache HTTP web server have been repaired in version 1.3.31. These problems include: a format-string-based vulnerability that may, under some conditions, lead to arbitrary code being executed with increased permissions; the Apache module
mod_digest was not verifying the return value from clients; an Apache server listening on multiple sockets may be vulnerable, under some conditions, to a race condition that can be used in a denial-of-service attack; and on big-endian 64-bit platforms, some IP-address-based allow/deny rules are not parsed correctly.
It is recommended that all affected users upgrade to version 1.3.31 of the Apache web server as soon as possible.
The Linux kernel contains a bug, in kernel versions 2.4.25 and earlier, in the code that handles the
SCTP_SOCKOPT_DEBUG_NAME option that may be exploitable by an attacker to execute arbitrary code with root permissions.
Affected users should upgrade to Linux Kernel version 2.4.6 or 2.6 as soon as possible.
|Linux/Unix System Administration Certification -- Would you like to polish your system administration skills online and receive credit from the University of Illinois? Learn how to administer Linux/Unix systems and gain real experience with a root access account. The four-course series covers the Unix file system, networking, Unix services, and scripting. It's all at the O'Reilly Learning Lab.|
The implementations of Systrace on FreeBSD and NetBSD are reported to be vulnerable to attacks that may, under some circumstances, be used by an attacker to gain root permissions. Access to the
/dev/systrace device is required to exploit this vulnerability. Versions of NetBSD prior to April 9, 2004 are reported to be vulnerable, as are versions of FreeBSD with the unofficial port of Systrace done by Vladimir Kotal.
Users of NetBSD 2.0 should obtain a kernel dated after April 17, 2004. FreeBSD users should watch for a port of Systrace that has been repaired.
ssmtp is a simple, send-only mail transport agent (MTA). Bugs in the
log_event() may cause a format-string vulnerability that can be exploited by a remote attacker in a denial-of-service attack and may be exploitable to execute arbitrary code with the permissions of the user under which the
ssmtp daemon is running.
Users should watch their vendors for repaired packages. New packages have been released for Gentoo Linux, OpenPKG, and Debian GNU/Linux.
Two buffer-overflow vulnerabilities have been identified in
exim, a mail transfer agent developed by the University of Cambridge. The first buffer overflow is exploitable only when
sender_verify = true has been set in the exim.conf file, and the second buffer overflow can only be exploited when
headers_check_syntax has been enabled.
Repaired packages have been released for Debian GNU/Linux. Users of other systems should watch their vendors for an updated package.
SuSE Live CD 9.1
The SuSE Live CD 9.1 that was distributed with the SuSE Linux 9.1 Personal Edition contains a misconfiguration that will allow a remote attacker to log in with
ssh as root without a password if the system is connected to a network. The SuSE Live CD will attempt to connect to any network that it detects during the boot process.
SuSE has released a reconfigured version of the SuSE Live CD 9.1 as an ISO image. The new configuration will not allow a remote logins for accounts that have a zero-length password and does not allow remote root logins.
Also in Security Alerts:
Heimdal provides Kerberos 5 network authentication protocols and the Heimdal
k5admind daemon provides an administrative interface for the Kerberos Key Distribution Center. In addition, under some configurations of Heimdal the
k5admind daemon also provides Kerberos 4 compatibility. Overflow bugs in the Kerberos 4 support code may be remotely exploitable in a denial-of-service attack or to execute arbitrary code with, in most cases, root permissions.
k5admind is not vulnerable unless the Kerberos 4 support has been enabled during its compile. Also, a bug in the code that verifies the transited field can be exploited on sites that have established trust relationships with other realms, and may allow an administrator in a trusted realm to authenticate as any Kerberos principal in any other realm.
Affected users should disable Kerberos 4 support by using the
--no-kerberos4 command-line switch and should watch their vendors for a repaired version of Heimdal
Kolab is the KDE Groupware server. It provides a web administration interface; a shared address book with provisions for mailbox users, as well as contacts, and POP3, as well as IMAP4 (rev1) access to mail. Kolab has a vulnerability caused by storing store OpenLDAP passwords in plain text.
It is highly recommended that users upgrade to
kolab-1.0-1.0.20.src.rpm or newer as soon as possible.
IRIX Networking Security
Several bugs have been identified in IRIX's networking code. These bugs can be used in a denial-of-service-type attack or may, under some conditions, partially compromise the protection of a firewall.
SGI highly recommends affected users apply patches to protect their systems. Users of IRIX through version IRIX 6.5.22m should contact SGI for more information.
Business Object's Crystal Reports is a flexible reporting tool designed to access data across an enterprise. Crystal Reports Web Interface is reported to contain several vulnerabilities, but no details were announced.
Users of Crystal Reports should contact their vendors for more details and patch availability.
NukeJokes is an module for PHPNuke that provides for a database of jokes to be created and maintained. NukeJokes is reported to be vulnerable to SQL injection attacks, cross-site scripting attacks, and additional unspecified bugs.
Affected users should consider disabling NukeJokes until it has been repaired.
Read more Security Alerts columns.
Return to the LinuxDevCenter.com.