oreilly.comSafari Books Online.Conferences.


Security Alerts KDE Trouble

by Noel Davis

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in KDE, CSV, Subversion, Firebird, FreeBSD msync(), mailman, Opera, Apple's HelpViewer, cPanel, and xpcd.


The code in KDE's URL handlers for telnet:, rlogin:, ssh: and mailto: do not properly filter out "-" characters. Under some conditions, this can be exploited by an attacker to pass arbitrary options to the applications being invoked by the URL handler.

Users of KDE or components of KDE such as Konqueror or Kmail should upgrade to a repaired version of KDE as soon as possible. The KDE team has made source code patches available for KDE 3.0.5b, 3.1.5, and 3.2.2. Users of binary distributions should watch their vendors for updated packages. Updated packages are reported to be available for Conectiva Linux 9 and SuSE Linux 9.1, 9.0, 8.2, 8.1, and 8.0.


CVS (the Concurrent Versions System) is a flexible, open source version-control system designed to work over a network. CVS is vulnerable to a buffer overflow in the code that handles "Entry" lines and flags that may, under some conditions, be exploitable by a remote attacker to execute arbitrary code with the permissions under which CVS is running. It is reported that CVS release 1.11.15 and CVS feature releases up to 1.12.7 are vulnerable to this buffer overflow.

It is recommended that users upgrade to a repaired version of CVS as soon as possible.

Learning Lab TigerLinux/Unix System Administration Certification -- Would you like to polish your system administration skills online and receive credit from the University of Illinois? Learn how to administer Linux/Unix systems and gain real experience with a root access account. The four-course series covers the Unix file system, networking, Unix services, and scripting. It's all at the O'Reilly Learning Lab.


Subversion is a version-control system comparable to CVS. The code in Subversion that handles dates has a bug in both the client and server that may, under some conditions, be exploited by a remote attacker to execute arbitrary code with the permissions of the Subversion user account or used in a denial-of-service attack against Subversion. Read-only servers are also reported to be vulnerable. All versions of Subversion released before version 1.0.3 are thought to be vulnerable.

All users of Subversion should upgrade to version 1.0.3 or newer as soon as possible.

FreeBSD msync()

The FreeBSD msync() function call is used to write modified whole pages to the filesystem. Under some conditions, a user with read access to a file can prevent changes to that file from being written to the disk, leading to inconsistencies between the virtual memory system and disk content.

It is recommended that users upgrade to FreeBSD 4-STABLE or the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the correction date. Patches have also been released for FreeBSD 4.8, 4.9, 4.10 and 5.2.


mailman is a mailing list manager with a very easy-to-use web interface. Versions of mailman prior to version 2.1.5 are reported to be vulnerable to an attack that can be used by an attacker to retrieve a mailman user's mailing list password.

All users of mailman should upgrade to version 2.1.5 or newer as soon as possible.


The Opera web server has a bug in the code that handles telnet: URLs, which may result in a attacker being able to create or overwrite arbitrary files with the permissions of the user running Opera. The URL handles does not check and filter out "-" characters in the telnet: URL. This can allow an attacker to embed command-line parameters in a telnet URL that will be parsed when the victim clicks on the link. This vulnerability is reported to affect both Windows XP and Linux machines. Affected users may remove the handler for telnet and tn3270 from the preferences menu within Opera, or upgrade to Opera 7.50.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

Apple's HelpViewer

A flaw in Mac OS X can, under some circumstances, be exploited using a carefully crafted URL to execute arbitrary commands with the permissions of the victim. Multiple applications are affected by this flaw, including Internet Explorer, Mozilla, and Apple's Safari.

Users should apply the security patch available from Apple and may wish to consider restricting their Internet preferences using a tool such as the More Internet Preferences tool.


cPanel is a web-hosting management system for Unix-based systems that helps users manage their web sites, database configurations, email accounts, and FTP setup. Some configurations of cPanel contain a flaw that can be exploited by a local attacker to execute arbitrary code with the permission of any user that owns a web-viewable PHP web page. All machines with mod_phpsuexec enabled are reported to be vulnerable to this flaw.

Affected users should upgrade to Apache 1.3.31 as soon as possible.


xpcd is a PhotoCD viewer for the X Window System and console displays. The console-based viewer, xpcd-svga, is reported to be vulnerable to a buffer overflow that may, under some conditions, be exploitable to execute arbitrary code with root permissions. The author of xpcd has stated on his web site that xpcd is no longer being maintained.

It is recommended that any set user or group id bits be removed from xpcd-svga as soon as possible, that if xpcd is not being used on a system it be disabled or removed, and that if the application is needed, then users should watch their vendors for a repaired version or look for a replacement viewer.


Firebird, an open source, relational database that runs under Unix, Linux, and Windows, contains a buffer overflow in the code that handles an environmental variable. The buffer overflow reportedly allows an attacker to change or delete databases and replace the Firebird binaries with trojan applications.

Users should upgrade to version 1.5 or newer of Firebird.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Read more Security Alerts columns.

Return to the

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: