CDE Troubleby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in CDE's
dtlogin, Oracle, SquirrelMail,
SoX, phpMyAdmin, wvWare, Openftpd, CVSTrac, PostgreSQL's ODBC driver, PuTTY, and Citadel/UX.
- Common Desktop Environment (CDE)
- PostgreSQL ODBC Driver
Common Desktop Environment (CDE)
dtlogin application distributed with CDE may, under some conditions,
be vulnerable to a remote attack using XDMCP packets that may result in a denial-of-service condition or in the execution of arbitrary code with root permissions.
User should watch their vendors for a repair for this vulnerability and should consider disabling XDMCP.
A reported vulnerability in the default permissions of Oracle may be exploitable
by a local user who has access to the default Oracle account (in many cases,
a user named oracle) to execute arbitrary code with the permissions of the root
account. It has been reported that the default Oracle user owns the directory
where Oracle's shared libraries are located. By replacing a shared library with
a customized version, the attacker may cause arbitrary code to be executed when
a set user id root binary, such as
nmo, is executed.
Affected users should contact Oracle for patches or recommended workarounds for this problem.
Users of SquirrelMail should upgrade to version 1.4.3a or newer as soon as possible.
The sound file conversion tool SoX is vulnerable to buffer overflows in the code that handles the header fields of .wav files. By carefully crafting a .wav file and convincing a user to process it using SoX, a remote attacker may be able to execute arbitrary code with the victim's permissions. It is reported that some versions (such as 12.17.4, 12.17.3, and 12.17.2) are vulnerable, and that others (such as 12.17.1, 12.17, and 12.16) are not.
Affected users should watch their vendors for a repaired version of SoX and exercise care when processing .wav files. The last listed release of SoX on its SourceForge page was March 23, 2003. Updated packages containing SoX have been announced by Conectiva, Red Hat, Gentoo, and Mandrake.
A vulnerability in phpMyAdmin may, under some conditions, be exploited by a remote
attacker to cause phpMyAdmin to execute arbitrary PHP code with the permissions of
the user account under which the web server is running. The attacker must be able
to authenticate to phpMyAdmin and
$cfg['LeftFrameLight'] in config.inc.php must
be set to
FALSE before the attacker can exploit this vulnerability.
All affected users of phpMyAdmin should upgrade to version 2.5.7-pl1 as soon as possible.
wvWare is a library used to load and parse Microsoft Word files under Unix.
A buffer overflow has been found in code that handles the
function in a document. If a victim opens a document that has been prepared
by the attacker to exploit the buffer overflow, arbitrary code may be executed
with the victim's permissions.
It is recommended that users upgrade their xvWare libraries as soon as possible. Updated packages have been released by Gentoo and Mandrake.
Openftpd, an open source FTP server for Unix, is reported to be have a format-string vulnerability that, under some circumstances, may result in remote shell access with the permissions of the user logged into Openftpd. This vulnerability is reported to affect Openftpd version 0.30.2 and earlier. A script to help in the exploitation of this vulnerability has been released to the public.
Users should upgrade to the latest CVS version or watch for an updated release.
PostgreSQL ODBC Driver
The PostgreSQL database server has a buffer overflow in its ODBC driver. Under some conditions, this buffer overflow can be used in a denial-of-service attack. It is not known if exploiting the buffer overflow can result in the execution of arbitrary code.
Repaired packages have been released by Mandrake and Debian. Users of other systems should watch their vendors for an update.
CVSTrac is a CVS-repository web browsing tool. A unspecified vulnerability was announced that, according to the report, can be used by a remote attacker to execute arbitrary code on the server with the permissions of the user running the web server.
It is recommended that users upgrade to version 1.1.4 of CVSTrac or watch their vendors for a repaired version. The OpenPKG Project has released a repaired CVSTrac package.
PuTTY, a free version of
telnet and SSH for Windows and Unix machines, is reported
to be vulnerable to a remote attack while PuTTY is authenticating to a host.
Exploiting this vulnerability will allow the attacker to execute code on the
victim's machine. PuTTY 0.54 and earlier versions are reported to be vulnerable.
The authors of PuTTY recommend that users upgrade to version PuTTY 0.55 as soon as possible.
Citadel/UX is a client/server groupware application that supports users connecting
telnet, web, or client software. Citadel/UX is vulnerable to a denial-of-service attack. A script to automate the denial-of-service attack has been
released to the public.
The Citadel developers have placed a patch in CVS to repair this problem. In addition, this problem will be fixed in the next release of Citadel/UX.
Read more Security Alerts columns.
Return to LinuxDevCenter.com