LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

Media-Tool Trouble

by Noel Davis
11/24/2004

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in libgd, mtink, zip, ruby, Samba, freeamp, Kaffeine and gxine, Portage, zgv, shadow, and BNC.

libgd

The libgd library is an ANSI C library that provides for the dynamic creation of images in PNG, JPEG, GIF, and other formats. A bug in code that handles PNG-formatted images has been reported. Under some conditions, it may be exploitable by an attacker using a carefully crafted PNG file and result in arbitrary code being executed on the victim's machine. libgd is used in PHP, and one possible vector of attack is in photo web sites that allow users to upload images and then process those images with a PHP script.

All users of libgd or linked applications (such as PHP) should evaluate their risk of exposure due to this bug, and take appropriate steps. Users should watch their vendors for repaired packages for affected applications. Repaired versions are available for Ubuntu and Debian GNU/Linux.

mtink

mtink, a status monitor and ink-cartridge changer for Epson printers, is reported to be vulnerable to a temporary-file, symbolic link race condition that may, under some conditions, be exploited by a local attacker to overwrite arbitrary files on the system with the permissions of the user running mtink (root, in most cases).

Users of mtink should watch their vendors for an updated package.

zip

The archive utility zip is reported to be vulnerable to a buffer overflow when an archive file with a very long name is unpacked. A remote attacker could create a carefully crafted zip archive file that, when opened by the victim, would execute arbitrary code with the victim's permissions.

Anyone using zip should exercise care when opening .zip files until they have upgraded their version of zip to a repaired version. A repaired version is available for Gentoo Linux.

ruby

The programming language ruby has a vulnerability in its CGI:Session's FileStore functionality that causes session information to be stored insecurely. In addition, the CGI module also has a bug that can be used by a local attacker to cause an infinite loop that can be used in a denial-of-service attack.

All affected users should upgrade as soon as a package becomes available. Updated packages have been released for Mandrake, Gentoo, and Debian GNU/Linux.

Samba

A problem in the code that handles wildcards in filename strings may be exploitable by a remote attacker in a denial-of-service attack that can cause a high load on the victim's machine or, in some cases, make it not respond at all.

The Samba development team has released a patch to Samba 3.0.7. Users should upgrade to Samba 3.0.7 with this patch applied as soon as possible.

freeamp

freeamp is an open source MP3 player that has been replaced by the ZINF (ZINF Is Not FreeAmp!) audio player. ZINF is based on the source code of freeamp, but does not use a trademarked word as part of its name. The playlist module of freeamp is vulnerable to a buffer overflow that could, under some circumstances, result in arbitrary code being executed with the permissions of the user running freeamp.

All affected users of freeamp/ZINF should upgrade to a repaired version as soon as it is available.

Kaffeine and gxine

Kaffeine and gxine are media players that use the xine video library for video playback and video processing. Kaffeine is a media player for KDE3. Both applications share code that provides processing for Content-Type headers. This Content-Type header code contains a buffer overflow that could, under some conditions, be exploited by a remote attacker who controls an HTTP server to which the user has connected. The attacker may be able to create a RealAudio .ram playlist that, when read by Kaffeine or gxine, will result in a buffer overflow and the execution of arbitrary code on the victim's machine.

Users of Kaffeine or gxine should exercise great care until repaired versions have been installed.

Portage

Portage, Gentoo Linux's package management tool, is vulnerable to a temporary-file, symbolic link race condition that can be exploited by a local attacker to overwrite arbitrary files with the permission of the user running the dispatch-conf or qpkg scripts.

All users of Gentoo Linux should upgrade their Portage and gentoolkit packages as soon as possible.

zgv

zgv is a console-based image viewer. Some versions of zgv are reported to be vulnerable to multiple buffer overflows. The attack is conducted by the attacker creating a carefully crafted image file, and the victim then viewing it with zgv. The resulting buffer overflow can result in arbitrary code being executed as root or as the user running zgv.

It is recommended that users watch their vendors for a updated version or upgrade to zgv version 5.8 and apply the patch available from zgv's home page.

shadow

A bug in the shadow suite of tools can be abused by a local user who is logged in but has an expired password. The chfn and chsh tools can be used to change account information without the user being forced to change his or her password.

Users should upgrade to a repaired shadow utility package when it becomes available.

BNC

BNC is an Internet relay chat (IRC) proxying server. BNC has a buffer overflow in the function getnickuserhost() that may be exploited by a remote attacker as a denial-of-service attack. It is not known if this buffer overflow can be exploited to execute code or to gain additional permissions on the victim's machine.

It is recommended that users of BNC upgrade to version 2.9.0 as soon as possible.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: