PHP, cpio, and rsnapshot Troubleby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in PHP,
Axel, Domino, BrightStor ARCserve Backup,
xv, Pine, GnomeVFS,
- BrightStor ARCserve Backup
- GnomeVFS and
Unspecified security problems identified by NGSSoftware as "multiple
medium-risk vulnerabilities" have been announced in PHP 5.0.3 and PHP
4.3.10. An announcement from the PHP 4.3.11 release mentions "... several
security issues inside the
fbsql extensions as well as the
PHP versions 5.0.4 and 4.3.11 have been released and users should consider upgrading.
cpio, a utility to copy files into or out of a
tar archive, is reported
to be vulnerable to a race condition that, under some conditions, could be exploited
to change the permissions on arbitrary files on the system. The attacker must
be able to create and remove files in the directory being used to extract files
from the archive before they can exploit this vulnerability.
Concerned users should only extract files into a secure directory.
rsnapshot is a filesystem snapshot utility, written in Perl, designed to make
backups of local and remote systems. A flaw in the
rsnapshot may be exploitable by a local attacker to change the ownership
of files and, in some cases, gain root permissions.
rsnapshot version 1.2.1 has been released to repair this problem. Users of
rsnapshot 1.1.6 or earlier can upgrade to version 1.1.7.
Gld, a greylisting daemon that works with the Postfix mail handler, contains buffer overflows in code located in server.c, and format-string-based vulnerabilities in cnf.c. These vulnerabilities may be exploitable by a remote attacker to execute arbitrary code with the permissions (in most cases) of the root user. These vulnerabilities are reported to affect version 1.4 and earlier of Gld.
All users of Gld should upgrade to version 1.5 as soon as possible.
The download accelerator Axel is reported to be vulnerable to buffer overflows that may result in arbitrary code being executed with the permissions of the user running Axel. Axel accelerates a download by breaking the download into multiple pieces and making multiple simultaneous HTTP or FTP connections to download the file.
Users of Axel should upgrade to version 1.0b or newer as soon as possible.
A buffer overflow in Domino can be exploited by a remote attacker who submits large amounts of data to certain date or time fields though Domino's web interface and can result in Domino crashing or in arbitrary code being executed. These buffer overflows are reported to affect versions 6.0.5 and 6.5.4 of Domino.
These buffer overflows are reported to be repaired in SPR# KSPR68QNST.
Also in Security Alerts:
BrightStor ARCserve Backup
The cross-platform backup and recovery tool BrightStor ARCserve Backup is reported to be vulnerable to buffer overflows that may be exploitable to execute arbitrary code on the machine running the agent with system permissions. The Windows version of the agent is the only version currently reported to be vulnerable.
Affected users should contact CA for more information on this vulnerability and should consider using a tool such as a firewall to protect their vulnerable machines from compromise.
The X Window System image viewer
xv is reported to be have multiple buffer
overflow bugs that may be exploitable by a remote attacker to execute arbitrary
code if a user views
a carefully constructed image file sent by the attacker. These buffer overflows
were reported to affect versions of
xv that were patched to repair similar
vulnerabilities from the fall of 2004.
Users should watch their vendors for a repaired version of
rpdump utility distributed with the Pine mail client is reported to be
vulnerable to a symbolic-link race conditions style attack if
its output in a directory that the attacker has permission to write in (for
It is recommended that
rdump be used only when the directory it is writing
to is only writable by the user. Affected users should also watch for a repaired
Both GnomeVFS and
libcdaudio have been reported to be vulnerable to buffer
overflows that may be exploitable by a remote attacker who controls a CDDB
server to which the victim connects. GnomeVFS is a filesystem abstraction library
libcdaudio is a portable programming library for controlling audio
CDs. Successfully exploiting these buffer overflows could result in the attacker
executing arbitrary code with the permissions of the user running the vulnerable
Affected users should watch their vendors for repaired versions of GnomeVFS
libcdaudio. Updated packages for Gentoo Linux have been released.
ifconf() function in FreeBSD contains a bug that discloses 12 bytes of
kernel memory that could contain sensitive information such as passwords. This
disclosed information might be of direct use to an attacker or could used to
gain additional access to the machine.
A patch is available to repair this bug in the FreeBSD kernel. There is no known workaround.
The graphics library
libexif provides code to parse EXIF tags. EXIF tags are
often added to JPEG files by digital cameras. A buffer overflow in
could result in arbitrary code being executed with the permissions of the user
account running an application linked against the library.
Users should watch their vendors for an updated package.
monkeyd web server is reported to be vulnerable to a remotely exploitable
format-string-based vulnerability that, if exploited, could crash the server
or possibly result in arbitrary code being executed with the permissions of
the user running
All users of
monkeyd should upgrade to version 0.9.1 or newer as soon as possible.
Read more Security Alerts columns.
Return to LinuxDevCenter.com