LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

PHP, cpio, and rsnapshot Trouble

by Noel Davis
04/22/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in PHP, cpio, rsnapshot, Gld, Axel, Domino, BrightStor ARCserve Backup, xv, Pine, GnomeVFS, libcdaudio, FreeBSD's ifconf, libexif, and monkeyd.

PHP

Unspecified security problems identified by NGSSoftware as "multiple medium-risk vulnerabilities" have been announced in PHP 5.0.3 and PHP 4.3.10. An announcement from the PHP 4.3.11 release mentions "... several security issues inside the exif and fbsql extensions as well as the unserialize(), swf_definepoly(), and getimagesize() functions."

PHP versions 5.0.4 and 4.3.11 have been released and users should consider upgrading.

cpio

cpio, a utility to copy files into or out of a cpio or tar archive, is reported to be vulnerable to a race condition that, under some conditions, could be exploited to change the permissions on arbitrary files on the system. The attacker must be able to create and remove files in the directory being used to extract files from the archive before they can exploit this vulnerability.

Concerned users should only extract files into a secure directory.

rsnapshot

rsnapshot is a filesystem snapshot utility, written in Perl, designed to make backups of local and remote systems. A flaw in the copy_symlink() function in rsnapshot may be exploitable by a local attacker to change the ownership of files and, in some cases, gain root permissions.

rsnapshot version 1.2.1 has been released to repair this problem. Users of rsnapshot 1.1.6 or earlier can upgrade to version 1.1.7.

Gld

Gld, a greylisting daemon that works with the Postfix mail handler, contains buffer overflows in code located in server.c, and format-string-based vulnerabilities in cnf.c. These vulnerabilities may be exploitable by a remote attacker to execute arbitrary code with the permissions (in most cases) of the root user. These vulnerabilities are reported to affect version 1.4 and earlier of Gld.

All users of Gld should upgrade to version 1.5 as soon as possible.

Axel

The download accelerator Axel is reported to be vulnerable to buffer overflows that may result in arbitrary code being executed with the permissions of the user running Axel. Axel accelerates a download by breaking the download into multiple pieces and making multiple simultaneous HTTP or FTP connections to download the file.

Users of Axel should upgrade to version 1.0b or newer as soon as possible.

Domino

A buffer overflow in Domino can be exploited by a remote attacker who submits large amounts of data to certain date or time fields though Domino's web interface and can result in Domino crashing or in arbitrary code being executed. These buffer overflows are reported to affect versions 6.0.5 and 6.5.4 of Domino.

These buffer overflows are reported to be repaired in SPR# KSPR68QNST.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

BrightStor ARCserve Backup

The cross-platform backup and recovery tool BrightStor ARCserve Backup is reported to be vulnerable to buffer overflows that may be exploitable to execute arbitrary code on the machine running the agent with system permissions. The Windows version of the agent is the only version currently reported to be vulnerable.

Affected users should contact CA for more information on this vulnerability and should consider using a tool such as a firewall to protect their vulnerable machines from compromise.

xv

The X Window System image viewer xv is reported to be have multiple buffer overflow bugs that may be exploitable by a remote attacker to execute arbitrary code if a user views a carefully constructed image file sent by the attacker. These buffer overflows were reported to affect versions of xv that were patched to repair similar vulnerabilities from the fall of 2004.

Users should watch their vendors for a repaired version of xv.

Pine

The rpdump utility distributed with the Pine mail client is reported to be vulnerable to a symbolic-link race conditions style attack if rdump creates its output in a directory that the attacker has permission to write in (for example, /tmp).

It is recommended that rdump be used only when the directory it is writing to is only writable by the user. Affected users should also watch for a repaired version.

GnomeVFS and libcdaudio

Both GnomeVFS and libcdaudio have been reported to be vulnerable to buffer overflows that may be exploitable by a remote attacker who controls a CDDB server to which the victim connects. GnomeVFS is a filesystem abstraction library for GNOME. libcdaudio is a portable programming library for controlling audio CDs. Successfully exploiting these buffer overflows could result in the attacker executing arbitrary code with the permissions of the user running the vulnerable application.

Affected users should watch their vendors for repaired versions of GnomeVFS and libcdaudio. Updated packages for Gentoo Linux have been released.

FreeBSD ifconf()

The ifconf() function in FreeBSD contains a bug that discloses 12 bytes of kernel memory that could contain sensitive information such as passwords. This disclosed information might be of direct use to an attacker or could used to gain additional access to the machine.

A patch is available to repair this bug in the FreeBSD kernel. There is no known workaround.

libexif

The graphics library libexif provides code to parse EXIF tags. EXIF tags are often added to JPEG files by digital cameras. A buffer overflow in libexif could result in arbitrary code being executed with the permissions of the user account running an application linked against the library.

Users should watch their vendors for an updated package.

monkeyd

The monkeyd web server is reported to be vulnerable to a remotely exploitable format-string-based vulnerability that, if exploited, could crash the server or possibly result in arbitrary code being executed with the permissions of the user running monkeyd.

All users of monkeyd should upgrade to version 0.9.1 or newer as soon as possible.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: