Problems in SpamAssassin, PEAR, and Bugzillaby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open-source security advisories. In this column, we look at problems in SpamAssassin, PHP PEAR, Bugzilla, Heimdal / Kerberos telnetd, Vipul's Razor, TikiWiki, poppassd_pam, zlib, FUSE, Solaris kernel, HT Editor, GNATS, JBoss jBPM, Trustix Secure Linux, and Trac.
- PHP PEAR
- Heimdal / Kerberos telnetd
- Vipul's Razor
- Solaris Kernel Bug
- HT Editor
- JBoss jBPM
- Trustix Secure Linux
SpamAssassin, a popular Spam filtering tool written using Perl, is reported to be vulnerable to a denial of service attack that could cause the server it is running on to become unresponsive. The vulnerability is caused by a bugs in the code that parses email headers. Certain specific headers can cause SpamAssassin to consume a large amount of processor time. Versions 3.0.1, 3.0.2, and 3.0.3 are reported to be vulnerable.
The Apache SpamAssassin Security Team strongly encourages all users to upgrade to version 3.0.4 as soon as possible.
A bug in the XML_RPC portion of PEAR (PHP Extension and Application Repository) may under some circumstances be exploitable by a remote attacker to execute arbitrary code. PEAR is a large collection of packages for PHP development. XML_RPC provides code to allow remote procedure calls using XML.
Users should watch their vendor for an updated version.
Bugzilla is an online web based bug tracking system. Several bugs in Bugzilla can be exploited to gain unauthorized access to information on bugs that have been marked private or hidden.
All administrators of Bugzilla should upgrade to 2.18.2.
Heimdal / Kerberos telnetd
A report from SUSE states that the Heimdal / Kerberos telnetd daemon is vulnerable to a remotely exploitable buffer overflow that can result in arbitrary code being executed as root. The report also states that this version of the telnet daemon is not installed by default.
Affected users should upgrade to a repaired version as soon as possible.
Vipul's Razor is a spam detection and filtering application that uses a distributed and collaborative catalog to detect spam. A bug in the way that Vipul's Razor handles email headers can be abused by a remote attacker to crash the application.
Anyone using Vipul's Razor should upgrade to version 2.70 or newer or watch for their vendor to released a repaired package.
TikiWiki, a implementation of Wiki software written using PHP, is reported to be vulnerable under some conditions to a bug that a remote attacker can abuse to execute arbitrary code. The report states that the vulnerability is due to the use of the XML_RPC code from the PEAR library.
All administrators of servers running TikiWiki should upgrade to version 1.8.5 or 1.9 DR4 as soon as possible.
The poppassd_pam daemon was created to allow remote POP mail users to change their password. However a flaw in poppassd_pam will allow a remote attacker to change any password on the system including root's. poppassd_pam fails to verify that the old user password is valid before it resets the password to the new value.
All users of poppassd_pam should disable it until it has been repaired or replaced. Gentoo Linux has released a replacement daemon named poppassd_ceti.
The zlib compression library is reported to be vulnerable to a buffer overflow. Exploiting the overflow results in applications linked against the library to crash and could also result in arbitrary code being executed with the permissions of the user account running the application. More than a hundred applications are linked against the zlib library.
Users should watch their vendor for a repaired zlib library.
FUSE implements a fully functional filesystem in an application that runs in user space. A problem in FUSE has been reported that could under some conditions allow a local attacker to read pages of memory that they should not be able to access.
Affected users should upgrade to version 2.3.0 or newer of FUSE.
Solaris Kernel Bug
A bug in Sun's Solaris kernel has been reported that can be exploited to bind to another user's (including root) network port. Once the attacker has control over the port they could emulate authorized services and gather information such as login names and passwords. The attack does not work against privileged ports (normally ports below 1024). An application to automate the exploitation of this bug has been released to the public.
Users should install patch number 116965-08 available from Sunsolve. One possible workaround is to use the ndd command to add additional ports above 1024 as privileged ports.
HT Editor is a viewer and editor for executables. Buffer overflows in the PE parser and the ELF parser have been reported. These buffer overflows may be exploitable by an attacker who prepares a carefully crafted executable that they then convince the victim to view or edit with the HT Editor.
Any user of HT Editor should upgrade to version 0.9.1 or newer.
GNATS is a problem reporting and management system released by the GNU organization. Under some conditions a local attacker can abuse the gen-index command to overwrite arbitrary files on the system. In many cases the attacker will be able to use root permissions. GNATS versions 4.1.0 and 4.0 are reported to be vulnerable. It is not known if earlier versions are also vulnerable.
Affected users should watch for a repaired version of GNATS.
JBoss jBPM (Java Business Process Management), a workflow management system, is reported to be vulnerable to a bug in the hsqldb service that can be exploited remotely to execute arbitrary code on the server.
A patch for JBoss is available.
Trustix Secure Linux
The maintainers of Trustix Secure Linux have announced that releases number 1.5 and 2.1 have reached their end of life and that future patches and updates are not planned. All users of Trustix Secure Linux are encouraged to upgrade to version 2.2 as soon as possible.
Trac is a wiki designed to help track issues in a software development project that also connects to the Subversion revision control system. A problem in the code that controls file uploads and downloads can be exploited by a remote attacker to execute arbitrary code with the permissions of the web server.
All users should upgrade to version 0.8.4 or newer of Trac.
Read more Security Alerts columns.
Return to LinuxDevCenter.com