Welcome to Security Alerts, an overview of recent Unix and open source security advisories.
In this column, we look at problems in
ggv, Mozilla, Cisco CatOS embedded HTTP server, PAM, and Sun's
xinetd, a version of the Internet services daemon
inetd designed to be
more secure, is vulnerable to a denial of service attack. Versions of
xinetd from 2.3.4 to 2.3.7 are reported to be vulnerable.
Users should upgrade to
xinetd version 2.3.9 or newer as soon as
possible. Red Hat has released updated
xinetd packages that will
repair this problem.
syslog-ng is a system log daemon replacement designed to add additional
features and capabilities. A buffer overflow in the code that handles
syslog-ng's macro expansion can be exploited in a denial of service
attack and may, under some circumstances, be used to execute arbitrary
code with root permissions.
Users should watch their vendor for a repaired version or upgrade
syslog-ng to 1.5.21 for the devel version or 1.4.16 for the stable
version. Debian has released updated packages that fix this buffer
Heartbeat package for Linux provides a service that can be used to
implement system fail over.
Heartbeat is vulnerable to several format
string bugs that can be exploited by a remote attacker and may lead to
a root compromise under some conditions.
It is recommended that users upgrade to a repaired version of
heartbeat be executed as a normal non-privileged user,
and that if
heartbeat is configured to listen to a UDP port, that the
port be protected using a firewall. SuSE has released packages that
repair the format string bugs in
heartbeat, configures it to run as
the user nobody, and repairs a boot time problem.
dvips converts DVI format files into PostScript compatible files and
can be used as a print filter to allow the printing of DVI files.
dvips insecurely uses the
system() function call and, when used as a
print filter, may be exploitable to execute arbitrary code with the
permissions of the user account that the print system is running as.
Affected users should upgrade
dvips to a fixed version or remove it
from their system. Red Hat has released updated packages that repair
SNMP daemon that is a part of the
net-snmp package is vulnerable
to a denial of service attack that uses a carefully created packet.
Before an attacker can exploit this denial of service attack they must
know at least one
SNMP community string for example the "public"
read-only community string that in many installations has not been
Users should update their
net-snmp package with a repaired version.
OpenOffice is vulnerable to a symbolic link race condition during installation that can be used to overwrite arbitrary files on the system with the permissions of the user performing the installation.
It is recommended that multi-user machines be brought to single-user mode prior to installing OpenOffice.
kpf is a small Web server designed to allow a user to easily share a
directory that can be docked in the KDE bar.
kpf has a vulnerability
that allows a remote attacker to easily view any directory or file on
the system readable by the user running
kpf. Versions of
released with KDE 3.0.1 through KDE 3.0.3a are reported to be
Users should upgrade to
kdenetwork-3.0.4 or should not run
their vendor has released updated packages.
ggv PDF and PostScript viewers are vulnerable to the
same buffer overflow that is present in
gv. An attacker can create a
PDF or PostScript file that when read by
ggv can cause
arbitrary code to be executed with the permissions of the user running
Users should upgrade
ggv to repaired versions as soon as
possible and should consider disabling them until they have been
Red Hat has released new Mozilla packages that repair several vulnerabilities in versions prior to 1.0.1. These vulnerabilities could be used by an attacker to read arbitrary data on the local machine or under some conditions execute code as the user running Mozilla.
Affected users should upgrade their Mozilla packages as soon as possible.
A buffer overflow has been reported in the Cisco CatOS embedded HTTP
server that can affect some Cisco Catalyst switches. This buffer
overflow can be used by a remote attacker in a denial of service
attack. Versions of CatOS from 5.4 through 7.3 that contain a "
their image name are reported to be affected.
Cisco recommends that affected users upgrade their switch to a repaired version of CatOS. Affected users should contact Cisco for details.
It has been reported that PAM version 0.76 is vulnerable to a serious
security related bug that causes PAM to treat user passwords locked by
*" in the password field as empty passwords and permitting
access to those accounts without requiring a password if the user has
a shell other than
/bin/false. The current unstable Debian release
sid) is affected by this bug.
Affected users should upgrade to a repaired version of PAM and verify the integrity of their system and their locked accounts.
lockd file locking daemon distributed with Solaris is vulnerable
to a denial of service attack that can result in NFS requests that
require locking to hang or fail. If this denial of service attack is
going on, a
lockd daemon started in debug mode (
-d 1) will result in a
log message similar to the following in
"Oct 8 13:39:41 flower unix: svc_tli_kcreate returned 134"
Sun has released patches for Solaris 2.6, 7, 8, and 9 for Sparc based machines and Solaris X86 2.6, 7, and 8 for Intel based machines.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.