Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at a security update to Apache; a major problem in
sendmail; buffer overflows in Balsa,
lpr-ppd, and Solaris'
dtsession; and problems in NetPBM, Eye of GNOME, the Progress database, and Red Hat Linux 9's
Apache 2.0.45 has been released and is described as "principally a security and bug fix release." This new version of Apache repairs a denial-of-service vulnerability, fixes several leaks of file descriptors to CGI scripts and other child processes, and repairs a collection of other non-security related bugs.
The Apache Software Foundation and The Apache HTTP Server Project encourage users of Apache to upgrade to version 2.0.45.
sendmail has a buffer overflow, in the code that handles address
parsing, that may be remotely exploitable to execute arbitrary code
with root permissions.
Sendmail, Inc., and the Sendmail Consortium recommend that all users
sendmail upgrade to version 8.12.9 or apply the appropriate patch
as soon as possible.
Balsa is an email client for Gnome that supports POP3, IMAP, and local folders. Balsa is vulnerable to a buffer overflow in the code that handles mailbox names returned by an IMAP server. This buffer overflow can be exploited by a remote attacker that has control over an IMAP server to which the client connects.
Affected users should upgrade to a repaired version of Balsa as soon as possible.
libsmtp contains a buffer overflow that can be exploited
by sending the client unusually long responses from a SMTP server
under the control of an attacker. Exploiting this buffer overflow can
result in a denial of service or in the execution of arbitrary code.
Users should upgrade to version 0.8.11 or newer of
libsmtp as soon as
NetPBM is a toolkit for manipulation of graphic images. The NetPBM library contains vulnerabilities that can be exploited by an attacker using a carefully crafted graphics file to execute arbitrary code with the permissions of the user running the application linked to the library. It is reported that under Red Hat Linux, the printing system is vulnerable to an attack using this vulnerability, as it uses the NetPBM utilities to parse image files.
Affected users should watch their vendors for updated packages that fix these vulnerabilities. Red Hat Linux users should consider disabling their printing system until NetPBM has been updated.
Eye of GNOME is an image viewer and cataloging program that is distributed with the GNOME desktop. Version 2.2.0 and earlier of Eye of GNOME contain vulnerabilities that can be exploited to execute arbitrary code with the permissions of the user running Eye of GNOME. It has been reported that this vulnerability can be exploited by sending a carefully crafted email to a user who is reading their email with an email client that views images using Eye of GNOME.
It is recommended that users upgrade to Eye of GNOME version 2.2.2 or newer, or watch their vendors for a repaired package.
passlogd, the passive syslog capture daemon, is a custom network
sniffer that is designed to capture
syslog messages off of the network
so that a backup logging machine can be created that does not have any
open ports. Versions of
passlogd before 0.1e contain vulnerabilities
that can be used by a remote attacker to execute arbitrary code on the
passlogd with, in many cases, root permissions.
Users should upgrade to version 0.1e or newer of
passlogd as soon as
possible and should disable it until it has been updated. Users
should also consider protecting the logging machine from untrusted
traffic using a tool such as a firewall.
The Progress database opens its configuration files as the root user. A local attacker can, by setting specific environmental variables to the path to protected files (such as /etc/shadow), cause Progress to display content from these files in its error messages.
A reported workaround is to remove the set-user-id bits from all of the Progress database applications. Users should watch for a repair for this problem.
A buffer overflow has been reported in
lpr-ppd, a line printer daemon
distributed with Debian (
sid), which can be exploited by a
local attacker to gain root permissions. This vulnerability is
reported to not affect older
potato versions of Debian.
It is recommended that affected users upgrade to version 0.72-2.1 for
woody and version 0.72-3 for
vsftpd daemon distributed with Red Hat Linux 9 is configured to
run as a standalone daemon and was not compiled against TCP
wrappers. It will therefore not follow the restrictions configured in
/etc/hosts.allow and /etc/hosts.deny. This problem only affects boxed
sets with the part numbers RHF0120US and RHF0121US.
Affected users should upgrade to the upgraded packages as soon as
possible. Users who do not use
vsftpd should insure that it is
removed or disabled.
The CDE session manager
dtsession distributed with Solaris is
vulnerable to a buffer overflow, in the code that handles the
environmental variable, which can be exploited by a local attacker to
obtain root permissions.
A suggested temporary workaround is to remove the set-user-id bit
dtsession. Users should watch Sun for a patch for
CDE is not being used on the system, users should consider permanently removing the
set-user-id bits from
dtsession and other other CDE utilities.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.