Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Qt Trouble

by Noel Davis
08/23/2004

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in Qt, SpamAssassin, MySQL, rsync, NetBSD ftpd, Xine-lib, KDE, Adobe Acrobat Reader, Gaim, and xv.

Qt

Qt, a C++ application development framework, is reported to have a buffer overflow in its image parsers that may affect any application linked against Qt and that processes BMP, XPM, GIF, and JPEG images. The attacker can exploit this vulnerability by carefully constructing a BMP, XPM, GIF, or JPEG image which then must be viewed or browsed by the victim using a tool linked with Qt. Successful exploits of this vulnerability may result in arbitrary code being executed. Examples of tools affected by this vulnerability are QT-based image viewers and the Konqueror web browser.

It is recommended that users upgrade to Qt version 3.3.3 or newer as soon as possible.

SpamAssassin

SpamAssassin uses a set of filters to identify and process spam by discarding, storing in a folder, or marking (in the subject line) email as spam. It is highly configurable and used by many users. SpamAssassin is reported to be vulnerable, in some cases, to a denial-of-service attack that uses malformed email messages to crash SpamAssassin. The vulnerability is reported to affect versions 2.5x and 2.6x of SpamAssassin.

Users should upgrade to SpamAssassin version 2.64 or newer as soon as possible or should watch their vendors for a updated package.

MySQL

The mysqlhotcopy script distributed with the MySQL database is reported to be vulnerable to a temporary-file, symbolic-link-based race condition that may be exploitable by a local attacker to overwrite arbitrary files with the permissions of the user account executing the mysqlhotcopy script.

Affected users should watch for a repaired version of MySQL. Debian has released repaired packages.

rsync

A path-sanitizing bug in all versions of rsync prior to 2.6.3pre1 may be exploitable, under some conditions, to read and write to files outside of the specified directory path. rsync is only vulnerable when it is running in daemon mode and configured with chroot = false.

Users should upgrade to version 2.6.3pre1 or newer of rsync as soon as possible. It is also suggested that rsync be configured to run in a chrooted environment (i.e. chroot = true) and that rsync be configured to run with the minimum user permissions necessary. If it is not possible to upgrade, rsync chroot = true should be set. Updated packages have been released for Gentoo Linux, Linux Netwosix, Trustix Secure Linux, Debian GNU/Linux, tinysofa, SuSE Linux, and Mandrake Linux.

NetBSD ftpd

The FTP daemon distributed with NetBSD 1.6.2 and other versions is vulnerable to an attack on the FTP daemon that can be exploited by an attacker to gain FTP access as the root user. With FTP access as the root user, an attacker has many ways to gain remote root shell access to the machine. Versions of FTP vulnerable to this problem include all versions of lukemftpd, NetBSD-ftpd before 20040809, and versions of tnftpd before 20040810. NetBSD has disabled FTP by default in all versions from NetBSD-1.5.3 to the current version.

Affected users should upgrade their FTP daemon to a repaired version, disable FTP, or add a -r switch to the FTP daemon in the /etc/inetd.conf file and then reload inetd. The -r switch causes the FTP daemon to permanently drop root permissions once the user logs in.

Xine-lib

Xine-lib, used by the free Linux media player Xine, has a buffer overflow in the vcd:// buffer that can be used by a remote attacker who uses a carefully crafted playlist file to exploit the buffer overflow and execute arbitrary code with the permissions of the user running Xine. Code to exploit the buffer overflow has been released to the public.

Users should watch for repaired version of Xine-lib and exercise care when viewing playlists and other files using Xine.

KDE

Bugs in the mcoputils code and the dcopserver code in the KDE libraries can be exploited in a temporary-file, symbolic-link race-condition-based attack that can result in an attacker overwriting arbitrary files, causing a denial of service.

It is recommended that users upgrade KDE as soon as possible.

Adobe Acrobat Reader

The Adobe Acrobat Reader application for Unix systems is used to display PDF (Portable Document Format) files. The code that handles uudecoding in the Adobe Acrobat Reader does not check the length of the filename of the encoded file before it copies it into a fixed-size buffer. The resulting buffer overflow can be exploited by a remote attacker to execute arbitrary code if the attacker can trick the victim into opening a carefully crafted PDF file.

Users should upgrade to version 5.0.9 of the Adobe Acrobat Reader as soon as possible and should exercise care in opening untrusted PDF files.

Gaim

The Gaim instant messenger client is reported to be vulnerable to multiple buffer overflows, including one in the code that handles MSN protocol parsing. Some of these buffer overflows may be exploitable by a remote attacker to execute arbitrary code with the permissions of the user running Gaim.

Users should watch their vendors for a repaired version of Gaim.

xv

The xv image viewer is reported to be have multiple buffer-overflow bugs that may be exploitable by a remote attacker to execute arbitrary code, if a user views a carefully constructed image file sent by the attacker. These buffer overflows were reported to affect version 3.10a of xv.

Users should watch their vendors for a repaired version of xv.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to LinuxDevCenter.com

Copyright © 2009 O'Reilly Media, Inc.