Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in DB2, SHOUTcast,
libtiff, wxGTK2, phpGroupWare, Vim,
Several problems have been reported in IBM's DB2 database. These problems
XMLFileFromClob functions can be used to
write files on the server; the
can be used to read arbitrary files on the server; there are buffer overflow
vulnerabilities in the
xmlfilefromclob functions that can be exploited to execute arbitrary code
with the permissions of the user running DB2; the
can be used in a denial-of-service attack that will cause DB2 to crash; if
DB2 is configured to use satellite administration, then the
SATENCRYPT SQL function
is vulnerable to a buffer overflow; the JDBC Applet Server is vulnerable to
a buffer overflow that can be remotely exploited without authenticating to
DB2; there is a buffer overflow in the
CREATE WRAPPERS functionality;
and there are buffer overflows in the
libdb2.so.1 library and the
utility that can both be exploited to execute arbitrary code with root permissions.
All of these vulnerabilities are reported to be repaired in the latest fixpaks from IBM for DB2 7.x and 8.1.
SHOUTcast is a streaming audio server developed by Nullsoft. A bug in SHOUTcast may be remotely exploitable to crash the server and possibly, execute arbitrary code with the permissions of the user running SHOUTcast. Code to automate the exploitation of this vulnerability has been released to the public.
Nullsoft strongly urges all users to upgrade to SHOUTcast DNAS 1.9.5 as soon as possible.
The open source 80x86 assembler
nasm is reported to contain a buffer overflow.
This buffer overflow can be exploited by an attacker who creates a carefully
crafted assembly source code file and then convinces the victim to assemble
Affected users should watch their vendors for a repaired version. Mandrake has released a repaired version for Mandrake Linux 10.0 and 10.1.
The HTML-to-text converter Vilistextum is vulnerable to a buffer overflow
that, under certain conditions, can be exploited by a remote attacker and result
in arbitrary code being executed with the permissions of the victim. The buffer
overflow is in the
get_attr() function contained in html.c.
Users should discontinue use of Vilistextum with untrusted data until a repaired version has been installed.
libtiff, a library that provides support for Tagged Image File Format (TIFF)
images, contains a bug in the code that processes images with the
flag and an additional buffer overflow. Under some conditions, both of these
bugs may be exploitable to execute arbitrary code.
Users should watch their vendors for a repaired version of the
and any other applications that may have been statically linked against a vulnerable
The GTK2 version of the wxWidgets GUI toolkit is vulnerable to several buffer
overflows due to the inclusion of vulnerable code from the
library. At least one of the vulnerabilities is reported to be remotely exploitable
and can result in code being executed on the victim's machine.
All users should watch their vendors for updated packages for the toolkit and any other applications affected by this vulnerability.
phpGroupWare, a web-based application that includes tools including a calendar, address book, to-do list, email, wiki, and news headline reader, is reported to be vulnerable to multiple attacks. These vulnerabilities are reported to include multiple SQL injection attacks, information disclosure vulnerabilities, and multiple cross-site scripting-based attacks.
It is recommended that users upgrade to the latest version of phpGroupWare or watch their vendors for an updated package. It is not clear if the latest version of phpGroupWare repairs all of the disclosed vulnerabilities; users should watch for future releases.
Vim is reported to be vulnerable to an attack that abuses Vim's
to execute arbitrary commands. An attacker conducts this attack by creating
and sending to the victim text that contains
modlines that will execute when
the text it is edited with Vim. Any user who reads email messages or log files with
exercise special care.
It is recommended that users upgrade to a version that has been patched with
vim 6.3.045 patch as soon as possible. Adding the line
modelines=0 to .vimrc may also disable the processing of
namazu2 is a web-based, full-text search engine. It is vulnerable to a cross-site scripting-based attack where the attacker creates a payload script that
is indexed by
namazu2 and then displayed unchanged (unsanitized) to the victim.
Cross-site scripting is a type of attack that uses a web application that does not
other script to the victim. This script can conduct many different attacks,
such as account hijacking or gathering other information from the victim.
Affected users should watch their vendors for a repaired version of
or should upgrade to
namazu 2.0.14 or newer as soon as possible.
htmlheadline is vulnerable to a temporary-file, symbolic-link-based race condition
that may be exploited by a local user to write to arbitrary files on the system
with the permissions of the victim.
htmlheadline is a script designed to fetch
headlines from web-based news sites.
Affected users should consider disabling
htmlheadline until it has been repaired.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.