Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Security Alerts

Problems in Oracle Reports

by Noel Davis
07/29/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in Oracle Reports, Skype for Linux, MediaWiki, Kate, Kwrite, Shorewall, ekg, libgadu, PHPNews, phpSurveyor, Affix, Heartbeat, and phpPgAdmin.

Oracle Reports

Oracle's enterprise reporting tool Oracle Reports is reported to be vulnerable to cross-site scripting attacks; attacks that allow an attacker to read and write to arbitrary files; and attacks that allow an attacker to execute arbitrary code with the permissions of the oracle user account.

The report states that the cross-site scripting vulnerability affects version 9.0.2 + patchset 2 of Oracle Reports. The versions of Oracle Reports affected by the code-execution attack include 6.0, 6i, 9i, and 10g. All versions of Oracle Reports may be vulnerable to the read-any-file problem. The writing-of-any-file problem is only reported to affect versions 6.0, 6i, 9i, and 10g.

Users should contact Oracle for a resolution or workaround for these vulnerabilities.

Skype for Linux

Skype is an application for making voice chat connections across the internet to other users of Skype. It is very popular and has many features, such as conference calls, calling normal phone numbers, and file transfers. Its available for Windows, Mac OS, Linux, and Pocket PC.

Version 1.1.0.20 of Skype is reported to be vulnerable to a temporary-file, symbolic-link race condition when the user adds an image to his or her personal profile. This could allow a local attacker to overwrite arbitrary files on the system with the permissions of the victim.

Every affected user on multiuser systems should avoid updating the image in his or her profile until this problem has been fixed.

MediaWiki

MediaWiki is the software behind the very popular Wikipedia web site and hundreds of public and private Wikis. A Wiki ("What I Know Is") is a collaborative online database that displays its data as web pages that can be edited by anyone or by a group of authorized users. Under some conditions, users of a MediaWiki server are vulnerable to a cross-site scripting attack that could result in arbitrary JavaScript code being executed by their web browsers with their permissions. MediaWiki versions earlier than 1.4.7 are reported to be vulnerable.

All MediaWiki servers should be upgraded to version 1.4.7 or newer as soon as possible.

Kate and Kwrite

Local users can, under some conditions, read backup files created by Kate and Kwrite, even if the originating files have more restrictive permissions. The problem with the backup files is caused by a bug in the kdelib library.

Affected users should watch their vendors for an updated kdelib package.

Shorewall

Shorewall, a front-end tool for configuring Netfilter, contains a bug in its MAC address filtering code that may result in a remote authenticated client bypassing all security restrictions. Netfilter is a firewall included in the Linux kernel.

Users of Shorewall version 2.0.17 or later should apply the firewall script (which is available in the errata files) for their version. Users of earlier versions should upgrade to a supported version and apply the updated firewall version. Another option is to upgrade to Shorewall version Shorewall 2.4.2 or newer.

libgadu Library and ekg

The libgadu library is used in ekg and other instant messenger clients to provide Gadu-Gadu protocol support. A buffer overflow in the libgadu library is reported to be exploitable to execute arbitrary code with the permissions of the user running the messengering client. There are also other problems reported in the library and in ekg.

It is strongly recommended that all users of ekg upgrade to version 1.6rc3 or newer. This version of ekg includes a repaired version of the libgadu library. Users of other instant messaging clients that use libgadu should watch their vendors or the maintainers of the client for updated versions.

PHPNews

PHPNews, a popular web-based news application written in PHP, is reported to be vulnerable (under some conditions) to several attacks that can result in arbitrary code being executed with the permissions of the user account used to run the web server. The vulnerabilities reportedly allow the attacker use SQL injection to log in to the admin panel, upload code instead of a image using the upload images functionality, and edit the template and add code. PHPNews version 1.2.6 and earlier are reported to be vulnerable.

All vulnerable users of PHPNews should upgrade to version 1.3.0 as soon as possible.

phpSurveyor

phpSurveyor is a web-based survey creation tool written using PHP and MySQL. Version 0.98 Stable is reported to be vulnerable to multiple SQL injection bugs and many cross-site scripting vulnerabilities.

Users of phpSurveyor should watch for a repaired version and should consider disabling the software until it has been patched or upgraded.

Affix

Affix is a Bluetooth protocol stack for Linux. A buffer overflow in code dealing with the FTP protocol can, under some circumstances, be exploitable to execute arbitrary code with root permissions.

Users of Affix should apply the available patch or watch their vendors for a repaired version.

Heartbeat

Heartbeat, a system monitoring tool that is part of High-Availability Linux, is reported to be vulnerable to a temporary-file, symbolic-link race condition.

Affected users should watch their vendors for a repaired package.

phpPgAdmin

phpPgAdmin is a web-based administration tool written using PHP for the PostgreSQL database. The parameter formlanguage in the index.php script is not validated before it is used to include files. As a result, an attacker who can create or write to a file on the server can cause arbitrary code to be executed. Systems with magic quotes enabled are not vulnerable to this problem.

It is recommended that all users upgrade to phpPgAdmin version 3.5.4 or newer as soon as possible.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

SSH, The Secure Shell: The Definitive Guide

Related Reading

SSH, The Secure Shell: The Definitive Guide
By Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

Read more Security Alerts columns.

Return to LinuxDevCenter.com

Copyright © 2009 O'Reilly Media, Inc.