Buffer overflows in OpenUnix 8 utilities and the Solaris printer daemon
Pages: 1, 2
A buffer overflow in TrollFTPD's handling of recursive directories can be used by a remote attacker to gain root access to the server. Pure-FTPd, a derivative of TrollFTPD, is reported as not vulnerable to this buffer overflow.
Users should upgrade to TrollFTPD version 1.27 as soon as possible.
The JavaServer Web Development Kit (WDK) has a bug that can be used to read, with the permissions of the root user, any file on the server. This can be used by an attacker to access encrypted passwords in the shadow password file, and can be used to gain information for an attack against the system.
Users should watch Sun for an update to the JavaServer WDK.
A buffer overflow in
gdm can be exploited by sending a carefully-crafted XDMCP message to gain root access on the server.
gdm should watch their vendor for a repaired version and should consider disabling XDMCP in
gdm.conf if it is not needed.
BSCW, a Web-based groupware system, has a vulnerability that can be used to read any file on the system that is readable by the user running the Web server. The attack against this vulnerability has two parts; the first part is exploited by preparing a carefully-crafted tar file that contains links to files on the BSCW server. When this tar file is extracted in the BSCW "data-bag," the attacker can then follow the symbolic links and download the linked files. For example, the attacker can download the BSCW password file and gather information for other attacks.
The developers of BSCW have released patches for this vulnerability and it is recommended that all users of BSCW apply them as soon as possible.
The Sun Solaris BSD print protocol daemon
in.lpd has a buffer overflow that can be used by a remote attacker to execute arbitrary code on the server as the root user. This buffer overflow has been reported to affect Sparc and x86 versions of Solaris 2.6, 7, and 8.
Sun has released patches to fix this buffer overflow and it is recommended that this patch be applied as soon as possible.
The HP-UX line printer daemon
rlpdaemon has a remotely-exploitable buffer overflow that can be used by an attacker to execute arbitrary commands as the root user. This has been reported to affect HP-UX versions 10.01, 10.10, 10.20, 11.00, and 11.11.
Users should apply the appropriate patch for this problem as soon as possible.
Many systems are vulnerable to attacks, such as the Solaris or HP-UX printer daemon buffer overflows, that do not even use the vulnerable application. Remaining current on security announcements is a very good way to protect the security of a system, but it is also important to turn off unused services so that a system will never be made vulnerable by an application that is not being used.
Read more Security Alerts columns.
Return to the Linux DevCenter.