LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts Squid Security Issues

by Noel Davis
04/07/2004

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in squid, Ethereal, monit, texutil, nstxd, eMule, vfte, YaST Online Update, oftpd, OpenLDAP, and MPlayer.

squid

The squid caching server is reported to be vulnerable to an attack that can bypass its access control lists by inserting a NULL character into decoded URLs.

Users should upgrade to Squid-2.5.STABLE5 or newer. In addition to the access control list problem, the 2.5.STABLE5 release also fixes a denial-of-service vulnerability and a buffer overflow that is not thought to be exploitable.

Ethereal

Ethereal is a powerful network protocol analyzer with a graphical interface. Buffer overflows have been found in the code that dissect NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP packets; RADIUS packets; and color filter files. These buffer overflows may be exploitable by a remote attacker to crash Ethereal or to execute arbitrary code.

It is recommended that all users upgrade to version 0.10.3 of Ethereal or newer as soon as possible. It is possible to turn off all of the protocol dissectors, but this is not recommended.

Learning Lab TigerLinux/Unix System Administration Certification -- Would you like to polish your system administration skills online and receive credit from the University of Illinois? Learn how to administer Linux/Unix systems and gain real experience with a root access account. The four-course series covers the Unix file system, networking, Unix services, and scripting. It's all at the O'Reilly Learning Lab.

FreeBSD IPV6

The FreeBSD project uses the KAME IPv6 implementation. A bug in some IPv6 options of the setsockopt() function call can be exploited to read portions of kernel memory which may result in privileged information being disclosed. In addition this bug may under some circumstances be used as part of a denial of service attack.

Users should upgrade to the RELENG_5_2 to repair this bug.

monit

The system management utility monit is vulnerable to buffer overflows in its HTTP interface that may be exploitable by a remote attacker to execute arbitrary code with the permissions of the user id the monit HTTP interface is running under and under some conditions gain root permissions.

The monit team has released version 4.2.1 of monit and recommends that users upgrade as soon as possible or turn off the HTTP interface in earlier versions.

texutil

Under some conditions texutil is vulnerable to a temporary file symbolic link race condition that could be used to overwrite arbitrary files on the system with the users permissions. The attacker must be able to create a symbolic link in the victims current working directory and the victim must use the --silent command line option for this vulnerability to be exploitable.

Affected users should watch their vendor for a repaired version of texutils.

nstxd

nstxd is the server that implements NSTX (the Nameserver Transfer Protocol) which is designed to allow IP tunneling using DNS queries and replies to encapsulate the packets. A buffer overflow has been reported in nstxd that can be used to crash nstxd and may under some conditions result in arbitrary code being executed with root permissions.

Users should upgrade to version 1.1-beta4 of nstx as soon as possible.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

eMule

eMule is an open source peer to peer file sharing client. Buffer overflows have been found in the code that handles the web interface and the IRC module that could result under some conditions in arbitrary code being executed with the permissions of the user running eMule.

It is recommended that users upgrade to version 0.42e or newer of eMule. It should be noted that the eMule IRC server name was changed to protect users of the vulnerable versions of eMule and that the new client will connect to the correct IRC server.

vfte

The console based editor vfte contains multiple buffer overflows that can be exploited by a local attacker to execute arbitrary code with root permissions. vfte is installed with set user id root permissions so that it can access low level console operations.

Users should remove all set user and group id bits from vfte and should watch their vendor for an updated version. In addition users should consider using the terminal version of vfte which does not require root permissions to run.

YaST Online Update

SuSE Linux's YaST Online Update is reported to be vulnerable to a temporary file symbolic link race condition that can be exploited by a local attacker to overwrite arbitrary files on the system with the permissions of the user running YaST Online Update (often root).

Affected users should watch SuSE for an update to YaST Online Update and should exercise care if they choose to use it prior to it being updated.

oftpd

The anonymous FTP server oftpd is vulnerable to a denial of service attack when the client uses a very high port number in the PORT command.

Users should watch their vendor for a repaired version of oftpd.

MPlayer

MPlayer is a movie player for Unix that supports movie formats such as MPEG, VOB, AVI, OGG/OGM, FLI, RM, NuppelVideo, YUV4MPEG, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FILM, RoQ, and more. There is a bug in the MPlayer HTTP parser that may under some conditions can be exploited by a remote attacker to create a special HTTP header ("Location:") that can cause the victim to execute code located on the attackers system. Releases of MPlayer that are not affected by this problem are: releases before 0.60pre1, 0.92.1, 1.0pre3try2, 0_92 CVS, and HEAD CVS.

It is recommended that MPlayer 1.0pre3 users upgrade to the latest CVS release and that MPlayer 0.92 (and below) users upgrade to the 0.92.1 release or the latest CVS release.

OpenLDAP

The slapd daemon distributed with OpenLDAP is vulnerable to a remotely exploitable denial of service attack. Failed password operations can cause slapd to crash when slapd is using the back-ldbm back end due to slapd freeing memory that it never allocated.

Users should watch their vendor for an updated version of OpenLDAP.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.


Read more Security Alerts columns.

Return to the LinuxDevCenter.com.




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: