oreilly.comSafari Books Online.Conferences.


Security Alerts

Trouble in iptables

by Noel Davis

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in Linux iptables, OpenSSL, PuTTY, rssh, Quake II Server, libmagick6, HP Serviceguard, Xpdf, FreeRadius, WVTFTPD, GNU tftp, and pppd.

Linux iptables

Linux is vulnerable to an integer underflow in the iptables code that handles firewall rules, which can be exploited by a remote attacker to crash the server. To exploit this vulnerability, the attacker would construct a packet that, when processed by the firewall, would crash the server. Machines without the firewall enabled are not vulnerable to this attack.

All affected users should upgrade to a repaired version of the Linux kernel or should watch their vendors for a patched version of the kernel for their distribution.

OpenSSL 0.9.7e

The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking code and bug fixes in code dealing with S/MIME.

The OpenSSL project team strongly recommends all users of OpenSSL upgrade to version 0.9.7e or newer as soon as possible.

Related Reading

Network Security Hacks
100 Industrial-Strength Tips & Tools
By Andrew Lockhart


PuTTY is a free version of telnet, SSH, and a Xterm emulator for Windows and Unix machines. A buffer overflow in the code that handles SSH2_MSG_DEBUG packets during a SSH2 connection can be exploited by a remote attacker to execute arbitrary code on the server with the permissions of the user account running PuTTY.

All users of PuTTY should upgrade to version 0.56 or newer as soon as possible.


rssh, a restricted shell designed to be used with OpenSSH that places a user in a chroot jail and only allows the use of scp and sftp, contains a format-string vulnerability that may be exploitable by a remote attacker to execute arbitrary commands. In most cases, if this vulnerability is exploited, the attacker will only gain the ability to issue arbitrary commands with his user account's permissions. But under some conditions, it may be possible that the attacker can execute arbitrary commands with root permissions.

All users of rssh should upgrade to version 2.2.2 or newer as soon as possible.

Quake II Server

The Quake II gaming server is reported to have several vulnerabilities, including remote and local buffer overflows, denial-of-service vulnerabilities, and remote information leaks. It is unclear if the reported buffer overflows can be successfully exploited to execute code on the server.

Users running a Quake II server should consider upgrading to version R1Q2 or some other repaired version.


The libmagick6 library contains a buffer overflow in the function that parses EXIF information. When an application linked against the libmagick6 library attempts to read EXIF information from an image file, a buffer overflow may occur and lead to the execution of code with the permissions of the user running the application.

Affected users should watch their vendors for a repaired version of the libmagick6 library or should upgrade to version 6.1.0. A repaired version has been released for Ubuntu 4.10 Linux.

HP Serviceguard

"HP Serviceguard is a specialized software for protecting mission-critical applications from a wide variety of hardware and software failures." A bug has been reported in HP Serviceguard that may allow a non-privileged user to gain root access. The bug can be exploited by any attacker who can access the subnet on which HP Serviceguard is running.

HP has released patches to repair this bug and all affected users should upgrade as soon as possible. HP also recommends that users read HP's new white paper, "Securing Serviceguard." For more information, users should contact HP or their support vendors.


Xpdf is a PDF reader for Unix and the X Window System. Xpdf and other viewers that use code derived from Xpdf (gpdf, kpdf, and pdftohtml) are reported to be vulnerable to several buffer overflows that may, under some conditions, be exploited using a carefully crafted PDF file to execute arbitrary code.

Users should watch their vendors for a repaired version of Xpdf, gpdf, kpdf, and, pdftohtml. SuSE has released repaired versions for SuSE Linux Enterprise Server 8 and 9, and SuSE Linux Desktop 1.0.


The FreeRadius open source RADIUS server is reported to be vulnerable to several remote denial-of-service attacks.

All users of FreeRadius should watch their vendors for a updated version and should consider protecting FreeRadius from unauthorized connections by using a firewall.


WVTFTPD, a fast TFTP (Trivial File Transfer Protocol) implementation, is reported to be vulnerable to a buffer overflow that may be exploitable by a remote attacker to execute arbitrary code with the permissions of the root user. This buffer overflow is reported to affect all versions of WVTFTPD before 0.9.1. Code to automate the exploitation of this vulnerability has been released to the public.

All users of WVTFTPD should upgrade to version 0.9.1 or newer as soon as possible and should consider disabling it until it has been upgraded.

GNU tftp

GNU tftp contains a buffer overflow that can be exploited by an attacker using a remote DNS server under their control, or by spoofing DNS replies. Successfully exploiting the vulnerability can result in arbitrary code being executed with the permissions of the account under which the application is running.

User should watch for a new version of inetutils that contains a repaired version of tftp.


pppd is a Unix daemon that implements both the client and server side of PPP (Point to Point Protocol). It is vulnerable to a buffer overflow that is reported to only be exploitable in a denial-of-service attack.

Affected users should watch their vendors for an updated version of pppd.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Read more Security Alerts columns.

Return to

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: