LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Security Alerts

Problems in the Linux Kernel, LISTSERV, and gdb

by Noel Davis
06/03/2005

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in the Linux kernel, LISTSERV, gdb, FreeRADIUS, shtool, mailutils, Qpopper, davfs2, libmagick6, picasm, cheetah, and ppxp.

Linux Kernel Problems

New problems reported in the Linux kernel include: an information disclosure where one thread can read information from other threads on the same processor, a bug in the fib_seq_start() function that a local user could exploit to crash the system, a problem in the code that generates core files for ELF binary executables that could result in arbitrary code being executed with root permissions, a bug in the key_user_lookup() function that could be used to crash SMP machines, and a bug in the code that handles raw and pktcdvd devices that could be used under some circumstances to execute code with root permissions.

All Linux users should watch their vendors for repaired kernel packages. Repaired packages have been released for Ubuntu Linux versions 4.10 and 5.04.

LISTSERV

LISTSERV is a multi-platform mailing list management application that was first released in 1986. The LISTSERV software is reported to be vulnerable to several unspecified bugs that, if exploited, can result in arbitrary code being executed or cause a denial of service.

Users are encouraged to upgrade LISTSERV to version 14.3 level set 2005a or newer as soon as possible.

gdb

gdb, the GNU debugger, is vulnerable to a buffer overflow that, under some conditions, could result in arbitrary code executing with the permissions of the victim. Additionally, gdb is reported to load startup files from the current working directory.

Affected users should watch their vendors for a repaired version.

FreeRADIUS

The FreeRADIUS server is an open source RADIUS server that provides additional functionality, including PAM authentication support and Apache authentication support. FreeRADIUS is vulnerable to a SQL injection-based attack and multiple buffer overflows. These vulnerabilities may be exploitable by a remote attacker as part of a denial-of-service attack or to execute arbitrary SQL commands.

Users of FreeRADIUS should watch their vendors for a repaired version.

shtool

GNU shtool is reported to be vulnerable to a temporary-file, symbolic-link race condition that could be used by a local attacker, under some conditions, to overwrite arbitrary files on the system with the permissions of the user running shtool or an application that uses shtool. This vulnerability is reported to affect version 2.0.1 and earlier of shtool.

Affected users should watch their vendors for an updated version of shtool.

GNU mailutils

The GNU mailutils imap4d daemon is reported to contain a format-string-based vulnerability and a buffer overflow in the fetch_io() function; both may be exploitable by a remote attacker, under some conditions, and result in the execution of arbitrary code with root permissions. In addition, the imap4d daemon is reported to be vulnerable to a denial-of-service attack. These vulnerabilities are reported to affect version 0.6 of mailutils.

The mail command that is distributed with the GNU mailutils package is reported to be vulnerable to a remote attack that uses a flaw in the header_get_field_name() function to execute arbitrary code with the permissions of the user running mail. The remote attacker would conduct this attack by sending the victim a carefully crafted email that the victim then attempts to read using the mail command.

Version GNU mailutils 0.6.90 repairs these vulnerabilities and has can be obtained from ftp://alpha.gnu.org/gnu/mailutils.

Also in Security Alerts:

PHP Problems

Ethereal Trouble

KWord Trouble

XFree86 Trouble

MySQL Trouble

Qpopper

The POP3 email server Qpopper is reported to have several vulnerabilities that may result in files being created or overwritten with root permissions, or in files created with world- or group-writable permissions.

Users should upgrade Qpopper to version 4.0.5-r3 or newer. Debian and Gentoo have released updated packages that repair this problem.

davfs2

The Linux implementation of the davfs2 filesystem is reported to improperly support Unix filesystem permissions. The davfs2 filesystem allows the mounting of a WebDAV server as a local filesystem. davfs2 is known to be distributed with Mandrake Linux 9.0 and the unstable Debian.

Affected users should decide what level of risk these bugs present to their systems and consider not mounting the WebDAV server until the bugs have been repaired.

libmagick6

The libmagick6 image-processing library is vulnerable to multiple denial-of-service attacks. The vulnerabilities are in code in the PNM image decoder and the XWD decoder.

Users should watch their vendors for a repaired version of the library. Updated packages have been released for Ubuntu Linux versions 4.10 and 5.04.

picasm

The PIC16Cxx, 2c508, 12c509, and other assembler picasms are reported to be vulnerable to several buffer overflows that could be exploited by an attacker who creates carefully crafted code files that the victim then attempts to assemble. If successfully exploited, arbitrary code is then executed with the victim's permissions.

All users of picasm should upgrade to version 1.12c as soon as possible and should exercise care before assembling code from an untrusted source.

Cheetah

The Python-based Cheetah code generator will insecurely import code located in the system temporary directory (/tmp). Under some conditions, this could result in arbitrary code being executed with the permissions of the victim.

Users of Cheetah should upgrade to version 0.9.17rc1 or newer as soon as possible.

ppxp

The PPP daemon ppxp can, under some circumstances, be manipulated into opening a root shell by an unauthorized user. This problem occurs during the opening of a log file.

Debian has released a repaired version of ppxp. Users of other distributions should watch their vendors for a updated version.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Read more Security Alerts columns.

Return to LinuxDevCenter.com




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: