PHP Troubleby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in PHP, Adobe Reader, Kismet,
LibTIFF, Evolution, Mutt,
bluez-utils, Ignite-UX, CPAINT, Awstats, Clam AntiVirus,
- PHP and
- Adobe Reader
- Clam AntiVirus
Some distributions are reported to ship a vulnerable version of
their PHP development packages. The vulnerability in
shtool is caused by a
symbolic-link race condition that may be exploitable by a local attacker to
view the contents of temporary files, or to overwrite arbitrary files with the
permissions of the victim using
Users should watch their distribution vendors for updated packages and should
consider disabling any versions of
shtool that are not known to have been updated.
The Adobe Reader is used to view PDF files and is available on Linux, Mac OS X, and Windows. A buffer overflow in an unspecified "core application plugin" may be exploitable by a remote attacker who creates a carefully crafted PDF file that, when viewed by the victim, executes arbitrary code with the victim's permissions.
All users of Adobe Reader should upgrade as soon as possible to version 220.127.116.11 or newer.
Kismet, a wireless sniffer and intrusion detection system, is reported to be vulnerable to a buffer overflow in code that handles pcap captures and code in the CDP protocol dissector. This buffer overflow may be exploitable, under some conditions, by a remote attacker who generates specifically formatted packets. There also may be other undisclosed problems with Kismet.
It is recommended that Kismet be upgraded to version 2005-08-R1 or newer as soon as possible. It is also suggested that users watch for additional upgrades to fix other possible problems because the release notes from version 2005-08-R1 include the following statement: "I still don't have info about the exact nature of the exploits announced at Defcon, but I can't wait any longer. The current issues fixed are serious, and may encompass the announced exploits."
LibTIFF, a programming library for reading and manipulating Tagged Image File
Format (TIFF) images, contains a vulnerability in the code that handles the
YCbCr variable inside of a TIFF image header. This vulnerability also affects
software that has LibTIFF included, such as wxPythonGTK.
Users should watch repaired and updated versions of LibTIFF and wxPythonGTK.
Evolution is a Gnome application that provides email, an address book, and a calendar. Evolution contains vulnerabilities in code dealing with remote task listing from a remote server, vcards, some information from remote LDAP servers, and some calendar entries. Successfully exploiting these vulnerabilities may result in arbitrary code being executed. Versions of Evolution through version 18.104.22.168 have been reported to be vulnerable.
Affected users should watch their vendors for a repaired version of Evolution. Mandriva has released a repaired package.
Mutt, a small text-based email client, is reported to contain a buffer overflow
that may be exploitable by a remote attacker by creating a carefully crafted
email message that when opened with Mutt may cause arbitrary code to be executed
with the victim's permissions. The report states that there is a bug in the
mutt_decode_xbit() function in the file handler.c.
All users of Mutt should watch for a repaired version.
bluez-utils is a package of utilities that are part of the BlueZ implementation
of Bluetooth for Linux. An attacker may be able to name a Bluetooth device
with certain escape characters so that when the computer pairs with the device,
arbitrary code executes with root permissions.
It is recommended that all users upgrade to
bluez-utils version 2.19 immediately.
Ignite-UX is an HP-UX administration toolset that aids in the deployment of multiple installations of HP-UX across a network. An unspecified security vulnerability in Ignite-UX that involves file permissions may be exploitable to gain access to client data on the server running Ignite-UX. In addition, under some conditions a copy of the system password file may be exposed to unauthorized remote view.
HP recommends that affected users apply the appropriate update to correct the vulnerability. HP-UX users should contact HP for more information and resolutions.
Users are encourage to upgrade to the latest release of CPAINT.
Awstats is a web-based, web server log analyzing tool. Versions of Awstats earlier than 6.5 are reported to be vulnerable due to a lack of input validation on the referrer information in the web server log. Successfully exploiting this vulnerability may allow a remote attacker to execute arbitrary Perl code with the permissions of the user account analyzing the logs.
All users of Awstats should upgrade to version 6.5 or newer as soon as possible and should disable all URLPlugins until Awstats has been updated.
Also in Security Alerts:
Clam AntiVirus, a Unix-based virus scanning tool for email attachments, is reported to contain buffer overflows in code that handles TNEF, CHM, and FSG file formats.
Affected users should upgrade to version 0.86.2 or newer of Clam AntiVirus as soon as possible.
Gaim is a messaging client that supports many different instant messaging protocols, including those of the AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks. Several vulnerabilities have been announced that could result in a denial-of-service condition, or possibly in arbitrary code being executed as the victim.
Users of Gaim should upgrade to version 1.5.0 or newer.
Read more Security Alerts columns.
Return to LinuxDevCenter.com