Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in KDE, CSV, Subversion, Firebird, FreeBSD
mailman, Opera, Apple's HelpViewer, cPanel, and
The code in KDE's URL handlers for
mailto: do not properly filter out "
-" characters. Under some conditions, this can be exploited by an attacker to pass arbitrary options to the applications being invoked by the URL handler.
Users of KDE or components of KDE such as Konqueror or Kmail should upgrade to a repaired version of KDE as soon as possible. The KDE team has made source code patches available for KDE 3.0.5b, 3.1.5, and 3.2.2. Users of binary distributions should watch their vendors for updated packages. Updated packages are reported to be available for Conectiva Linux 9 and SuSE Linux 9.1, 9.0, 8.2, 8.1, and 8.0.
CVS (the Concurrent Versions System) is a flexible, open source version-control system designed to work over a network. CVS is vulnerable to a buffer overflow in the code that handles "Entry" lines and flags that may, under some conditions, be exploitable by a remote attacker to execute arbitrary code with the permissions under which CVS is running. It is reported that CVS release 1.11.15 and CVS feature releases up to 1.12.7 are vulnerable to this buffer overflow.
It is recommended that users upgrade to a repaired version of CVS as soon as possible.
|Linux/Unix System Administration Certification -- Would you like to polish your system administration skills online and receive credit from the University of Illinois? Learn how to administer Linux/Unix systems and gain real experience with a root access account. The four-course series covers the Unix file system, networking, Unix services, and scripting. It's all at the O'Reilly Learning Lab.|
Subversion is a version-control system comparable to CVS. The code in Subversion that handles dates has a bug in both the client and server that may, under some conditions, be exploited by a remote attacker to execute arbitrary code with the permissions of the Subversion user account or used in a denial-of-service attack against Subversion. Read-only servers are also reported to be vulnerable. All versions of Subversion released before version 1.0.3 are thought to be vulnerable.
All users of Subversion should upgrade to version 1.0.3 or newer as soon as possible.
msync() function call is used to write modified whole pages to the filesystem. Under some conditions, a user with read access to a file can prevent changes to that file from being written to the disk, leading to inconsistencies between the virtual memory system and disk content.
It is recommended that users upgrade to FreeBSD 4-STABLE or the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the correction date. Patches have also been released for FreeBSD 4.8, 4.9, 4.10 and 5.2.
mailman is a mailing list manager with a very easy-to-use web interface. Versions of
mailman prior to version 2.1.5 are reported to be vulnerable to an attack that can be used by an attacker to retrieve a
mailman user's mailing list password.
All users of
mailman should upgrade to version 2.1.5 or newer as soon as possible.
The Opera web server has a bug in the code that handles
telnet: URLs, which may result in a attacker being able to create or overwrite arbitrary files with the permissions of the user running Opera. The URL handles does not check and filter out "
-" characters in the
telnet: URL. This can allow an attacker to embed command-line parameters in a
telnet URL that will be parsed when the victim clicks on the link. This vulnerability is reported to affect both Windows XP and Linux machines.
Affected users may remove the handler for
tn3270 from the preferences menu within Opera, or upgrade to Opera 7.50.
Also in Security Alerts:
A flaw in Mac OS X can, under some circumstances, be exploited using a carefully crafted URL to execute arbitrary commands with the permissions of the victim. Multiple applications are affected by this flaw, including Internet Explorer, Mozilla, and Apple's Safari.
Users should apply the security patch available from Apple and may wish to consider restricting their Internet preferences using a tool such as the More Internet Preferences tool.
cPanel is a web-hosting management system for Unix-based systems that helps users manage their web sites, database configurations, email accounts, and FTP setup. Some configurations of cPanel contain a flaw that can be exploited by a local attacker to execute arbitrary code with the permission of any user that owns a web-viewable PHP web page. All machines with
mod_phpsuexec enabled are reported to be vulnerable to this flaw.
Affected users should upgrade to Apache 1.3.31 as soon as possible.
xpcd is a PhotoCD viewer for the X Window System and console displays. The console-based viewer,
xpcd-svga, is reported to be vulnerable to a buffer overflow that may, under some conditions, be exploitable to execute arbitrary code with root permissions. The author of
xpcd has stated on his web site that
xpcd is no longer being maintained.
It is recommended that any set user or group id bits be removed from
xpcd-svga as soon as possible, that if
xpcd is not being used on a system it be disabled or removed, and that if the application is needed, then users should watch their vendors for a repaired version or look for a replacement viewer.
Firebird, an open source, relational database that runs under Unix, Linux, and Windows, contains a buffer overflow in the code that handles an environmental variable. The buffer overflow reportedly allows an attacker to change or delete databases and replace the Firebird binaries with trojan applications.
Users should upgrade to version 1.5 or newer of Firebird.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to the LinuxDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.