Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in
freeamp, Kaffeine and
shadow, and BNC.
libgd library is an ANSI C library that provides for the dynamic creation
of images in PNG, JPEG, GIF, and other formats. A bug in code that handles PNG-formatted images has been reported. Under some conditions, it may be exploitable
by an attacker using a carefully crafted PNG file and result in arbitrary
code being executed on the victim's machine.
libgd is used in PHP, and one possible
vector of attack is in photo web sites that allow users to upload images and
then process those images with a PHP script.
All users of
libgd or linked applications (such as PHP) should evaluate their
risk of exposure due to this bug, and take appropriate steps. Users should watch
their vendors for repaired packages for affected applications. Repaired versions
are available for Ubuntu and Debian GNU/Linux.
mtink, a status monitor and ink-cartridge changer for Epson
printers, is reported to be vulnerable to a temporary-file, symbolic link race
condition that may, under some conditions, be exploited by a local attacker
to overwrite arbitrary files on the system with the permissions of the user
mtink (root, in most cases).
mtink should watch their vendors for an updated package.
The archive utility
zip is reported to be vulnerable to a buffer overflow
when an archive file with a very long name is unpacked. A remote attacker could
create a carefully crafted
zip archive file that, when opened by the victim,
would execute arbitrary code with the victim's permissions.
zip should exercise care when opening .zip files until they have
upgraded their version of
zip to a repaired version. A repaired version is available
for Gentoo Linux.
The programming language
ruby has a vulnerability in its
FileStore functionality that causes session information to be stored
insecurely. In addition, the CGI module also has a bug that can be used by
a local attacker to cause an infinite loop that can be used in a denial-of-service attack.
All affected users should upgrade as soon as a package becomes available. Updated packages have been released for Mandrake, Gentoo, and Debian GNU/Linux.
A problem in the code that handles wildcards in filename strings may be exploitable by a remote attacker in a denial-of-service attack that can cause a high load on the victim's machine or, in some cases, make it not respond at all.
The Samba development team has released a patch to Samba 3.0.7. Users should upgrade to Samba 3.0.7 with this patch applied as soon as possible.
freeamp is an open source MP3 player that has been replaced by the ZINF (ZINF
Is Not FreeAmp!) audio player. ZINF is based on the source code of
but does not use a trademarked word as part of its name. The playlist module
freeamp is vulnerable to a buffer overflow that could, under some circumstances,
result in arbitrary code being executed with the permissions of the user running
All affected users of
freeamp/ZINF should upgrade to a repaired version as
soon as it is available.
gxine are media players that use the
xine video library for video
playback and video processing. Kaffeine is a media player for KDE3. Both applications
share code that provides processing for
Content-Type headers. This
header code contains a buffer overflow that could, under some conditions, be
exploited by a remote attacker who controls an HTTP server to which the user has connected. The attacker may be able to create a RealAudio .ram playlist
that, when read by Kaffeine or
gxine, will result in a buffer overflow and the
execution of arbitrary code on the victim's machine.
Users of Kaffeine or
gxine should exercise great care until repaired versions
have been installed.
Portage, Gentoo Linux's package management tool, is vulnerable to a temporary-file, symbolic link race condition that can be exploited by a local attacker
to overwrite arbitrary files with the permission of the user running the
All users of Gentoo Linux should upgrade their Portage and
as soon as possible.
zgv is a console-based image viewer. Some versions of
zgv are reported to
be vulnerable to multiple buffer overflows. The attack is conducted by the
attacker creating a carefully crafted image file, and the victim then viewing
zgv. The resulting buffer overflow can result in arbitrary code being
executed as root or as the user running
It is recommended that users watch their vendors for a updated version or upgrade
zgv version 5.8 and apply the patch available from
zgv's home page.
A bug in the
shadow suite of tools can be abused by a local user who is logged
in but has an expired password. The
chsh tools can be used to
change account information without the user being forced to change his or her password.
Users should upgrade to a repaired
shadow utility package when it becomes available.
BNC is an Internet relay chat (IRC) proxying server. BNC has a buffer overflow
in the function
getnickuserhost() that may be exploited by a remote attacker
as a denial-of-service attack. It is not known if this buffer overflow can
be exploited to execute code or to gain additional permissions on the victim's
It is recommended that users of BNC upgrade to version 2.9.0 as soon as possible.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.