Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in Oracle Reports, Skype for
Linux, MediaWiki, Kate, Kwrite, Shorewall,
libgadu, PHPNews, phpSurveyor,
Affix, Heartbeat, and phpPgAdmin.
Oracle's enterprise reporting tool Oracle Reports is reported to be vulnerable to cross-site scripting attacks; attacks that allow an attacker to read and write to arbitrary files; and attacks that allow an attacker to execute arbitrary code with the permissions of the oracle user account.
The report states that the cross-site scripting vulnerability affects version 9.0.2 + patchset 2 of Oracle Reports. The versions of Oracle Reports affected by the code-execution attack include 6.0, 6i, 9i, and 10g. All versions of Oracle Reports may be vulnerable to the read-any-file problem. The writing-of-any-file problem is only reported to affect versions 6.0, 6i, 9i, and 10g.
Users should contact Oracle for a resolution or workaround for these vulnerabilities.
Skype is an application for making voice chat connections across the internet to other users of Skype. It is very popular and has many features, such as conference calls, calling normal phone numbers, and file transfers. Its available for Windows, Mac OS, Linux, and Pocket PC.
Version 220.127.116.11 of Skype is reported to be vulnerable to a temporary-file, symbolic-link race condition when the user adds an image to his or her personal profile. This could allow a local attacker to overwrite arbitrary files on the system with the permissions of the victim.
Every affected user on multiuser systems should avoid updating the image in his or her profile until this problem has been fixed.
All MediaWiki servers should be upgraded to version 1.4.7 or newer as soon as possible.
Local users can, under some conditions, read backup files created by Kate and
Kwrite, even if the originating files have more restrictive permissions. The
problem with the backup files is caused by a bug in the
Affected users should watch their vendors for an updated
Shorewall, a front-end tool for configuring Netfilter, contains a bug in its MAC address filtering code that may result in a remote authenticated client bypassing all security restrictions. Netfilter is a firewall included in the Linux kernel.
Users of Shorewall version 2.0.17 or later should apply the firewall script (which is available in the errata files) for their version. Users of earlier versions should upgrade to a supported version and apply the updated firewall version. Another option is to upgrade to Shorewall version Shorewall 2.4.2 or newer.
libgadu library is used in
ekg and other instant messenger clients to
provide Gadu-Gadu protocol support. A buffer overflow in the
is reported to be exploitable to execute arbitrary code with the permissions
of the user running the messengering client. There are also other problems
reported in the library and in
It is strongly recommended that all users of
ekg upgrade to version 1.6rc3
or newer. This version of
ekg includes a repaired version of the
Users of other instant messaging clients that use
libgadu should watch their
vendors or the maintainers of the client for updated versions.
PHPNews, a popular web-based news application written in PHP, is reported to be vulnerable (under some conditions) to several attacks that can result in arbitrary code being executed with the permissions of the user account used to run the web server. The vulnerabilities reportedly allow the attacker use SQL injection to log in to the admin panel, upload code instead of a image using the upload images functionality, and edit the template and add code. PHPNews version 1.2.6 and earlier are reported to be vulnerable.
All vulnerable users of PHPNews should upgrade to version 1.3.0 as soon as possible.
phpSurveyor is a web-based survey creation tool written using PHP and MySQL. Version 0.98 Stable is reported to be vulnerable to multiple SQL injection bugs and many cross-site scripting vulnerabilities.
Users of phpSurveyor should watch for a repaired version and should consider disabling the software until it has been patched or upgraded.
Affix is a Bluetooth protocol stack for Linux. A buffer overflow in code dealing with the FTP protocol can, under some circumstances, be exploitable to execute arbitrary code with root permissions.
Users of Affix should apply the available patch or watch their vendors for a repaired version.
Heartbeat, a system monitoring tool that is part of High-Availability Linux, is reported to be vulnerable to a temporary-file, symbolic-link race condition.
Affected users should watch their vendors for a repaired package.
phpPgAdmin is a web-based administration tool written using PHP for the PostgreSQL
database. The parameter
formlanguage in the index.php script is
not validated before it is used to include files. As a result, an attacker who
can create or write to a file on the server can cause arbitrary code to be
executed. Systems with magic quotes enabled are not vulnerable to this problem.
It is recommended that all users upgrade to phpPgAdmin version 3.5.4 or newer as soon as possible.
Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.
Read more Security Alerts columns.
Return to LinuxDevCenter.com
Copyright © 2009 O'Reilly Media, Inc.