Wednesday, March 02, 2005

Looking For Troubles?

If you are curious about troubles happened in Open Source application, then you should visit Security Alerts from LinuxDevCenter, where in this page, you will get the latest security alerts by Noel Davis. In this page, you will look at problems in the Linux kernel, VMware, PostgreSQL, Squid, MySQL, mailman, Apple OSX HFS+, movemail with GNU Emacs or XEmancs, KStars, typespeed, awstats, and synaesthesia.

Linux Kernel Problems
Several problems in the Linux kernel have been reported, including: an authorization problem in the shmctl() function call that could result in unauthorized access to data; a buffer overflow in nls_ascii.c that could cause a kernel panic; a race condition in the setsid() function; and a flaw in the netfilter and iptables code that could be used to crash the machine or to bypass a firewall rule.

User should consider upgrading to the latest production release of the Linux kernel.

Under some conditions, VMware can load shared libraries from a world-writable directory. Exploiting this vulnerability can allow the attacker to execute arbitrary code with the permissions of the user running VMware.

All users of VMware should upgrade to the latest version. As a workaround, users can create a file named /tmp/rrdharan to prevent the exploitation of this vulnerability.

Several buffer overflows have been reported in the PL/PgSQL component of the PostgreSQL database that may, under some conditions, be exploitable by an attacker to execute arbitrary code with the permissions of the PostgreSQL user account.

It is recommended that users watch their vendors for a patch or upgrade to PostgreSQL version 8.0.1-r1 or newer. Debian has released a updated version of PostgreSQL for Debian GNU/Linux 3.0 (alias woody) that they identify as 7.2.1-2woody8.

MySQL mysqlaccess Script
The mysqlaccess script distributed with MySQL is reported to be vulnerable to an attack based on a temporary-file, symbolic link race condition that may be exploitable to overwrite arbitrary files on the system with the permissions of the user running the script (often root).

The mysqlaccess script is reported to have been repaired in the latest available release of MySQL.

A directory traversal vulnerability has been reported in the Mailman mailing list manager that may result in an attacker gaining access to the mailing list account and password information of users. Systems running Apache 2.0 are reported to not be vulnerable. This problem is reported to affect Mailman 2.1 versions through version 2.1.5.

Users should upgrade to version 2.1.6 of Mailman as soon as possible and should execute the script to reset their users' passwords. After running the script, users should run the cron/mailpasswds script to mail the new passwords to their users. A temporary workaround that will break private archives is to remove the mailman/cgi-bin/private executable.

Apple OSX HFS+
Under certain conditions, Internet-based applications, such as web servers, that provide remote users access to files and data residing on an Apple OSX HFS+ filesystem may be manipulated into disclosing unauthorized information, such as the source code, from server-parsed files, such as PHP pages. This problem affects Mac OS X version 10.2 and earlier.

All users should apply the available fixes from Apple.

GNU Emacs and XEmacs movemail
When using the movemail utility with GNU Emacs and XEmacs, a buffer overflow can be triggered by a remote attacker who controls the POP email server from which the victim is downloading mail. Successfully exploiting this buffer overflow would allow the attacker to execute arbitrary code with the permissions of the user and the mail group.

Users should watch their vendors for a repaired GNU Emacs and XEmacs package. Repaired packages have been announced for Red Hat Linux, Debian GNU/Linux, Mandrake Linux, and Ubuntu.

Squid is a free, open source Web proxy cache server that provides proxying and caching of HTTP, FTP, and other URL types; HTTP server acceleration; proxying for SSL; transparent caching; caching of DNS queries; and extensive access controls. Several problems in Squid have been announced, including: when using LDAP, unauthorized users may be able to connect by using a variant of an authorized user's login name; a buffer overflow in the code that handles a response from a gopher server that can result in Squid crashing if a response is too long; a cache-poisoning-based vulnerability; and a buffer overflow in the code that handles WCCP packets that may be exploitable to crash Squid or to execute arbitrary code with the permissions of the Squid user.

It is recommended that users apply the available patches for Squid and recompile, or that they watch their vendors for an updated version.

KStars, a desktop planetarium for KDE, contains a buffer overflow in the fliccd daemon that may be exploitable under some conditions to execute arbitrary code with increased permissions. fliccd is only reported to be vulnerable when it is run in daemon mode.

Affected users of KStars should watch their vendors for a repaired version. Repaired versions have been released for Gentoo Linux.

The touch-typing training game typespeed is vulnerable to a format-string-based attack that may be exploited by a local attacker to gain (in most cases) group games permission.

Users should watch their vendors for a updated version and should consider disabling typespeed or removing the set group id bit until it has been repaired.

awstats, a web-based, web server log analyzing tool, is vulnerable to an attack that can be exploited by a remote attacker to execute arbitrary commands with the permissions of the user account running the web server.

It is recommended that users upgrade to awstats version 6.4 or newer as soon as possible.

The sound visualization utility synaesthesia does not properly drop its privileges when it accesses its user-owned configuration and mixer files, and can be abused to read arbitrary files on the system.

Affected users should watch their vendors for a repaired version.

Source : LinuxDevCenter

No comments:

Post a Comment