Problems with sudo, at, and efax01/22/2002
Welcome to Security Alerts, an overview of recent Unix and open source
security advisories. In this column, we look at buffer overflows in
efax, LibGTop, and
icecast-server; and problems in
cdrdao, Conectiva Linux's MySQL, Open UNIX and UnixWare 7
Red Hat's Secure Web Server, Mandrake's BIND,
klprfax_filter, and an HP-UX denial-of-service attack.
- Conectiva Linux MySQL
- Open UNIX and UnixWare 7 xterms
- Red Hat Secure Web Server
- Mandrake BIND
- HP-UX DOS
sudo, a tool used to allow specified users to execute commands with
root permissions, has a vulnerability that can, under some circumstances, be used by a local
attacker to execute arbitrary commands as
root. This vulnerability is in
sudo, but has only been reported to be
exploitable on systems that have Postfix installed as the system MTA.
sudo 1.6.4 has been released to fix this vulnerability, and it is
recommended that users upgrade as soon as possible.
at command under most versions of Linux has a bug that can, under
some circumstances, be exploitable by a local attacker to execute code
with root permissions.
Users should watch their vendor for updated
at command packages.
A buffer overflow in the
clanlib game programming library can be
exploited to gain additional privileges, if an application that is
linked to it is installed set user id or set group id. The SuSE Linux
packages for the game Methane are installed set group id to the group
SuSE recommends that users with Methane installed remove the set group
id bit from the game. All affected users should watch for an update
There is a buffer overflow in the
efax program distributed with the
kdeutils package of KDE 2.2.1 that, under some circumstances,
may be exploitable by a local attacker to execute arbitrary code with
the permissions of the root user. To be exploitable, the
must be installed set user id root. The only reported situation that
by default installs
efax as set user id root is when KDE is installed from source.
The buffer overflow is reported to have been fixed in KDE 2.2.2.
Affected users should ensure that
efax does not have a set user id bit
and upgrade it as soon as possible.
cdrdao is used to create audio or mixed-mode CD-R disks in
disk-at-once mode. The
cdrdao application has several bugs that, when
cdrdao is installed, set user id root (which
cdrdao is, under Debian Linux) and can be used to read, write, or create arbitrary files on the system. These bugs can be leveraged into root on the system.
Users should remove the set user id bit from
cdrdao and should watch for an update to the software.
LibGTop, a Gnome component that is used in monitoring system status, includes the daemon
libgtop_daemon, which has buffer-overflow and format-string vulnerabilities that can be exploited remotely to execute arbitrary code as the user executing the daemon. The
libgtop_daemon is not started by default under the Gnome desktop.
Affected users should watch their vendor for an update.
The MySQL package distributed with Conectiva Linux 6.0 and older is configured to log all database queries to a world-readable file. By reading this file, a local attacker can recover sensitive information, including users and passwords.
Conectiva recommends that users upgrade their MySQL packages or change
the permissions and ownership of
Under UnixWare 7.1.x and Open Unix 8.0.0,
xterms saved in prior sessions can gain additional privileges in later sessions and, under UnixWare 7.1.x, they will not honor the value of the
Caldera recommends that users upgrade affected systems as soon as possible.
Red Hat has released updated packages for Secure Web Server version 3.2. This new version closes a security problem that could be exploited, with a carefully-crafted request, to view the contents of a directory instead of the index file or an error message.
It is recommended that users update the Secure Web Server with the
updated packages, which are supplied as a
icecast-server, an Internet streaming audio server, has a buffer
overflow that can be exploited to gain root access and a vulnerability
that can be used to download arbitrary files, and is vulnerable to a
These vulnerabilities have been repaired in
Mandrake has released updated packages for Mandrake Linux 8.0 and 8.1 that correct insecure file permissions on some configuration files and executables.
Affected users should install the new BIND packages as soon as possible.
xchat IRC client can be manipulated by a remote attacker into sending IRC commands to the IRC server to which the client is connected. This problem has been reported to affect versions of
It is recommended that users upgrade to
xchat version 1.8.7 or newer.
klprfax_filter, an application included with the KDE utilities package that is used to create a printer that will act like a fax device, has been reported to have a temporary-file race condition that can be used by a local attacker to overwrite files on the system with the permissions under which
klprfax_filter is executing.
klprfax_filter should consider disabling it until it has been repaired.
Hewlett-Packard has announced a local denial-of-service attack against HP-UX. The denial-of-service attack requires a local account and uses a file system weakness to hang the system. It has been reported to affect HP-UX 10.20 Series 700, 10.20 Series 800, 11.00, 11.04 (VVOS), and 11.11.
Hewlett-Packard recommends that affected users apply the appropriate patch for their OS version.
Read more Security Alerts columns.
Return to the Linux DevCenter.