Problems in the Kernel, OS X, and WordPressby Noel Davis
Welcome to Security Alerts, an overview of recent Unix and open source security
advisories. In this column, we look at problems in the Linux kernel, Mac OS X,
bzip2, WordPress, WebSphere, Peercast, PHPMailer, Binutils, Popper Webmail, Dzip,
- Linux Kernel Problems
- Mac OS X Security Update
- GNU Binutils
- Popper Webmail
Linux Kernel Problems
Several problems in the Linux kernel have been announced, including a bug
ptrace() on AMD64 platforms that could be used to crash the system, a bug
mmap() that may be exploitable to execute arbitrary code or to crash the
system, a root exploit using a Bluetooth socket, and a potential root exploit
in the 32-bit DRM
All users should watch their vendors for updated Linux kernel packages and then upgrade as soon as possible.
Mac OS X Security Update
Apple has released a new security update for Mac OS X named "Security
Update 2005-006." This update repairs a directory traversal bug in the
Bluetooth code and in PHP for both 10.3.* and 10.4.* systems. It also repairs
problems in Mac OS X 10.4.*, including a root vulnerability in the CoreGraphics
Window Server, a temporary-file race condition vulnerability in
can be trivially exploited to gain root permissions, buffer overflows in the
AFP Server, a bug in CoreGraphics, a bug in PDFKit, a permissions-based race
condition in the cache folder and Dashboard system widgets, a bug in the MCX
client, export restriction problems in the NFS server, and a buffer overflow
vpnd (the VPN server).
It is recommended that users of Mac OS X upgrade as soon as possible.
The compression tool
bzip2 is reported to be vulnerable to a race condition
in the code that sets the file permissions of files as they are uncompressed.
Users should watch their vendors for a updated version of
bzip2. Debian has
released a repaired package.
WordPress is a "state-of-the-art semantic personal publishing platform." Another way to describe it would be as software used to publish a blog. WordPress was named "Web Application of the Year" by ArsTechnica. Multiple problems in WordPress may, under some conditions, be exploitable by a remote attacker in a SQL injection attack, or in a cross-site, scripting-based attack.
All users of WordPress should upgrade to version 220.127.116.11 or newer as soon as possible.
The IBM WebSphere Application Server 5.0 is reported to be vulnerable to a buffer overflow in the WebSphere Application Server Administrative Console when the "global security option" is enabled. Successfully exploiting the buffer overflow could allow a remote attacker to execute code with the permissions of user account running the application server.
IBM is reported to have released WebSphere Application Server 5.0.2 Cumulative Fix 11 to repair this buffer overflow. One possible workaround is to use a firewall tool to block unauthorized access to TCP ports 9080, 9090, and 9043.
Peercast is a peer-to-peer streaming media tool released under the GPL license. Version 0.1211 and earlier are vulnerable to a format-string-based attack that could be exploited to crash the server or to execute arbitrary code on the server with the permission of the user running Peercast.
All users of Peercast should upgrade to the latest available version.
Also in Security Alerts:
PHPMailer is a full-featured email transfer class for PHP. PHPMailer is reported
to have been used to implement email in many different projects, including
eGroupWare, Mambo Open Source, PostNuke, MyPHPNuke, Mantis, Moodle, OOPS, Sourdough, Open Source Suite CRM,
Xaraya, Ciao EmailList Manager, Owl Intranet Knowledgebase, pLiMa (php List
phplist, Octeth Email Manager Pro,
sendcard, 68 Mailer,
and Coppermine Photo Gallery.
A remotely exploitable denial-of-service vulnerability has been reported in
PHPMailer. The vulnerability is caused by a bug in the
SMTP-Class Data() function.
Users of PHPMailer or an affected application that uses PHPMailer should watch for a repaired version and upgrade as soon as possible.
GNU Binutils is a collection of programming utilities that include
windres. A buffer overflow in code contained in the
BFD (Binary File Descriptor) parser may be exploitable if victim uses one of
these tools on a file that the attacker has crafted to exploit the buffer overflow.
All affected users should watch their vendors for an upgraded version and upgrade as soon as possible.
Popper Webmail, a web-based email client written in PHP, is vulnerable to an attack that can be exploited by a remote attacker to execute arbitrary code with the permissions of the user account running the web server. The vulnerability is caused by a bug in the file childwindow.inc.php. This vulnerability is reported to affect all versions of Popper Webmail through version 1.41-r2.
One possible workaround is to set the value of
off in the system php.ini configuration file. Affected users should consider
disabling Popper Webmail until it has been repaired.
Dzip is a compression and decompression tool designed to work with Quake demo recordings. Dzip reportedly will extract files to arbitrary locations. This can be exploited by a remote attacker who creates a compressed file that will cause problems when it is uncompressed with Dzip.
It is recommended that users watch their vendors for a new version and not use Dzip to uncompress files from untrusted sources until it has been upgraded. A repaired version is available for Gentoo Linux.
FreeBSD has released a repaired version of
gzip. This new version of
fixes a directory-traversal vulnerability and a file-permission-based race
vulnerability. All FreeBSD users should upgrade
Read more Security Alerts columns.
Return to LinuxDevCenter.com