PHP Trouble

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at problems in PHP, Adobe Reader, Kismet, LibTIFF, Evolution, Mutt, bluez-utils, Ignite-UX, CPAINT, Awstats, Clam AntiVirus, and Gaim.

• PHP and shtool
• Adobe Reader
• Kismet
• LibTIFF
• Evolution
• Mutt
• bluez-utils
• Ignite-UX
• CPAINT
• Awstats
• Clam AntiVirus
• Gaim

PHP and shtool

Some distributions are reported to ship a vulnerable version of shtool with their PHP development packages. The vulnerability in shtool is caused by a symbolic-link race condition that may be exploitable by a local attacker to view the contents of temporary files, or to overwrite arbitrary files with the permissions of the victim using shtool.

Users should watch their distribution vendors for updated packages and should consider disabling any versions of shtool that are not known to have been updated.

Adobe Reader

The Adobe Reader is used to view PDF files and is available on Linux, Mac OS X, and Windows. A buffer overflow in an unspecified "core application plugin" may be exploitable by a remote attacker who creates a carefully crafted PDF file that, when viewed by the victim, executes arbitrary code with the victim's permissions.

All users of Adobe Reader should upgrade as soon as possible to version 7.0.1.1 or newer.

Kismet

Kismet, a wireless sniffer and intrusion detection system, is reported to be vulnerable to a buffer overflow in code that handles pcap captures and code in the CDP protocol dissector. This buffer overflow may be exploitable, under some conditions, by a remote attacker who generates specifically formatted packets. There also may be other undisclosed problems with Kismet.

It is recommended that Kismet be upgraded to version 2005-08-R1 or newer as soon as possible. It is also suggested that users watch for additional upgrades to fix other possible problems because the release notes from version 2005-08-R1 include the following statement: "I still don't have info about the exact nature of the exploits announced at Defcon, but I can't wait any longer. The current issues fixed are serious, and may encompass the announced exploits."

LibTIFF

LibTIFF, a programming library for reading and manipulating Tagged Image File Format (TIFF) images, contains a vulnerability in the code that handles the YCbCr variable inside of a TIFF image header. This vulnerability also affects software that has LibTIFF included, such as wxPythonGTK.

Users should watch repaired and updated versions of LibTIFF and wxPythonGTK.

Evolution

Evolution is a Gnome application that provides email, an address book, and a calendar. Evolution contains vulnerabilities in code dealing with remote task listing from a remote server, vcards, some information from remote LDAP servers, and some calendar entries. Successfully exploiting these vulnerabilities may result in arbitrary code being executed. Versions of Evolution through version 2.3.6.1 have been reported to be vulnerable.

Affected users should watch their vendors for a repaired version of Evolution. Mandriva has released a repaired package.

Mutt

Mutt, a small text-based email client, is reported to contain a buffer overflow that may be exploitable by a remote attacker by creating a carefully crafted email message that when opened with Mutt may cause arbitrary code to be executed with the victim's permissions. The report states that there is a bug in the mutt_decode_xbit() function in the file handler.c.

All users of Mutt should watch for a repaired version.

bluez-utils

bluez-utils is a package of utilities that are part of the BlueZ implementation of Bluetooth for Linux. An attacker may be able to name a Bluetooth device with certain escape characters so that when the computer pairs with the device, arbitrary code executes with root permissions.

It is recommended that all users upgrade to bluez-utils version 2.19 immediately.

Ignite-UX

Ignite-UX is an HP-UX administration toolset that aids in the deployment of multiple installations of HP-UX across a network. An unspecified security vulnerability in Ignite-UX that involves file permissions may be exploitable to gain access to client data on the server running Ignite-UX. In addition, under some conditions a copy of the system password file may be exposed to unauthorized remote view.

HP recommends that affected users apply the appropriate update to correct the vulnerability. HP-UX users should contact HP for more information and resolutions.

CPAINT

CPAINT, the Cross-Platform Asynchronous INterface Toolkit, provides AJAX (Asynchronous JavaScript+XML) and JSRS (JavaScript Remote Scripting) back-end support. Several bugs and problems have been reported in CPAINT that could result in arbitrary code being executed.

Users are encourage to upgrade to the latest release of CPAINT.

Awstats

Awstats is a web-based, web server log analyzing tool. Versions of Awstats earlier than 6.5 are reported to be vulnerable due to a lack of input validation on the referrer information in the web server log. Successfully exploiting this vulnerability may allow a remote attacker to execute arbitrary Perl code with the permissions of the user account analyzing the logs.

All users of Awstats should upgrade to version 6.5 or newer as soon as possible and should disable all URLPlugins until Awstats has been updated.

Clam AntiVirus

Clam AntiVirus, a Unix-based virus scanning tool for email attachments, is reported to contain buffer overflows in code that handles TNEF, CHM, and FSG file formats.

Affected users should upgrade to version 0.86.2 or newer of Clam AntiVirus as soon as possible.

Gaim

Gaim is a messaging client that supports many different instant messaging protocols, including those of the AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks. Several vulnerabilities have been announced that could result in a denial-of-service condition, or possibly in arbitrary code being executed as the victim.

Users of Gaim should upgrade to version 1.5.0 or newer.

Noel Davis works as a Unix system administrator. He first started using Unix in 1994 when he purchased a copy of Yggdrasil Plug-and-play Linux Summer 1994 Release.

Read more Security Alerts columns.

Return to LinuxDevCenter.com