Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Gentoo Linux Advisories: Monit, MPlayer, OpenLDAP, Squid, Fetchmail

Apr 01, 2004, 20:55 (0 Talkback[s])

Gentoo Linux Security Advisory GLSA 200403-14

http://security.gentoo.org


Severity: High
Title: Multiple Security Vulnerabilities in Monit
Date: March 31, 2004
Bugs: #43967
ID: 200403-14


Synopsis

A denial of service and a buffer overflow vulnerability have been found in Monit.

Background

Monit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system.

Affected packages


Package Vulnerable Unaffected
app-admin/monit <= 4.1 >= 4.2

Description

A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing.

An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests.

Impact

An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

Monit users should upgrade to version 4.2 or later:

     # emerge sync
     # emerge -pv ">=app-admin/monit-4.2"
     # emerge ">=app-admin/monit-4.2"

References

[ 1 ] http://www.securityfocus.com/bid/9098
[ 2 ] http://www.securityfocus.com/bid/9099

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.


Gentoo Linux Security Advisory GLSA 200403-13

http://security.gentoo.org


Severity: High
Title: Remote buffer overflow in MPlayer
Date: March 31, 2004
Bugs: #46246
ID: 200403-13


Synopsis

MPlayer contains a remotely exploitable buffer overflow in the HTTP parser that may allow attackers to run arbitrary code on a user's computer.

Background

Quote from http://mplayerhq.hu

"MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5 and even WMV movies, too."

Affected packages


Package Vulnerable Unaffected
mplayer <= 0.92 >= 0.92-r1
mplayer <= mplayer-1.0_pre2 >= mplayer-1.0_pre2-r1
mplayer <= mplayer-1.0_pre3 >= mplayer-1.0_pre3-r3

Description

A vulnerability exists in the MPlayer HTTP parser which may allow an attacker to craft a special HTTP header ("Location:") which will trick MPlayer into executing arbitrary code on the user's computer.

Impact

An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

MPlayer may be upgraded as follows:

x86 and sparc:

    # emerge sync
    # emerge -pv ">=media-video/mplayer-0.92-r1"
    # emerge ">=media-video/mplayer-0.92-r1"

amd64:

    # emerge sync
    # emerge -pv ">=media-video/mplayer-1.0_pre2-r1"
    # emerge ">=media-video/mplayer-1.0_pre2-r1"

ppc:

    # emerge sync
    # emerge -pv ">=media-video/mplayer-1.0_pre3-r2"
    # emerge ">=media-video/mplayer-1.0_pre3-r2"

References

[ 1 ] http://www.mplayerhq.hu/homepage/design6/news.html

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.


Gentoo Linux Security Advisory GLSA 200403-12

http://security.gentoo.org


Severity: Normal
Title: OpenLDAP DoS Vulnerability
Date: March 31, 2004
Bugs: #26728
ID: 200403-12


Synopsis

A failed password operation can cause the OpenLDAP slapd server, if it is using the back-ldbm backend, to free memory that was never allocated.

Background

OpenLDAP is a suite of LDAP-related application and development tools. It includes slapd (the standalone LDAP server), slurpd (the standalone LDAP replication server), and various LDAP libraries, utilities and example clients.

Affected packages

Package Vulnerable Unaffected
net-nds/openldap <= 2.1.12 >= 2.1.13

Description

A password extended operation (password EXOP) which fails will cause the slapd server to free() an uninitialized pointer, possibly resulting in a segfault. This only affects servers using the back-ldbm backend.

Such a crash is not guaranteed with every failed operation, however, it is possible.

Impact

An attacker (or indeed, a normal user) may crash the OpenLDAP server, creating a Denial of Service condition.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

OpenLDAP users should upgrade to version 2.1.13 or later:

    # emerge sync
    # emerge -pv ">=net-nds/openldap-2.1.13"
    # emerge ">=net-nds/openldap-2.1.13"

References

[ 1 ] http://www.openldap.org/its/index.cgi?findid=2390

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.


Gentoo Linux Security Advisory GLSA 200403-11

http://security.gentoo.org


Severity: Normal
Title: Squid ACL [url_regex] bypass vulnerability
Date: March 30, 2004
Bugs: #45273
ID: 200403-11


Synopsis

Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circumstances; the url_regex ACL may not properly detect the malicious URL, allowing the attacker to effectively bypass the ACL.

Background

Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features.

Affected packages

Package Vulnerable Unaffected
net-www/squid < 2.5.5 >= 2.5.5

Description

A bug in Squid allows users to bypass certain access controls by passing a URL containing "%00" which exploits the Squid decoding function. This may insert a NUL character into decoded URLs, which may allow users to bypass url_regex access control lists that are enforced upon them.

In such a scenario, Squid will insert a NUL character after the"%00" and it will make a comparison between the URL to the end of the NUL character rather than the contents after it: the comparison does not result in a match, and the user's request is not denied.

Impact

Restricted users may be able to bypass url_regex access control lists that are enforced upon them which may cause unwanted network traffic as well as a route for other possible exploits. Users of Squid 2.5STABLE4 and below who require the url_regex features are recommended to upgrade to 2.5STABLE5 to maintain the security of their infrastructure.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of Squid.

Resolution

Squid can be updated as follows:

    # emerge sync
    # emerge -pv ">=net-www/squid-2.5.5"
    # emerge ">=net-www/squid-2.5.5"

References

[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189
[ 2 ] http://www.squid-cache.org/Advisories/SQUID-2004_1.txt

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.


Gentoo Linux Security Advisory GLSA 200403-10

http://security.gentoo.org


Severity: Normal
Title: Fetchmail 6.2.5 fixes a remote DoS
Date: March 30, 2004
Bugs: #37717
ID: 200403-10


Synopsis

Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.

Background

Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols.

Affected packages

Package Vulnerable Unaffected
net-mail/fetchmail <= 6.2.4 >= 6.2.5

Description

Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not properly allocate memory for long lines in an incoming email.

Impact

Fetchmail users who receive a malicious email may have their fetchmail program crash.

Workaround

While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.

Resolution

Fetchmail users should upgrade to version 6.2.5 or later:

    # emerge sync
    # emerge -pv ">=net-mail/fetchmail-6.2.5"
    # emerge ">=net-mail/fetchmail-6.2.5"

References

[ 1 ] http://xforce.iss.net/xforce/xfdb/13450
[ 2 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.