SuSE: 'WindowMaker' buffer overflow
Summary
______________________________________________________________________________
SuSE Security Announcement
Package: wmaker/WindowMaker
Announcement-ID: SuSE-SA:2001:032
Date: Thursday, September 20th 2001 15:10 MEST
Affected SuSE versions: (6.0, 6.1, 6.2,) 6.3, 6.4, 7.0, 7.1, 7.2
Vulnerability Type: remote privilege escalation
Severity (1-10): 5
SuSE default package: no
Other affected systems: all Unix systems running
Window Maker < 0.65.1
Content of this advisory:
1) security vulnerability resolved: Window Maker
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The window manager Window Maker was found vulnerable to a buffer overflow
due to improper bounds checking when setting the window title.
An attacker can remotely exploit this buffer overflow by using malicious
web page titles or terminal escape sequences to set a excessively long
window title.
This attack can lead to remote command execution with the privileges of
the user running Window Maker.
A temporary fix does not exist; we recommend to update your system with
the new RPM from our FTP server.
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Uhv file.rpm" to apply
the update.
After installing the updated RPM
- run /sbin/SuSEconfig (the central configuration utility in SuSE Linux
distributions)
- restart your window manager. If this is not possible for configura-
tional reasons, restart your x-session.
i386 Intel Platform:
SuSE-7.2
0f5508e10089deecf34b51ab8c007bbf
source rpm:
6472b87eb8a841d5cefe4f0889f9b4e1
SuSE-7.1
39c69fab92923eca0cf1f0e077232fef
source rpm:
a8c32f85125bbe7bf041335100e447b8
SuSE-7.0
d825fa6cd78643e880bb89464594a464
source rpm:
bd6e55a9b16e836065f59b4dc824416f
SuSE-6.4
7de5a334c4fbbeb6ef3d79d197a585c1
source rpm:
4471d22b705b8b24a1808729a32d1764
SuSE-6.3
8c8453b37e7b69008be2be4929a62d80
source rpm:
0c96f81234e787a48b8d2df4e698843a
Sparc Platform:
SuSE-7.1
c19bc73ccc235bbd35d1e8953cfbabbb
source rpm:
e60425cb8ae38b16a3aac3fa23a6c54f
SuSE-7.0
9f0a23eddb8b9dbfc07288871388ff34
source rpm:
a95d995b1ea164b8c93a9fc308f703d1
AXP Alpha Platform:
SuSE-7.1
55cf56c7bea8fa3e9cf7ca2c90457249
source rpm:
7b5bc50ad9e854dc2858a1b0a08385d5
SuSE-7.0
6e7e01c1a1ef1e2ac751638dd7e31d21
source rpm:
2ee34d67aba5c06878623e3ca50f47d1
SuSE-6.4
dcbfdaf729cb823046f3dc6e913fcf1b
source rpm:
3d045c4fd65d2ce9b69a1890d71fd59a
SuSE-6.3
6c17c78ef0fe2971b29fe1a2300c4fc3
source rpm:
f01b2923ebc6e4e6a52b75e8597cbe50
PPC PowerPC Platform:
SuSE-7.1
00f099cc26983691641ed041441abfc2
source rpm:
1941b4c46eeb3e4fe4a7e3a1c79ae8a5
SuSE-7.0
f5ef503d073a7e9e34cf28e4eb56fbaa
source rpm:
362468904bd119c44f2c2baa1312a116
SuSE-6.4
0408f29d40eebf5bbc84bdcf14a03c5f
source rpm:
50c1a727aec53feb76f451854657b6c8
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- SuSE Linux distributions do not contain the sftp-server as described by
Peter W <peterw@usa.net> (Message-ID: <20010918082406.M14947@usa.net>)
on the bugtraq mailing list and are therefore not vulnerable to the
problems found.
- A new worm called "Nimda" has been reported in the wild. It attacks
IIS webservers and uploads a file called "readme.eml" which is being
downloaded by the client's browser. Some versions of the Internet
Explorer even execute this file without the user's knowledge. A
temporary workaround for sites that use a squid proxy to access the
internet would be to add these three lines to the /etc/squid.conf
file:
# filter Nimda worm files:
acl nimda urlpath_regex -i \.eml$
acl nimda urlpath_regex -i \.nws$
http_access deny nimda
Do not forget to reload your squid server (/usr/sbin/rcsquid reload)!
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
References