Red Hat Inc. released a spate of security advisories Wednesday, warning users of three separate buffer overflow
flaws in Red Hat Enterprise Linux.
The Linux distributor urged users to apply the latest patches available from Red Hat Network.
Buffer overflow vulnerabilities could enable an outside to execute code of their choice on a flawed server or PC.
Two flaws were found in Ethereal, an open source application that monitors network traffic. A buffer overflow flaw was found in the MMSE dissector in Ethereal 0.10.1 through 0.10.3. By exploiting this hole, an attacker could either crash a computer or run malicious code.
Other flaws were found in Ethereal in versions older than 0.10.4 where a malicious SIP, AIM or SPNEGO packet could cause it to crash.
Ethereal is found in Red Hat Enterprise Linux 3 enterprise server and workstation server for the i386, Itanium2 and x86 64-bit platforms. RHEL advanced server, advanced workstation and enterprise server 2.1 are affected as well.
Buffer overflows were also found in the Kerberos network authentication system. Users should upgrade to Kerberos 5 packages, Red Hat said. Those packages repair problems in the krb5_aname_to_localname library function in all versions up to and including 1.3.3. Some functions won't properly check the lengths of buffers storing Kerberos principal names.
This flaw is not as serious because only specific Kerberos configurations create the flaw conditions -- and these conditions are not the default, Red Hat said.
Buffer overflow problems were also found in the NTLM authentication protocol found in Squid, an open source Web proxy cache. An attacker could remotely exploit this flaw and execute code of his choice by sending Squid a lengthy password.
However, NTLM is not enabled by default in Red Hat Enterprise Linux 3. Version 2.1 is not vulnerable because it ships with a version of Squid that does not contain NTLM.
Red Hat also reported fixes for CVS, a version control system that manages source code repositories shipped with several Red Hat releases.
"An attacker who has access to a CVS server may be able to execute arbitrary code under the UID on which the CVS server is executing," said the Red Hat advisory.
CVS users should upgrade to the latest package, which includes backported patches, Red Hat said.