More bugs as Linux is targeted by fake security e-mail

Linux vendors have been hit by two fresh security bugs, affecting a widely used graphics decoder and the Gaim instant-messaging client.

Separately, Red Hat Inc., the biggest Linux developer, said attackers have begun targeting Red Hat users with an email-based scam similar to methods commonly used to target Windows.

The flaws in Gaim and libtiff, used by many Linux graphics programs to decode tiff images, follow a series of serious bugs patched last week. The earlier flaws affected Linux’s libpng, Xpdf and Cups components.

Researcher Chris Evans uncovered a series of boundary errors affecting the RLE-decoding components of libtiff, which could be exploited to cause heap-based buffer overflows. A malicious user could exploit these flaws by tricking a user into viewing a maliciously crafted tiff image with an application that uses libtiff, researchers said; such an image could crash the application and execute malicious code on the user’s computer.

Evans said the specific flaws he publicized are likely to be only the tip of the iceberg. “Unfortunately, due to the size of libtiff, only a limited scan for flaws was possible. These flaws are likely to typify others present,” he said in an advisory.

A second flaw in libtiff, a division-by-zero bug discovered by Matthias Claasen, could crash libtiff-linked applications. Finally, auditing by Dmitry Levin uncovered integer overflows which could also be used to execute arbitrary code on a user’s PC, according to an advisory from Danish security firm Secunia.

Novell Inc.’s Suse Linux AG and Red Hat issued advisories on the libtiff flaw late last week, along with patches for the component.

The bug in Gaim, also publicized last week, can be exploited by sending a specially crafted message using the MSN SLP protocol. A boundary error within the handling of such messages can be exploited to cause a buffer overflow, crash the application and execute arbitrary code, Secunia said.

MandrakeSoft SA said bugs affecting version 0.75 of Gaim, which ships with Mandrake Linux 10.0, included the way the application handles smiley themes and very long URLs. Both bugs could allow malicious code execution, MandrakeSoft said. MandrakeSoft, Gentoo, Red Hat, Slackware and others are issuing patches for Gaim.

The Gaim client is widely used on Linux systems to simulate third-party instant messaging clients such as those from Yahoo Inc., America Online Inc. and Microsoft Corp.

Red Hat said on Saturday that users have been targeted by an authentic-looking security notification message which attempts to trick users into downloading and executing malicious code.

“These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code,” Red Hat said in a warning posted on the front page of its security site. The company urged users to ensure that any security updates appearing to come from Red Hat are safe by validating the messages’ digital signature.

The message was made more authentic-looking by the use of a seemingly official Website, — which was unavailable as of Monday morning. Before the site disappeared, it contained a message urging users to apply a “critical-critical” update.

“Red Hat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges,” the site said. “The Red Hat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update.”

Windows users are frequently bombarded by authentic-seeming malicious messages appearing to come from Microsoft, but the technique is a novelty for Linux. Until recently, Linux was rarely used as a desktop platform, but has now gained some ground and, by some counts, is more widely used on the desktop than the Mac OS.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now