LWN.net Logo

LWN.net Weekly Edition for December 16, 2004

The Linux Core Consortium courts Debian

The Linux Core Consortium is an effort by Conectiva, Mandrakesoft, Progeny and Turbolinux to create a single, Linux Standard Base-compliant core distribution which each distributor can then use as a base for their products. The idea is to share some of the distribution engineering work and, simultaneously, to create a widely distributed, standard platform which independent software vendors can target for their products. See this LWN article for more information on the LCC.

Bruce Perens has recently proposed to the Debian project that it work with the LCC. There are, according to Bruce, a few reasons why Debian would want to do that:

The first is that we should be influencing this group to do things the Debian way, where that is important. The second is that the group plans to lower the overhead of hardware and application vendor certification for all of its participants, and we could really use that sort of support. The third is that the group would make certification by LSB and other standards bodies easier for all of the participants.

Ian Murdock, the founder of the Debian project, has his own reasons for encouraging Debian to join:

How does Debian benefit from LCC? It's a route to the ISV and IHV certifications that Debian has always lacked, and it is the lack of these certifications that's preventing Debian from standing alongside Red Hat and Novell/SuSE in the commercial space despite comparable (and arguably greater) popularly. The industry simply doesn't know how to engage us, and LCC provides them with a vehicle for doing that.

Appealing to vendors of proprietary software has never been high on the Debian Project's list of priorities. Ian claims that vendor support is important, however, if Linux is to remain an open, free platform in the increasingly commercial context in which it operates.

Working with the LCC would, essentially, require Debian to help develop, and then distribute, a set of standard binaries used by all LCC-based distributions. All of these distributions would use the same (binary) kernel, the same libraries, and many of the same configuration mechanisms. The use of identical binaries goes beyond the requirements of the LSB, which only requires that the same binary interface (ABI) be available. Ian claims that the LSB approach has proved to be insufficient:

...while there are numerous LSB-certified distros, there are exactly zero LSB-certified applications. The reason for this is that "substantially the same" isn't good enough--ISVs want *exactly the same*, and there's a good reason for that, as evidenced by the fact that while Debian is technically (very nearly) LSB compliant, there are still a lot of edge cases like file system and package namespace differences that fall outside the LSB that vastly complicate the "certify to an ABI, then support all distros that implement the ABI as defined by whether or not it passes a test kit" model.

As one might imagine, there is some resistance within the Debian Project to distributing a set of binaries (including the kernel) provided by an outside organization. It will be a hard sell; from your editor's reading of the debate, the early signs are that the Debian developers aren't buying it. Debian users like to have a great deal of control over their systems, and the LCC looks like a way of giving up some of that control with no immediate benefits in sight.

Comments (16 posted)

Porting free software to Windows

December 15, 2004

This article was contributed by Joe 'Zonker' Brockmeier.

A recent debate between KDE developers raises an interesting question: Does it help or hurt to port open source applications to closed platforms, such as Windows? One side argues that availability of open source applications on Windows diminishes the chances that users will choose to migrate to Linux or *BSD. The other side argues that open source on Windows can bridge the gap between Linux and Windows, thus making it easier for users to (eventually) migrate.

First, there is the question of goals. While Microsoft has a coherent set of goals, the open source community does not. Some projects are dedicated to spreading open source as an end unto itself, others just see open source as the best model for their specific project. If the goal is simply to foster adoption of a specific application, like Firefox or OpenOffice.org, then porting that application to Windows is without question the right strategy. The vast majority of desktop users are on Windows, and it makes little sense to ask users to switch operating systems to use one application.

However, if the goal is to spread open source in general, then one has to wonder whether users are likely to migrate to a new operating system if the best applications for that system (or most of them, anyway) are also available on the closed system that they're familiar with. The vast majority of users are motivated by factors other than licensing.

This is not the first time the debate has been raised, nor is it likely to be the last. However, this may be a good time to look at the situation. Linux is acknowledged as a mainstream server operating system, but still looked at as a fringe desktop operating system. Desktop applications on Linux are starting to reach parity in ease-of-use and feature sets with their Windows counterparts, thus making it a viable platform for Windows users to migrate to, should they so choose. At the same time, many of those applications are available on Windows, allowing Windows users to adopt open source applications without migrating away from Windows. If this is the final result, then most Linux users would see porting open source applications to Windows as undesirable. As Aaron Seigo writes:

The more software we port to Windows the more we reinforce this application availability imbalance and strengthen the user's inertia to stay on Windows. If users had to make a choice between Windows or Linux (or BSD) when it came to getting access to better applications they would find they had a motivation to switch. And switch they would.

There is, however, the possibility that users will be more likely to adopt Linux or *BSD if they have a positive experience with some of the open source applications on Windows. Change is scary for many users, and it may be better to provide a means to gradually adjust to open source platforms rather than expecting a user to plunge in headlong and learn to swim right away. It's also worth considering that many Windows users would never be exposed to open source applications if they are not available on Windows. It's one thing to hear wonderful things about OpenOffice.org, Firefox, The Gimp, Apache or KDE, but another thing entirely to actually use those applications and become comfortable with them.

For organizations, the gradual approach may be the best way to ensure the adoption of open source. As "pipitas" argues:

Even at the present stage there is a considerable share of IT desicion makers in enterprises and government bodies who seriously evaluate options and costs of a switch over. For most, it now looks like "all or nothing," and a big jump. A too big one in many cases. So they refrain. So they sign another 5 year contract with MS...

To chop the task into smaller pieces, to take the direction, but only a few steps for now, to smooth the transition out over a period of time is very difficult. And it costs. Not only do you have to train the users. You also need to re-train the IT teams. So Microsoft is of course playing on the card of Total Cost of Ownership (TOC), with a liiiiiittle bit of (every marketeer's) exageration, but with a tiny bit of valid argument too. They keep winning, albeit often by a small margin. And they even start losing some rounds, lately.

Both sides make compelling arguments. There are, no doubt, users and organizations that will adopt a handful of open source applications and stop there. Other users and organizations will adopt Firefox, OpenOffice.org and other open source applications and decide to go further.

In the end, however, it's hard to argue for spreading open source by restricting users' choice. Most Linux users resent Microsoft for restricting their choices when using Windows, so it's somewhat hypocritical to suggest that Windows users should have to make an "all or nothing" choice to use Linux or *BSD to benefit from open source. While there's a risk that users will choose to stay on Windows, it's the ability to choose that led most of us to Linux in the first place.

Comments (27 posted)

Ubuntu Conference: The Mataró Sessions

The Ubuntu Conference was already in full swing by the time I arrived, late last Friday. Canonical employs thirty-seven people, located in twelve countries, and most of them are here in Mataró. For some this is their first chance to meet and talk to fellow developers face to face. The entire conference has been a series of workshops, BOFs and hack sessions all revolving around Ubuntu, LaunchPad and the various components of LaunchPad. A few visitors have joined in here and there, but only the sessions last Saturday were targeted to visitors. Presentations have mostly been in English, although Saturday's sessions were translated into Spanish and Catalan for the benefit of the many Spanish visitors. People drift in and out, but over all attendance averages around fifty people, and at least double that on Saturday.

The conference is located at the Hotel NH Ciutat de Mataró, also home for most of the Canonical staff and your LWN editor. A typical day starts out with a buffet breakfast in the hotel dining room. All Canonical staff meet in the main conference room at 9:00 AM before breaking into smaller groups to talk about and hack on the various projects. The hotel provides a pack lunch so people can munch and continue working. By around 8 or 9 PM it's time to head for dinner at one of the many restaurants in Mataró. This is also done in smaller groups as some continue hacking until late and some go looking for different types of food. Mataró is on the Mediterranean coast so the weather is mild. Natives wear coats and scarves and hats, but those of us from more northerly climes find it pleasant with no more light a jacket even late at night.

Canonical projects underway here at the conference include Ubuntu and the upcoming Hoary Hedgehog release, the proposed KDE version called Kubuntu and the application suite LaunchPad, with many a late night hack session devoted to one of the LaunchPad applications. For more on LaunchPad and its applications see Ubuntu Conference: The LaunchPad workshop. Briefly, the applications so far are the translation tool Rosetta, package manager Soyuz, version control system Bazaar, and bug tracker Malone.

I chatted with Canonical founder Mark Shuttleworth briefly on Wednesday over lunch and asked him how Canonical plans to make money. Ubuntu is free, and LaunchPad will be free to use, but Canonical does aim to make some money in support. Additionally, he hopes to get some government grants to build localized distributions. By using the still incomplete LaunchPad suite it will be easy to create distributions for a wide variety of the world's subcultures.

For now he keeps costs low by limiting the number of developers assigned to any particular project and by not having a centralized office, and enjoys Python hacking with his staff of talented developers. He also knows what he's willing to spend to make Canonical self-sustaining and how long that should take (though he did not share details with your editor). If it doesn't happen he'll pull the plug and move on. We're hoping that it does work out and Canonical will manage to survive, not only because Ubuntu is a nice distribution and quite stable on this laptop, but also because if LaunchPad can become the suite that Mark envisions, it could be as revolutionary as Linux itself. For now LaunchPad remains largely vaporware, with the exception of Rosetta, so it is too soon to tell if it can really live up to its potential, but with the team that Mark has put together it stands a good chance.

This is Rebecca Sobol reporting from Mataró Spain.

Comments (none posted)

Ubuntu Conference: The LaunchPad workshop

Here at the Ubuntu Conference in Mataró Spain, Canonical developers are meeting with each other and with representatives of the Spanish government and other guests to talk about Ubuntu and LaunchPad, an application suite currently in development at Canonical. This article focuses mainly on the workshops that took place on December 11, wherein government representatives and other guests were treated to a view of some of the LaunchPad applications.

Mark and Carlos The workshops began with an introduction by Mark Shuttleworth (right) and Carlos González, from the Secretaria de Telecomunicacions i Societat de la Informació de la Generalitat de Catalunya. Attendees included other government representatives, members of the Hispalinux community, the local press, and your roving LWN reporter.

Carlos explained that Mataró is located in Catalunya, where Catalan is the local language and the local Linux distribution is Càtix. Other regions in Spain have their own language and culture, and each region wants to preserve that language and culture, and this is reflected in a variety of local Linux distributions customized into the various local languages.

Mark and Alfonso Alfonso de Cala, of Guadalinex, was the next speaker, leading a brainstorming session aimed at identifying the problems and frustrations of Linux developers throughout Spain. He noted that this diversity of cultures within Spain has led to the creation of numerous derived Linux distributions, with little or no collaboration between developers. Not only are distributions localized for the region, they are also tailored for use by different types of users. This has led to much wasted effort as developers from around the country each tackle the same problems and independently maintain a shared code base. The end result is more fragmentation, when what is needed is more shared code and collaboration.

During Alfonso's presentation we learned that the second version of Guadalinex has been released and that thousands of people use Guadalinex in schools, at home and at work. Guadalinex offers technical and non-technical support. Also Guadalinex shares many of the same problems that are faced by developers around Spain and around the world. Here is a short list of areas, as identified by the audience, in which small distributions, particularly those derived from larger distributions, are having problems.

  • Bugs: All software projects have bugs. Many end-users don't know how to send in a bug report or where to send their bug report. Bug tracking is not synchronized with upstream. Users of a stable (old) release want bugs fixed, but developers are more interested in the newest release. If all bugs are reported to one person, that person gets swamped, so there needs to be a better way of determining where bugs should go. Developers want bug reports but they don't need to wade through many reports for the same bug.

  • Translations: Translations can be difficult. A user interface might be translated many times, some translations will be better than others, but the best translations may never be incorporated upstream.

  • Support and Training: In open source software the components of a distribution come from many sources. Who does the end user go to for support and training?

  • Hardware: Many types of hardware are supported, but a small distribution doesn't have access to all hardware. Even a stable Enterprise distribution needs to be able to support new hardware.

  • Code Management - Branding and Configuration: Code needs to be customized without breakage. Changes need to be compatible with upstream. Users should be able to tweak the configuration in a way that remains supportable.

  • Standardization and Convergence: All distributions need a standard base, a standard user interface, and standard configuration tools. The standard needs to allow for desired diversity. It needs to be easier for people who don't speak English to be involved and contribute to projects.

  • Certification: Companies need to run a distribution that is certified for those third party applications (like Oracle) that they need. Localized distributions can not get certified easily.

  • Distribution creation tools: Better tools are needed.

  • Release schedules: Coordinating distribution release schedules with the schedules of including applications.

Once the problems were identified it was time to talk about how LaunchPad might provide at least some of the solutions. The three LaunchPad applications closest to release are Rosetta, Malone and Soyuz. We should note here that while LaunchPad tools are designed to be used with open source software, they will not themselves be released as open source, at least not initially.

Rosetta: Due for its first release this week, Rosetta may be out by the time you read this. This translation tool provides an easy-to-use web interface for translators, making it easy for a non-technical translator to provide a translation for an application. How does that work? Take any application included in your distribution. The user interface is typically presented in English. To localize the application you could go into the code and change all the strings to the language of choice. Then you'll have to recompile, deal with any introduced errors, and have a version of code that is different from upstream. Worse, the process starts over with each update to the application, even when the application's interface remains the same.

Now imagine that you have translators from all over world who use Rosetta's interface to edit a POTemplate (or POT file) for that application. The application needs only to be aware that POT files exist to present the end user with an interface in their chosen language. New translations can be added and existing translations can be improved without any change to the code. Rosetta keeps track of translations and can export new or improved translations back to the original application. Rosetta can also show you your entire distribution to see what has been translated, and what still needs to be translated.

Right now Rosetta only works with code, changing the face of the application for the non-English speaking user. Later releases of Rosetta will be able to handle man pages, DocBook and OpenOffice documents, and do spell checking. Those interested in using Rosetta may join the mailing list at rosetta-users@lists.ubuntu.com .

Malone: Another piece of LaunchPad is Malone, an extraordinary bug tracking tool. Malone is for developers, not for end users to fill with their bug reports. It will coordinate with other tools such as Bugzilla, tracking bugs both upstream and between distributions. A developer using Malone will be able to see if a bug has been fixed, and where it was fixed so that the fixes can be incorporated into their own distribution. Expect to hear more about Malone in early 2005.

Mako and Ismael Leading up to a brief look at Soyuz, a central tool in LaunchPad's arsenal, Benjamin "Mako" Hill and Ismael Olea led a discussion on collaboration and convergence. Various barriers to collaboration and convergence were identified, some political, some practical. The more distribution developers can work together the better it gets. When developers can not or will not collaborate then they will duplicate each other's work, sometimes fragmenting the code as application A in distribution Z diverges from the same application in distribution X.

A few of the barriers to collaboration and convergence include government secrecy, lack of communication/language barriers, geography/time zones, different deadlines and priorities, lack of resources, infrastructure, branding, unrealistic requirements, different hardware/architectures, and so on. The idea of LaunchPad is to provide tools that will eliminate as many barriers as possible, so that all Linux distributions can share more and developers can spend less time reinventing the wheel. Soyuz is the package tracker, helping the developer to track the packages in the distribution, upload and build source, track bugs, keep information about the packages and their maintainers and provide a wrapper around the version control system. LaunchPad's version control system is called Bazaar and it's forked from Arch. But that's a story for another article.

This is Rebecca Sobol reporting from Mataró Spain.

Comments (12 posted)

A couple of LWN notes

As has become our tradition, we will not publish the LWN.net Weekly Edition the week of December 30. We'll return to the usual schedule with the January 6, 2005 edition. The daily updates will continue to happen over the holidays.

For various reasons, the 2004 Linux Timeline will be released a little later than usual. Rest assured that it is in progress, and that it will be out by the end of the year.

Comments (4 posted)

Page editor: Jonathan Corbet

Security

Anatomy of a kernel vulnerability

The Linux kernel has seen a great deal of code auditing work. Even so, longstanding security issues turn up regularly. Consider, for example, the __scm_send() vulnerability recently disclosed by Paul Starzetz. This problem, present in the 2.6.9 kernel, is also present in 2.4; it has been there for some years.

This particular vulnerability hits the kernel socket API. Messages sent with the sendmsg() system call can have, embedded within them, control messages which can be used to transfer certain access rights to the recipient of the message. The control message header is defined as:

struct cmsghdr {
	__kernel_size_t	cmsg_len;	/* data byte count, including hdr */
        int		cmsg_level;	/* originating protocol */
        int		cmsg_type;	/* protocol-specific type */
};

These control messages are passed to __scm_send() for checking. One of the first things done with each control message is to look at the length of the message; the 2.6.9 code which performs this check looks like this:

if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
    (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
		    + cmsg->cmsg_len) > msg->msg_controllen)
	goto error;

The programmer who wrote this code probably thought that all the bases were covered; the control message length was verified to be at least the minimum necessary, but not so large as to overflow the space allocated for control messages in the structure read in from kernel space.

The problem is that the cmsg_len field is of type __kernel_size_t, which is an unsigned integer type. If a very large value is stored in cmsg_len, it will cause an overflow in this calculation:

	((char*)cmsg - (char*)msg->msg_control) + cmsg->cmsg_len)

When this overflow occurs, the resulting sum can be a small number, so cmsg_len does not appear to be overly large to this particular test. At a later point, however, that length will be added to a pointer into the list of control messages. Once again, the addition will cause an integer overflow, with the result that the pointer moves backward.

The exploit created by Mr. Starzetz works by creating a message with two embedded control messages. The second one sets cmsg_len to -12. That length gets translated to a very large unsigned number (0xfffffff4 on 32-bit systems); it happens to be just the right value to bump the pointer in __scm_send() backward in the list, where it encounters the same control message structure again. An infinite loops results.

Interestingly, this particular vulnerability seems to have been found by another researcher at about the same time. The fix was merged on December 8; the identification of the bug is credited to Georgi Guninski. It is, in any case, fixed, at least for 2.6.10. Some distributors have already made updated kernels available.

Comments (none posted)

Security reports

Vulnerability in Slash CVS

An advisory has gone out for users of the CVS version of the "Slash" weblog software. It seems a fairly serious vulnerability has been found in that code; details will be released shortly. The Slash hackers are recommending that people running sites upgrade to the current CVS version at their first opportunity.

Full Story (comments: none)

New vulnerabilities

atari800: buffer overflows

Package(s):atari800 CVE #(s):CAN-2004-1076
Created:December 14, 2004 Updated:December 14, 2004
Description: Multiple buffer overflows have been found in atari800, an Atari emulator. Since this program is installed setuid root, these overflows could be exploited by a local user to gain superuser access.
Alerts:
Debian DSA-609-1 2004-12-14

Comments (none posted)

file: stack overflow

Package(s):file CVE #(s):
Created:December 14, 2004 Updated:December 14, 2004
Description: The file utility has a stack overflow in its ELF header parsing code which could be exploited by an attacker to execute arbitrary code. Version 4.12 contains the fix.
Alerts:
Gentoo 200412-07 2004-12-13

Comments (none posted)

kernel: IGMP and scm_send vulnerabilities

Package(s):kernel CVE #(s):CAN-2004-1016 CAN-2004-1137
Created:December 14, 2004 Updated:January 4, 2005
Description: Paul Starzetz has discovered a new pair of kernel vulnerabilities. The IGMP code suffers from input validation and integer overflow vulnerabilities which could be remotely exploitable, and the socket function __scm_send() has a local denial of service vulnerability.
Alerts:
Fedora FEDORA-2004-582 2005-01-03
Fedora FEDORA-2004-581 2005-01-03
Ubuntu USN-47-1 2004-12-23
SuSE SUSE-SA:2004:044 2004-12-21
Trustix TSLSA-2004-0068 2004-01-19
Ubuntu USN-38-1 2004-12-14

Comments (none posted)

ncpfs: buffer overflow

Package(s):ncpfs CVE #(s):CAN-2004-1079
Created:December 15, 2004 Updated:December 22, 2004
Description: The (setuid root) ncplogin and ncpmap utilities in ncpfs (prior to version 2.2.5) contain an exploitable buffer overflow.
Alerts:
Gentoo 200412-09 2004-12-15

Comments (none posted)

PHProjekt: configuration modification

Package(s):phprojekt CVE #(s):
Created:December 14, 2004 Updated:December 14, 2004
Description: Versions of PHProjekt prior to 4.2-r1 contain a setup vulnerability which can allow a non-admin remote user to change the configuration.
Alerts:
Gentoo 200412-06 2004-12-10

Comments (none posted)

vim: modeline problems

Package(s):vim CVE #(s):CAN-2004-1138
Created:December 15, 2004 Updated:February 24, 2005
Description: A new set of modeline-related vulnerabilities has been discovered in versions of vim prior to 6.3-r2. These vulnerabilities could conceivably be exploited by a local user to obtain the privileges of another user.
Alerts:
Fedora-Legacy FLSA:2343 2005-02-23
Mandrake MDKSA-2005:003 2005-01-06
Ubuntu USN-52-1 2004-12-23
Red Hat RHSA-2005:010-01 2005-01-05
OpenPKG OpenPKG-SA-2004.052 2004-12-15
Gentoo 200412-10 2004-12-15

Comments (none posted)

Updated vulnerabilities

a2ps: input validation error

Package(s):a2ps CVE #(s):CAN-2004-1170 CAN-2004-1377
Created:November 26, 2004 Updated:December 19, 2005
Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus.
Alerts:
Fedora-Legacy FLSA:152870 2005-12-17
Mandriva MDKSA-2005:097 2005-06-07
OpenPKG OpenPKG-SA-2005.003 2005-01-17
Gentoo 200501-02 2005-01-04
Debian DSA-612-1 2004-12-20
Mandrake MDKSA-2004:140 2004-11-25

Comments (none posted)

apache: arbitrary code execution

Package(s):apache CVE #(s):CAN-2004-0940
Created:October 29, 2004 Updated:December 14, 2004
Description: According to an Apache announcement, a vulnerability exists in the Apache HTTP server, version 1.3. The problem is a potential buffer overflow in the "get_tag" function of Apache's SSI module "mod_include". It allows local users who can create SSI documents to execute arbitrary code as the Apache run-time user via SSI documents that trigger a content length calculation error.
Alerts:
Red Hat RHSA-2004:600-01 2004-12-13
Mandrake MDKSA-2004:134 2004-11-15
Debian DSA-594-1 2004-11-17
Trustix TSLSA-2004-0056 2004-11-05
Gentoo 200411-03 2004-11-02
Slackware SSA:2004-305-01 2004-11-01
OpenPKG OpenPKG-SA-2004.047 2004-10-29

Comments (none posted)

aspell: bounds checking problem

Package(s):aspell CVE #(s):CAN-2004-0548
Created:June 17, 2004 Updated:December 20, 2004
Description: Aspell's word-list-compress utility fails to properly check bounds when dealing with words that are more than 256 bytes long. This can lead to arbitrary code execution by an attacker.
Alerts:
Mandrake MDKSA-2004:153 2004-12-20
OpenPKG OpenPKG-SA-2004.042 2004-09-15
Gentoo 200406-14 2004-06-17

Comments (none posted)

cdrecord: failure to drop privilege

Package(s):cdrecord CVE #(s):CAN-2004-0806
Created:September 8, 2004 Updated:February 21, 2005
Description: The cdrecord utility, which is installed setuid on some distributions, fails to drop privilege before running a user-specified program.
Alerts:
Fedora-Legacy FLSA:2058 2005-02-20
Gentoo 200409-18 2004-09-14
Fedora FEDORA-2004-298 2004-09-09
Fedora FEDORA-2004-297 2004-09-09
Mandrake MDKSA-2004:091 2004-09-07

Comments (none posted)

ncompress: Buffer overflow

Package(s):compress uncompress ncompress CVE #(s):CAN-2001-1413
Created:October 11, 2004 Updated:December 14, 2004
Description: compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. By supplying a carefully crafted filename or other option, an attacker could execute arbitrary code on the system. A local attacker could only execute code with his own rights, but since compress and uncompress are called by various daemon programs, this might also allow a remote attacker to execute code with the rights of the daemon making use of ncompress.
Alerts:
Red Hat RHSA-2004:536-01 2004-12-13
Gentoo 200410-08 2004-10-09

Comments (none posted)

cyrus-sasl: remote buffer overflow

Package(s):cyrus-sasl CVE #(s):CAN-2004-0884
Created:October 7, 2004 Updated:March 16, 2005
Description: cyrus-sasl has a vulnerability involving a buffer overflow in the digestmda5.c file. A remote attacker may be able to compromise the system. Also, a local user may be able to exploit a vulnerability by using the SASL_PATH environment variable.
Alerts:
Mandrake MDKSA-2005:054 2005-03-15
SuSE SUSE-SA:2005:013 2005-03-03
Fedora-Legacy FLSA:2137 2005-02-17
OpenPKG OpenPKG-SA-2005.004 2005-01-28
Conectiva CLA-2004:889 2004-11-11
Debian DSA-568-1 2004-10-16
Debian DSA-563-3 2004-10-14
Debian DSA-563-2 2004-10-12
Debian DSA-563-1 2004-10-12
Trustix TSLSA-2004-0053 2004-10-08
Mandrake MDKSA-2004:106 2004-10-07
Red Hat RHSA-2004:546-02 2004-10-07
Gentoo 200410-05 2004-10-07

Comments (none posted)

dhcp: format string vulnerability

Package(s):dhcp CVE #(s):CAN-2004-1006
Created:November 4, 2004 Updated:July 13, 2005
Description: Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server.
Alerts:
Fedora-Legacy FLSA:152835 2005-07-10
Red Hat RHSA-2005:212-01 2005-04-12
Debian DSA-584-1 2004-11-04

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Red Hat RHSA-2005:005-01 2005-01-05
Debian DSA-154-1 2002-08-15

Comments (none posted)

flim: insecure file creation

Package(s):flim CVE #(s):CAN-2004-0422
Created:May 5, 2004 Updated:December 16, 2004
Description: The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files.
Alerts:
Fedora FEDORA-2004-546 2004-12-15
Red Hat RHSA-2004:344-01 2004-08-18
Debian DSA-500-1 2004-05-01

Comments (none posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

FreeRADIUS: denial of service

Package(s):freeradius CVE #(s):CAN-2004-0938 CAN-2004-0960 CAN-2004-0961
Created:September 22, 2004 Updated:February 2, 2005
Description: FreeRADIUS (through version 1.0.1) suffers from several denial of service vulnerabilities in its packet reception code.
Alerts:
Fedora-Legacy FLSA:2187 2005-02-01
Red Hat RHSA-2004:609-01 2004-11-12
Gentoo 200409-29 2004-09-22

Comments (none posted)

gaim: buffer overflow in MSN protocol

Package(s):gaim CVE #(s):CAN-2004-0891
Created:October 25, 2004 Updated:February 11, 2005
Description: A buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
Alerts:
Fedora-Legacy FLSA:2188 2005-02-10
Red Hat RHSA-2004:604-01 2004-10-20
Mandrake MDKSA-2004:117 2004-11-01
Ubuntu USN-8-1 2004-10-27
Gentoo 200410-23 2004-10-24
Slackware SSA:2004-296-01 2004-10-25

Comments (none posted)

Gallery: cross-site scripting vulnerability

Package(s):Gallery CVE #(s):CAN-2004-1106
Created:November 8, 2004 Updated:January 17, 2005
Description: Jim Paris has discovered a cross-site scripting vulnerability in Gallery. By sending a carefully crafted URL, an attacker can inject and execute script code in the victim's browser window, and potentially compromise the users gallery.
Alerts:
Debian DSA-642-1 2005-01-17
Gentoo 200411-10:01 2004-11-06

Comments (none posted)

gtk2, gdk-pixbuf: buffer overflows

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2004-0753 CAN-2004-0782 CAN-2004-0783 CAN-2004-0788
Created:September 15, 2004 Updated:February 25, 2005
Description: The gdk-pixbuf and gtk2 libraries contain vulnerabilities in their handling of BMP and XPM files which can lead to denial of service and, potentially, code execution attacks.
Alerts:
Fedora-Legacy FLSA:2005 2005-02-23
Conectiva CLA-2004:875 2004-10-18
Slackware SSA:2004-266-02 2004-09-22
Gentoo 200409-28 2004-09-21
Mandrake MDKSA-2004:095-1 2004-09-17
SuSE SUSE-SA:2004:033 2004-09-17
Debian DSA-549-1 2004-09-17
Red Hat RHSA-2004:447-02 2004-09-15
Debian DSA-546-1 2004-09-16
Red Hat RHSA-2004:466-01 2004-09-15
Red Hat RHSA-2004:447-01 2004-09-15
Mandrake MDKSA-2004:095 2004-09-15
Fedora FEDORA-2004-289 2004-09-15
Fedora FEDORA-2004-288 2004-09-15
Fedora FEDORA-2004-287 2004-09-15
Fedora FEDORA-2004-286 2004-09-15

Comments (none posted)

gettext: Insecure temporary file handling

Package(s):gettext CVE #(s):CAN-2004-0966
Created:October 11, 2004 Updated:March 1, 2006
Description: gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Alerts:
Mandriva MDKSA-2006:051 2006-02-28
Fedora-Legacy FLSA:136323 2006-01-09
Gentoo 200410-10:02 2004-10-10
OpenPKG OpenPKG-SA-2004.055 2004-12-23
Ubuntu USN-5-1 2004-10-27
Gentoo 200410-10 2004-10-10

Comments (1 posted)

ghostscript: symlink vulnerabilities

Package(s):ghostscript CVE #(s):CAN-2004-0967
Created:October 20, 2004 Updated:September 28, 2005
Description: The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks.
Alerts:
Red Hat RHSA-2005:081-01 2005-09-28
Ubuntu USN-3-1 2004-10-27
Gentoo 200410-18 2004-10-20

Comments (none posted)

glibc: Information leak with LD_DEBUG

Package(s):glibc CVE #(s):CAN-2004-1453
Created:August 17, 2004 Updated:May 26, 2005
Description: Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidential information. An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precedence over those symbols to gain information or perform further exploitation.
Alerts:
Red Hat RHSA-2005:256-01 2005-05-18
Gentoo 200408-16 2004-08-16

Comments (1 posted)

glibc: tempfile vulnerability in catchsegv script

Package(s):glibc CVE #(s):CAN-2004-0968
Created:October 21, 2004 Updated:November 14, 2005
Description: The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script.
Alerts:
Fedora-Legacy FLSA:152848 2005-11-13
Red Hat RHSA-2005:261-01 2005-04-28
Debian DSA-636-1 2005-01-12
Mandrake MDKSA-2004:159 2004-12-29
Red Hat RHSA-2004:586-01 2004-12-20
Fedora FEDORA-2004-356 2004-11-11
Ubuntu USN-4-1 2004-10-27
Gentoo 200410-19 2004-10-21

Comments (none posted)

gnome-vfs: backend script vulnerabilities

Package(s):gnome-vfs CVE #(s):CAN-2004-0494
Created:August 4, 2004 Updated:February 21, 2005
Description: Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat.
Alerts:
Fedora-Legacy FLSA:1944 2005-02-20
Whitebox WBSA-2004:373-01 2004-08-19
Red Hat RHSA-2004:373-01 2004-08-04

Comments (none posted)

groff: insecure temporary directory

Package(s):groff CVE #(s):CAN-2004-0969
Created:November 1, 2004 Updated:February 9, 2006
Description: Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Mandriva MDKSA-2006:038 2006-02-08
Gentoo 200411-15 2004-11-08
Ubuntu USN-13-1 2004-11-01

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Debian DSA-710-1 2005-04-18
Mandrake MDKSA-2003:093 2003-09-18
Conectiva CLA-2003:737 2003-09-12
Red Hat RHSA-2003:264-01 2003-09-09
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:126-01 2003-04-14

Comments (none posted)

gzip: insecure temporary files

Package(s):gzip CVE #(s):CAN-2004-0970
Created:November 8, 2004 Updated:December 7, 2004
Description: Trustix developers discovered insecure temporary file creation in supplemental scripts in the gzip package which may allow local users to overwrite files via a symlink attack.
Alerts:
Mandrake MDKSA-2004:142 2004-12-06
Debian DSA-588-1 2004-11-08

Comments (none posted)

hpsockd: missing input sanitizing

Package(s):hpsockd CVE #(s):CAN-2004-0993
Created:December 3, 2004 Updated:December 8, 2004
Description: "infamous41md" discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect.
Alerts:
Debian DSA-604-1 2004-12-03

Comments (none posted)

ImageMagick: EXIF buffer overflow

Package(s):ImageMagick CVE #(s):CAN-2004-0981
Created:November 8, 2004 Updated:December 8, 2004
Description: ImageMagick fails to do proper bounds checking when handling image files with EXIF information. An attacker could use an image file with specially-crafted EXIF information to cause arbitrary code execution with the permissions of the user running ImageMagick. See this advisory for more information.
Alerts:
Red Hat RHSA-2004:636-01 2004-12-08
Mandrake MDKSA-2004:143 2004-12-06
Debian DSA-593-1 2004-11-16
Gentoo 200411-11:01 2004-11-06

Comments (none posted)

imlib: buffer overflows in image decoding

Package(s):imlib CVE #(s):CAN-2004-1026
Created:December 6, 2004 Updated:January 13, 2005
Description: Pavel Kankovsky discovered that several overflows found in the libXpm library also applied to imlib. He also fixed a number of other potential flaws. A remote attacker could entice a user to view a carefully-crafted image file, which would potentially lead to execution of arbitrary code with the rights of the user viewing the image. This affects any program that makes use of the imlib library.
Alerts:
Mandrake MDKSA-2005:007 2005-01-12
Gentoo 200501-19 2005-01-11
Ubuntu USN-55-1 2005-01-06
Debian DSA-628-1 2005-01-06
Ubuntu USN-53-1 2004-12-29
Debian DSA-618-1 2004-12-24
Red Hat RHSA-2004:651-01 2004-12-10
Gentoo 200412-03 2004-12-06

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

iproute: local denial of service

Package(s):iproute net-tools CVE #(s):CAN-2003-0856
Created:November 25, 2003 Updated:December 14, 2004
Description: The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible.
Alerts:
Mandrake MDKSA-2004:148 2004-12-13
Fedora FEDORA-2004-154 2004-06-03
Fedora FEDORA-2004-115 2004-05-11
Debian DSA-492-1 2004-04-18
Gentoo 200404-10 2004-04-09
Red Hat RHSA-2003:316-01 2003-11-24

Comments (none posted)

iptables: missing initialization

Package(s):iptables CVE #(s):CAN-2004-0986
Created:November 1, 2004 Updated:February 11, 2005
Description: Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on its own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least.
Alerts:
Fedora-Legacy FLSA:2252 2005-02-10
Ubuntu USN-81-1 2005-02-11
Mandrake MDKSA-2004:125 2004-11-04
Debian DSA-580-1 2004-11-01

Comments (none posted)

kernel: vulnerabilities in the smb file system

Package(s):kernel CVE #(s):CAN-2004-0883 CAN-2004-0949
Created:November 19, 2004 Updated:December 14, 2004
Description: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. See these advisories: Linux kernel binfmt_elf loader vulnerabilities and Memory leak in 2.4.27 kernel for more information.
Alerts:
Red Hat RHSA-2004:504-01 2004-12-13
Red Hat RHSA-2004:505-01 2004-12-13
Red Hat RHSA-2004:549-01 2004-12-02
SuSE SUSE-SA:2004:042 2004-12-01
Ubuntu USN-30-1 2004-11-18

Comments (1 posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

libgd2: buffer overflows in PNG handling

Package(s):libgd2 CVE #(s):CAN-2004-0990 CAN-2004-0941
Created:October 29, 2004 Updated:June 28, 2006
Description: Several buffer overflows have been discovered in libgd's PNG handling functions.
If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function.
Alerts:
Mandriva MDKSA-2006:114 2006-06-27
Red Hat RHSA-2006:0194-01 2006-02-01
Fedora-Legacy FLSA:152838 2005-07-15
Red Hat RHSA-2004:638-01 2004-12-17
Ubuntu USN-33-1 2004-11-29
Debian DSA-602-1 2004-11-29
Debian DSA-601-1 2004-11-29
Mandrake MDKSA-2004:132 2004-11-15
Ubuntu USN-25-1 2004-11-15
Fedora FEDORA-2004-412 2004-11-11
Fedora FEDORA-2004-411 2004-11-11
Ubuntu USN-21-1 2004-11-09
Debian DSA-591-1 2004-11-09
Debian DSA-589-1 2004-11-09
Gentoo 200411-08 2004-11-03
OpenPKG OpenPKG-SA-2004.049 2004-10-30
Ubuntu USN-11-1 2004-10-28

Comments (none posted)

libpng: multiple vulnerabilities

Package(s):libpng CVE #(s):CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
Created:August 4, 2004 Updated:February 10, 2005
Description: There is yet another set of holes in libpng, versions 1.2.5 and prior, which can be exploited by a malicious image file; see this advisory from Chris Evans or this CERT advisory for details.
Alerts:
Fedora-Legacy FLSA:1943 2005-02-08
Red Hat RHSA-2004:421-01 2004-08-04
Gentoo 200408-22 2004-08-23
Whitebox WBSA-2004:402-01 2004-08-19
Mandrake MDKSA-2004:082 2004-08-12
Slackware SSA:2004-223-01 2004-08-09
Slackware SSA:2004-223-02 2004-08-07
Slackware SSA:2004-222-01b 2004-08-10
Slackware SSA:2004-222-01 2004-08-07
Conectiva CLA-2004:856 2004-08-06
Trustix TSLSA-2004-0040 2004-08-05
Gentoo 200408-03 2004-08-05
Debian DSA-536-1 2004-08-04
Mandrake MDKSA-2004:079 2004-08-04
SuSE SUSE-SA:2004:023 2004-08-04
Red Hat RHSA-2004:402-01 2004-08-04
OpenPKG OpenPKG-SA-2004.035 2004-08-04

Comments (1 posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:February 28, 2005
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

libxpm4: stack and integer overflows

Package(s):libxpm4 CVE #(s):CAN-2004-0687 CAN-2004-0688
Created:September 16, 2004 Updated:February 14, 2005
Description: There are several stack and integer overflow bugs in the libXpm code of XFree86 that may be used for a denial of service.
Alerts:
Conectiva CLA-2005:924 2005-02-14
Red Hat RHSA-2005:004-01 2005-01-12
Red Hat RHSA-2004:537-01 2004-12-02
Ubuntu USN-27-1 2004-11-17
Mandrake MDKSA-2004:124 2004-11-04
Debian DSA-561-1 2004-10-11
Gentoo 200410-09 2004-10-09
Debian DSA-560-1 2004-10-07
Red Hat RHSA-2004:479-01 2004-10-06
Red Hat RHSA-2004:478-01 2004-10-04
Gentoo 200409-34 2004-09-27
SuSE SUSE-SA:2004:034 2004-09-17
Mandrake MDKSA-2004:099 2004-09-15
Mandrake MDKSA-2004:098 2004-09-15

Comments (none posted)

logcheck: symlink vulnerability

Package(s):logcheck CVE #(s):CAN-2004-0404
Created:April 21, 2004 Updated:December 22, 2004
Description: The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files.
Alerts:
Mandrake MDKSA-2004:155 2004-12-22
Debian DSA-488-1 2004-04-16

Comments (none posted)

lvm10: creates insecure temporary directory

Package(s):lvm10 CVE #(s):CAN-2004-0972
Created:November 1, 2004 Updated:July 25, 2005
Description: Trustix Secure Linux discovered a vulnerability in a supplemental script of the lvm10 package. The program "lvmcreate_initrd" created a temporary directory in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Alerts:
Fedora-Legacy FLSA:152842 2005-07-24
Mandrake MDKSA-2004:144 2004-12-06
Gentoo 200411-22 2004-11-11
Debian DSA-583-1 2004-11-03
Ubuntu USN-15-1 2004-11-01

Comments (none posted)

Midnight Commander: extfs vfs vulnerability

Package(s):mc CVE #(s):CAN-2004-0494
Created:September 2, 2004 Updated:January 5, 2005
Description: Midnight Commander has a vfs vulnerability with shell quoting in extfs perl scripts.
Alerts:
Red Hat RHSA-2004:464-02 2005-01-05
Red Hat RHSA-2004:464-01 2004-09-15
Fedora FEDORA-2004-273 2004-09-01
Fedora FEDORA-2004-272 2004-09-01

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Fedora FEDORA-2005-405 2005-06-16
Red Hat RHSA-2005:506-01 2005-06-13
Fedora FEDORA-2005-404 2005-06-09
Gentoo 200307-01 2003-07-02
Debian DSA-320-1 2003-06-13

Comments (none posted)

mirrorselect: insecure temporary file creation

Package(s):mirrorselect CVE #(s):
Created:December 7, 2004 Updated:December 8, 2004
Description: Ervin Nemeth discovered that mirrorselect creates temporary files in world-writable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When mirrorselect is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.
Alerts:
Gentoo 200412-05:02 2004-12-07

Comments (none posted)

mozilla products: arbitrary code execution and other vulnerabilities

Package(s):mozilla firefox thunderbird CVE #(s):CAN-2004-0902 CAN-2004-0903 CAN-2004-0904 CAN-2004-0905 CAN-2004-0908
Created:September 20, 2004 Updated:January 13, 2005
Description: Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. See the CERT advisory for details.
Alerts:
Gentoo 200501-03 2005-01-05
Fedora-Legacy FLSA:2089 2004-10-27
Conectiva CLA-2004:877 2004-10-22
Mandrake MDKSA-2004:107 2004-10-19
SuSE SUSE-SA:2004:036 2004-10-06
Red Hat RHSA-2004:486-01 2004-09-30
Slackware SSA:2004-266-03 2004-09-22
Gentoo 200409-26 2004-09-20

Comments (none posted)

mpg123: buffer overflow bug

Package(s):mpg123 CVE #(s):CAN-2004-0805
Created:September 16, 2004 Updated:January 11, 2005
Description: The mpg123 audio playing utility has a buffer overflow bug that may allow arbitrary execution of code.
Alerts:
Gentoo 200501-14 2005-01-10
Debian DSA-564-1 2004-10-13
Mandrake MDKSA-2004:100 2004-09-22
Gentoo 200409-20 2004-09-16

Comments (none posted)

mpg321: format string vulnerability

Package(s):mpg321 CVE #(s):CAN-2003-0969
Created:January 6, 2004 Updated:March 28, 2005
Description: A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming).
Alerts:
Gentoo 200503-34 2005-03-28