The Grumpy Editor's guide to 2005
An inevitable part of the new-year ritual is the posting of predictions for
the coming twelve months. Your editor, having access to a moderately high
soapbox, feels it would be morally wrong to fail to make use of that
soapbox to make an absolute fool out of himself. To that end, here are a
few ideas for what we might see in the coming year. As always, these
predictions are offered in the hope that they will be useful, but they
carry NO WARRANTY regarding any correspondence with reality as experienced
in your timezone or as to whether they make sense at all.
Development
This will be the year for free desktop infrastructure. Yes, there
will be a long series of high-profile application releases, with
OpenOffice.org 2.0 being, arguably, at the top of the list. But 2005 will
be the year when projects like
HAL and
D-BUS stabilize and
see wide deployment, and when the reinvigorated X.Org development team
starts making some truly big strides. The kernel's support for
contemporary video cards will be rationalized and improved. Perhaps there
will even be a place for Mono. The convergence of all this new, low-level
support code, combined with increased cooperation between desktop projects
for low-level support, will build the base for the next generation of
amazing free desktop applications.
Free databases will see some high-profile deployments. The adoption
of free database management systems is still in an early stage. Things
will progress in 2005, to the point that some proprietary database vendors
will see the need to start competing directly against the free
alternatives. Perhaps 2005 is when we'll see some real free database FUD.
There will be no 2.7 kernel in 2005, despite the requests for such a
release from some quarters. The 2.6 process will continue to merge changes
at a staggering rate, and nothing will come along which is so disruptive
that it forces the creation of a new development series. The steady series
of complaints about the quality of the 2.6 mainline releases will force
some changes to the process - we may see more frequent releases or true
"release candidates" for wider testing. But the simple fact is that the
kernel developers - and the distributors who have the job of delivering
stable kernels to their customers - are happy with things as they are, and
will not be in a hurry to go back to the older way of doing things.
Commercial
Red Hat will find something to do with its cash pile. The company
currently has about $1 billion (almost half of its market
capitalization) in the bank - much of that cash is the result of a debt
sale one year ago. As Red Hat's management tries to push the company's
stock price back up, it will have to find something more productive to do
with that money. It would not be surprising to see an acquisition or two
happen in the near future.
The market for not-quite-enterprise distributions will grow. There
are no end of companies looking to gain the benefits of switching to Linux,
but who do not want to pay the hefty "enterprise Linux" price tag. Many of
these companies will realize that high-quality Linux can be had for less,
and will look to companies with credible support offerings. Companies like
Progeny, Ubuntu, and Specifix may be well placed to thrive in this market.
The UserLinux distributed support network model looks an awful lot like the
early Red Hat "support partner" program, and risks ending up the same way.
Embedded Linux will gain a higher profile, especially as a base for
a new round of "personal media player" gadgets. Expect some fireworks as
some of these devices - and their built-in DRM schemes - prove to be more
hackable than the entertainment industry would like.
Very few companies will buy Linux indemnification policies, making
life difficult for insurance vendors like OSRM.
Distributions
Debian will get a new stable release out, one way or another. Much
of the user base for stable Debian releases will, however, have moved on to
offshoot distributions like Ubuntu. There will be a new round of
soul-searching within the Debian Project over the value of its stable
distribution and what that distribution should be.
Community involvement in Fedora will increase, mostly through
outside maintenance of some non-core packages. Red Hat will maintain a
firm grip on important decisions, however. Don't expect to see an open
Fedora developers' conference in 2005.
Legal and political
Thanks to serious activism and the entry of several countries into the EU,
software patents will not be enacted in Europe in 2005. One thing
your editor has seen many times, however, is that the commercial forces
behind this kind of legislation do not ever give up. While their current
push looks to be headed for failure, the issue will remain, and the fight
will go on.
A new round of copyright legislation will hit the U.S. Congress.
The entertainment industry will attempt to strengthen its control and find
some sort of legislative solution to file sharing over increasingly
decentralized networks. Fair use activists will try again for copyright
and DMCA reform. Neither side is likely to get far. The entertainment
industry may get caught engaging in increasingly dirty denial of service
attacks on peer-to-peer networks and their users.
This one should be fairly obvious: 2005 will see the end of SCO.
The company's remaining cases will fall apart in court, and its cash will
run out. In retrospect, it will become clear that the SCO lawsuit has
actually been a good thing for free software: it has proved how clean our
code is now, made developers more aware of the potential for such lawsuits
in the future, and has made many large companies take a clear position in
the defense of free software. The next company that tries to extract
payments from the free software business world will find a climate which is
far less hospitable to that sort of litigation; for this reason, your
editor believes there will not be a new major intellectual property suit
related to Linux in the coming year.
In conclusion...
More people will notice that Linux users don't have spyware and adware
problems, which will be getting steadily worse on other platforms.
This issue, alone, will cause more people to look at free software. Many
will get their feet wet with Firefox and stop there, but others will take
the full plunge. As proprietary systems are turned into zombies which spam
and spy on their alleged owners, pure exasperation will push a new round of
Linux adoption.
Your editor expects many things to continue as they have been. An
increasing number of developers will work to create ever more powerful
applications. More and more people will awaken to the value of free
software, and they will look seriously at using it. Some people will even
figure out ways to make money from it. And, inevitably, Linux will
continue to be fun - even for a grumpy editor.
Comments (14 posted)
Looking forward to OpenOffice.org 2.0
As the OpenOffice.org development team closes in on the 2.0 release, we
thought we'd take a look at the suite and see how the 2.0 version is
shaping up. Since OpenOffice.org 2.0 is still in development, it's to be
expected that some features do not work or work poorly, and that its stability isn't
at a level appropriate for a finished application. The 1.9.65 build of
OpenOffice.org certainly lives up to that expectation, and should only be
deployed for testing purposes.
We installed OpenOffice.org 1.9.65 from the snapshot builds page
on a SUSE 9.2 system. Unlike previous versions of OpenOffice.org,
version 1.9.x is being distributed in "native" installer format for
various systems. The Linux build is available as an RPM rather than the old
OpenOffice.org setup application.
One of the goals for the 2.0 release of OpenOffice.org is for the
application to start faster than previous releases. At this point in
development, the startup for OpenOffice 1.9.65 is not noticeably faster
than 1.1.3, however.
Let's start with the word-processing application, Writer. The sad fact is
that OpenOffice.org could be the best word processor ever invented -- but
if it fails to import Microsoft Word documents well, it will have a tough
time in the general market. This is also true of other OpenOffice.org
applications, so we spent a good deal of time testing Office compatibility.
To test out the Word and other Microsoft document import features, this
reporter searched for Microsoft Office documents on Google using the
"filetype" search feature. Writer is still better at importing Microsoft
Word documents than AbiWord, and 1.9.65 does a slightly better job of
importing Microsoft Office files than 1.1.3. There still seem to be a few
glitches. One Word document, for example, looked almost perfect, with the
exception of a bulleted list presented outside the page borders.
The interface for Writer has changed very little, so users who are familiar
with Writer already will be able to jump right in to the next
version. There are a number of noteworthy new features in Writer aside from
its Microsoft Word compatibility. This version of Writer allows an author
to count words in a selection, in addition to counting words in the entire
document. Nested table support has also improved in this version, which
will also help with importing complex Microsoft Word documents.
![[OOo Impress screenshot]](/images/ns/impress-sm.jpg)
The Impress interface has changed quite a bit, with floating toolbars for
formatting and a tabbed interface to switch between views of the
document. This reporter likes the new interface a little more, but the
transitions between views are a bit jarring. The "slide sorter" view is
particularly nice if one needs to re-arrange a presentation quickly.
Calc looks and feels the same as its predecessor. It has undergone a few
improvements under the hood, however. In particular, Calc's limitation of
32,000 rows has been removed. Calc can now handle sheets with up to 65,536
rows, which is the same as Microsoft Excel. We tested this by importing a
CSV document with 59,621 rows. Calc had no problem importing this document
or saving it as a native OpenOffice.org file.
Calc is a bit better at importing Excel files with odd text formatting than
Gnumeric, but Gnumeric does still seem to have the edge
in supported functions. Calc fails several tests in Gnumeric's
testing files which test for Excel compatibility.
One of the big additions to OpenOffice.org 2.0 is a database application
like Microsoft Access. The OO.org Base application is, or should be, a nice
addition to the OpenOffice.org suite when it's complete. Unfortunately,
Base isn't very stable at the moment, and testing usually resulted in a
complete crash in a short time. The Table Wizard is very user-friendly, but
each time this reporter tried to create a database using the Wizard,
OpenOffice.org would crash at the final step.
Unfortunately, the entire suite is only as stable as its least-stable
component. When Base crashed, it brought down the entire suite in one fell
swoop. This is a bit of a design flaw, as a user with Writer, Calc and Base
open will have all applications crash simultaneously. This did give us a
chance to work with the document recovery wizard. At startup,
OpenOffice.org would try to recover all documents open at the time of the
crash. OpenOffice.org's recovery feature was fairly dependable, but this
reporter is looking forward to using it a little less often.
There are also a number of features that can be found throughout the
OpenOffice.org suite rather than any specific application. The native file
formats have changed to the OASIS Open
Document Format for Office Applications. OpenOffice.org applications
still support the older format, but new files are saved in the new format
by default unless the user changes default file format preferences. Users
have a great deal of flexibility in this area, including the ability to
save in Microsoft Office formats if they prefer.
OpenOffice.org 2.0 also has a document conversion wizard that allows the
user to convert older OpenOffice.org and Microsoft Office documents into
the new OpenOffice.org document formats. Rather than forcing the user to
convert documents one at a time, the wizard allows a user to convert all
documents in a directory at once. This feature isn't quite error-free just
yet.
We were also interested in OpenOffice.org 2.0's digital signatures
feature. Apparently, OpenOffice.org will allow the user to sign or verify
macros and documents in the new format. Unfortunately, this feature didn't
seem to be working in the 1.9.65 build.
From a test of the 1.9.65 build, it's pretty clear that the
OpenOffice.org project has a way to go before it's finished. However, this
release
does provide a pretty good overview of what to expect, and it does look
like 2.0 will be a formidable suite when finished.
For LWN readers who wish to participate in testing, or just see what else
is on the way, a feature
guide to 2.0 is available. According to the roadmap,
the OpenOffice.org project should be releasing a 2.0 beta some time this
month, with a final release tentatively planned for March of this year.
Comments (9 posted)
The LWN.net 2004 Linux Timeline
Much happens in the Linux world over the course of a year. 2004 saw
ongoing legal and political fights, new distributions, big releases of
major applications, a new mode for kernel development, and more. This
timeline is our attempt to separate out the most significant developments
of the year and present them in a concise and enjoyable format. It
continues an annual LWN tradition; it is the seventh in the series.
This is version 0.9 of the 2004 timeline.
If you find any remaining major omissions, please send them
to us at timeline@lwn.net; please do
not post errors or omissions as comments until after we have had a chance
to address them.
The development of the LWN.net Linux Timeline was supported by LWN
subscribers; if you like what you see, please consider subscribing to LWN.
As usual, the timeline is split up by month. We apologize that a "one big
page" version is not available at this time.
The LWN.net Linux timelines from the last six years are still available:
Comments (5 posted)
Page editor: Jonathan Corbet
Security
The Honeynet report on Linux life expectancy
Numerous electrons have been expended on the recently-released
Honeynet report
(PDF) on the life expectancy of systems exposed to the Internet. That
report concluded that an unpatched Linux system would last, on the average,
for about three months before being compromised, while a Windows system had
a life expectancy measured in hours. That is an outcome which is certainly
welcome to those who are concerned about the security of Linux systems.
If you actually read the report, however, you'll find some interesting
things. The test, it would seem, was set up in a way designed to make the
Linux systems as easy as possible to compromise. Among other things:
- The Linux distributions installed were old: Red Hat Linux 7.2, SUSE
Linux 6.3, etc. The most current distribution installed was Fedora
Core 1, put on two boxes (neither of which was compromised)..
- These systems had a number of services installed; some of those
(i.e. SMB) are not necessarily something one would enable on systems
directly connected to the net.
- The systems were set up with easily guessed passwords as well.
Of the four Linux systems which were compromised, two of them fell to
brute-force password guessing. This episode may be a good lesson in why
choosing good passwords is still important, but it has nothing to do with
Linux security.
The report authors note that the expected lifetime of Linux systems has
increased - an interesting development, given that the net has not exactly
become a friendlier place. The authors guess, as usual, that the relative
popularity of Windows makes it a more attractive target. They also note,
however, that default Linux installations have become more secure over
time. Certainly much effort has gone toward that end; it is nice to see
that it is having an effect.
Comments (6 posted)
New vulnerabilities
debmake: insecure temp directories
| Package(s): | debmake |
CVE #(s): | CAN-2004-1179
|
| Created: | December 23, 2004 |
Updated: | January 4, 2005 |
| Description: |
debmake contains a script that can make insecure temporary directories.
This can be used by a symlink attack to create and overwrite arbitrary files. |
| Alerts: |
|
Comments (none posted)
htmlheadline: insecure temporary files
| Package(s): | htmlheadline |
CVE #(s): | CAN-2004-1181
|
| Created: | January 3, 2005 |
Updated: | January 4, 2005 |
| Description: |
Javier Fernández-Sanguino Peña has discovered multiple insecure uses
of temporary files that could lead to overwriting arbitrary files via
a symlink attack. |
| Alerts: |
|
Comments (none posted)
kdelibs: unwanted email origination
| Package(s): | kdelibs |
CVE #(s): | |
| Created: | January 4, 2005 |
Updated: | January 4, 2005 |
| Description: |
The Konqueror browser (via kdelibs) contains a vulnerability which can cause it to send email without the user's interaction or consent. See this bug report for details. |
| Alerts: |
|
Comments (none posted)
kernel: 32bit emulation privilege escalation
| Package(s): | kernel |
CVE #(s): | CAN-2004-1144
|
| Created: | December 23, 2004 |
Updated: | January 5, 2005 |
| Description: |
The 2.4 Linux Kernel on the AMD64 platform has a
missing argument checking vulnerability that can allow
a local attacker to gain root privileges. |
| Alerts: |
|
Comments (none posted)
LinPopUp: buffer overflow in message reply
| Package(s): | linpopup |
CVE #(s): | CAN-2004-1282
|
| Created: | January 4, 2005 |
Updated: | January 10, 2005 |
| Description: |
Stephen Dranger discovered that LinPopUp contains a buffer overflow in
string.c, triggered when replying to a remote user message. A remote
attacker could craft a malicious message that, when replied to using
LinPopUp, would exploit the buffer overflow. This would result in the
execution of arbitrary code with the privileges of the user running
LinPopUp. |
| Alerts: |
|
Comments (none posted)
netkit-telnet-ssl: format string vulnerability
| Package(s): | netkit-telnet-ssl |
CVE #(s): | CAN-2004-0998
|
| Created: | December 23, 2004 |
Updated: | January 4, 2005 |
| Description: |
telnetd-ssl has a format string vulnerability that may be
exploitable for executing arbitrary code. |
| Alerts: |
|
Comments (none posted)
pcal: buffer overflows
| Package(s): | pcal |
CVE #(s): | CAN-2004-1289
|
| Created: | January 5, 2005 |
Updated: | January 5, 2005 |
| Description: |
Two buffer overflows have been found in the pcal utility; they could be exploited by a hostile calendar file to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
PHProjekt: PHP code execution
| Package(s): | phprojekt |
CVE #(s): | |
| Created: | January 4, 2005 |
Updated: | January 4, 2005 |
| Description: |
PHProject, prior to version 4.2-r2, has a vulnerability wherein a remote attacker can define a global variable and execute arbitrary PHP code. |
| Alerts: |
|
Comments (none posted)
shoutcast server: buffer overflow
| Package(s): | shoutcast-server |
CVE #(s): | |
| Created: | January 5, 2005 |
Updated: | January 5, 2005 |
| Description: |
The shoutcast server contains a remotely exploitable buffer overflow vulnerability; upgrading to version 1.9.5 fixes the problem. |
| Alerts: |
|
Comments (none posted)
tetex: insecure temp files
| Package(s): | tetex |
CVE #(s): | |
| Created: | December 23, 2004 |
Updated: | January 4, 2005 |
| Description: |
The xdvizilla script can create insecure temporary files and directories,
allowing a symbolic link attack that can overwrite arbitrary files. |
| Alerts: |
|
Comments (none posted)
xpdf: buffer overflow
| Package(s): | xpdf |
CVE #(s): | CAN-2004-1125
|
| Created: | December 23, 2004 |
Updated: | April 1, 2005 |
| Description: |
xpdf has a
potential buffer overflow problem caused by insufficient input validation.
A specially crafted PDF file can allow an
attacker to execute code with privileges of the xpdf user. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
cdrecord: failure to drop privilege
| Package(s): | cdrecord |
CVE #(s): | CAN-2004-0806
|
| Created: | September 8, 2004 |
Updated: | February 21, 2005 |
| Description: |
The cdrecord utility, which is installed setuid on some distributions, fails to drop privilege before running a user-specified program. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
| Package(s): | cups |
CVE #(s): | CAN-2004-1267
CAN-2004-1268
CAN-2004-1269
CAN-2004-1270
|
| Created: | December 17, 2004 |
Updated: | February 9, 2005 |
| Description: |
cups has a denial of service vulnerability in the lppasswd utility
and a remote code execution vulnerability in the hpgltops filter. |
| Alerts: |
|
Comments (none posted)
cyrus-sasl: remote buffer overflow
| Package(s): | cyrus-sasl |
CVE #(s): | CAN-2004-0884
|
| Created: | October 7, 2004 |
Updated: | March 16, 2005 |
| Description: |
cyrus-sasl has a vulnerability involving a buffer overflow
in the digestmda5.c file. A remote attacker may be able
to compromise the system. Also, a local user may be able to
exploit a vulnerability by using the SASL_PATH environment
variable. |
| Alerts: |
|
Comments (none posted)
dhcp: format string vulnerability
| Package(s): | dhcp |
CVE #(s): | CAN-2004-1006
|
| Created: | November 4, 2004 |
Updated: | July 13, 2005 |
| Description: |
Dhcp has a format string vulnerability in the log functions of dhcp 2.x
that may be exploited via a malicious DNS server. |
| Alerts: |
|
Comments (none posted)
ethereal: multiple vulnerabilities
| Package(s): | ethereal |
CVE #(s): | CAN-2004-1139
CAN-2004-1140
CAN-2004-1141
CAN-2004-1142
|
| Created: | December 20, 2004 |
Updated: | January 13, 2005 |
| Description: |
There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.8, including:
- Bug in DICOM dissection discovered by Bing could make Ethereal crash
(CAN-2004-1139).
- An invalid RTP timestamp could make Ethereal hang and create a large
temporary file (CAN-2004-1140).
- The HTTP dissector could access previously-freed memory
(CAN-2004-1141).
- Brian Caswell discovered that an improperly formatted SMB could
make Ethereal hang (CAN-2004-1142).
|
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
FreeRADIUS: denial of service
| Package(s): | freeradius |
CVE #(s): | CAN-2004-0938
CAN-2004-0960
CAN-2004-0961
|
| Created: | September 22, 2004 |
Updated: | February 2, 2005 |
| Description: |
FreeRADIUS (through version 1.0.1) suffers from several denial of service vulnerabilities in its packet reception code. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow in MSN protocol
| Package(s): | gaim |
CVE #(s): | CAN-2004-0891
|
| Created: | October 25, 2004 |
Updated: | February 11, 2005 |
| Description: |
A buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows
remote attackers to cause a denial of service (application crash) and
possibly execute arbitrary code via an "unexpected sequence of MSNSLP
messages" that results in an unbounded copy operation that writes to the
wrong buffer. |
| Alerts: |
|
Comments (none posted)
Gallery: cross-site scripting vulnerability
| Package(s): | Gallery |
CVE #(s): | CAN-2004-1106
|
| Created: | November 8, 2004 |
Updated: | January 17, 2005 |
| Description: |
Jim Paris has discovered a cross-site scripting vulnerability in
Gallery. By sending a carefully crafted URL, an attacker can inject and
execute script code in the victim's browser window, and potentially
compromise the users gallery. |
| Alerts: |
|
Comments (none posted)
gtk2, gdk-pixbuf: buffer overflows
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788
|
| Created: | September 15, 2004 |
Updated: | February 25, 2005 |
| Description: |
The gdk-pixbuf and gtk2 libraries contain vulnerabilities in their handling of BMP and XPM files which can lead to denial of service and, potentially, code execution attacks. |
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: Information leak with LD_DEBUG
| Package(s): | glibc |
CVE #(s): | CAN-2004-1453
|
| Created: | August 17, 2004 |
Updated: | May 26, 2005 |
| Description: |
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidential information.
An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precedence over those
symbols to gain information or perform further exploitation. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnome-vfs: backend script vulnerabilities
| Package(s): | gnome-vfs |
CVE #(s): | CAN-2004-0494
|
| Created: | August 4, 2004 |
Updated: | February 21, 2005 |
| Description: |
Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat. |
| Alerts: |
|
Comments (none posted)
groff: insecure temp file
| Package(s): | groff |
CVE #(s): | CAN-2004-1296
|
| Created: | December 20, 2004 |
Updated: | January 17, 2005 |
| Description: |
Javier Fernández-Sanguino Peña discovered that the auxiliary scripts
"eqn2graph" and "pic2graph" created temporary files in an insecure
way, which allowed exploitation of a race condition to create or
overwrite files with the privileges of the user invoking the program. |
| Alerts: |
|
Comments (1 posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
imlib: buffer overflows in image decoding
| Package(s): | imlib |
CVE #(s): | CAN-2004-1026
|
| Created: | December 6, 2004 |
Updated: | January 13, 2005 |
| Description: |
Pavel Kankovsky discovered that several overflows found in the libXpm
library also applied to imlib. He also fixed a number of other potential
flaws. A remote attacker could entice a user to view a carefully-crafted
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the imlib library. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
iptables: missing initialization
| Package(s): | iptables |
CVE #(s): | CAN-2004-0986
|
| Created: | November 1, 2004 |
Updated: | February 11, 2005 |
| Description: |
Faheem Mitha noticed that the iptables command, an administration tool for
IPv4 packet filtering and NAT, did not always load the required modules on
its own as it was supposed to. This could lead to firewall rules not being
loaded on system startup. This caused a failure in connection with rules
provided by lokkit at least. |
| Alerts: |
|
Comments (none posted)
kerberos5: execution of arbitrary code by authenticated user
| Package(s): | kerberos5 |
CVE #(s): | CAN-2004-1189
|
| Created: | December 21, 2004 |
Updated: | February 15, 2005 |
| Description: |
There is a buffer overflow in the password history handling code of
libkadm5srv which could be exploited by an authenticated user to execute
arbitrary code on a Key Distribution Center (KDC) server. |
| Alerts: |
|
Comments (none posted)
kernel: IGMP and scm_send vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2004-1016
CAN-2004-1137
|
| Created: | December 14, 2004 |
Updated: | January 4, 2005 |
| Description: |
Paul Starzetz has discovered a new pair of kernel vulnerabilities. The IGMP code suffers from input validation and integer overflow vulnerabilities which could be remotely exploitable, and the socket function __scm_send() has a local denial of service vulnerability. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libpng: multiple vulnerabilities
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CAN-2004-1308
|
| Created: | December 22, 2004 |
Updated: | May 19, 2005 |
| Description: |
The libtiff image manipulation library contains several exploitable buffer overflows. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | February 28, 2005 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
libxpm4: stack and integer overflows
| Package(s): | libxpm4 |
CVE #(s): | CAN-2004-0687
CAN-2004-0688
|
| Created: | September 16, 2004 |
Updated: | February 14, 2005 |
| Description: |
There are several stack and integer overflow bugs in
the libXpm code of XFree86 that may be used for a denial of service. |
| Alerts: |
|
Comments (none posted)
lvm10: creates insecure temporary directory
| Package(s): | lvm10 |
CVE #(s): | CAN-2004-0972
|
| Created: | November 1, 2004 |
Updated: | July 25, 2005 |
| Description: |
Trustix Secure Linux discovered a vulnerability in a supplemental script of
the lvm10 package. The program "lvmcreate_initrd" created a temporary
directory in an insecure way, which could allow a symlink attack to create
or overwrite arbitrary files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
Midnight Commander: extfs vfs vulnerability
| Package(s): | mc |
CVE #(s): | CAN-2004-0494
|
| Created: | September 2, 2004 |
Updated: | January 5, 2005 |
| Description: |
Midnight Commander has a vfs vulnerability with shell quoting
in extfs perl scripts. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mozilla products: arbitrary code execution and other vulnerabilities
| Package(s): | mozilla firefox thunderbird |
CVE #(s): | CAN-2004-0902
CAN-2004-0903
CAN-2004-0904
CAN-2004-0905
CAN-2004-0908
|
| Created: | September 20, 2004 |
Updated: | January 13, 2005 |
| Description: |
Several vulnerabilities exist in the Mozilla web browser and derived
products, the most serious of which could allow a remote attacker to
execute arbitrary code on an affected system. See the CERT advisory for details. |
| Alerts: |
|
Comments (none posted)
mpg123: buffer overflow bug
| Package(s): | mpg123 |
CVE #(s): | CAN-2004-0805
|
| Created: | September 16, 2004 |
Updated: | January 11, 2005 |
| Description: |
The mpg123 audio playing utility has a buffer overflow
bug that may allow arbitrary execution of code. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
MPlayer: multiple overflows
Comments (none posted)
mysql: several vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2004-0835
CAN-2004-0836
CAN-2004-0837
|
| Created: | October 11, 2004 |
Updated: | April 6, 2005 |
| Description: |
Several problems have been discovered in MySQL. Oleksandr Byelkin noticed
that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table
instead of the new one. (CAN-2004-0835) Lukasz Wojtow noticed a buffer
overrun in the mysql_real_connect function. (CAN-2004-0836) Dean Ellis
noticed that multiple threads ALTERing the same (or different) MERGE tables
to change the UNION can cause the server to crash or stall. (CAN-2004-0837) |
| Alerts: |
|
