Blocking popups in FireFox
One of the most compelling features of Firefox, for many users, is its
built-in pop-up blocking. However, the advertising networks and webmasters
looking to inflict pop-up ads on users weren't content to allow Firefox
users (or anyone else, for that matter) to browse in peace. It's not
surprising that, as Firefox gains in popularity, the Mozilla team would be
faced with an "arms race" with advertisers determined to spawn pop-ups on
all visitors to sponsored sites.
This writer has recently noticed that some sites had begun spawning
pop-ups, despite the fact that Firefox's preferences had been configured to
block them. After so long without having to cope with pop-ups, it was
doubly annoying to see the nuisance starting all over again.
For the most part, before Firefox and other pop-up blockers appeared on the
scene, pop-ups and pop-unders were spawned by JavaScript as soon as a site
loads. The Firefox pop-up blocking settings were very successful in
blocking almost all pop-up ads. The notable exception, at least for this
user, was the New York Times website, which was one of the first sites to
find a workaround for Firefox's pop-up blocking.
JavaScript, however, is not the only method that can be used to spawn
pop-ups. Notably, Flash, Java and other plugins are capable of spawning
pop-ups and bypass the restrictions used to stop pop-ups spawned by
JavaScript. To start blocking pop-ups on sites that take advantage of
features in Flash or Java to spawn pop-ups, users can install the Pop-ups
Must Die! extension.
Alternately, users can get the same effect by manually fine-tuning
Firefox's settings. The first change, adding
"privacy.popups.disable_from_plugins" is described here.
The extension also changes the value of
"dom.popup_allowed_events" to block all allowed pop-up
events. This can be done by entering "about:config" in the Firefox address
bar, and finding "dom.popup_allowed_events," and removing all
of the options. These are the only two changes made by the extension.
The changes seem to have been very effective -- perhaps a little too
effective. Several users have complained that the extension blocks
requested pop-ups as well. This is true, but Firefox still allows users to
whitelist sites after a pop-up has been blocked by the new settings. This
writer considers it a small price to pay to avoid unrequested pop-ups. For
those who would rather deal with the occasional unrequested pop-up, one may
change "privacy.popups.disable_from_plugins" to "1" to allow
pop-ups to be opened when a link is clicked. This will limit the number of
windows opened by a link, so nefarious webmasters cannot open an unlimited
number of windows.
Determined webmasters, however, can find ways to inflict advertising on
users in other ways. Consider this site which was pointed out
in the discussion
about the "Pop-ups Must Die!" extension. Rather than spawning a pop-up, it
creates a frame within the window that blocks the content of the site until
the frame "window" is closed. Without disabling frames, which would cause a
great deal of problems for sites that use them legitimately, it's difficult
to imagine how one could avoid this kind of "pop-up." (Note, disabling
frames by changing the value of "browser.frames.enabled" to
false appears to break Firefox entirely.)
Ultimately, the best solution may not rest with Firefox. Users who are
offended by pop-ups, and other intrusive advertising, have an infallible
weapon at their disposal -- stop visiting sites that insist on using
pop-ups. While it would require a great number of users to be effective,
even the most persistent webmasters and advertisers would have to
reconsider their methods if they have no audience for their ads.
Comments (7 posted)
New vulnerabilities
Dnsmasq: poisoning and DoS
| Package(s): | dnsmasq |
CVE #(s): | |
| Created: | April 4, 2005 |
Updated: | July 21, 2005 |
| Description: |
Dnsmasq does not properly detect that DNS replies received do not
correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux
Security Audit team also discovered two off-by-one buffer overflows that
could crash DHCP lease files parsing. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow, DoS
| Package(s): | gaim |
CVE #(s): | CAN-2005-0965
CAN-2005-0966
|
| Created: | April 5, 2005 |
Updated: | May 15, 2005 |
| Description: |
Jean-Yves Lefort discovered a buffer overflow in the
gaim_markup_strip_html() function. This caused Gaim to crash when
receiving certain malformed HTML messages. (CAN-2005-0965)
Jean-Yves Lefort also noticed that many functions that handle IRC
commands do not escape received HTML metacharacters; this allowed
remote attackers to cause a Denial of Service by injecting arbitrary
HTML code into the conversation window, popping up arbitrarily many
empty dialog boxes, or even causing Gaim to crash. (CAN-2005-0966) |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2005-0400
CAN-2005-0749
CAN-2005-0750
CAN-2005-0815
CAN-2005-0839
|
| Created: | April 1, 2005 |
Updated: | July 1, 2005 |
| Description: |
More kernel vulnerabilities have been discovered including:
- Mathieu Lafon discovered
an information leak in the ext2 file system driver. (CAN-2005-0400)
- Yichen Xie discovered a Denial of Service vulnerability in the ELF
loader. (CAN-2005-0749)
- Ilja van Sprundel discovered that the bluez_sock_create() function
did not check its "protocol" argument for negative values.
(CAN-2005-0750)
- Michal Zalewski discovered that the iso9660 file system driver fails
to check ranges properly in several cases. (CAN-2005-0815)
- Previous kernels did not restrict the use of the N_MOUSE line
discipline in the serial driver. (CAN-2005-0839)
|
| Alerts: |
|
Comments (1 posted)
limewire: input validation errors
| Package(s): | limewire |
CVE #(s): | CAN-2005-0788
CAN-2005-0789
|
| Created: | March 31, 2005 |
Updated: | April 6, 2005 |
| Description: |
LimeWire, a Java-based peer-to-peer client that works
with the Gnutella file-sharing protocol, has two input
validation errors that can allow a remote attacker to
read arbitrary files with the permissions that LimeWire is
running under. |
| Alerts: |
|
Comments (none posted)
remstats: tempfile, missing input sanitizing
| Package(s): | remstats |
CVE #(s): | CAN-2005-0387
CAN-2005-0388
|
| Created: | April 4, 2005 |
Updated: | April 6, 2005 |
| Description: |
Jens Steube discovered several vulnerabilities in remstats, the remote
statistics system. When processing uptime data on the unix-server a
temporary file is opened in an insecure fashion which could be used for a
symlink attack to create or overwrite arbitrary files with the permissions
of the remstats user. (CAN-2005-0387) The remoteping service can be
exploited to execute arbitrary commands due to missing input
sanitizing. (CAN-2005-0388) |
| Alerts: |
|
Comments (none posted)
php4: denial of service vulnerabilities
| Package(s): | php4 |
CVE #(s): | CAN-2005-0524
CAN-2005-0525
|
| Created: | April 5, 2005 |
Updated: | May 26, 2005 |
| Description: |
Two DoS vulnerabilities exist in PHP versions 4.2.2, 4.3.9, 4.3.10 and
5.0.3. One in the php_handle_iff function in image.c allows remote
attackers to cause a denial of service (infinite loop) via a -8 size
value. The php_next_marker function in image.c allows remote attackers to
cause a denial of service (infinite loop) via a JPEG image with an invalid
marker value, which causes a negative length value to be passed to
php_stream_seek. This later vulnerability also exists in PHP 3. |
| Alerts: |
|
Comments (none posted)
sharutils: insecure temporary files
| Package(s): | sharutils |
CVE #(s): | |
| Created: | April 4, 2005 |
Updated: | April 14, 2005 |
| Description: |
Joey Hess discovered that "unshar" created temporary files in an
insecure manner. This could allow a symbolic link attack to create or
overwrite arbitrary files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (1 posted)
sylpheed: buffer overflow on message
| Package(s): | sylpheed sylpheed-claws |
CVE #(s): | |
| Created: | April 4, 2005 |
Updated: | April 6, 2005 |
| Description: |
Sylpheed and Sylpheed-claws fail to properly handle messages containing
attachments with MIME-encoded filenames. |
| Alerts: |
|
Comments (none posted)
wu-ftpd: missing input sanitizing
| Package(s): | wu-ftpd |
CVE #(s): | CAN-2005-0256
|
| Created: | April 4, 2005 |
Updated: | April 6, 2005 |
| Description: |
The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 allows
remote attackers to cause a denial of service (CPU exhaustion by recursion)
via a glob pattern with a large number of * (wildcard) characters, as
demonstrated using the dir command. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
cdrecord: insecure temp file
| Package(s): | cdrecord |
CVE #(s): | CAN-2005-0866
|
| Created: | March 24, 2005 |
Updated: | April 28, 2005 |
| Description: |
The cdrecord utility makes insecure temp files if DEBUG is
enabled in /etc/cdrecord/rscsi. This can allow a local user
to launch a sym link attack and execute code with the user's
privileges. |
| Alerts: |
|
Comments (1 posted)
cpio - file permissions error
| Package(s): | cpio |
CVE #(s): | CAN-1999-1572
|
| Created: | February 2, 2005 |
Updated: | July 19, 2005 |
| Description: |
Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions. |
| Alerts: |
|
Comments (none posted)
cURL: buffer overflow
| Package(s): | curl |
CVE #(s): | CAN-2005-0490
|
| Created: | February 28, 2005 |
Updated: | July 19, 2005 |
| Description: |
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and
possibly other versions, allow remote malicious web servers to execute
arbitrary code via base64 encoded replies that exceed the intended buffer
lengths when decoded. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
devhelp: buffer overflow
| Package(s): | devhelp |
CVE #(s): | |
| Created: | March 24, 2005 |
Updated: | March 30, 2005 |
| Description: |
A buffer overflow in the Mozilla GIF file handling code (used by devhelp) can
be exploited by specially crafted images, causing arbitrary code
execution. |
| Alerts: |
|
Comments (none posted)
dhcp: format string vulnerability
| Package(s): | dhcp |
CVE #(s): | CAN-2004-1006
|
| Created: | November 4, 2004 |
Updated: | July 13, 2005 |
| Description: |
Dhcp has a format string vulnerability in the log functions of dhcp 2.x
that may be exploited via a malicious DNS server. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
epiphany: buffer overflow
| Package(s): | epiphany |
CVE #(s): | |
| Created: | March 24, 2005 |
Updated: | March 30, 2005 |
| Description: |
A buffer overflow in the Mozilla GIF file handling code can
be exploited by specially crafted images, causing arbitrary code
execution. |
| Alerts: |
|
Comments (none posted)
evolution: arbitrary code execution
| Package(s): | evolution |
CVE #(s): | CAN-2005-0102
|
| Created: | January 24, 2005 |
Updated: | May 19, 2005 |
| Description: |
Max Vozeler discovered an integer overflow in camel-lock-helper. A
user-supplied length value was not validated, so that a value of -1
caused a buffer allocation of 0 bytes; this buffer was then filled by
an arbitrary amount of user-supplied data. A local attacker or a malicious
POP3 server could exploit this to execute arbitrary code with root
privileges (because camel-lock-helper is installed as setuid root). |
| Alerts: |
|
Comments (1 posted)
evolution: message crash vulnerability
| Package(s): | evolution |
CVE #(s): | CAN-2005-0806
|
| Created: | March 17, 2005 |
Updated: | August 11, 2005 |
| Description: |
The Evolution mail client can be crashed when reading
certain types of messages. |
| Alerts: |
|
Comments (none posted)
evolution: buffer overflow
| Package(s): | evolution |
CVE #(s): | |
| Created: | March 24, 2005 |
Updated: | March 30, 2005 |
| Description: |
A buffer overflow in the Mozilla GIF file handling code (used by evolution) can
be exploited by specially crafted images, causing arbitrary code
execution.
|
| Alerts: |
|
Comments (none posted)
f2c: insecure temp files
| Package(s): | f2c |
CVE #(s): | CAN-2005-0017
CAN-2005-0018
|
| Created: | January 27, 2005 |
Updated: | April 20, 2005 |
| Description: |
The f2c fortran to C translator has a vulnerability due to
insecure opening of temporary files. A local attacker can use this
to launch a symlink attack. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gaim: client freezes
| Package(s): | gaim |
CVE #(s): | CAN-2005-0472
CAN-2005-0473
|
| Created: | February 22, 2005 |
Updated: | April 27, 2005 |
| Description: |
The Gaim client freezes when receiving certain invalid messages and crashes
when receiving specific malformed HTML. See this Secunia Advisory for
additional information. |
| Alerts: |
|
Comments (none posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
gftp: missing input sanitizing
| Package(s): | gftp |
CVE #(s): | CAN-2005-0372
CAN-2004-1376
|
| Created: | February 17, 2005 |
Updated: | July 13, 2005 |
| Description: |
gftp has a directory traversal vulnerability.
A remote server could use specially crafted filenames to overwrite
local files.
|
| Alerts: |
|
Comments (none posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: Information leak with LD_DEBUG
| Package(s): | glibc |
CVE #(s): | CAN-2004-1453
|
| Created: | August 17, 2004 |
Updated: | May 26, 2005 |
| Description: |
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidential information.
An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precedence over those
symbols to gain information or perform further exploitation. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnupg: information leak
| Package(s): | gnupg |
CVE #(s): | CAN-2005-0366
|
| Created: | March 16, 2005 |
Updated: | August 19, 2005 |
| Description: |
GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see." |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | September 16, 2005 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
imagemagick: format string vulnerability
| Package(s): | imagemagick |
CVE #(s): | CAN-2005-0397
|
| Created: | March 3, 2005 |
Updated: | April 4, 2005 |
| Description: |
The ImageMagick file
name handling code has a format string vulnerability.
Specially crafted file names can be used to crash ImageMagick
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
IPsec-Tools: denial of service
| Package(s): | ipsec-tools setkey racoon |
CVE #(s): | CAN-2005-0398
|
| Created: | March 14, 2005 |
Updated: | April 5, 2005 |
| Description: |
The IPsec-Tools package is used to build other programs such as setkey and
racoon. There is a potential denial of service vulnerability when parsing
ISAKMP headers in racoon. |
| Alerts: |
|
Comments (none posted)
kdelibs: unsanitzied input
| Package(s): | kdelibs |
CVE #(s): | CAN-2004-1165
|
| Created: | January 10, 2005 |
Updated: | July 19, 2005 |
| Description: |
Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command. |
| Alerts: |
|
Comments (none posted)
kdelibs: dcopserver vulnerability
| Package(s): | kdelibs |
CVE #(s): | CAN-2005-0396
CAN-2005-0237
CAN-2005-0365
|
| Created: | March 17, 2005 |
Updated: | May 17, 2005 |
| Description: |
The KDE Desktop Communication Protocol daemon (dcopserver)
is vulnerable to lockup by a local user, leading to a denial
of service. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
Comments (none posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
Comments (none posted)
libexif: improper validation
| Package(s): | libexif |
CVE #(s): | CAN-2005-0664
|
| Created: | March 7, 2005 |
Updated: | April 15, 2005 |
| Description: |
Sylvain Defresne discovered that the EXIF library did not properly
validate the structure of the EXIF tags. By tricking a user to load an
image with a malicious EXIF tag, an attacker could exploit this to
crash the process using the library, or even execute arbitrary code
with the privileges of the process. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CAN-2004-1308
|
| Created: | December 22, 2004 |
Updated: | May 19, 2005 |
| Description: |
The libtiff image manipulation library contains several exploitable buffer overflows. |
| Alerts: |
|
Comments (none posted)
libXpm: new buffer overflows
| Package(s): | libXpm |
CVE #(s): | CAN-2005-0605
|
| Created: | March 4, 2005 |
Updated: | March 8, 2006 |
| Description: |
A new vulnerability has been discovered in libXpm, which is included in
OpenMotif and LessTif, that can potentially lead to remote code
execution. |
| Alerts: |
|
Comments (none posted)
lvm10: creates insecure temporary directory
| Package(s): | lvm10 |
CVE #(s): | CAN-2004-0972
|
| Created: | November 1, 2004 |
Updated: | July 25, 2005 |
| Description: |
Trustix Secure Linux discovered a vulnerability in a supplemental script of
the lvm10 package. The program "lvmcreate_initrd" created a temporary
directory in an insecure way, which could allow a symlink attack to create
or overwrite arbitrary files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
mailman: path traversal
| Package(s): | mailman |
CVE #(s): | CAN-2005-0202
|
| Created: | February 9, 2005 |
Updated: | July 13, 2005 |
| Description: |
The "private" module in the mailman mailing list manager fails to sanitize path names adequately. An attacker could exploit this vulnerability to retrieve private information, including passwords and private list archives.
This vulnerability was used to compromise the Full-Disclosure list. |
| Alerts: |
|
Comments (none posted)
mailreader: cross-site scripting
| Package(s): | mailreader |
CVE #(s): | CAN-2005-0386
|
| Created: | March 30, 2005 |
Updated: | March 30, 2005 |
| Description: |
The mailreader utility suffers from a cross-site scripting vulnerability. |
| Alerts: |
|
Comments (none posted)
mc: buffer overflow
| Package(s): | mc |
CVE #(s): | CAN-2005-0763
|
| Created: | March 29, 2005 |
Updated: | August 11, 2005 |
| Description: |
An unfixed buffer overflow has been discovered by Andrew V. Samoilov
in mc, the midnight commander, a file browser and manager. |
| Alerts: |
|
Comments (none posted)
MediaWiki: multiple vulnerabilities
| Package(s): | mediawiki |
CVE #(s): | CAN-2005-0534
CAN-2005-0535
CAN-2005-0536
|
| Created: | February 28, 2005 |
Updated: | June 13, 2005 |
| Description: |
A security audit of the MediaWiki project discovered that MediaWiki is
vulnerable to several cross-site scripting and cross-site request
forgery attacks, and that the image deletion code does not sufficiently
sanitize input parameters. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: remote access vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-20 |
