LWN.net Logo

LWN.net Weekly Edition for October 31, 2002

Linux and the desktop

Last January, we made a number of predictions about what the year held for the Linux community. One of those read as follows:

Desktop Linux will be taken far more seriously by the end of the year.... At that point, the Linux desktop will have almost everything needed by a large number of desktop users. More specialized applications will take years to fill in, but the basics are coming into place.

Normally we don't say much about our past predictions, in the hope that our readers will forget them as soon as possible. We may not do any worse than those analyst groups that sell their predictions printed on heavy paper, but we still find ourselves embarrassed by the things we say at times. In this case, however, we just might have gotten it right.

The latest development on the Linux desktop front is SuSE's announcement of the "SuSE Linux Office Desktop," a new version of its distribution which is due out in January. This distribution is, of course, aimed at the desktop market; it features (relatively) easy administration, a full set of office productivity tools (based on StarOffice), and CrossOver Office for those proprietary applications that simply cannot be done without.

SuSE, of course, is not alone in its new emphasis on the desktop. Red Hat Linux 8.0 includes a reworked, friendlier desktop. Distributions like Lycoris and Xandros are aimed at desktop users; Mandrake Linux, of course, has always had this emphasis. There is a Debian Desktop Project out there. Linux systems can even be purchased at outlets like Wal-Mart. Not too long ago, even the strongest Linux advocates mostly agreed that Linux was only suited to server-oriented tasks. Now, more and more people think that Linux is ready for desktop tasks, and, perhaps more to the point, that there is money to be made in desktop Linux.

One might well wonder why desktop Linux is coming into its own now. There are several possible reasons:

  • The set of free desktop applications is maturing. Tools like OpenOffice, AbiWord, Gnumeric, Mozilla, Konqueror, etc. have reached a point where they are good enough for most users. The feature lists may still fall short of the proprietary competition in some cases, but most of the truly important features are there.

  • The Wine project, in the form of products like CrossOver Office, has, after many years, reached a point where it can run the proprietary applications desktop users rely on. The availability of these applications makes the Linux desktop that much more valuable.

  • The difficult economy and Microsoft's licensing schemes have made companies more interested in ways of saving money.

  • People are finally beginning to notice that Linux users don't have to spend their time fighting the virus of the week.

  • Linux has clearly survived the dotcom crash - a fact which still surprises many people. Fears that Linux will vanish like so many other highly-hyped technologies are fading away.

The theory of "disruptive technologies" states that a new technology does not have to be better than the one it replaces - at least, not in every way. It is enough to offer advantages, financial and otherwise, that are sufficiently compelling to get people to make a change. Linux (and free software in general) have a lot to offer in cost savings, security, rapid and open development, freedom from vendor lock-in, etc. Increasingly, Linux also has applications that perform widely useful functions, and which are becoming easier to use. Many of these applications are on their way toward becoming the best available, free or otherwise. We are, it seems, reaching that point where the balance begins to tip. This may truly be the beginning of the era of the free desktop.

We should not lose track of the fact that a great deal remains to be done before free desktops can truly achieve World Domination, however. Linux administration is getting easier, but remains difficult. Linux applications still lack features that many users want. A visit to any computer store will show that there is a whole range of applications that are still absent on Linux: where are the children's games, menu planners, language courses, tax return preparers, home remodel designers, and makeover assistants for Linux? When your Linux system will help you look like the Cosmo Girl, we'll know we have truly arrived. But that day will remain distant until Linux becomes a more friendly platform for proprietary applications.

It is also worth noting that development on the Linux kernel has emphasized performance on very large systems just as it looks like the Linux desktop is going to take off. Performance on smaller systems is supposed to be addressed during the stabilization period. Testing by desktop users will be an important part of that process; as more people test out the development kernel in the coming months, it becomes increasingly likely that the next stable kernel release will meet the needs of desktop users.

The true triumph of the free desktop is still probably some years away. A great deal of hard work remains to be done. But the results of years of effort by thousands of developers determined to improve the Linux desktop experience are beginning to be felt in a serious way. It is going to be fun to watch where things go from here.

Comments (11 posted)

Study: free software in the U.S. Department of Defense

The MITRE corporation has just released the results of a study it performed on the use of free and open source software (which it calls "FOSS") within the U.S. Department of Defense. It is an interesting look at how the DoD uses free software, and what would happen if an anti-free-software policy were to be adopted. The full study is available as a 160-page PDF file; here you'll find a rather shorter summary of what it says.

The question that this study was meant to answer seems to be "should the military ban the use of free software?" The conclusion they came to is clear:

Neither the survey nor the analysis supports the premise that banning or seriously restricting FOSS would benefit DoD security or defensive capabilities. To the contrary, the combination of an ambiguous status and largely ungrounded fears that it cannot be used with other types of software are keeping FOSS from reaching optimal levels of use.

Looking at one area in particular, the report continues:

The main conclusion of the analysis was that FOSS software plays a more critical role in the DoD than has generally been recognized... One unexpected result was the degree to which security depends on FOSS... Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DoD groups to defend against cyberattacks.

The report looks at free software licenses in considerable detail in a deliberate attempt to address a number of institutional fears about those licenses. Worries about licensing, say the authors, have led to a suboptimal level of free software usage. It is a reasonably straightforward and accurate study; for added fun, they look at the EULA for Microsoft's "Mobile Internet Toolkit" and compare its terms with those of free licenses. "However, unlike the Microsoft MIT EULA, the GPL places no constraints on software simply running on the same system, and actually goes out of its way not to intrude on other licenses outside of that context."

The report includes a survey of how free software is used within the DoD now. They break that usage down into four categories:

  • Infrastructure, using tools like sendmail and apache.

  • Software development, especially with gcc and Perl.

  • Security, including intrusion detection systems, security analysis tools (i.e. SARA and Snort), and secured operating systems like OpenBSD. "Yet another important way in which FOSS contributes to security is by making it possible to change and fix security holes quickly in the face of new modes of cyberattack. This ability, which allows rapid response to new or innovative forms of cyberattack, is intrinsic to the FOSS approach and generally impractical in closed source products."

  • Research, which benefits from Linux clusters and the general culture of free software.

The report authors looked at costs, of course:

More often than not, the strongest deciding factors for choosing FOSS products were capability and reliability, with cost being an important but secondary factor.

They note one other important factor regarding free software and costs:

Without the constant pressure of low-cost, high-quality FOSS products competing with the closed-source products, the closed-source vendors could more easily fall into a cycle in which their support costs balloon and costs are passed on to their locked-in customers.

The report concludes with three recommendations that, they say, would help the DoD make optimal use of free software. They are:

  • Create a "generally recognized as safe" list of free software. 115 free applications found by the survey would be the starting point for this list. Suggested "applications" include, however, Linux, OpenBSD, NetBSD, and FreeBSD, so this list would be pretty general.

  • Develop generic infrastructure, development, security, and research policies. These policies would promote the use of free software in situations where it is deemed appropriate.

  • Encourage use of FOSS to promote product diversity. "Acquisition diversity reduces the cost and security risks of being fully dependent no a single software product, while architectural diversity lowers the risk of catastrophic cyber attacks based on automated exploitation of specific features for flaws of very widely deployed products."

Finally, a set of appendices provides lists of free software applications in use within the DoD, and the full text of a large number of free software licenses.

If the DoD was seriously considering banning free software, one can only hope that this report will put an end to such thoughts. Through a great deal of detailed research, the report's authors have demonstrated that the Department of Defense is already heavily dependent on free software, and would be badly hurt if use such software were forbidden. Increasingly, free software is crucial part of the systems we all use, and that, of course, is a good thing.

Comments (7 posted)

LWN meta-news

It's time for our weekly report to our readers. Read on for the latest subscription counts and a few bits of site news.

As of this writing, we are getting close to 2200 subscribers. That still leaves us far short of our medium-term goal of 4000. Things are headed in the right direction, however; with continued support from our readers, we hope that we will get to where we need to be before too long.

We are also encouraged by a small increase in the rate of corporate subscriptions. They still fall short of our hopes, but there are signs that the bureaucratic wheels are beginning to turn. If you work for a company that could benefit from a subscription, please consider talking to them about setting one up.

This week we were also able to announce a group subscription for the Debian project, which has been funded by HP. Debian developers are encouraged to read the announcement for information on how to get access to this subscription.

For those of you who have been requesting the ability to pay with American Express: we have finally managed to get that set up. Progress on setting up a Euro-zone bank account has been slower; it looks like that will not be a viable option anytime soon. The best approach for accepting funds from Europeans without credit cards may turn out to be to simply have those people send us checks. We're still working on that one, though.

There has been a small stream of requests for a stable URL for the latest free version of the Weekly Edition. That has now been implemented; the current free weekly can be found at:

Of course, lwn.net/current continues to refer to the most recent (subscription) Weekly Edition.

We have been having some trouble with sites blocking mail from the LWN server (things like the various LWN mailing lists and subscription notices). That mail originates from our production server, which is donated to us by Rackspace. Some people, evidently, have received a lot of spam from Rackspace-hosted systems, and have simply blocked the entire Rackspace network. Rackspace tells us that they shut down spammers as soon as they know of them, but it's an ongoing battle. Meanwhile, we are looking into other ways of generating and routing mail so that this problem, hopefully, will be behind us soon.

For those of you making your holiday shopping lists: LWN gift certificates will be available shortly. The work is mostly done, but won't be completed at this point until after the weekly publication cycle. Stay tuned for the announcement.

That is the LWN news for this week. Thanks, as always, for your support.

Comments (19 posted)

No letters to the editor

For the second week in a row, we have no "letters to the editor" page, since nobody sent us any letters. The reduction in readership caused by the subscription gate probably has a lot to do with that. Still, we would like to hear from you; if you have comments you would like to see published, please feel free to send them to letters@lwn.net.

Comments (5 posted)

Page editor: Jonathan Corbet

Security

Security news

Protecting the domain name system

Worth a read: this article by ICANN board member Karl Auerbach on how to protect the domain name system against denial of service attacks. Mr, Auerbach's fundamental point is simple: the DNS is a uniquely vulnerable component of the Internet because it is centralized. The net as a whole has no center, but the DNS depends heavily on its root servers. Most of the suggestions for improving the security of DNS thus involve spreading things out, and making them diverse and redundant.

The suggestions are:

  • Make copies of the root DNS zone files available, and disperse them everywhere.

  • Create multiple roots for the DNS system.

  • Create an early warning system which raises the alarm when it detects the beginning of a denial of service attack.

  • Create a set of canned router filters which can be quickly applied to protect the root DNS servers in case of an attack.

  • Have a plan for moving a root server elsewhere on the Internet should that server come under attack.

  • Create alternative DNS server software, so that not everybody is running bind.

All of these suggestions make sense, of course, in many contexts other than the domain name system. It is important to replicate crucial data, spread your vital resources out, have fallback plans, and to have a diverse software base. We will see whether these ideas are actually heard by the DNS Powers That Be, however.

Comments (1 posted)

New vulnerabilities

inn: format string and insecure open vulnerabilities

Package(s):inn CVE #(s):
Created:October 30, 2002 Updated:October 30, 2002
Description: There are several format string coding bugs as well as unsecure open() calls in the inn program.
Alerts:
SCO Group CSSA-2002-038.0 2002-10-24

Comments (none posted)

krb5: Buffer Overflow in Kerberos Administration Daemon

Package(s):krb5, heimdal CVE #(s):CAN-2002-1235
Created:October 29, 2002 Updated:January 14, 2003
Description: CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon

Systems Affected

  • MIT Kerberos version 4 and version 5 up to and including krb5-1.2.6
  • KTH eBones prior to version 1.2.1 and KTH Heimdal prior to version 0.5.1
  • Other Kerberos implementations derived from vulnerable MIT or KTH code

Overview

Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.

The CERT/CC has received reports that indicate that this vulnerability is being exploited. In addition, MIT advisory MITKRB5-SA-2002-002 notes that an exploit is circulating.

We strongly encourage sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate.

Alerts:
Gentoo kth-krb-20021026 2002-10-26
Debian DSA-183-1 2002-10-29
Mandrake MDKSA-2002:073 2002-10-29
Sorcerer SORCERER2002-10-27 2002-10-27
Debian DSA-184-1 2002-10-30
Debian DSA-185-1 2002-10-31
Conectiva CLA-2002:534 2002-10-25
Red Hat RHSA-2002:242-06 2002-11-06
Mandrake MDKSA-2002:073-1 2003-01-13

Comments (none posted)

zope: Insecure XML-RPC exception handling

Package(s):zope CVE #(s):
Created:October 30, 2002 Updated:October 30, 2002
Description: Zope will reveal the complete physical location where the server and its components are installed if it receives "incorrect" XML-RPC requests.
In some cases it will also reveal information about the serves in the protected LAN (10.x.x.x for example).

More information is available at: http://collector.zope.org/Zope/359

Alerts:
Gentoo zope-20021024 2002-10-24

Comments (none posted)

Updated vulnerabilities

LPRng accepts jobs from any host.

Package(s):LPRng CVE #(s):CAN-2002-0378
Created:June 12, 2002 Updated:October 31, 2002
Description: Matthew Caron pointed out that LPRng's default configuration accepts job submissions from any host.

This could be an especially annoying vulnerability for adminstrators with systems exposed to the general public.

Alerts:
Red Hat RHSA-2002:089-07 2002-06-09
Mandrake MDKSA-2002:042 2002-07-04
SuSE SuSE-SA:2002:040 2002-10-31

Comments (none posted)

Buffer overflow vulnerabilities in PostgreSQL

Package(s):PostgreSQL CVE #(s):
Created:August 21, 2002 Updated:January 27, 2003
Description: PostgreSQL 7.2.2 has been released in response to a number of buffer overrun vulnerabilities which have been identified recently. "...it should be noted that these vulnerabilities are only critical on 'open' or 'shared' systems, as they require the ability to be able to connect to the database before they can be exploited."

Buffer overflow vulnerabilities fixed include those reported by "Sir Mordred The Traitor" in the cash_words, repeat, and lpad and rpad functions.

Alerts:
Gentoo postgresql-20020826 2002-08-26
Debian DSA-165-1 2002-09-12
Conectiva CLA-2002:524 2002-09-19
Mandrake MDKSA-2002:062 2002-10-01
Trustix 2002-0071 2002-10-17
SuSE SuSE-SA:2002:038 2002-10-21
Red Hat RHSA-2003:010-10 2003-01-14
Red Hat RHSA-2003:001-16 2003-01-14
Yellow Dog YDU-20030127-5 2003-01-27

Comments (none posted)

Multiple-use vulnerability in Safe.pm

Package(s):Safe.pm CVE #(s):CAN-2002-1323
Created:October 9, 2002 Updated:February 20, 2004
Description: usePerl has a description of a vulnerability in the Safe.pm Perl module. It seems that if a Safe compartment is used more than once, it ceases to be safe. The problem is fixed in Safe 2.08.
Alerts:
Debian DSA-208-1 2002-12-12
OpenPKG OpenPKG-SA-2002.014 2002-12-16
Trustix 2002-0087 2002-12-19
Gentoo 200212-6 2002-12-20
SCO Group CSSA-2004-007.0 2004-02-20

Comments (none posted)

Apache shared memory scoreboard vulnerabilities

Package(s):apache CVE #(s):CAN-2002-0839
Created:October 9, 2002 Updated:December 18, 2002
Description: Versions of Apache prior to 1.3.27 contain a couple of scoreboard-related vulnerabilities which can be exploited by local users running under the Apache user ID. In-server scripting languages, such as PHP, are the most likely means of carrying out the attacks. One vulnerability causes the server to fork off new processes, leading to denial of service scenarios; the other allows an attacker to send SIGUSR1 to any process as root, probably killing that process. See this iDEFENSE advisory for the details.
Alerts:
OpenPKG OpenPKG-SA-2002.009 2002-10-04
Conectiva CLA-2002:530 2002-10-07
EnGarde ESA-20021007-024 2002-10-07
Gentoo apache-20021015 2002-10-15
Mandrake MDKSA-2002:067 2002-10-15
Trustix 2002-0069 2002-10-17
Debian DSA-187-1 2002-11-04
Debian DSA-188-1 2002-11-05
Debian DSA-195-1 2002-11-13
SCO Group CSSA-2002-056.0 2002-12-05
Mandrake MDKSA-2002:068-1 2002-12-18

Comments (3 posted)

Heap corruption vulnerability in at

Package(s):at at, sudo, xchat CVE #(s):CAN-2002-0004
Created:May 21, 2002 Updated:May 15, 2003
Description: The at command has a potentially exploitable heap corruption bug. (First LWN report:  January 17th).
Alerts:
Debian DSA-102-1 2002-01-16
Debian DSA-102-2 2002-01-18
Mandrake MDKSA-2002:007 2002-01-18
Red Hat RHSA-2002:015-13 2002-01-22
Red Hat RHSA-2002:015-15 2002-02-07
Slackware sl-1011706104 2002-01-22
SuSE SuSE-SA:2002:003 2001-01-16
Yellow Dog YDU-20020127-9 2002-01-27
EnGarde ESA-20030515-015 2003-05-15

Comments (none posted)

bind buffer overflow vulnerability in DNS resolver libraries

Package(s):bind glibc CVE #(s):CAN-2002-0651 CAN-2002-0684
Created:July 8, 2002 Updated:October 1, 2003
Description: The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1) include fixes for a libc related vulnerability which does not affect Linux. Updates from the Internet Software Consortium (ISC) are available from here.

No release or branch of Openwall GNU/*/Linux (Owl) is known to be affected, due to Olaf Kirch's fixes for this problem getting into the GNU C library more than two years ago.

Unfortunatly that does not mean that Linux systems are not vulnerable. Similar code, without Olaf Firch's fixes, is in the glibc getnetbyXXX functions. These functions are described in the SuSE alert as " used by very few applications only, such as ifconfig and ifuser, which makes exploits less likely."

CERT Advisory: CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

CAN-2002-0651
CAN-2002-0684

Alerts:
OpenPKG OpenPKG-SA-2002.006 2002-07-04
SuSE SuSE-SA:2002:026 2002-07-09
Conectiva CLA-2002:507 2002-07-11
Gentoo glibc-20020713 2002-07-13
Trustix 2002-0061 2002-07-15
Mandrake MDKSA-2002:043 2002-07-16
EnGarde ESA-20020724-018 2002-07-24
Red Hat RHSA-2002:139-10 2002-07-22
Eridani ERISA-2002:028 2002-07-25
Yellow Dog YDU-20020801-2 2002-08-01
SCO Group CSSA-2002-034.0 2002-08-05
Red Hat RHSA-2002:133-13 2002-08-08
Eridani ERISA-2002:035 2002-08-09
Yellow Dog YDU-20020810-3 2002-08-10
Mandrake MDKSA-2002:050 2002-08-13

Comments (1 posted)

bzip2: file creation and symbolic link vulnerabilities

Package(s):bzip2 CVE #(s):CAN-2002-0759 CAN-2002-0760 CAN-2002-0761
Created:October 29, 2002 Updated:October 30, 2002
Description: bzip2 does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

bzip2 decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

bzip2 uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

Alerts:
Trustix 2002-0053 2002-06-06
SCO Group CSSA-2002-039.0 2002-10-29

Comments (none posted)

Potential unauthorized root access vulnerability in dietlibc

Package(s):dietlibc CVE #(s):CAN-2002-0391
Created:August 14, 2002 Updated:December 5, 2002
Description: Felix von Leitner, discovered a potential division by zero bug in code derived from the SunRPC library with is used in dietlibc, a libc optimized for small size. The bug could be exploited to gain unauthorized root access to software linking to dietlibc.

CERT/CC Vulnerability Note VU#192995 Integer overflow in xdr_array() function when deserializing the XDR stream

Alerts:
Debian DSA-146-1 2002-08-08
Debian DSA-146-2 2002-08-08
SCO Group CSSA-2002-055.0 2002-12-04

Comments (none posted)

dvips: command execution vulnerability

Package(s):dvips CVE #(s):CAN-2002-0836
Created:October 16, 2002 Updated:June 10, 2003
Description: The dvips utility uses the system() function improperly when managing fonts. An attacker who can craft the right sort of print job can use this vulnerability to execute commands under the UID used by the print system.
Alerts:
Red Hat RHSA-2002:194-18 2002-10-08
Gentoo tetex-20021018 2002-10-18
Mandrake MDKSA-2002:070 2002-10-23
Mandrake MDKSA-2002:071 2002-10-24
Conectiva CLA-2002:537 2002-10-29
Debian DSA-207-1 2002-12-11
OpenPKG OpenPKG-SA-2002.015 2002-12-16
Immunix IMNX-2003-7+-016-01 2003-06-09

Comments (none posted)

Ethereal buffer overflow, infinite loop and memory management vulnerabilities

Package(s):ethereal CVE #(s):CAN-2002-0012 CAN-2002-0013 CAN-2002-0353 CAN-2002-0401 CAN-2002-0402 CAN-2002-0403 CAN-2002-0404
Created:June 12, 2002 Updated:October 27, 2002
Description: Ethereal 0.9.4 was released on May 19, 2002 fixing four potential security issues in Ethereal 0.9.3:
  • The SMB dissector could potentially dereference a NULL pointer in two cases.
  • The X11 dissector could potentially overflow a buffer while parsing keysyms.
  • The DNS dissector could go into an infinite loop while reading a malformed packet.
  • The GIOP dissector could potentially allocate large amounts of memory.

No known exploits exist "in the wild" at the present time for any of these issues.

Ethereal 0.9.2 has several packet handling vulnerabilities that are best avoided by upgrading to 0.9.4. The PROTOS test suite found some flaws in SNMP and LDAP protocols support. Malformed packets could also crash ethereal 0.9.2 due to a ASN.1 zero-length g_malloc problem. The zlib "double free" vulnerability was addressed by the updates for that bug from many distributors.
Alerts:
Eridani ERISA-2002:023 2002-06-06
Red Hat RHSA-2002:088-06 2002-06-04
Yellow Dog YDU-20020606-7 2002-06-06
Conectiva CLA-2002:505 2002-07-04
SCO Group CSSA-2002-037.0 2002-10-24

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Debian DSA-154-1 2002-08-15
Red Hat RHSA-2005:005-01 2005-01-05

Comments (none posted)

Another set of fetchmail buffer overflows

Package(s):fetchmail fetchmail-ssl CVE #(s):
Created:October 1, 2002 Updated:December 17, 2002
Description: e-matters GmbH has issued an advisory warning of a new set of buffer overflows in the fetchmail header parsing code. The vulnerabilities have been fixed in fetchmail 6.1.0.
Alerts:
Gentoo fetchmail-20021001 2002-10-01
Mandrake MDKSA-2002:063 2002-10-01
EnGarde ESA-20021003-023 2002-10-03
Red Hat RHSA-2002:215-09 2002-10-07
Debian DSA-171-1 2002-10-07
Conectiva CLA-2002:531 2002-10-16
SCO Group CSSA-2002-051.0 2002-11-21
Gentoo 200212-3 2002-12-15
OpenPKG OpenPKG-SA-2002.016 2002-12-17

Comments (none posted)

GNU fileutils race condition

Package(s):fileutils ucdsnmp CVE #(s):CAN-2002-0435
Created:May 21, 2002 Updated:May 16, 2003
Description: A race condition in rm may cause the root user to delete the whole filesystem. The problem exists in the version of rm in fileutils 4.1 stable and 4.1.6 development version. A patch is available. (First LWN report: May 2).
Alerts:
SCO Group CSSA-2002-018.1 2002-05-13
Mandrake MDKSA-2002:031 2002-05-16
SuSE SuSE-SA:2002:012 2002-04-08
Trustix 2002-0052 2002-06-06
Red Hat RHSA-2003:015-05 2003-02-12
Immunix IMNX-2003-7+-010-01 2003-05-16

Comments (none posted)

Potential remote root exploit in glibc

Package(s):glibc CVE #(s):CAN-2002-0391
Created:August 14, 2002 Updated:June 29, 2003
Description: Felix von Leitner, discovered a potential division by zero bug in code derived from the SunRPC library which is used in glibc.This bug could be exploited to gain unauthorized root access to software linking to glibc.

Updating as soon as practical is a good idea.

Because SunRPC-derived XDR libraries are used by a variety of vendors in a variety of applications, this defect may lead to a number of differing security problems. Exploiting this vulnerability will lead to denial of service, execution of arbitrary code, or the disclosure of sensitive information.

CERT/CC Vulnerability Note VU#192995 Integer overflow in xdr_array() function when deserializing the XDR stream

Alerts:
Debian DSA-149-1 2002-08-13
Red Hat RHSA-2002:166-07 2002-08-12
Eridani ERISA-2002:036 2002-08-13
Trustix 2002-0067 2002-08-13
SuSE SuSE-SA:2002:031 2002-08-30
Gentoo glibc-20020905 2002-09-05
Mandrake MDKSA-2002:061 2002-09-23
Debian DSA-149-2 2002-09-26
Gentoo dietlibc-20020927 2002-09-27
Gentoo glibc-20020927 2002-09-27
EnGarde ESA-20021003-021 2002-10-03
Trustix 2002-0070 2002-10-17
Conectiva CLA-2002:535 2002-10-29
Debian DSA-333-1 2003-06-27

Comments (none posted)

Buffer overflow in groff

Package(s):groff CVE #(s):CAN-2002-0003
Created:May 21, 2002 Updated:December 9, 2002
Description: The groff package has a buffer overflow vulnerability; if it is used with the print system, it is conceivably exploitable remotely.
Alerts:
Mandrake MDKSA-2002:012 2002-02-07
Red Hat RHSA-2002:004-06 2002-01-14
Trustix 2002-0020 2002-01-18
Yellow Dog YDU-20020127-11 2002-01-27
Gentoo groff-20021019 2002-10-19
SCO Group CSSA-2002-057.0 2002-12-06

Comments (none posted)

Buffer overflow in gv

Package(s):gv CVE #(s):CAN-2002-0838
Created:October 1, 2002 Updated:November 25, 2002
Description: gv, a graphical front end to ghostscript, has a buffer overflow vulnerability which can be exploited by a properly crafted PostScript or PDF file. If a user can be tricked into viewing such a file, arbitrary code can be executed with that user's privileges. See this iDEFENSE advisory for the details.
Alerts:
Red Hat RHSA-2002:212-06 2002-09-30
Debian DSA-176-1 2002-10-16
Gentoo ggv-20021017 2002-10-17
Debian DSA-179-1 2002-10-18
Mandrake MDKSA-2002:069 2002-10-21
Debian DSA-182-1 2002-10-28
Conectiva CLA-2002:542 2002-10-31
SCO Group CSSA-2002-053.0 2002-11-22

Comments (none posted)

heartbeat: remotely exploitable buffer overflow

Package(s):heartbeat CVE #(s):
Created:October 16, 2002 Updated:November 6, 2002
Description: The heartbeat failover system has a remotely exploitable buffer overflow vulnerability; versions prior to 0.4.9e and 0.4.9.2 are affected. Any system that is worth running heartbeat on is worth upgrading. See the advisory for the details.
Alerts:
Debian DSA-174-1 2002-10-14
SuSE SuSE-SA:2002:037 2002-10-14
Conectiva CLA-2002:540 2002-10-30

Comments (none posted)

UW imapd remotely exploitable buffer overflow

Package(s):imap CVE #(s):CAN-2002-0379
Created:June 5, 2002 Updated:December 20, 2002
Description: UW imapd versions 2000c and prior allow remote authenticated users to execute code via a buffer overflow. A malicious user can craft a request to run commands on the server under their UID and GID. (First LWN report: May 23).
Alerts:
SCO Group CSSA-2002-021.0 2002-05-15
Conectiva CLA-2002:487 2002-05-24
Eridani ERISA-2002:018 2002-05-25
Mandrake MDKSA-2002:034 2002-05-27
Red Hat RHSA-2002:092-11 2002-05-22
Yellow Dog YDU-20020606-1 2002-06-06
EnGarde ESA-20020607-013 2002-06-07
Trustix 2002-0054 2002-06-06
SuSE SuSE-SA:2002:048 2002-12-20

Comments (2 posted)

Cross-site scripting vulnerability in Konqueror for KDE 3.0.3

Package(s):kdelibs CVE #(s):
Created:September 17, 2002 Updated:November 18, 2002
Description: Konqueror for KDE 3.0.3, and earlier versions, is subject to this cross-site scripting vulnerability. Since the problem is in kdelibs, any other application which uses the KHTML renderer is also vulnerable. Javascript code running in one frame can access other frames which should be inaccessible. The problem is fixed in kdelibs 3.0.3a.
Alerts:
Debian DSA-167-1 2002-09-16
Conectiva CLA-2002:525 2002-09-20
Mandrake MDKSA-2002:064 2002-10-09
SCO Group CSSA-2002-047.0 2002-11-15

Comments (2 posted)

kernel: several security issues fixed

Package(s):kernel CVE #(s):
Created:October 22, 2002 Updated:November 22, 2002
Description: A number of security fixes have gone out for the 2.2 and 2.4 kernels. There are no known exploits at this time, but upgrading will make sense anyway. As always with kernel updates, read the distributor instructions carefully; there is usually more involved than just installing a new package.
Alerts:
Red Hat RHSA-2002:206-12 2002-10-15
Red Hat RHSA-2002:205-15 2002-10-15
Red Hat RHSA-2002:210-06 2002-10-10
Trustix 2002-0068 2002-10-17
EnGarde ESA-20021022-026 2002-10-22
EnGarde ESA-20021122-030 2002-11-22

Comments (none posted)

Kerberos 5 unauthorized root access to KDC host vulnerability

Package(s):krb5 CVE #(s):
Created:August 14, 2002 Updated:October 29, 2002
Description: A bug in the Kerberos 5 remote administration service, "kadmind", could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful.

Felix von Leitner, discovered this potential division by zero bug in code derived from the SunRPC library which is used in many places, including the Kerberos 5 administration system.

Updating now is recommended.

CERT/CC Vulnerability Note VU#192995 Integer overflow in xdr_array() function when deserializing the XDR stream

Alerts:
Debian DSA-143-1 2002-08-05
Conectiva CLA-2002:515 2002-08-07
Gentoo 200210-011 2002-10-28

Comments (none posted)

Cross-site scripting vulnerability in mhonarc

Package(s):mhonarc CVE #(s):CAN-2002-0738 CAN-2002-1307 CAN-2002-1388
Created:September 11, 2002 Updated:January 3, 2003
Description: Mhonarc is an HTML formatter for electronic mail; it can be vulnerable to cross-site scripting problems when presented with maliciously crafted messages. This problem is fixed in mhonarc version 2.5.3, but it is not clear that all possible vulnerabilities have been fixed. See the Debian advisory below for information on how to disable text/html attachment support in mhonarc, which may be a more secure solution.
Alerts:
Debian DSA-163-1 2002-09-09
Debian DSA-199-1 2002-11-19
Debian DSA-221-1 2003-01-03

Comments (none posted)

PHP Remote Compromise/DOS Vulnerability

Package(s):mod_php4 CVE #(s):
Created:July 22, 2002 Updated:February 18, 2003
Description: PHP 4.2.0 and 4.2.1 have an error in the handling of POST requests which can lead to the corruption of memory, and the usual bad consequences. According to this alert, the vulnerability can only be used for denial of service on x86 systems - there is no way to get it to run exploit code. SPARC/Solaris systems are apparently vulnerable to full remote compromise.

According to the CERT Advisory, almost every Linux distributor, it seems, ships older (and thus not vulnerable) versions of PHP.

Note that, sometimes, systems thought to be safe from remote compromise turn out to be vulnerable to a modified attack, so x86 users should not relax too much. The solution, for those systems with PHP 4.2.0 or 4.2.1 installed, is to upgrade to PHP 4.2.2.

For more information see the alert from the discover of the vulnerability, Stefan Esser of e-matters GmbH, or the security advisory from the php team.

CERT Advisory: CA-2002-21 Vulnerability in PHP

Alerts:
SuSE SuSE-SA:2003:0009 2003-02-18

Comments (1 posted)

mod_ssl: cross site scripting problem

Package(s):mod_ssl, libapache-mod-ssl CVE #(s):CAN-2002-1157
Created:October 22, 2002 Updated:December 12, 2002
Description: Joe Orton discovered a cross site scripting problem in mod_ssl, an Apache module that adds Strong cryptography (i.e. HTTPS support) to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port.

Like the other recent Apache XSS bugs, this only affects servers using a combination of "UseCanonicalName off" and wildcard DNS. This is very unlikely to happen, though. Apache 2.0/mod_ssl is not vulnerable since it already escapes this HTML.

Alerts:
Debian DSA-181-1 2002-10-22
OpenPKG OpenPKG-SA-2002.010 2002-10-23
Mandrake MDKSA-2002:072 2002-10-24
Gentoo mod_ssl-20021027 2002-10-27
EnGarde ESA-20021029-027 2002-10-29
Conectiva CLA-2002:541 2002-10-30
Red Hat RHSA-2002:222-21 2002-11-25

Comments (none posted)

ypserv: NIS information leak

Package(s):nis, ypserv CVE #(s):CAN-2002-1232
Created:October 21, 2002 Updated:December 5, 2002
Description: Thorsten Kukuck discovered a problem in the ypserv program which is part of the Network Information Services (NIS). A memory leak in all versions of ypserv prior to 2.5 is remotely exploitable. When a malicious user could request a non-existing map the server will leak parts of an old domainname and mapname.
Alerts:
Debian DSA-180-1 2002-10-21
Red Hat RHSA-2002:223-07 2002-10-24
Gentoo 200210-010 2002-10-28
Conectiva CLA-2002:539 2002-10-30
Mandrake MDKSA-2002:078 2002-11-18
SCO Group CSSA-2002-054.0 2002-12-04

Comments (none posted)

Buffer overflow in nss_ldap

Package(s):nss_ldap CVE #(s):CAN-2002-0825 CAN-2002-0374
Created:October 9, 2002 Updated:December 11, 2002
Description: The nss_ldap package has a buffer overflow which can be exploited when the module configures itself from information in DNS. The problem is fixed in nss_ldap-199 and later.
Alerts:
Red Hat RHSA-2002:175-16 2002-10-03
Gentoo nss_ldap-20021013 2002-10-13
SCO Group CSSA-2002-058.0 2002-12-10

Comments (none posted)

String format bug in pam_ldap logging

Package(s):nss_ldap CVE #(s):CAN-2002-0374
Created:June 5, 2002 Updated:October 29, 2002
Description: The nss_ldap package includes the pam_ldap module for authenticating a user with an LDAP database. Pam_ldap versions prior to 144 have a string format bug in the logging mechanism.
Alerts:
Eridani ERISA-2002:019 2002-05-28
Red Hat RHSA-2002:084-17 2002-05-26
Yellow Dog YDU-20020606-2 2002-06-06
SCO Group CSSA-2002-041.0 2002-10-28

Comments (none posted)

PAM: password validation error

Package(s):pam CVE #(s):
Created:October 23, 2002 Updated:October 23, 2002
Description: Paul Aurich and Samuele Giovanni Tonon discovered a serious security violation in PAM. Disabled passwords (i.e. those with '*' in the password file) are treated as if they were empty and access to such accounts is granted through the regular login procedure (getty, telnet, ssh). This works for all such accounts whose shell field in the password file does not refer to /bin/false. Only version 0.76 of PAM seems to be affected by this problem.
Alerts:
Debian DSA-177-1 2002-10-17

Comments (none posted)

Remotely exploitable vulnerability in pine

Package(s):pine CVE #(s):CAN-2002-0014
Created:May 21, 2002 Updated:November 27, 2002
Description: Pine has an unpleasant vulnerability in URL handling vulnerability which can lead to command execution by remote attackers. (First LWN report:  January 17th).

This vulnerability is remotely exploitable; updating is a good idea.

Note: If an update isn't yet available for your distribution, setting enable-msg-view-urls to "off" in pine's setup will avoid the vulnerability. (Thanks to Greg Herlein).

Alerts:
Conectiva CLA-2002:460 2002-01-31
EnGarde ESA-20020114-002 2002-01-14
Red Hat RHSA-2002:009-06 2002-01-14
Slackware sl-1010936849 2002-01-13
Yellow Dog YDU-20020127-8 2002-01-27
SuSE SuSE-SA:2002:046 2002-11-25

Comments (none posted)

PXE server denial of service vulnerability

Package(s):pxe CVE #(s):CAN-2002-0835
Created:September 4, 2002 Updated:November 11, 2002
Description: The PXE server can be crashed using DHCP packets from some Voice Over IP (VOIP) phones. Maliciously formed DHCP packets could be used by a remote attacker to effect a denial of service attack.

The PXE package contains the PXE (Preboot eXecution Environment) server and code needed for Linux to boot from a boot disk image on a Linux PXE server.
Alerts:
Red Hat RHSA-2002:162-12 2002-08-30
Eridani ERISA-2002:041 2002-09-03
SCO Group CSSA-2002-044.0 2002-11-11

Comments (none posted)

Local arbitrary code execution vulnerability in Python

Package(s):python CVE #(s):CAN-2002-1119
Created:August 28, 2002 Updated:October 1, 2003
Description: Zack Weinberg discovered that os._execvpe from os.py uses a predictable name which could lead to execution of arbitrary code. According to the Debian advisory, the problem was present in Python versions 1.5, 2.1 and 2.2.

CAN-2002-1119

Alerts:
Debian DSA-159-1 2002-08-28
Debian DSA-159-2 2002-09-09
Conectiva CLA-2002:527 2002-10-01
Gentoo python-20021003 2002-10-03
Trustix 2002-0073 2002-10-17
SCO Group CSSA-2002-045.0 2002-11-14
Mandrake MDKSA-2002:082 2002-11-25
Mandrake MDKSA-2002:082-1 2002-12-09
Red Hat RHSA-2002:202-25 2003-01-21
OpenPKG OpenPKG-SA-2003.006 2003-01-23
Red Hat RHSA-2002:202-33 2003-02-12

Comments (none posted)

sendmail smrsh bypass vulnerability

Package(s):sendmail CVE #(s):CAN-2002-1165
Created:October 2, 2002 Updated:November 29, 2002
Description: iDEFENSE has posted an advisory warning of a couple of ways of bypassing the restrictions imposed by the sendmail "smrsh" utility. smrsh puts limits on which programs a user may run out of a .forward file; this vulnerability could give a local user undesired access to the mail server system. A patch has been made available from sendmail.org which closes the vulnerability.
Alerts:
Gentoo sendmail-20021013 2002-10-13
Conectiva CLA-2002:532 2002-10-16
SCO Group CSSA-2002-052.0 2002-11-21
Mandrake MDKSA-2002:083 2002-11-28

Comments (none posted)

Sharutils potential privilege escalation using uudecode

Package(s):sharutils CVE #(s):CAN-2002-0178
Created:May 21, 2002 Updated:October 30, 2002
Description: According to the CVE entry, "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands." (First LWN report: May 16).
Alerts:
Eridani ERISA-2002:014 2002-05-16
Red Hat RHSA-2002:065-13 2002-05-14
Yellow Dog YDU-20020522-4 2002-05-22
Mandrake MDKSA-2002:052 2002-08-14
SCO Group CSSA-2002-040.0 2002-10-28
Gentoo 200210-012 2002-10-30

Comments (none posted)

Multiple vulnerabilities fixed in Squid-2.4.STABLE7

Package(s):squid CVE #(s):
Created:July 8, 2002 Updated:November 15, 2002
Description: Here is the security advisory for the Squid proxy server reporting several vulnerabilities in versions up to and including 2.4.STABLE7. Several of the bugs are believed to allow remote code execution.

The security advisory lists the following changes:

  • Several bugfixes and cleanup of the Gopher client, both to correct some security issues and to make Squid properly render certain Gopher menus.
  • Security fixes in how Squid parses FTP directory listings into HTML
  • FTP data channels are now sanity checked to match the address of the requested FTP server. This to prevent theft or injection of data. See the new ftp_sanitycheck directive if this sanity check is not desired.
  • The MSNT auth helper has been updated to v2.0.3+fixes for buffer overflow security issues found in this helper.
  • A security issue in how Squid forwards proxy authentication credentials has been fixed
Alerts:
Conectiva CLA-2002:506 2002-07-05
SuSE SuSE-SA:2002:025 2002-07-09
Trustix 2002-0062 2002-07-15
Mandrake MDKSA-2002:044 2002-07-17
Eridani ERISA-2002:031 2002-07-26
SCO Group CSSA-2002-046.0 2002-11-14

Comments (none posted)

squirrelmail: cross-site scripting vulnerability

Package(s):squirrelmail CVE #(s):CAN-2002-1131 CAN-2002-1132
Created:October 16, 2002 Updated:January 2, 2003
Description: The Squirrelmail web mail package has a cross-site scriptinog vulnerability; versions 1.2.7 and prior are affected. See the advisory for details.
Alerts:
Red Hat RHSA-2002:204-10 2002-10-09
Debian DSA-191-1 2002-11-07
Debian DSA-191-2 2002-11-07
Gentoo 200212-4 2002-12-15
Debian DSA-220-1 2003-01-02

Comments (none posted)

syslog-ng: buffer overflow vulnerability

Package(s):syslog-ng CVE #(s):
Created:October 16, 2002 Updated:November 14, 2002
Description: Versions 1.4.15 and 1.5.20 (and prior) of the syslog-ng system logging package have a remotely exploitable buffer overflow vulnerability; see this advisory for the details.
Alerts:
Gentoo syslog-ng-20021012 2002-10-12
Debian DSA-175-1 2002-10-15
EnGarde ESA-20021016-025 2002-10-16
EnGarde ESA-20021029-028 2002-10-29
SuSE SuSE-SA:2002:039 2002-10-31
Conectiva CLA-2002:547 2002-11-14

Comments (none posted)

File overwrite vulnerability in tar and unzip

Package(s):tar unzip CVE #(s):CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399
Created:October 1, 2002 Updated:April 9, 2006
Description: The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability.
Alerts:
Red Hat RHSA-2002:096-24 2002-09-18
Gentoo tar-20021001 2002-10-01
Gentoo unzip-20021001 2002-10-01
EnGarde ESA-20021003-022 2002-10-03
Mandrake MDKSA-2002:065 2002-10-10
Mandrake MDKSA-2002:066 2002-10-10
Conectiva CLA-2002:538 2002-10-29
Red Hat RHSA-2006:0195-01 2006-02-21
Fedora-Legacy FLSA:183571-1 2006-04-04

Comments (1 posted)

Multiple vendor telnetd vulnerability

Package(s):telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 CVE #(s):
Created:May 21, 2002 Updated:October 5, 2004
Description: This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
Alerts:
SCO Group CSSA-2001-030.0 2001-08-10
Conectiva CLA-2001:413 2001-08-24
Debian DSA-075-1 2001-08-14
Debian DSA-075-2 2001-08-14
HP HPSBTL0202-023 2002-02-12
Mandrake MDKSA-2001:068 2001-08-13
Mandrake MDKSA-2001:093 2001-12-17
Progeny PROGENY-SA-2001-27 2001-08-14
Red Hat RHSA-2001:099-06 2001-08-09
Red Hat RHSA-2001:099-09 2002-02-07
Red Hat RHSA-2001:100-02 2001-08-09
Slackware sl-997726350 2001-08-09
SuSE SuSE-SA:2001:029 2001-09-03
Yellow Dog YDU-20010810-1 2001-08-10
Yellow Dog YDU-20010810-2 2001-08-10
Gentoo 200410-03 2004-10-05

Comments (none posted)

Tomcat 4.x JSP source code exposure vulnerability

Package(s):tomcat CVE #(s):
Created:September 25, 2002 Updated:January 29, 2003
Description: Rossen Raykov reports that Tomcat 4.0.5 and 4.1.12 fix a JSP source code exposure vulnerability in "Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also).". The current version of Tomcat is available here.

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process.
Alerts:
Gentoo tomcat-20020925 2002-09-25
Debian DSA-169-1 2002-10-04
Gentoo tomcat-20021015 2002-10-15
Debian DSA-225-1 2002-01-09
Debian DSA-246-1 2003-01-29

Comments (none posted)

Local root vulnerability in chfn

Package(s):util-linux CVE #(s):CAN-2002-0638
Created:July 29, 2002 Updated:October 30, 2002
Description: chfn (change finger information) is one of the utilities in the util-linux package. The BindView RAZOR Team has discovered a local root vulnerability in chfn which is described in the Bindview Advisory.

Under certain conditions, "a carefully crafted attack sequence can be performed to exploit a complex file locking and modification race present in this utility, and, as a result, alter /etc/passwd to escalate privileges in the system." The conditions include a password file, /etc/passwd, over 4 kilobytes and locating the attacker's account record in any but the last 4 kB chunk of the file.

CERT/CC Vulnerability Note VU#405955 util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Alerts:
Eridani ERISA-2002:032 2002-07-29
Red Hat RHSA-2002:132-14 2002-07-29
Trustix 2002-0064 2002-07-30
Yellow Dog YDU-20020801-4 2002-08-01
Mandrake MDKSA-2002:047 2002-08-08
Conectiva CLA-2002:523 2002-09-12
SCO Group CSSA-2002-043.0 2002-10-29

Comments (none posted)

webalizer: reverse DNS buffer overflow vulnerability

Package(s):webalizer CVE #(s):
Created:May 21, 2002 Updated:January 27, 2003
Description: The cause is a buffer overflow bug. This one sounds nasty. If reverse DNS lookups are enabled in webalizer, "an attacker with control over the victims DNS may spoof responses thus triggering a buffer overflow, potentially leading to a root compromise." Webalizer 2.01-10 "fixes this and a few other buglets that have been discovered in the last month or so". (First LWN report:  April 18th, 2002).
Alerts:
Conectiva CLA-2002:476 2002-04-26
EnGarde ESA-20020423-009 2002-04-23
SCO Group CSSA-2002-036.0 2002-10-22
Red Hat RHSA-2002:254-05 2002-12-04
Yellow Dog YDU-20030127-4 2003-01-27

Comments (none posted)

Webmin/Usermin vulnerabilities

Package(s):webmin CVE #(s):
Created:May 21, 2002 Updated:January 10, 2003
Description: Webmin is a web-based interface for system administration for Unix. Webmin has cross-site scripting and session ID spoofing vulnerabilities which are fixed in the May 6, 2002 release of version 0.970. (First LWN report: May 9).

This one is scary. The session ID spoofing vulnerability allows the "possibility that arbitrary commands may be executed with root privileges." Upgrading is strongly recommended. At a minimum avoid the "preconditions for a successful exploit" by disabling password timeouts under Webmin->Configuration->Authentication.

Alerts:
Mandrake MDKSA-2002:033 2002-05-21
Yellow Dog YDU-20020522-7 2002-05-22
SCO Group CSSA-2003-002.0 2003-01-09

Comments (1 posted)

Multiple vulnerabilities in wordtrans

Package(s):wordtrans CVE #(s):CAN-2002-0837
Created:September 11, 2002 Updated:February 4, 2003
Description: The "wordtrans" interface to multilingual dictionaries suffers from input validation and cross-site scripting vulnerabilities; versions through 1.1pre8 are vulnerable. See this Guardent advisory for details.
Alerts:
Red Hat RHSA-2002:188-08 2002-09-05

Comments (none posted)

Problems with libgtop_daemon

Package(s):wuftpd libgtop CVE #(s):
Created:May 21, 2002 Updated:May 7, 2003
Description: The libgtop_daemon package is a GNOME program which makes system information available remotely. LWN reported the remotely exploitable format string and buffer overflow vulnerabilities in that package on December 6th. On November 28th disabling the libgtop_daemon on systems where it is running until an update is available.

Many Linux systems do not run libgtop by default, but applying the update is a good idea anyway.