A toy and a promise from Nokia
Let it not be said that free software projects can't keep secrets: it would
seem that quite a few people in the GNOME community knew that Nokia was
working on a Linux-powered, GNOME-based gadget, but they sure didn't let
![[The 770]](/images/ns/nokia-770.jpg)
the rest of us in on the story. In any case, Nokia has now broken cover
and
announced
the (third-quarter) availability of the
Nokia 770 Internet
Tablet, a new toy with a great deal of promise. What seems even more
promising, however, is how Nokia is going about the development and
marketing of this device.
The 770 is a 230-gram device with an 800x480 color touchscreen display. It
has an ARM processor, 64MB of memory, 128MB of flash for storage and a slot
for a 64MB card, a wireless network interface, a Bluetooth interface, a USB
connector, and an audio output. Despite being a Nokia product, one thing
this device does not have is a cellular phone. It can access the
net via its wireless interface, or via a GPRS link over Bluetooth.
The software side includes a wide array of free software, starting with a
core Linux distribution (said to be Debian-based) and adding in GStreamer,
D-BUS, matchbox, GNOME, GTK+, Helix, and more. Interestingly, the 770 is
said to contain a version of Webcore with GTK grafted on, and the Opera
browser as well.
So far, this looks like just another Linux-powered gadget. Nokia has gone
beyond that, however, with its creation of maemo, a development environment for the
770 (and its successors). Maemo includes all the source and binary
packages needed to create applications for the 770; there is even an
apt repository. The development environment allows most
work to be done on an x86 system, which should speed the process
considerably - and help ensure that applications are available from the
first day that the 770 begins shipping.
Last week, LWN called for the creation of a
truly open media gadget which could be hacked on by its users. We were a
little surprised to get a response this quickly. The 770 is not exactly
the device we were looking for, but it is a big step in the right
direction. In particular, it does, indeed, appear to be a fully open
device with full support from its manufacturer for improvements by its
users. This openness, combined with (seemingly) nice hardware and rational
pricing, could lead to the formation of an enthusiastic developer and user
community for the 770. Expect to see a lot of these gadgets at Linux
conferences in the near future - starting with GUADEC, where Nokia is expected to have
a large delegation and some samples to give away.
Meanwhile, some observers have wondered how Nokia is able to square its
clear support for free software with its equally clear support for software
patents in Europe. Nokia has given a partial answer in the form of this
patent statement:
Nokia hereby commits not to assert any of its Patents (as defined
herein below) against any Linux Kernel (as defined herein below)
existing as of 25 May 2005. The aforesaid non-assertion shall
extend to any future Linux Kernel to the extent that Nokia does not
declare any new functionality embodied in such Linux Kernel to be
outside the scope of this Patent Statement.
This "non-assertion" pledge does not apply, however, to anybody who is
pushing patent claims against the kernel, meaning that Nokia is leaving
open the possibility of using its patents to defend the kernel against an
attack from elsewhere. The patent grant falls far short of what the
community would like: it applies only to the kernel, and, for future
kernels, it only applies as long as Nokia feels like letting it apply. The
wording of the statement would seem, even, to exclude most distributor
kernels.
But, as an overt recognition of the problem and a partial grant, it is at
least a step in the right direction.
Comments (27 posted)
Dispatches from the software patent front
The software patent battle in Europe is heating up again as the July 6
vote in the European Parliament approaches. There will be
a demonstration in Brussels (and elsewhere) on
June 2 as a way of pressuring the parliament on this issue. The day
before that, the FFII and others will be hosting
a conference on patent policy making, again in
Brussels.
Meanwhile, here's a
Reuters article on the debate. "However, companies such as
Microsoft and Apple Computer argue that they need broader patent protection
to prevent open-source companies, which give away their software and make
money through service, from effectively expropriating their development
costs."
Comments (5 posted)
The launch of EnterpriseDB
The EnterpriseDB Corporation announced the public beta
release of its EnterpriseDB 2005 on May 23. The company has been in "stealth mode"
for some time, and is just now coming out to launch the EnterpriseDB
product.
EnterpriseDB is based on PostgreSQL 8.0.3, with modifications
to make it more compatible with Oracle. The company's press release touts
EnterpriseDB's open source roots, so we decided to get in touch with the
company and find out what differentiates EnterpriseDB from PostgreSQL, what
terms it is offered under and how EnterpriseDB works with the PostgreSQL
project.
In particular, we talked to the company's CEO Andy Astor. We also talked
with PostgreSQL team member Josh Berkus about EnterpriseDB's involvement
with the PostgreSQL project and the effect of increasing corporate
attention on PostgreSQL in general.
What does EnterpriseDB add to PostgreSQL to make it interesting? Compatibility with
enterprise databases, specifically Oracle, and a GUI Studio application.
The exact license for EnterpriseDB has yet to be determined. Note that the
PostgreSQL project uses the BSD license and does not
require that distributors make changes available. Astor confirmed that,
despite the company's press release focusing on open source, EnterpriseDB
itself will not be available under a license that would be OSI compatible.
Pricing is also up in the air. Astor couldn't give us specific pricing, but
said that it would be "in the single thousand dollars" for a
license. He did say that it would be free to download for testing,
development and "low-volume usage" but that when used in
"large-scale" environments that it would require a license
from EnterpriseDB.
Astor told us that the company plans to contribute "everything we're
building, after a fair amount of time... back to the open source
community." Astor said that it's his belief that some development is
best left to the open source community, in situations where there is
"huge demand" and that "some things are best left to
commercial interests." He also said that he expected that PostgreSQL
would not adopt everything that the EnterpriseDB team offered. "I
guarantee that the PostgreSQL community will not want to own all of what
we've done." He did say that the final EnterpriseDB license would
guarantee that users wouldn't be stranded if the company failed. "If
the product we're selling is not supported by a commercial organization, it
will be contributed to the community. That will be in every license that we
sell."
The EnterpriseDB application will be available in binary-only form, and
Astor said it would support "every 32-bit and 64-bit Intel-style
platform." Right now, downloads are available
for Fedora Core 3, SUSE Linux Enterprise Server 9, SUSE Linux Professional
9.2, Red Hat Enterprise Linux 4.0 and Microsoft Windows. Astor said that it
would probably be available on Solaris, Mac OS X and other platforms
"on customer demand." The EnterpriseDB site does require
registration before download,
Since one of EnterpriseDB's selling points is Oracle compatibility, we
asked Astor if it was fully Oracle compatible. Astor said that EnterpriseDB
is not fully compatible, but "a large number of Oracle apps will run
on us now, and that will increase as time goes by... not every aspect is
supported, and we're looking for customer feedback." He declined to
name specific applications written to use Oracle that were EnterpriseDB
compatible, but said that "a lot of things we've been testing with
run."
Some are concerned
that this may be a dreaded fork of
the PostgreSQL project. We asked Astor about compatibility with PostgreSQL
going forward. Astor pointed out that the EnterpriseDB beta release was
based on the current PostgreSQL release (8.0.3), and that EnterpriseDB is
"fully compatible" with PostgreSQL. He also noted that the
company was adept at keeping in sync with the PostgreSQL tree, and that the
company intends to maintain compatibility with PostgreSQL going forward. In
addition, he said that EnterpriseDB would offer support for PostgreSQL
itself "in the near future."
We were curious how active EnterpriseDB had been with the PostgreSQL
project so far. EnterpriseDB Co-founder and Chief Architect, Denis Lussier,
is a member of three projects on the PgFoundry website. At this
time, however, none of the projects are showing any real activity.
Berkus said that EnterpriseDB had contacted him and other members of the
PostgreSQL community. He said that he had "every reason to
believe" that EnterpriseDB would be following through on the
projects on PgFoundry, and that the company intends to contribute to
PostgreSQL in general. "I think it's likely they will keep some
things to themselves, where their money first end up coming from."
He also noted that he had talked to Astor about contributions, though
nothing concrete in terms of what would be contributed, or under what
licensing terms.
We also asked Berkus about corporate attention in general, and how that was
affecting the project overall. He said that companies were bringing
programmers and resources to PostgreSQL, and noted he was now working for
Greenplum. "They're basically
allowing me to work on postgresql almost full-time which is nice.."
Along with the benefits, come some side effects as well. Berkus said that
it requires more effort, citing the IBM patent problem as one of the
side-effects. "If we didn't have 8 or 9 contributing companies using
Postgres... we could have blown that off, no way IBM would have attacked
us." However, companies that use PostgreSQL in their products did
not have the luxury, requiring the project to spend time rewriting code to
avoid patent encumbrances.
We also asked Astor about patents, and where EnterpriseDB stood on the
software patent issue. Astor said that the company is "fundamentally
against [software] patents" and that he doesn't think they make
sense. However, he also said that "in today's world, it makes no
sense to swear that you'll never get one" and that the company may
acquire "defensive" patents. "We would only have
defensive plans for them, if we were to secure them for ourselves."
Since EnterpriseDB is touting the open source aspects of EnterpriseDB so
heavily, it will be interesting to see how the company interacts with the
PostgreSQL project over the long term. Given the terms of its license, it
will probably not catch on as widely as PostgreSQL itself, but it may serve
the needs of companies who are looking to get away from higher-priced
packages like Oracle.
Comments (3 posted)
Page editor: Jonathan Corbet
Security
Trackerless torrents
The BitTorrent file sharing system is in the news this week for a couple of
reasons. The first of those is that BitTorrent has announced a beta with
"Trackerless"
publishing, which allows users to share files without maintaining a
centralized tracker. The protocol is also in the news, predictably, due to
the release of "Star Wars III: Revenge of the Sith." The Motion Picture
Association of America (MPAA) has used the publicity around the movie to
launch
another
attack on BitTorrent. Predictably, "Sith" did end up being available
via BitTorrent, and 20th Century FOX is already issuing
takedown
notices to ISPs.
The trackerless technology is also getting attention as a tool
to share illegal content, with no mention of the legitimate uses of
BitTorrent.
Given the coverage of "trackerless" BitTorrents so far, some might think
that offering a "trackerless" BitTorrent would prevent detection by
companies like BayTSP. However,
"trackerless" is a far cry from anonymous. While a tracker site presents an
obvious target for entertainment industry lawyers, there's nothing about
so-called trackerless publishing that prevents detection.
As one might have surmised already, trackerless is actually a misnomer. In
fact, as the BitTorrent press release acknowledges, it's actually a
"lightweight tracker." To share a "trackerless" file, a user
generates a .torrent file in much the same way that one would generate a
normal .torrent tracker. This file still need to be published via a website
and public Internet connection. As the BitTorrent page says, "Anyone
with a website and an Internet connection can host a BitTorrent
download!"
Individuals who share files using trackerless BitTorrent may have a better
chance of flying under the radar, and once a file has been shared by the
original owner there's no need for that user to maintain their tracker, but
it's not anonymity.
BitTorrent isn't the first to offer trackerless support. The Azureus project, for example,
also offers an "embedded tracker" that
allows users to share torrents directly. However, the two technologies seem
to be incompatible at the moment.
The trackerless system is more convenient for users who are looking to
share content legally. Once a user has seeded the network with a file,
there's no need for that user to continue hosting their tracker, though
this also makes the trackerless system less reliable than having a
centralized tracker.
It should also be noted that users should think twice before sharing
movies, music or other content illegally. The entertainment industry has
traditionally gone after uploaders only, but BitTorrent users who share
files are uploaders
as well as downloaders.
While LWN would not encourage sharing copyrighted material illegally, there
are alternatives for users who want to remain anonymous for other
reasons. For example, the Electronic Frontier Foundation has sponsored
development of an anonymous system called Tor, which can be used for browsing,
publishing, SSH and BitTorrent. We'll be looking at Tor on this page
within the next couple of weeks.
Comments (1 posted)
New vulnerabilities
cdrdao: local root vulnerability
| Package(s): | cdrdao |
CVE #(s): | CAN-2002-0137
CAN-2002-0138
|
| Created: | May 19, 2005 |
Updated: | May 25, 2005 |
| Description: |
The cdrdao CD burning utility has two vulnerabilities.
Local users can use the show-data command to read arbitrary files,
and local users can overwrite arbitrary files via a symlink attack on
the ~/.cdrdao config file. This can be exploited to gain root
privileges. |
| Alerts: |
|
Comments (none posted)
cheetah: untrusted module search path
| Package(s): | cheetah |
CVE #(s): | |
| Created: | May 19, 2005 |
Updated: | May 25, 2005 |
| Description: |
Cheetah, a Python template engine and code generator,
has a vulnerability in the module importing code that can
be used by a local user to gain escalated privileges. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
Net-SNMP: fixproc insecure temporary file creation
| Package(s): | net-snmp |
CVE #(s): | CAN-2005-1740
|
| Created: | May 23, 2005 |
Updated: | July 13, 2005 |
| Description: |
The fixproc application of Net-SNMP creates temporary files with
predictable filenames. |
| Alerts: |
|
Comments (1 posted)
OpenSSL: information leak
| Package(s): | openssl |
CVE #(s): | CAN-2005-0109
|
| Created: | May 23, 2005 |
Updated: | October 11, 2005 |
| Description: |
Hyper-Threading technology, as used in FreeBSD other operating systems and
implemented on Intel Pentium and other processors, allows local users to
use a malicious thread to create covert channels, monitor the execution of
other threads, and obtain sensitive information such as cryptographic keys,
via a timing attack on memory cache misses. See this LWN article for more information. |
| Alerts: |
|
Comments (none posted)
pam: local vulnerability
| Package(s): | pam |
CVE #(s): | CAN-2003-0388
|
| Created: | May 19, 2005 |
Updated: | May 25, 2005 |
| Description: |
The pam_wheel module has a vulnerability involving the proper
manipulation of the /var/log/lastlog entry for users with high
UID numbers. Local users can use this to spoof the getlogin() username
and obtain root privileges. |
| Alerts: |
|
Comments (none posted)
ppxp: missing privilege release
| Package(s): | ppxp |
CVE #(s): | CAN-2005-0392
|
| Created: | May 19, 2005 |
Updated: | July 5, 2005 |
| Description: |
The ppxp PPP program has a log file vulnerability that can
allow the root privileges used by the software to remain active,
enabling the opening of a root shell by a local user. |
| Alerts: |
|
Comments (none posted)
Qpopper: multiple vulnerabilities
| Package(s): | qpopper |
CVE #(s): | CAN-2005-1151
CAN-2005-1152
|
| Created: | May 23, 2005 |
Updated: | May 26, 2005 |
| Description: |
Jens Steube discovered that Qpopper doesn't drop privileges to process
local files from normal users (CAN-2005-1151). The upstream developers
discovered that Qpopper can be forced to create group or world
writeable files (CAN-2005-1152). |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
cpio - file permissions error
| Package(s): | cpio |
CVE #(s): | CAN-1999-1572
|
| Created: | February 2, 2005 |
Updated: | July 19, 2005 |
| Description: |
Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions. |
| Alerts: |
|
Comments (none posted)
cURL: buffer overflow
| Package(s): | curl |
CVE #(s): | CAN-2005-0490
|
| Created: | February 28, 2005 |
Updated: | July 19, 2005 |
| Description: |
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and
possibly other versions, allow remote malicious web servers to execute
arbitrary code via base64 encoded replies that exceed the intended buffer
lengths when decoded. |
| Alerts: |
|
Comments (none posted)
cvs: multiple vulnerabilities
| Package(s): | cvs |
CVE #(s): | CAN-2005-0753
|
| Created: | April 18, 2005 |
Updated: | July 13, 2005 |
| Description: |
CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error.
These can be used to launch a remote denial of service or to remotely
execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dhcp: format string vulnerability
| Package(s): | dhcp |
CVE #(s): | CAN-2004-1006
|
| Created: | November 4, 2004 |
Updated: | July 13, 2005 |
| Description: |
Dhcp has a format string vulnerability in the log functions of dhcp 2.x
that may be exploited via a malicious DNS server. |
| Alerts: |
|
Comments (none posted)
Dnsmasq: poisoning and DoS
| Package(s): | dnsmasq |
CVE #(s): | |
| Created: | April 4, 2005 |
Updated: | July 21, 2005 |
| Description: |
Dnsmasq does not properly detect that DNS replies received do not
correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux
Security Audit team also discovered two off-by-one buffer overflows that
could crash DHCP lease files parsing. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
Ethereal: numerous vulnerabilities
Comments (none posted)
evolution: arbitrary code execution
| Package(s): | evolution |
CVE #(s): | CAN-2005-0102
|
| Created: | January 24, 2005 |
Updated: | May 19, 2005 |
| Description: |
Max Vozeler discovered an integer overflow in camel-lock-helper. A
user-supplied length value was not validated, so that a value of -1
caused a buffer allocation of 0 bytes; this buffer was then filled by
an arbitrary amount of user-supplied data. A local attacker or a malicious
POP3 server could exploit this to execute arbitrary code with root
privileges (because camel-lock-helper is installed as setuid root). |
| Alerts: |
|
Comments (1 posted)
evolution: message crash vulnerability
| Package(s): | evolution |
CVE #(s): | CAN-2005-0806
|
| Created: | March 17, 2005 |
Updated: | August 11, 2005 |
| Description: |
The Evolution mail client can be crashed when reading
certain types of messages. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
Comments (2 posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
FreeRADIUS: buffer overflow and SQL injection
| Package(s): | freeradius |
CVE #(s): | CAN-2005-1454
CAN-2005-1455
|
| Created: | May 17, 2005 |
Updated: | June 23, 2005 |
| Description: |
Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS
1.0.2 and earlier may be vulnerable to a buffer overflow. He also
discovered that FreeRADIUS fails to sanitize user-input before using it in
a SQL query, possibly allowing SQL command injection. |
| Alerts: |
|
Comments (1 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
gftp: missing input sanitizing
| Package(s): | gftp |
CVE #(s): | CAN-2005-0372
CAN-2004-1376
|
| Created: | February 17, 2005 |
Updated: | July 13, 2005 |
| Description: |
gftp has a directory traversal vulnerability.
A remote server could use specially crafted filenames to overwrite
local files.
|
| Alerts: |
|
Comments (none posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: Information leak with LD_DEBUG
| Package(s): | glibc |
CVE #(s): | CAN-2004-1453
|
| Created: | August 17, 2004 |
Updated: | May 26, 2005 |
| Description: |
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidential information.
An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precedence over those
symbols to gain information or perform further exploitation. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnupg: information leak
| Package(s): | gnupg |
CVE #(s): | CAN-2005-0366
|
| Created: | March 16, 2005 |
Updated: | August 19, 2005 |
| Description: |
GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see." |
| Alerts: |
|
Comments (none posted)
GnuTLS: Denial of Service vulnerability
| Package(s): | gnutls |
CVE #(s): | CAN-2005-1431
|
| Created: | May 9, 2005 |
Updated: | June 1, 2005 |
| Description: |
GnuTLS 1.2.3 and 1.0.25 have been
released, fixing a denial of service problem. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | September 16, 2005 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gzip: race condition and directory traversal
| Package(s): | gzip |
CVE #(s): | CAN-2005-0988
CAN-2005-1228
|
| Created: | May 4, 2005 |
Updated: | July 13, 2005 |
| Description: |
gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
|
| Alerts: |
|
Comments (none posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
ImageMagick: heap corruption
| Package(s): | ImageMagick |
CVE #(s): | CAN-2005-1275
|
| Created: | April 28, 2005 |
Updated: | May 25, 2005 |
| Description: |
ImageMagick 6.2.1 and earlier has a heap corruption problem
in the pnm coder. |
| Alerts: |
|
Comments (1 posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
infozip: privilege escalation, directory-traversal
| Package(s): | infozip |
CVE #(s): | CAN-2003-0282
CAN-2004-1010
CAN-2005-0602
|
| Created: | May 2, 2005 |
Updated: | August 1, 2005 |
| Description: |
InfoZip reports that Zip 2.3 and
(presumably) all previous versions have a buffer-overrun vulnerability
relating to deep directory paths that could potentially lead to local
privilege escalation (e.g., in the case of automated, Zip-based backups).
All versions of UnZip through 5.50 have a number of directory-traversal
vulnerabilities. |
| Alerts: |
|
Comments (1 posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdelibs: unsanitzied input
| Package(s): | kdelibs |
CVE #(s): | CAN-2004-1165
|
| Created: | January 10, 2005 |
Updated: | July 19, 2005 |
| Description: |
Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2005-0400
CAN-2005-0749
CAN-2005-0750
CAN-2005-0815
CAN-2005-0839
|
| Created: | April 1, 2005 |
Updated: | July 1, 2005 |
| Description: |
More kernel vulnerabilities have been discovered including:
- Mathieu Lafon discovered
an information leak in the ext2 file system driver. (CAN-2005-0400)
- Yichen Xie discovered a Denial of Service vulnerability in the ELF
loader. (CAN-2005-0749)
- Ilja van Sprundel discovered that the bluez_sock_create() function
did not check its "protocol" argument for negative values.
(CAN-2005-0750)
- Michal Zalewski discovered that the iso9660 file system driver fails
to check ranges properly in several cases. (CAN-2005-0815)
- Previous kernels did not restrict the use of the N_MOUSE line
discipline in the serial driver. (CAN-2005-0839)
|
| Alerts: |
|
Comments (1 posted)
kernel: ELF loader core dump vulnerability
| Package(s): | kernel |
CVE #(s): | CAN-2005-1263
|
| Created: | May 11, 2005 |
Updated: | August 25, 2005 |
| Description: |
Paul Starzetz has posted an
advisory for yet another kernel vulnerability.
In this case, by using a specially manipulated ELF binary, a local attacker
can compromise the system (via the core dump code) and obtain root access.
This vulnerability affects all kernels from 2.2 through 2.6.12-rc4. |
| Alerts: |
|
Comments (none posted)
kernel: extended attribute denial of service
| Package(s): | kernel |
CVE #(s): | CAN-2005-0757
|
| Created: | May 18, 2005 |
Updated: | May 18, 2005 |
| Description: |
The extended attribute code (at least as backported by Red Hat into the 2.4 kernel) suffers from an offset handling error which can be exploited to cause a system crash. |
| Alerts: |
|
Comments (1 posted)
kernel: multiple vulnerabilities
Comments (none posted)
kimgio input validation errors
| Package(s): | kimgio |
CVE #(s): | CAN-2005-1046
|
| Created: | April 22, 2005 |
Updated: | July 19, 2005 |
| Description: |
KDE has issued a security advisory for
kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including
KDE 3.4. kimgio contains a PCX image file format reader that does not
properly perform input validation. A source code audit performed by the KDE
security team discovered several vulnerabilities in the PCX and other image
file format readers, some of them exploitable to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
Kommander untrusted code execution
| Package(s): | kommander |
CVE #(s): | CAN-2005-0754
|
| Created: | April 22, 2005 |
Updated: | May 20, 2005 |
| Description: |
KDE has issued a security advisory for
Kommander. Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0 are
vulnerable. Kommander executes without user confirmation data files from
possibly untrusted locations. As they contain scripts, the user might
accidentally run arbitrary code. |
| Alerts: |
|
Comments (none posted)
libdbi-perl: insecure temporary file
