LWN.net Logo

Security

Trackerless torrents

May 25, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

The BitTorrent file sharing system is in the news this week for a couple of reasons. The first of those is that BitTorrent has announced a beta with "Trackerless" publishing, which allows users to share files without maintaining a centralized tracker. The protocol is also in the news, predictably, due to the release of "Star Wars III: Revenge of the Sith." The Motion Picture Association of America (MPAA) has used the publicity around the movie to launch another attack on BitTorrent. Predictably, "Sith" did end up being available via BitTorrent, and 20th Century FOX is already issuing takedown notices to ISPs.

The trackerless technology is also getting attention as a tool to share illegal content, with no mention of the legitimate uses of BitTorrent. Given the coverage of "trackerless" BitTorrents so far, some might think that offering a "trackerless" BitTorrent would prevent detection by companies like BayTSP. However, "trackerless" is a far cry from anonymous. While a tracker site presents an obvious target for entertainment industry lawyers, there's nothing about so-called trackerless publishing that prevents detection.

As one might have surmised already, trackerless is actually a misnomer. In fact, as the BitTorrent press release acknowledges, it's actually a "lightweight tracker." To share a "trackerless" file, a user generates a .torrent file in much the same way that one would generate a normal .torrent tracker. This file still need to be published via a website and public Internet connection. As the BitTorrent page says, "Anyone with a website and an Internet connection can host a BitTorrent download!" Individuals who share files using trackerless BitTorrent may have a better chance of flying under the radar, and once a file has been shared by the original owner there's no need for that user to maintain their tracker, but it's not anonymity.

BitTorrent isn't the first to offer trackerless support. The Azureus project, for example, also offers an "embedded tracker" that allows users to share torrents directly. However, the two technologies seem to be incompatible at the moment.

The trackerless system is more convenient for users who are looking to share content legally. Once a user has seeded the network with a file, there's no need for that user to continue hosting their tracker, though this also makes the trackerless system less reliable than having a centralized tracker.

It should also be noted that users should think twice before sharing movies, music or other content illegally. The entertainment industry has traditionally gone after uploaders only, but BitTorrent users who share files are uploaders as well as downloaders.

While LWN would not encourage sharing copyrighted material illegally, there are alternatives for users who want to remain anonymous for other reasons. For example, the Electronic Frontier Foundation has sponsored development of an anonymous system called Tor, which can be used for browsing, publishing, SSH and BitTorrent. We'll be looking at Tor on this page within the next couple of weeks.

Comments (1 posted)

New vulnerabilities

cdrdao: local root vulnerability

Package(s):cdrdao CVE #(s):CAN-2002-0137 CAN-2002-0138
Created:May 19, 2005 Updated:May 25, 2005
Description: The cdrdao CD burning utility has two vulnerabilities. Local users can use the show-data command to read arbitrary files, and local users can overwrite arbitrary files via a symlink attack on the ~/.cdrdao config file. This can be exploited to gain root privileges.
Alerts:
Mandriva MDKSA-2005:089 2005-05-18

Comments (none posted)

cheetah: untrusted module search path

Package(s):cheetah CVE #(s):
Created:May 19, 2005 Updated:May 25, 2005
Description: Cheetah, a Python template engine and code generator, has a vulnerability in the module importing code that can be used by a local user to gain escalated privileges.
Alerts:
Gentoo 200505-14 2005-05-19

Comments (none posted)

gdb: multiple vulnerabilities

Package(s):gdb CVE #(s):CAN-2005-1704 CAN-2005-1705
Created:May 20, 2005 Updated:August 11, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
Alerts:
Red Hat RHSA-2006:0354-01 2006-08-10
Red Hat RHSA-2006:0368-01 2006-07-20
Mandriva MDKSA-2005:215 2005-11-23
Fedora FEDORA-2005-1033 2005-10-27
Fedora FEDORA-2005-1032 2005-10-27
Red Hat RHSA-2005:801-01 2005-10-18
Red Hat RHSA-2005:763-01 2005-10-11
Red Hat RHSA-2005:709-01 2005-10-05
Red Hat RHSA-2005:673-01 2005-10-05
Red Hat RHSA-2005:659-01 2005-09-28
Fedora FEDORA-2005-498 2005-06-29
Fedora FEDORA-2005-497 2005-06-29
Gentoo 200506-01 2005-06-01
Trustix TSLSA-2005-0025 2005-05-31
Mandriva MDKSA-2005:095 2005-05-30
Ubuntu USN-136-2 2005-05-27
Ubuntu USN-136-1 2005-05-27
Ubuntu USN-135-1 2005-05-27
Gentoo 200505-15 2005-05-20

Comments (5 posted)

libconvert-uulib-perl: arbitrary code execution

Package(s):libconvert-uulib-perl CVE #(s):CAN-2005-1349
Created:May 20, 2005 Updated:January 27, 2006
Description: Mark Martinec and Robert Lewis discovered a buffer overflow in Convert::UUlib (before 1.051), a Perl interface to the uulib library, which may result in the execution of arbitrary code.
Alerts:
Mandriva MDKSA-2006:022 2006-01-26
Debian DSA-727-1 2005-05-20

Comments (1 posted)

Net-SNMP: fixproc insecure temporary file creation

Package(s):net-snmp CVE #(s):CAN-2005-1740
Created:May 23, 2005 Updated:July 13, 2005
Description: The fixproc application of Net-SNMP creates temporary files with predictable filenames.
Alerts:
Fedora FEDORA-2005-561 2005-07-13
Fedora FEDORA-2005-562 2005-07-13
Gentoo 200505-18 2005-05-23

Comments (1 posted)

OpenSSL: information leak

Package(s):openssl CVE #(s):CAN-2005-0109
Created:May 23, 2005 Updated:October 11, 2005
Description: Hyper-Threading technology, as used in FreeBSD other operating systems and implemented on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. See this LWN article for more information.
Alerts:
Trustix TSLSA-2005-0028 2005-06-13
Mandriva MDKSA-2005:096 2005-06-06
Red Hat RHSA-2005:476-01 2005-06-01
Fedora FEDORA-2005-390 2005-05-23
Fedora FEDORA-2005-389 2005-05-23

Comments (none posted)

pam: local vulnerability

Package(s):pam CVE #(s):CAN-2003-0388
Created:May 19, 2005 Updated:May 25, 2005
Description: The pam_wheel module has a vulnerability involving the proper manipulation of the /var/log/lastlog entry for users with high UID numbers. Local users can use this to spoof the getlogin() username and obtain root privileges.
Alerts:
Fedora-Legacy FLSA:152771 2005-05-18

Comments (none posted)

ppxp: missing privilege release

Package(s):ppxp CVE #(s):CAN-2005-0392
Created:May 19, 2005 Updated:July 5, 2005
Description: The ppxp PPP program has a log file vulnerability that can allow the root privileges used by the software to remain active, enabling the opening of a root shell by a local user.
Alerts:
Debian DSA-725-2 2005-07-04
Debian DSA-725-1 2005-05-19

Comments (none posted)

Qpopper: multiple vulnerabilities

Package(s):qpopper CVE #(s):CAN-2005-1151 CAN-2005-1152
Created:May 23, 2005 Updated:May 26, 2005
Description: Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users (CAN-2005-1151). The upstream developers discovered that Qpopper can be forced to create group or world writeable files (CAN-2005-1152).
Alerts:
Debian DSA-728-2 2005-05-26
Debian DSA-728-1 2005-05-25
Gentoo 200505-17 2005-05-23

Comments (none posted)

Updated vulnerabilities

a2ps: input validation error

Package(s):a2ps CVE #(s):CAN-2004-1170 CAN-2004-1377
Created:November 26, 2004 Updated:December 19, 2005
Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus.
Alerts:
Fedora-Legacy FLSA:152870 2005-12-17
Mandriva MDKSA-2005:097 2005-06-07
OpenPKG OpenPKG-SA-2005.003 2005-01-17
Gentoo 200501-02 2005-01-04
Debian DSA-612-1 2004-12-20
Mandrake MDKSA-2004:140 2004-11-25

Comments (none posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

cpio - file permissions error

Package(s):cpio CVE #(s):CAN-1999-1572
Created:February 2, 2005 Updated:July 19, 2005
Description: Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions.
Alerts:
Fedora-Legacy FLSA:152891 2005-07-15
Red Hat RHSA-2005:080-01 2005-02-18
Red Hat RHSA-2005:073-01 2005-02-15
Mandrake MDKSA-2005:032-1 2005-02-11
Mandrake MDKSA-2005:032 2005-02-10
Ubuntu USN-75-1 2005-02-04
Debian DSA-664-1 2005-02-02

Comments (none posted)

cURL: buffer overflow

Package(s):curl CVE #(s):CAN-2005-0490
Created:February 28, 2005 Updated:July 19, 2005
Description: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded.
Alerts:
Fedora-Legacy FLSA:152917 2005-07-15
Fedora FEDORA-2005-325 2005-04-20
Red Hat RHSA-2005:340-01 2005-04-05
Conectiva CLA-2005:940 2005-03-21
Gentoo 200503-20 2005-03-16
Mandrake MDKSA-2005:048 2005-03-04
SuSE SUSE-SA:2005:011 2005-02-28
Ubuntu USN-86-1 2005-02-28

Comments (none posted)

cvs: multiple vulnerabilities

Package(s):cvs CVE #(s):CAN-2005-0753
Created:April 18, 2005 Updated:July 13, 2005
Description: CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error. These can be used to launch a remote denial of service or to remotely execute arbitrary code.
Alerts:
Debian DSA-742-1 2005-07-07
Fedora-Legacy FLSA:155508 2005-05-12
Ubuntu USN-117-1 2005-05-04
Red Hat RHSA-2005:387-01 2005-04-25
Gentoo 200504-16:02 2005-04-18
Slackware SSA:2005-111-01 2005-04-22
Trustix TSLSA-2005-0013 2005-04-20
Mandriva MDKSA-2005:073 2005-04-20
Fedora FEDORA-2005-330 2005-04-20
Gentoo 200504-16 2005-04-18
SuSE SUSE-SA:2005:024 2005-04-18

Comments (none posted)

cyrus-imapd: buffer overflows

Package(s):cyrus-imapd CVE #(s):CAN-2005-0546
Created:February 23, 2005 Updated:April 9, 2006
Description: Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system.
Alerts:
Fedora-Legacy FLSA:156290 2006-04-04
Red Hat RHSA-2005:408-01 2005-05-17
Fedora FEDORA-2005-339 2005-04-27
OpenPKG OpenPKG-SA-2005.005 2005-04-05
Conectiva CLA-2005:937 2005-03-17
Mandrake MDKSA-2005:051 2005-03-04
Ubuntu USN-87-1 2005-02-28
SuSE SUSE-SA:2005:009 2005-02-24
Gentoo 200502-29 2005-02-23

Comments (none posted)

dhcp: format string vulnerability

Package(s):dhcp CVE #(s):CAN-2004-1006
Created:November 4, 2004 Updated:July 13, 2005
Description: Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server.
Alerts:
Fedora-Legacy FLSA:152835 2005-07-10
Red Hat RHSA-2005:212-01 2005-04-12
Debian DSA-584-1 2004-11-04

Comments (none posted)

Dnsmasq: poisoning and DoS

Package(s):dnsmasq CVE #(s):
Created:April 4, 2005 Updated:July 21, 2005
Description: Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one buffer overflows that could crash DHCP lease files parsing.
Alerts:
Slackware SSA:2005-201-01 2005-07-21
Gentoo 200504-03 2005-04-04

Comments (none posted)

emacs21: format string vulnerability in "movemail"

Package(s):emacs21 CVE #(s):CAN-2005-0100
Created:February 7, 2005 Updated:May 15, 2006
Description: Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the "mail" group.
Alerts:
Fedora-Legacy FLSA:152898 2006-05-12
Debian DSA-685-1 2005-02-17
Mandrake MDKSA-2005:038 2005-02-15
Gentoo 200502-20 2005-02-15
Fedora FEDORA-2005-146 2005-02-14
Fedora FEDORA-2005-145 2005-02-14
Red Hat RHSA-2005:133-01 2005-02-15
Red Hat RHSA-2005:110-01 2005-02-15
Red Hat RHSA-2005:134-01 2005-02-10
Red Hat RHSA-2005:112-01 2005-02-10
Fedora FEDORA-2005-116 2005-02-08
Fedora FEDORA-2005-115 2005-02-08
Debian DSA-671-1 2005-02-08
Debian DSA-670-1 2005-02-08
Ubuntu USN-76-1 2005-02-07

Comments (none posted)

enscript: arbitrary code execution

Package(s):enscript CVE #(s):CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Created:January 21, 2005 Updated:May 27, 2006
Description: Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash.
Alerts:
rPath rPSA-2006-0083-1 2006-05-26
Fedora-Legacy FLSA:152892 2005-12-17
Red Hat RHSA-2005:040-01 2005-02-15
Mandrake MDKSA-2005:033 2005-02-10
Gentoo 200502-03 2005-02-02
Red Hat RHSA-2005:039-01 2005-02-01
Fedora FEDORA-2005-096 2005-01-31
Fedora FEDORA-2005-092 2005-01-28
Fedora FEDORA-2005-091 2005-01-28
Fedora FEDORA-2005-016 2005-01-26
Fedora FEDORA-2005-015 2005-01-26
Ubuntu USN-68-1 2005-01-24
Debian DSA-654-1 2005-01-21

Comments (none posted)

Ethereal: numerous vulnerabilities

Package(s):ethereal CVE #(s):CAN-2005-1456 CAN-2005-1457 CAN-2005-1458 CAN-2005-1459 CAN-2005-1460 CAN-2005-1461 CAN-2005-1462 CAN-2005-1463 CAN-2005-1464 CAN-2005-1465 CAN-2005-1466 CAN-2005-1467 CAN-2005-1468 CAN-2005-1469 CAN-2005-1470
Created:May 6, 2005 Updated:June 7, 2005
Description: There are numerous vulnerabilities in versions of Ethereal versions 0.8.14 to 0.10.10 according to this advisory.
Alerts:
SuSE SUSE-SR:2005:014 2005-06-07
Red Hat RHSA-2005:427-01 2005-05-24
Mandriva MDKSA-2005:083 2005-05-10
Gentoo 200505-03 2005-05-06

Comments (none posted)

evolution: arbitrary code execution

Package(s):evolution CVE #(s):CAN-2005-0102
Created:January 24, 2005 Updated:May 19, 2005
Description: Max Vozeler discovered an integer overflow in camel-lock-helper. A user-supplied length value was not validated, so that a value of -1 caused a buffer allocation of 0 bytes; this buffer was then filled by an arbitrary amount of user-supplied data. A local attacker or a malicious POP3 server could exploit this to execute arbitrary code with root privileges (because camel-lock-helper is installed as setuid root).
Alerts:
Red Hat RHSA-2005:238-01 2005-05-19
Conectiva CLA-2005:925 2005-02-16
Debian DSA-673-1 2005-02-10
Mandrake MDKSA-2005:024 2005-01-27
Gentoo 200501-35 2005-01-24
Ubuntu USN-69-1 2005-01-24

Comments (1 posted)

evolution: message crash vulnerability

Package(s):evolution CVE #(s):CAN-2005-0806
Created:March 17, 2005 Updated:August 11, 2005
Description: The Evolution mail client can be crashed when reading certain types of messages.
Alerts:
Ubuntu USN-166-1 2005-08-11
Red Hat RHSA-2005:397-01 2005-05-04
Conectiva CLA-2005:950 2005-04-27
Fedora FEDORA-2005-338 2005-04-22
Mandrake MDKSA-2005:059 2005-03-16

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1158 CAN-2005-1160 CAN-2005-1159
Created:May 11, 2005 Updated:May 26, 2005
Description: The Firefox browser (and Mozilla as well) suffers from several vulnerabilities which can be exploited by a remote attacker to execute arbitrary code. See this advisory for a discussion of the worst two. Upgrading to version 1.0.4 will fix the problems.
Alerts:
Ubuntu USN-134-1 2005-05-26
Mandriva MDKSA-2005:088 2005-05-13
Ubuntu USN-124-2 2005-05-12
Ubuntu USN-124-1 2005-05-11

Comments (2 posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

FreeRADIUS: buffer overflow and SQL injection

Package(s):freeradius CVE #(s):CAN-2005-1454 CAN-2005-1455
Created:May 17, 2005 Updated:June 23, 2005
Description: Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS 1.0.2 and earlier may be vulnerable to a buffer overflow. He also discovered that FreeRADIUS fails to sanitize user-input before using it in a SQL query, possibly allowing SQL command injection.
Alerts:
Red Hat RHSA-2005:524-01 2005-06-23
Gentoo 200505-13:02 2005-05-17
Gentoo 200505-13 2005-05-17

Comments (1 posted)

gtk-pixbuf, gtk2: denial of service

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2005-0891
Created:March 30, 2005 Updated:December 19, 2005
Description: The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
Alerts:
Fedora-Legacy FLSA:155510 2005-12-17
Fedora-Legacy FLSA:154272 2005-07-15
SuSE SUSE-SR:2005:010 2005-04-08
Mandrake MDKSA-2005:069 2005-04-07
Mandrake MDKSA-2005:068 2005-04-07
Ubuntu USN-108-1 2005-04-05
Red Hat RHSA-2005:343-01 2005-04-05
Red Hat RHSA-2005:344-01 2005-04-01
Fedora FEDORA-2005-268 2005-03-30
Fedora FEDORA-2005-267 2005-03-30
Fedora FEDORA-2005-266 2005-03-30
Fedora FEDORA-2005-265 2005-03-30

Comments (none posted)

gettext: Insecure temporary file handling

Package(s):gettext CVE #(s):CAN-2004-0966
Created:October 11, 2004 Updated:March 1, 2006
Description: gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Alerts:
Mandriva MDKSA-2006:051 2006-02-28
Fedora-Legacy FLSA:136323 2006-01-09
Gentoo 200410-10:02 2004-10-10
OpenPKG OpenPKG-SA-2004.055 2004-12-23
Ubuntu USN-5-1 2004-10-27
Gentoo 200410-10 2004-10-10

Comments (1 posted)

gftp: missing input sanitizing

Package(s):gftp CVE #(s):CAN-2005-0372 CAN-2004-1376
Created:February 17, 2005 Updated:July 13, 2005
Description: gftp has a directory traversal vulnerability. A remote server could use specially crafted filenames to overwrite local files.
Alerts:
Fedora-Legacy FLSA:152908 2005-07-10
Red Hat RHSA-2005:410-01 2005-06-13
Fedora FEDORA-2005-310 2005-04-07
Fedora FEDORA-2005-309 2005-04-07
Mandrake MDKSA-2005:050 2005-03-04
Gentoo 200502-27 2005-02-19
SuSE SUSE-SR:2005:005 2005-02-18
Debian DSA-686-1 2005-02-17

Comments (none posted)

ghostscript: symlink vulnerabilities

Package(s):ghostscript CVE #(s):CAN-2004-0967
Created:October 20, 2004 Updated:September 28, 2005
Description: The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks.
Alerts:
Red Hat RHSA-2005:081-01 2005-09-28
Ubuntu USN-3-1 2004-10-27
Gentoo 200410-18 2004-10-20

Comments (none posted)

glibc: Information leak with LD_DEBUG

Package(s):glibc CVE #(s):CAN-2004-1453
Created:August 17, 2004 Updated:May 26, 2005
Description: Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidential information. An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precedence over those symbols to gain information or perform further exploitation.
Alerts:
Red Hat RHSA-2005:256-01 2005-05-18
Gentoo 200408-16 2004-08-16

Comments (1 posted)

glibc: tempfile vulnerability in catchsegv script

Package(s):glibc CVE #(s):CAN-2004-0968
Created:October 21, 2004 Updated:November 14, 2005
Description: The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script.
Alerts:
Fedora-Legacy FLSA:152848 2005-11-13
Red Hat RHSA-2005:261-01 2005-04-28
Debian DSA-636-1 2005-01-12
Mandrake MDKSA-2004:159 2004-12-29
Red Hat RHSA-2004:586-01 2004-12-20
Fedora FEDORA-2004-356 2004-11-11
Ubuntu USN-4-1 2004-10-27
Gentoo 200410-19 2004-10-21

Comments (none posted)

gnupg: information leak

Package(s):gnupg CVE #(s):CAN-2005-0366
Created:March 16, 2005 Updated:August 19, 2005
Description: GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see."
Alerts:
Ubuntu USN-170-1 2005-08-19
Gentoo 200503-29 2005-03-24
Mandrake MDKSA-2005:057 2005-03-15

Comments (none posted)

GnuTLS: Denial of Service vulnerability

Package(s):gnutls CVE #(s):CAN-2005-1431
Created:May 9, 2005 Updated:June 1, 2005
Description: GnuTLS 1.2.3 and 1.0.25 have been released, fixing a denial of service problem.
Alerts:
Red Hat RHSA-2005:430-01 2005-06-01
Ubuntu USN-126-1 2005-05-13
Mandriva MDKSA-2005:084 2005-05-12
Fedora FEDORA-2005-362 2005-05-05
Gentoo 200505-04 2005-05-09

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:September 16, 2005
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

groff: insecure temporary directory

Package(s):groff CVE #(s):CAN-2004-0969
Created:November 1, 2004 Updated:February 9, 2006
Description: Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Mandriva MDKSA-2006:038 2006-02-08
Gentoo 200411-15 2004-11-08
Ubuntu USN-13-1 2004-11-01

Comments (none posted)

gzip: race condition and directory traversal

Package(s):gzip CVE #(s):CAN-2005-0988 CAN-2005-1228
Created:May 4, 2005 Updated:July 13, 2005
Description: gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
Alerts:
Debian DSA-752-1 2005-07-11
Red Hat RHSA-2005:357-01 2005-06-13
OpenPKG OpenPKG-SA-2005.010 2005-06-10
OpenPKG OpenPKG-SA-2005.009 2005-06-10
Mandriva MDKSA-2005:092 2005-05-18
Gentoo 200505-05 2005-05-09
Trustix TSLSA-2005-0018 2005-05-06
Ubuntu USN-116-1 2005-05-04

Comments (none posted)

htdig: cross site scripting

Package(s):htdig CVE #(s):CAN-2005-0085
Created:February 14, 2005 Updated:January 10, 2006
Description: Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks.
Alerts:
Fedora-Legacy FLSA:152907 2006-01-09
Mandrake MDKSA-2005:063 2005-03-31
Red Hat RHSA-2005:090-01 2005-02-15
Debian DSA-680-1 2005-02-14
Gentoo 200502-16 2005-02-13

Comments (none posted)

ImageMagick: heap corruption

Package(s):ImageMagick CVE #(s):CAN-2005-1275
Created:April 28, 2005 Updated:May 25, 2005
Description: ImageMagick 6.2.1 and earlier has a heap corruption problem in the pnm coder.
Alerts:
Red Hat RHSA-2005:413-01 2005-05-25
Ubuntu USN-132-1 2005-05-23
Gentoo 200505-16 2005-05-21
Fedora FEDORA-2005-344 2005-04-27

Comments (1 posted)

imap: buffer overflow in c-client

Package(s):imap CVE #(s):CAN-2003-0297
Created:February 18, 2005 Updated:April 9, 2006
Description: A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine.
Alerts:
Fedora-Legacy FLSA:184074 2006-04-04
Fedora-Legacy FLSA:152912 2005-05-12
Red Hat RHSA-2005:114-01 2005-02-18

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

infozip: privilege escalation, directory-traversal

Package(s):infozip CVE #(s):CAN-2003-0282 CAN-2004-1010 CAN-2005-0602
Created:May 2, 2005 Updated:August 1, 2005
Description: InfoZip reports that Zip 2.3 and (presumably) all previous versions have a buffer-overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). All versions of UnZip through 5.50 have a number of directory-traversal vulnerabilities.
Alerts:
Ubuntu USN-159-1 2005-08-01
Slackware SSA:2005-121-01 2005-05-02

Comments (1 posted)

junkbuster: heap corruption and settings modification

Package(s):junkbuster CVE #(s):CVE-2005-1108 CVE-2005-1109
Created:April 13, 2005 Updated:November 5, 2005
Description: JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation.
Alerts:
Debian DSA-713-1 2005-04-21
Gentoo 200504-11 2005-04-13

Comments (1 posted)

kdelibs: unsanitzied input

Package(s):kdelibs CVE #(s):CAN-2004-1165
Created:January 10, 2005 Updated:July 19, 2005
Description: Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
Alerts:
Fedora-Legacy FLSA:152769 2005-07-15
Mandrake MDKSA-2005:045 2005-02-17
Red Hat RHSA-2005:065-01 2005-02-15
Red Hat RHSA-2005:009-01 2005-02-10
Fedora FEDORA-2005-064 2005-01-25
Fedora FEDORA-2005-063 2005-01-25
Gentoo 200501-18 2005-01-11
Debian DSA-631-1 2005-01-10

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0400 CAN-2005-0749 CAN-2005-0750 CAN-2005-0815 CAN-2005-0839
Created:April 1, 2005 Updated:July 1, 2005
Description: More kernel vulnerabilities have been discovered including:
  • Mathieu Lafon discovered an information leak in the ext2 file system driver. (CAN-2005-0400)
  • Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. (CAN-2005-0749)
  • Ilja van Sprundel discovered that the bluez_sock_create() function did not check its "protocol" argument for negative values. (CAN-2005-0750)
  • Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly in several cases. (CAN-2005-0815)
  • Previous kernels did not restrict the use of the N_MOUSE line discipline in the serial driver. (CAN-2005-0839)
Alerts:
Mandriva MDKSA-2005:110 2005-06-30
Mandriva MDKSA-2005:111 2005-06-30
Fedora-Legacy FLSA:152532 2005-06-04
Conectiva CLA-2005:952 2005-05-02
Red Hat RHSA-2005:284-01 2005-04-28
Red Hat RHSA-2005:283-01 2005-04-28
Red Hat RHSA-2005:293-01 2005-04-22
Fedora FEDORA-2005-313 2005-04-11
Trustix TSLSA-2005-0011 2005-04-05
SuSE SUSE-SA:2005:021 2005-04-04
Ubuntu USN-103-1 2005-04-01

Comments (1 posted)

kernel: ELF loader core dump vulnerability

Package(s):kernel CVE #(s):CAN-2005-1263
Created:May 11, 2005 Updated:August 25, 2005
Description: Paul Starzetz has posted an advisory for yet another kernel vulnerability. In this case, by using a specially manipulated ELF binary, a local attacker can compromise the system (via the core dump code) and obtain root access. This vulnerability affects all kernels from 2.2 through 2.6.12-rc4.
Alerts:
Red Hat RHSA-2005:529-01 2005-08-25
Red Hat RHSA-2005:420-01 2005-06-08
Red Hat RHSA-2005:472-01 2005-05-25
Fedora FEDORA-2005-392 2005-05-23
Ubuntu USN-131-1 2005-05-23
Trustix TSLSA-2005-0022 2005-05-13

Comments (none posted)

kernel: extended attribute denial of service

Package(s):kernel CVE #(s):CAN-2005-0757
Created:May 18, 2005 Updated:May 18, 2005
Description: The extended attribute code (at least as backported by Red Hat into the 2.4 kernel) suffers from an offset handling error which can be exploited to cause a system crash.
Alerts:
Red Hat RHSA-2005:294-01 2005-05-18

Comments (1 posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2005-0003
Created:March 24, 2005 Updated:May 31, 2006
Description: A number of vulnerabilities have been found in the Linux kernel, including a PPP-related denial of service problem, an integer overflow in the epoll() code, memory corruption in the ELF loader, and exploitable overflows in the ISO9660 code.
Alerts:
Debian DSA-1082-1 2006-05-29
Debian DSA-1069-1 2006-05-20
Debian DSA-1070-1 2006-05-21
Debian DSA-1067-1 2006-05-20
Conectiva CLA-2005:945 2005-03-31
Fedora FEDORA-2005-262 2005-03-28
SuSE SUSE-SA:2005:018 2005-03-24

Comments (none posted)

kimgio input validation errors

Package(s):kimgio CVE #(s):CAN-2005-1046
Created:April 22, 2005 Updated:July 19, 2005
Description: KDE has issued a security advisory for kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including KDE 3.4. kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
Alerts:
Ubuntu USN-114-2 2005-05-27
Red Hat RHSA-2005:393-01 2005-05-17
Mandriva MDKSA-2005:085 2005-05-12
Ubuntu USN-114-1 2005-05-03
Fedora FEDORA-2005-350 2005-05-02
Debian DSA-714-1 2005-04-26
Gentoo 200504-22 2005-04-22

Comments (none posted)

Kommander untrusted code execution

Package(s):kommander CVE #(s):CAN-2005-0754
Created:April 22, 2005 Updated:May 20, 2005
Description: KDE has issued a security advisory for Kommander. Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0 are vulnerable. Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.
Alerts:
Gentoo 200504-23:02 2005-04-22
Ubuntu USN-115-1 2005-05-03
Fedora FEDORA-2005-345 2005-04-28
Gentoo 200504-23 2005-04-22

Comments (none posted)

libdbi-perl: insecure temporary file

Package(s):libdbi-perl CVE #(s):CAN-2005-0077
Created:January 25, 2005 Updated:March 2, 2006
Description: Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
Alerts:
Fedora-Legacy FLSA:178989 2006-03-01
Gentoo 200501-38:03 2005-01-26
Red Hat RHSA-2005:072-01 2005-02-15
Mandrake MDKSA-2005:030 2005-02-08
Red Hat RHSA-2005:069-01 2005-02-01
Gentoo 200501-38 2005-01-26
Ubuntu USN-70-1 2005-01-25
Debian DSA-658-1 2005-01-25

Comments (none posted)

libgd2: buffer overflows in PNG handling

Package(s):libgd2 CVE #(s):CAN-2004-0990 CAN-2004-0941
Created:October 29, 2004 Updated:June 28, 2006
Description: Several buffer overflows have been discovered in libgd's PNG handling functions.
If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function.
Alerts:
Mandriva MDKSA-2006:114 2006-06-27
Red Hat RHSA-2006:0194-01 2006-02-01
Fedora-Legacy FLSA:152838 2005-07-15
Red Hat RHSA-2004:638-01 2004-12-17
Ubuntu USN-33-1 2004-11-29
Debian DSA-602-1 2004-11-29
Debian DSA-601-1 2004-11-29
Mandrake MDKSA-2004:132 2004-11-15
Ubuntu USN-25-1 2004-11-15
Fedora FEDORA-2004-412 2004-11-11
Fedora FEDORA-2004-411 2004-11-11
Ubuntu USN-21-1 2004-11-09
Debian DSA-591-1 2004-11-09
Debian DSA-589-1 2004-11-09
Gentoo 200411-08 2004-11-03
OpenPKG OpenPKG-SA-2004.049 2004-10-30
Ubuntu USN-11-1 2004-10-28

Comments (none posted)

libnet-ssleay-perl: weakened cryptographic operations

Package(s):libnet-ssleay-perl CVE #(s):CAN-2005-0106
Created:May 3, 2005 Updated:January 27, 2006
Description: Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content.
Alerts:
Mandriva MDKSA-2006:023 2006-01-26
Ubuntu USN-113-1 2005-05-03

Comments (none posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CAN-2004-1308
Created:December 22, 2004 Updated:May 19, 2005
Description: The libtiff image manipulation library contains several exploitable buffer overflows.
Alerts:
Fedora-Legacy FLSA:152815 2005-05-18
Red Hat RHSA-2005:035-01 2005-02-15
Conectiva CLA-2005:920 2005-01-20
Red Hat RHSA-2005:019-01 2005-01-13
SuSE SUSE-SA:2005:001 2005-01-10
Fedora FEDORA-2005-598 2005-01-07
Fedora FEDORA-2005-597 2005-01-07
Ubuntu USN-54-1 2005-01-06
Mandrake MDKSA-2005:002 2005-01-06
Mandrake MDKSA-2005:001 2005-01-06
Gentoo 200501-06 2005-01-05
Debian DSA-626-1 2005-01-06
Debian DSA-617-1 2004-12-24
Fedora FEDORA-2004-577 2004-12-22
Fedora FEDORA-2004-576 2004-12-22
Ubuntu USN-46-1 2004-12-22

Comments (none posted)

libTIFF: buffer overflow

Package(s):libtiff CVE #(s):CAN-2005-1544
Created:May 10, 2005 Updated:February 17, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.
Alerts: