The European software patent vote
Just as last week's LWN Weekly Edition was being finalized, the word came
out that the European software patent directive had, after years of strange
maneuvers, lobbying, and politics, been rejected by the European
Parliament. And this was not any ordinary rejection: the final vote was
648 to 14. That is quite an outcome, considering that, not
particularly long ago, a good result in the final parliamentary vote was
seen as a long shot at best.
This vote is not a result of a sudden general understanding that software
patents are a bad idea. In the end, most parties went against the
directive because (1) it had been amended to the point that nobody
liked it anymore, and (2) the parliament was not pleased with how it
had been treated by the European Council. So the vote should not be seen
as a definitive statement from Europe on software patents; it also should
not be seen as the end of the debate.
For now, the software patent situation in Europe remains unchanged. In
theory, such patents are not legal, but the European Patent Office (EPO)
has issued quite a few software patents anyway. Some European member
states are more friendly to software patents than others. So the situation
remains muddled, and is likely to stay that way for a while. Court battles
to determine the legitimacy of EPO-issued software patents seem almost
certain. So software patents are still a threat, at some level, for
European free software developers and users. Even if a software patent
issued by the EPO is eventually thrown out of court, it's still no fun to
be the one in court trying to make that happen.
In other words, this outcome is very much a mixed result. It is far
superior to a directive which would have enshrined software patents in
European Union law; the rejection of that language is an unambiguous
victory. But it would have been far nicer to pass a version of the
directive which clearly disallowed patents on software. It would have been
nicer to put an end to this problem - in Europe, at least.
Because this debate certainly is not over. The European Council once said
that, if the directive were to fail to pass the Parliament, there would be
no further attempts. For those who truly believe that: we have some nice
ocean-front property in Luxembourg we'd be willing to sell you. This sort
of issue, backed as it is by interests with lots of money in the bank and
even more in their eyes, almost never goes away. Software patents in
Europe will be back, at the EU and member state levels.
For now, though, the free software community can celebrate an important
victory. There is still no global software patent regime in place, and
there is a far higher awareness of the issue than there was a few years
ago. All the effort put in by so many people working to fight this
directive has paid off. Great congratulations are due to each and every
person who contributed to this fight, whether that contribution took the
form of massive organizing or a quick letter to a member of parliament.
You have shown that you can influence policy, even on an obscure technical
issue, and even in the face of well-funded opposition. Well done!
Comments (1 posted)
The Xandros Business Desktop
Ever since the launch of
Xandros
Corporation four years ago, the company has settled into a regular
release cycle. New versions of Xandros Desktop OS for home users
("Standard" and "Deluxe" editions) have come out towards the end of each
calendar year, followed by high-end "Business" editions some six months
later. Continuing in this practice, Xandros Desktop OS 3 Business was
unveiled last month when it became available to customers from the
company's online store for $129.
As the name suggests, the "Business" edition is designed as a desktop system
for small and medium-size businesses. This product should appeal to those
production environments that have been evaluating the possibility to move
their desktops to Linux, but have not found a suitable replacement for
their Windows systems - either because many of the popular Linux
distributions lack certain required functionality or because their existing
infrastructure is overly dependent on Microsoft Windows and Office, and
possibly even SQL Server, migration of which would be a costly and tedious
task.
Xandros Business Desktop was specifically designed for the latter group. The
company claims that these businesses can keep their current Windows server
infrastructure, MS Office files, and even run many of the Windows
applications they depend on, but can still migrate their desktop computers
from a virus- and spyware-prone operating system with less than a stellar
security reputation to a more secure and less maintenance-intensive
Linux-based system. Although the initial migration will certainly cost some
capital, Xandros argues, the overall long-term savings should be
considerable.
Xandros is walking a tight rope here. On one hand, businesses that consider
migrating their desktop systems to Linux have likely started experimenting
with Linux already, probably with one of the freely available
distributions, such as Fedora, Mandriva or Ubuntu. If these fit their
requirements, they would almost certainly prefer one of them over a
$129-per-seat Xandros Desktop OS. If they haven't found a suitable
replacement, Xandros might still be a viable option, but it doesn't take a
genius to figure out that a business with a few dozen computers will end
up having to pay license fees that are not much lower than those for
Windows. If this is the case, why bother with a costly migration to Linux?
Probably the best reason is to save on system maintenance. As we know,
keeping Windows boxes free of viruses, spyware, worms and other Internet
malware is a costly and time-consuming exercise, so replacing Windows with
Linux, wherever possible, would certainly eliminate most of this expense.
The next question is: why Xandros? If you have never installed and used this
distribution, you will be forgiven for asking - that's because Xandros
remains our firm favorite as the best and most user-friendly desktop Linux
distribution there is. From the moment you insert the installation CD into
your CD-ROM drive until you finally boot into your new desktop, you will
see true usability features not found in any other distribution. Xandros
has not built an operating system by just integrating its individual pieces
from freely available software on the Internet, it also developed many
utilities that conform to the definitions of software usability better than
most other distributions.
Besides all the well-established features of Xandros Desktop, such as the
Xandros File Manager, Xandros Networks (for downloading and installing
software and security updates), the integrated drag-and-drop CD/DVD-burning
application, enhanced KDE Control Center, CrossOver Office (with support
for MS Office, Adobe Photoshop and other Windows applications), file system
encryption and excellent hardware detection, the Business edition adds
further incentives. Among them, Windows networking features are probably
the biggest selling point of Xandros Business Desktop - especially when
considering its ability to authenticate to both Windows NT and Active
Directory domains, to browse NFS shares, and to perform drag-and-drop
operations on network shares, as well as FTP servers.
This edition of Xandros Desktop OS comes with an extra Application CD, an
excellent 350-page User Guide, and a 9-page Getting Started Guide.
Inserting the CD immediately brings up a software installer dialog,
providing an opportunity to browse through the available packages. Among
the more interesting applications included on the CD are OpenOffice.org
1.1.2 and StarOffice 7 with various dictionaries, together with a number of
development packages and database servers, as well as Citrix and SAP
clients. The manual is identical to the one available with the Deluxe
edition and Xandros deserves praise for making an effort to put together a
really useful guide.
Despite developing a superb package, Xandros might still have hard time
selling the product in desirable quantities. It seems that most of the
migration efforts we get to hear about these days tend to revolve around
one of the free distributions (the current migration to Linux by the
municipalities of Munich and Vienna are good examples), customized to their
needs. Also, we haven't heard of any success stories involving Xandros
Business Desktop, an event that would surely result in a
self-congratulatory press release by the company. As good as Xandros
Desktop is, it still remains a largely proprietary system, not particularly
cheap, and with a potential of another vendor lock-in, which is a trap that
many businesses would rather avoid.
This brings up the next question: is the company's current business strategy
of selling boxed products, as opposed to giving the products away and
charging for services, a sustainable business model? If the history of open
source software companies is anything to go by, selling services tends to
result in sustainable growth, while selling software boxes is likely to
lead towards stagnation at best, and bankruptcy at worse. There are far too
many examples of the latter to ignore the danger!
Comments (9 posted)
Next week: OLS + KS/DDC
Next week is the annual pilgrimage to the
Ottawa Linux Symposium, one
of the key Linux development events worldwide. The
schedule has
been posted for those who are interested; it looks like the usual
collection of great talks. LWN editor Jonathan Corbet will be giving an
updated version of the "2.6 Kernel Roadmap" talk at 10:00
on Wednesday.
The Desktop
Developers' Conference is happening the two days prior to the opening
of OLS. We would love to be able to report from that event, but your
editor will, instead, be downstairs at the annual kernel summit. Look for
our coverage from that event early in the week. There will be reports from
OLS as well, though your editor has learned, from experience, to rest well
before the famous closing party. See you in Ottawa.
Comments (1 posted)
Page editor: Jonathan Corbet
Security
The Personal Data Privacy and Security Act
The good news is that the U.S. Congress is turning its attention to identity
theft. The bad news is that Congress is unlikely to produce truly effective
legislation. The Personal Data Privacy and Security Act of 2005 is one bill
that attempts to address ID theft and misuse of personal information. It
was introduced at the end of June by
Senators Arlen Specter and Patrick Leahy. Text of the bill is available
from thomas.loc.gov.
The bill's summary sounds good:
To prevent and mitigate identity theft; to ensure privacy; and to enhance
criminal penalties, law enforcement assistance, and other protections
against security breaches, fraudulent access, and misuse of personally
identifiable information.
The bill does have some sensible provisions. It would specifically prevent
companies from selling social security numbers, for example, without explicit
consent of the individual. The bill would also require notification to
individuals that their personal information had been compromised, and would
require "data collectors" to disclose information being collected upon
request. The bill would also beef up penalties for identity theft, and for
concealing security breaches.
While there is a lot to like about the bill, it has more than its share of
flaws. Section 422 of the act requires "any business entity or agency
engaged in interstate commerce that involves collecting, accessing, using,
transmitting, storing, or disposing of personally identifiable
information" to provide written notification of an information
compromise or, if the address is
unknown, notification by phone. The problem with requiring a written notice
or phone call is that many sites that would be required to comply with the
law do not necessarily collect addresses or phone numbers. Forcing them to
start gathering that information would be burdensome, intrusive on the
privacy of the people who are allegedly being protected, and
would add to the amount of
data that can be stolen in the event of a successful attack.
The act also provides for a posting on the affected site, if more than
1,000 residents of the U.S. have been affected, and notice to "major
media outlets serving that State or jurisdiction" if more than 5,000
residents of a state or jurisdiction are affected. However, these seem
to be aggregate requirements -- so if a company has been affected, it seems
to require that they notify all individuals by phone or mail, and
post a notice, and send notice to "major media outlets."
There are a few flaws of omission in the bill as well. For example, as Jon Oltsik points
out, there's no provision for monitoring compliance with the bill. While
the bill prescribes heavy penalties for failing to comply, the only way
that non-compliance will come to light, in the bill's present form, is once
it's too late and a breach has occurred. This is of little comfort to those
who have already had their information stolen and misused. Penalties for
misuse and theft of data are fine, but prevention would be much better.
While the bill requires data collectors to disclose information upon
request, it does not require any notification of collection. It's unlikely
that the average person even knows what organizations are collecting data
in the first place. To really "ensure privacy" the bill should prevent
unauthorized data collection altogether.
Also, the bill protects social security numbers, which in and of itself is
a good thing, but too specific. To be truly effective, now and in the
future, the bill should cover any government-issued IDs. For example, it
would be prudent to include IDs that fall under the Real
ID Act.
It would be nice to see a national data security law that would provide
notifications to individuals in the event that their information has been
stolen, and give additional control to individuals over the aggregation and
dissemination of personal data such as social security numbers. The
proposed Personal Data Privacy and Security Act of 2005 takes some
tentative steps in the right direction; hopefully its weaker points will be
addressed as the bill moves forward.
Comments (6 posted)
New vulnerabilities
acroread: arbitrary code execution
| Package(s): | acroread |
CVE #(s): | CAN-2005-1625
CAN-2005-1841
|
| Created: | July 8, 2005 |
Updated: | July 14, 2005 |
| Description: |
Adobe Acrobat Reader (acroread) has a
buffer overflow vulnerability. If a user is tricked into opening
a specially crafted PDF file, arbitrary code can be executed. |
| Alerts: |
|
Comments (none posted)
centericq: temporary file vulnerability
| Package(s): | centericq |
CVE #(s): | CAN-2005-1914
|
| Created: | July 13, 2005 |
Updated: | July 13, 2005 |
| Description: |
The centericq messaging client suffers from a classic temporary file vulnerability which could, conceivably, be exploited by a local user to overwrite files. |
| Alerts: |
|
Comments (none posted)
dhcpcd: denial of service
| Package(s): | dhcpcd |
CVE #(s): | CAN-2005-1848
|
| Created: | July 13, 2005 |
Updated: | September 13, 2005 |
| Description: |
The dhcpcd DHCP client can be tricked into reading past the end of a buffer, causing it to crash.
|
| Alerts: |
|
Comments (none posted)
FUSE: information disclosure
| Package(s): | fuse |
CVE #(s): | CAN-2005-1858
|
| Created: | July 13, 2005 |
Updated: | July 13, 2005 |
| Description: |
The filesystems in user space (FUSE) subsystem (not yet part of the mainline kernel) has an information disclosure vulnerability exploitable by local users. |
| Alerts: |
|
Comments (none posted)
ht: arbitrary code execution
| Package(s): | ht |
CVE #(s): | CAN-2005-1545
CAN-2005-1546
|
| Created: | July 8, 2005 |
Updated: | July 13, 2005 |
| Description: |
The utility ht, an executable file viewer, editor and
analyzer, has buffer and integer overflows that can be
exploited for the purpose of executing arbitrary code. |
| Alerts: |
|
Comments (none posted)
krb5: double-free flaw
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0175
CAN-2005-0488
CAN-2005-1175
CAN-2005-1689
|
| Created: | July 12, 2005 |
Updated: | December 6, 2005 |
| Description: |
The krb5 authentication has a double-free flaw which may be
initiated by a remote unauthenticated attacker.
Also, a single byte heap overflow in the krb5_unparse_name() function
can lead to a denial of service and an information disclosure may
be caused by a malicious telnet server. See
This report for more
information. |
| Alerts: |
|
Comments (none posted)
leafnode: fetchnews vulnerabilities
| Package(s): | leafnode |
CVE #(s): | CAN-2004-2068
CAN-2005-1453
CAN-2005-1911
|
| Created: | July 12, 2005 |
Updated: | July 13, 2005 |
| Description: |
The fetchnews program from the leafnode NNTP server has a number
of vulnerabilities involving corruption of data from the upstream
server. The system can hang indefinitely or crash. |
| Alerts: |
|
Comments (none posted)
sharutils: temporary file vulnerability
| Package(s): | sharutils |
CVE #(s): | CAN-2005-0990
|
| Created: | July 13, 2005 |
Updated: | July 13, 2005 |
| Description: |
Sharutils (and unshar in particular) creates temporary files in an unsafe way, making local file overwrite attacks possible. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
cacti: SQL injection and PHP file inclusion
| Package(s): | cacti |
CVE #(s): | |
| Created: | June 22, 2005 |
Updated: | July 21, 2005 |
| Description: |
Cacti (prior to version 0.8.6e) suffers from vulnerabilities which can lead to SQL injection and (on some systems) execution of arbitrary PHP files. |
| Alerts: |
|
Comments (none posted)
ClamAV: denial of service
| Package(s): | clamav |
CVE #(s): | CAN-2005-2056
CAN-2005-2070
|
| Created: | June 27, 2005 |
Updated: | July 12, 2005 |
| Description: |
Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's
Quantum archive decompressor renders Clam AntiVirus vulnerable to a
Denial of Service attack. A remote attacker could exploit this
vulnerability to cause a Denial of Service by sending a specially crafted
Quantum archive to the server. |
| Alerts: |
|
Comments (none posted)
cpio - file permissions error
| Package(s): | cpio |
CVE #(s): | CAN-1999-1572
|
| Created: | February 2, 2005 |
Updated: | July 19, 2005 |
| Description: |
Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions. |
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
crip: insecure temporary files
| Package(s): | crip |
CVE #(s): | CAN-2005-0393
|
| Created: | June 30, 2005 |
Updated: | July 6, 2005 |
| Description: |
Justin Rye discovered that crip, a terminal-based ripper, encoder and
tagger tool, utilizes temporary files in an insecure fashion in its
helper scripts. |
| Alerts: |
|
Comments (none posted)
cURL: buffer overflow
| Package(s): | curl |
CVE #(s): | CAN-2005-0490
|
| Created: | February 28, 2005 |
Updated: | July 19, 2005 |
| Description: |
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and
possibly other versions, allow remote malicious web servers to execute
arbitrary code via base64 encoded replies that exceed the intended buffer
lengths when decoded. |
| Alerts: |
|
Comments (none posted)
cvs: multiple vulnerabilities
| Package(s): | cvs |
CVE #(s): | CAN-2005-0753
|
| Created: | April 18, 2005 |
Updated: | July 13, 2005 |
| Description: |
CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error.
These can be used to launch a remote denial of service or to remotely
execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dbus: information disclosure
| Package(s): | dbus |
CVE #(s): | CAN-2005-0201
|
| Created: | June 8, 2005 |
Updated: | August 30, 2005 |
| Description: |
From the Red Hat alert: "Dan Reed discovered that a user can send and listen to messages on another
user's per-user session bus if they know the address of the socket." At current usage levels, this vulnerability is not particularly threatening. |
| Alerts: |
|
Comments (none posted)
dhcp: format string vulnerability
| Package(s): | dhcp |
CVE #(s): | CAN-2004-1006
|
| Created: | November 4, 2004 |
Updated: | July 13, 2005 |
| Description: |
Dhcp has a format string vulnerability in the log functions of dhcp 2.x
that may be exploited via a malicious DNS server. |
| Alerts: |
|
Comments (none posted)
Dnsmasq: poisoning and DoS
| Package(s): | dnsmasq |
CVE #(s): | |
| Created: | April 4, 2005 |
Updated: | July 21, 2005 |
| Description: |
Dnsmasq does not properly detect that DNS replies received do not
correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux
Security Audit team also discovered two off-by-one buffer overflows that
could crash DHCP lease files parsing. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
ettercap: format string vulnerability
| Package(s): | ettercap |
CVE #(s): | CAN-2005-1796
|
| Created: | June 13, 2005 |
Updated: | July 13, 2005 |
| Description: |
The Ettercap suite of networking tools has a
format string vulnerability that can be exploited by a
remote attacker for the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
evolution: message crash vulnerability
| Package(s): | evolution |
CVE #(s): | CAN-2005-0806
|
| Created: | March 17, 2005 |
Updated: | August 11, 2005 |
| Description: |
The Evolution mail client can be crashed when reading
certain types of messages. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | July 12, 2005 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
gftp: missing input sanitizing
| Package(s): | gftp |
CVE #(s): | CAN-2005-0372
CAN-2004-1376
|
| Created: | February 17, 2005 |
Updated: | July 13, 2005 |
| Description: |
gftp has a directory traversal vulnerability.
A remote server could use specially crafted filenames to overwrite
local files.
|
| Alerts: |
|
Comments (none posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gnupg: information leak
| Package(s): | gnupg |
CVE #(s): | CAN-2005-0366
|
| Created: | March 16, 2005 |
Updated: | August 19, 2005 |
| Description: |
GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see." |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | September 16, 2005 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gxine: format string vulnerability
| Package(s): | gxine |
CVE #(s): | CAN-2005-1692
|
| Created: | May 26, 2005 |
Updated: | July 23, 2005 |
| Description: |
The gxine media player has a format string vulnerability in the
hostname decoding function. A specially crafted file can be used
to cause a user to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
gzip: race condition and directory traversal
| Package(s): | gzip |
CVE #(s): | CAN-2005-0988
CAN-2005-1228
|
| Created: | May 4, 2005 |
Updated: | July 13, 2005 |
| Description: |
gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
|
| Alerts: |
|
Comments (none posted)
Heimdal: buffer overflow vulnerabilities
| Package(s): | heimdal |
CVE #(s): | CAN-2005-2040
|
| Created: | June 29, 2005 |
Updated: | July 18, 2005 |
| Description: |
It has been reported that the "getterminaltype" function of Heimdal's
(before 0.6.5) telnetd server is vulnerable to buffer overflows. An
attacker could exploit this vulnerability to execute arbitrary code with
the permission of the telnetd server program. |
| Alerts: |
|
Comments (none posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
ImageMagick: xwd coder denial of service
| Package(s): | ImageMagick |
CVE #(s): | CAN-2005-1739
|
| Created: | May 26, 2005 |
Updated: | July 19, 2005 |
| Description: |
The xwd coder in ImageMagick has a vulnerability that
can be accessed by working on a maliciously created image.
A denial of service can result. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
infozip: privilege escalation, directory-traversal
| Package(s): | infozip |
CVE #(s): | CAN-2003-0282
CAN-2004-1010
CAN-2005-0602
|
| Created: | May 2, 2005 |
Updated: | August 1, 2005 |
| Description: |
InfoZip reports that Zip 2.3 and
(presumably) all previous versions have a buffer-overrun vulnerability
relating to deep directory paths that could potentially lead to local
privilege escalation (e.g., in the case of automated, Zip-based backups).
All versions of UnZip through 5.50 have a number of directory-traversal
vulnerabilities. |
| Alerts: |
|
Comments (1 posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdelibs: unsanitzied input
| Package(s): | kdelibs |
CVE #(s): | CAN-2004-1165
|
| Created: | January 10, 2005 |
Updated: | July 19, 2005 |
| Description: |
Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command. |
| Alerts: |
|
Comments (none posted)
kernel: ELF loader core dump vulnerability
| Package(s): | kernel |
CVE #(s): | CAN-2005-1263
|
| Created: | May 11, 2005 |
Updated: | August 25, 2005 |
| Description: |
Paul Starzetz has posted an
advisory for yet another kernel vulnerability.
In this case, by using a specially manipulated ELF binary, a local attacker
can compromise the system (via the core dump code) and obtain root access.
This vulnerability affects all kernels from 2.2 through 2.6.12-rc4. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2005-1913
CAN-2005-1761
|
| Created: | July 1, 2005 |
Updated: | September 9, 2005 |
| Description: |
Several vulnerabilities in the 2.6 kernel have been
fixed, including a subthread exec problem (CAN-2005-1913)
and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761). |
| Alerts: |
|
Comments (1 posted)
kernel: multiple vulnerabilities
Comments (none posted)
kimgio input validation errors
| Package(s): | kimgio |
CVE #(s): | CAN-2005-1046
|
| Created: | April 22, 2005 |
Updated: | July 19, 2005 |
| Description: |
KDE has issued a security advisory for
kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including
KDE 3.4. kimgio contains a PCX image file format reader that does not
properly perform input validation. A source code audit performed by the KDE
security team discovered several vulnerabilities in the PCX and other image
file format readers, some of them exploitable to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
