LWN.net Logo

LWN.net Weekly Edition for July 14, 2005

The European software patent vote

Just as last week's LWN Weekly Edition was being finalized, the word came out that the European software patent directive had, after years of strange maneuvers, lobbying, and politics, been rejected by the European Parliament. And this was not any ordinary rejection: the final vote was 648 to 14. That is quite an outcome, considering that, not particularly long ago, a good result in the final parliamentary vote was seen as a long shot at best.

This vote is not a result of a sudden general understanding that software patents are a bad idea. In the end, most parties went against the directive because (1) it had been amended to the point that nobody liked it anymore, and (2) the parliament was not pleased with how it had been treated by the European Council. So the vote should not be seen as a definitive statement from Europe on software patents; it also should not be seen as the end of the debate.

For now, the software patent situation in Europe remains unchanged. In theory, such patents are not legal, but the European Patent Office (EPO) has issued quite a few software patents anyway. Some European member states are more friendly to software patents than others. So the situation remains muddled, and is likely to stay that way for a while. Court battles to determine the legitimacy of EPO-issued software patents seem almost certain. So software patents are still a threat, at some level, for European free software developers and users. Even if a software patent issued by the EPO is eventually thrown out of court, it's still no fun to be the one in court trying to make that happen.

In other words, this outcome is very much a mixed result. It is far superior to a directive which would have enshrined software patents in European Union law; the rejection of that language is an unambiguous victory. But it would have been far nicer to pass a version of the directive which clearly disallowed patents on software. It would have been nicer to put an end to this problem - in Europe, at least.

Because this debate certainly is not over. The European Council once said that, if the directive were to fail to pass the Parliament, there would be no further attempts. For those who truly believe that: we have some nice ocean-front property in Luxembourg we'd be willing to sell you. This sort of issue, backed as it is by interests with lots of money in the bank and even more in their eyes, almost never goes away. Software patents in Europe will be back, at the EU and member state levels.

For now, though, the free software community can celebrate an important victory. There is still no global software patent regime in place, and there is a far higher awareness of the issue than there was a few years ago. All the effort put in by so many people working to fight this directive has paid off. Great congratulations are due to each and every person who contributed to this fight, whether that contribution took the form of massive organizing or a quick letter to a member of parliament. You have shown that you can influence policy, even on an obscure technical issue, and even in the face of well-funded opposition. Well done!

Comments (1 posted)

The Xandros Business Desktop

July 13, 2005

This article was contributed by Ladislav Bodnar

Ever since the launch of Xandros Corporation four years ago, the company has settled into a regular release cycle. New versions of Xandros Desktop OS for home users ("Standard" and "Deluxe" editions) have come out towards the end of each calendar year, followed by high-end "Business" editions some six months later. Continuing in this practice, Xandros Desktop OS 3 Business was unveiled last month when it became available to customers from the company's online store for $129.

As the name suggests, the "Business" edition is designed as a desktop system for small and medium-size businesses. This product should appeal to those production environments that have been evaluating the possibility to move their desktops to Linux, but have not found a suitable replacement for their Windows systems - either because many of the popular Linux distributions lack certain required functionality or because their existing infrastructure is overly dependent on Microsoft Windows and Office, and possibly even SQL Server, migration of which would be a costly and tedious task.

Xandros Business Desktop was specifically designed for the latter group. The company claims that these businesses can keep their current Windows server infrastructure, MS Office files, and even run many of the Windows applications they depend on, but can still migrate their desktop computers from a virus- and spyware-prone operating system with less than a stellar security reputation to a more secure and less maintenance-intensive Linux-based system. Although the initial migration will certainly cost some capital, Xandros argues, the overall long-term savings should be considerable.

Xandros is walking a tight rope here. On one hand, businesses that consider migrating their desktop systems to Linux have likely started experimenting with Linux already, probably with one of the freely available distributions, such as Fedora, Mandriva or Ubuntu. If these fit their requirements, they would almost certainly prefer one of them over a $129-per-seat Xandros Desktop OS. If they haven't found a suitable replacement, Xandros might still be a viable option, but it doesn't take a genius to figure out that a business with a few dozen computers will end up having to pay license fees that are not much lower than those for Windows. If this is the case, why bother with a costly migration to Linux?

Probably the best reason is to save on system maintenance. As we know, keeping Windows boxes free of viruses, spyware, worms and other Internet malware is a costly and time-consuming exercise, so replacing Windows with Linux, wherever possible, would certainly eliminate most of this expense.

The next question is: why Xandros? If you have never installed and used this distribution, you will be forgiven for asking - that's because Xandros remains our firm favorite as the best and most user-friendly desktop Linux distribution there is. From the moment you insert the installation CD into your CD-ROM drive until you finally boot into your new desktop, you will see true usability features not found in any other distribution. Xandros has not built an operating system by just integrating its individual pieces from freely available software on the Internet, it also developed many utilities that conform to the definitions of software usability better than most other distributions.

Besides all the well-established features of Xandros Desktop, such as the Xandros File Manager, Xandros Networks (for downloading and installing software and security updates), the integrated drag-and-drop CD/DVD-burning application, enhanced KDE Control Center, CrossOver Office (with support for MS Office, Adobe Photoshop and other Windows applications), file system encryption and excellent hardware detection, the Business edition adds further incentives. Among them, Windows networking features are probably the biggest selling point of Xandros Business Desktop - especially when considering its ability to authenticate to both Windows NT and Active Directory domains, to browse NFS shares, and to perform drag-and-drop operations on network shares, as well as FTP servers.

This edition of Xandros Desktop OS comes with an extra Application CD, an excellent 350-page User Guide, and a 9-page Getting Started Guide. Inserting the CD immediately brings up a software installer dialog, providing an opportunity to browse through the available packages. Among the more interesting applications included on the CD are OpenOffice.org 1.1.2 and StarOffice 7 with various dictionaries, together with a number of development packages and database servers, as well as Citrix and SAP clients. The manual is identical to the one available with the Deluxe edition and Xandros deserves praise for making an effort to put together a really useful guide.

Despite developing a superb package, Xandros might still have hard time selling the product in desirable quantities. It seems that most of the migration efforts we get to hear about these days tend to revolve around one of the free distributions (the current migration to Linux by the municipalities of Munich and Vienna are good examples), customized to their needs. Also, we haven't heard of any success stories involving Xandros Business Desktop, an event that would surely result in a self-congratulatory press release by the company. As good as Xandros Desktop is, it still remains a largely proprietary system, not particularly cheap, and with a potential of another vendor lock-in, which is a trap that many businesses would rather avoid.

This brings up the next question: is the company's current business strategy of selling boxed products, as opposed to giving the products away and charging for services, a sustainable business model? If the history of open source software companies is anything to go by, selling services tends to result in sustainable growth, while selling software boxes is likely to lead towards stagnation at best, and bankruptcy at worse. There are far too many examples of the latter to ignore the danger!

Comments (9 posted)

Next week: OLS + KS/DDC

Next week is the annual pilgrimage to the Ottawa Linux Symposium, one of the key Linux development events worldwide. The schedule has been posted for those who are interested; it looks like the usual collection of great talks. LWN editor Jonathan Corbet will be giving an updated version of the "2.6 Kernel Roadmap" talk at 10:00 on Wednesday.

The Desktop Developers' Conference is happening the two days prior to the opening of OLS. We would love to be able to report from that event, but your editor will, instead, be downstairs at the annual kernel summit. Look for our coverage from that event early in the week. There will be reports from OLS as well, though your editor has learned, from experience, to rest well before the famous closing party. See you in Ottawa.

Comments (1 posted)

Page editor: Jonathan Corbet

Security

The Personal Data Privacy and Security Act

July 13, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

The good news is that the U.S. Congress is turning its attention to identity theft. The bad news is that Congress is unlikely to produce truly effective legislation. The Personal Data Privacy and Security Act of 2005 is one bill that attempts to address ID theft and misuse of personal information. It was introduced at the end of June by Senators Arlen Specter and Patrick Leahy. Text of the bill is available from thomas.loc.gov.

The bill's summary sounds good:

To prevent and mitigate identity theft; to ensure privacy; and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

The bill does have some sensible provisions. It would specifically prevent companies from selling social security numbers, for example, without explicit consent of the individual. The bill would also require notification to individuals that their personal information had been compromised, and would require "data collectors" to disclose information being collected upon request. The bill would also beef up penalties for identity theft, and for concealing security breaches.

While there is a lot to like about the bill, it has more than its share of flaws. Section 422 of the act requires "any business entity or agency engaged in interstate commerce that involves collecting, accessing, using, transmitting, storing, or disposing of personally identifiable information" to provide written notification of an information compromise or, if the address is unknown, notification by phone. The problem with requiring a written notice or phone call is that many sites that would be required to comply with the law do not necessarily collect addresses or phone numbers. Forcing them to start gathering that information would be burdensome, intrusive on the privacy of the people who are allegedly being protected, and would add to the amount of data that can be stolen in the event of a successful attack.

The act also provides for a posting on the affected site, if more than 1,000 residents of the U.S. have been affected, and notice to "major media outlets serving that State or jurisdiction" if more than 5,000 residents of a state or jurisdiction are affected. However, these seem to be aggregate requirements -- so if a company has been affected, it seems to require that they notify all individuals by phone or mail, and post a notice, and send notice to "major media outlets."

There are a few flaws of omission in the bill as well. For example, as Jon Oltsik points out, there's no provision for monitoring compliance with the bill. While the bill prescribes heavy penalties for failing to comply, the only way that non-compliance will come to light, in the bill's present form, is once it's too late and a breach has occurred. This is of little comfort to those who have already had their information stolen and misused. Penalties for misuse and theft of data are fine, but prevention would be much better.

While the bill requires data collectors to disclose information upon request, it does not require any notification of collection. It's unlikely that the average person even knows what organizations are collecting data in the first place. To really "ensure privacy" the bill should prevent unauthorized data collection altogether.

Also, the bill protects social security numbers, which in and of itself is a good thing, but too specific. To be truly effective, now and in the future, the bill should cover any government-issued IDs. For example, it would be prudent to include IDs that fall under the Real ID Act.

It would be nice to see a national data security law that would provide notifications to individuals in the event that their information has been stolen, and give additional control to individuals over the aggregation and dissemination of personal data such as social security numbers. The proposed Personal Data Privacy and Security Act of 2005 takes some tentative steps in the right direction; hopefully its weaker points will be addressed as the bill moves forward.

Comments (6 posted)

New vulnerabilities

acroread: arbitrary code execution

Package(s):acroread CVE #(s):CAN-2005-1625 CAN-2005-1841
Created:July 8, 2005 Updated:July 14, 2005
Description: Adobe Acrobat Reader (acroread) has a buffer overflow vulnerability. If a user is tricked into opening a specially crafted PDF file, arbitrary code can be executed.
Alerts:
SuSE SUSE-SA:2005:042 2005-07-14
Gentoo 200507-09 2005-07-11
Red Hat RHSA-2005:575-01 2005-07-08

Comments (none posted)

centericq: temporary file vulnerability

Package(s):centericq CVE #(s):CAN-2005-1914
Created:July 13, 2005 Updated:July 13, 2005
Description: The centericq messaging client suffers from a classic temporary file vulnerability which could, conceivably, be exploited by a local user to overwrite files.
Alerts:
Debian DSA-754-1 2005-07-13

Comments (none posted)

dhcpcd: denial of service

Package(s):dhcpcd CVE #(s):CAN-2005-1848
Created:July 13, 2005 Updated:September 13, 2005
Description: The dhcpcd DHCP client can be tricked into reading past the end of a buffer, causing it to crash.
Alerts:
Slackware SSA:2005-255-01 2005-09-13
Red Hat RHSA-2005:603-01 2005-07-27
Gentoo 200507-16 2005-07-15
Mandriva MDKSA-2005:117 2005-07-12
Debian DSA-750-1 2005-07-11

Comments (none posted)

FUSE: information disclosure

Package(s):fuse CVE #(s):CAN-2005-1858
Created:July 13, 2005 Updated:July 13, 2005
Description: The filesystems in user space (FUSE) subsystem (not yet part of the mainline kernel) has an information disclosure vulnerability exploitable by local users.
Alerts:
Debian DSA-744-1 2005-07-08

Comments (none posted)

ht: arbitrary code execution

Package(s):ht CVE #(s):CAN-2005-1545 CAN-2005-1546
Created:July 8, 2005 Updated:July 13, 2005
Description: The utility ht, an executable file viewer, editor and analyzer, has buffer and integer overflows that can be exploited for the purpose of executing arbitrary code.
Alerts:
Debian DSA-743-1 2005-07-08

Comments (none posted)

krb5: double-free flaw

Package(s):krb5 CVE #(s):CAN-2004-0175 CAN-2005-0488 CAN-2005-1175 CAN-2005-1689
Created:July 12, 2005 Updated:December 6, 2005
Description: The krb5 authentication has a double-free flaw which may be initiated by a remote unauthenticated attacker. Also, a single byte heap overflow in the krb5_unparse_name() function can lead to a denial of service and an information disclosure may be caused by a malicious telnet server. See This report for more information.
Alerts:
Ubuntu USN-224-1 2005-12-06
Debian DSA-757-1 2005-07-17
Trustix TSLSA-2005-0036 2005-07-14
Mandriva MDKSA-2005:119 2005-07-13
SuSE SUSE-SR:2005:017 2005-07-13
Gentoo 200507-11 2005-07-12
Fedora FEDORA-2005-553 2005-07-12
Red Hat RHSA-2005:562-01 2005-07-12
Fedora FEDORA-2005-552 2005-07-12
Red Hat RHSA-2005:567-02 2005-07-12

Comments (none posted)

leafnode: fetchnews vulnerabilities

Package(s):leafnode CVE #(s):CAN-2004-2068 CAN-2005-1453 CAN-2005-1911
Created:July 12, 2005 Updated:July 13, 2005
Description: The fetchnews program from the leafnode NNTP server has a number of vulnerabilities involving corruption of data from the upstream server. The system can hang indefinitely or crash.
Alerts:
Mandriva MDKSA-2005:114 2005-07-11

Comments (none posted)

sharutils: temporary file vulnerability

Package(s):sharutils CVE #(s):CAN-2005-0990
Created:July 13, 2005 Updated:July 13, 2005
Description: Sharutils (and unshar in particular) creates temporary files in an unsafe way, making local file overwrite attacks possible.
Alerts:
Fedora-Legacy FLSA:154991 2005-07-10

Comments (none posted)

Updated vulnerabilities

a2ps: input validation error

Package(s):a2ps CVE #(s):CAN-2004-1170 CAN-2004-1377
Created:November 26, 2004 Updated:December 19, 2005
Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus.
Alerts:
Fedora-Legacy FLSA:152870 2005-12-17
Mandriva MDKSA-2005:097 2005-06-07
OpenPKG OpenPKG-SA-2005.003 2005-01-17
Gentoo 200501-02 2005-01-04
Debian DSA-612-1 2004-12-20
Mandrake MDKSA-2004:140 2004-11-25

Comments (none posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

cacti: SQL injection and PHP file inclusion

Package(s):cacti CVE #(s):
Created:June 22, 2005 Updated:July 21, 2005
Description: Cacti (prior to version 0.8.6e) suffers from vulnerabilities which can lead to SQL injection and (on some systems) execution of arbitrary PHP files.
Alerts:
Debian DSA-764-1 2005-07-21
Gentoo GLSA 200506-20:02 2005-06-22
Gentoo GLSA 200506-20:02 2005-06-22
Gentoo 200506-20:02 2005-06-22
Gentoo 200506-20 2005-06-22

Comments (none posted)

ClamAV: denial of service

Package(s):clamav CVE #(s):CAN-2005-2056 CAN-2005-2070
Created:June 27, 2005 Updated:July 12, 2005
Description: Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. A remote attacker could exploit this vulnerability to cause a Denial of Service by sending a specially crafted Quantum archive to the server.
Alerts:
Mandriva MDKSA-2005:113 2005-07-11
Debian DSA-737-1 2005-07-05
SuSE SUSE-SA:2005:038 2005-06-29
Gentoo 200506-23 2005-06-27

Comments (none posted)

cpio - file permissions error

Package(s):cpio CVE #(s):CAN-1999-1572
Created:February 2, 2005 Updated:July 19, 2005
Description: Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions.
Alerts:
Fedora-Legacy FLSA:152891 2005-07-15
Red Hat RHSA-2005:080-01 2005-02-18
Red Hat RHSA-2005:073-01 2005-02-15
Mandrake MDKSA-2005:032-1 2005-02-11
Mandrake MDKSA-2005:032 2005-02-10
Ubuntu USN-75-1 2005-02-04
Debian DSA-664-1 2005-02-02

Comments (none posted)

cpio: directory traversal

Package(s):cpio CVE #(s):CAN-2005-1111
Created:June 20, 2005 Updated:December 26, 2005
Description: There is a vulnerability in cpio (2.6 and previous) that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute.
Alerts:
Mandriva MDKSA-2005:237 2005-12-23
Red Hat RHSA-2005:806-01 2005-11-10
Debian DSA-846-1 2005-10-07
Ubuntu USN-189-1 2005-09-29
Red Hat RHSA-2005:378-01 2005-07-21
Mandriva MDKSA-2005:116-1 2005-07-19
Mandriva MDKSA-2005:116 2005-07-11
Trustix TSLSA-2005-0030 2005-06-24
Gentoo 200506-16 2005-06-20

Comments (1 posted)

crip: insecure temporary files

Package(s):crip CVE #(s):CAN-2005-0393
Created:June 30, 2005 Updated:July 6, 2005
Description: Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts.
Alerts:
Debian DSA-733-1 2005-06-30

Comments (none posted)

cURL: buffer overflow

Package(s):curl CVE #(s):CAN-2005-0490
Created:February 28, 2005 Updated:July 19, 2005
Description: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded.
Alerts:
Fedora-Legacy FLSA:152917 2005-07-15
Fedora FEDORA-2005-325 2005-04-20
Red Hat RHSA-2005:340-01 2005-04-05
Conectiva CLA-2005:940 2005-03-21
Gentoo 200503-20 2005-03-16
Mandrake MDKSA-2005:048 2005-03-04
SuSE SUSE-SA:2005:011 2005-02-28
Ubuntu USN-86-1 2005-02-28

Comments (none posted)

cvs: multiple vulnerabilities

Package(s):cvs CVE #(s):CAN-2005-0753
Created:April 18, 2005 Updated:July 13, 2005
Description: CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error. These can be used to launch a remote denial of service or to remotely execute arbitrary code.
Alerts:
Debian DSA-742-1 2005-07-07
Fedora-Legacy FLSA:155508 2005-05-12
Ubuntu USN-117-1 2005-05-04
Red Hat RHSA-2005:387-01 2005-04-25
Gentoo 200504-16:02 2005-04-18
Slackware SSA:2005-111-01 2005-04-22
Trustix TSLSA-2005-0013 2005-04-20
Mandriva MDKSA-2005:073 2005-04-20
Fedora FEDORA-2005-330 2005-04-20
Gentoo 200504-16 2005-04-18
SuSE SUSE-SA:2005:024 2005-04-18

Comments (none posted)

cyrus-imapd: buffer overflows

Package(s):cyrus-imapd CVE #(s):CAN-2005-0546
Created:February 23, 2005 Updated:April 9, 2006
Description: Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system.
Alerts:
Fedora-Legacy FLSA:156290 2006-04-04
Red Hat RHSA-2005:408-01 2005-05-17
Fedora FEDORA-2005-339 2005-04-27
OpenPKG OpenPKG-SA-2005.005 2005-04-05
Conectiva CLA-2005:937 2005-03-17
Mandrake MDKSA-2005:051 2005-03-04
Ubuntu USN-87-1 2005-02-28
SuSE SUSE-SA:2005:009 2005-02-24
Gentoo 200502-29 2005-02-23

Comments (none posted)

dbus: information disclosure

Package(s):dbus CVE #(s):CAN-2005-0201
Created:June 8, 2005 Updated:August 30, 2005
Description: From the Red Hat alert: "Dan Reed discovered that a user can send and listen to messages on another user's per-user session bus if they know the address of the socket." At current usage levels, this vulnerability is not particularly threatening.
Alerts:
Fedora FEDORA-2005-822 2005-08-29
Ubuntu USN-144-1 2005-06-27
Mandriva MDKSA-2005:105 2005-06-24
Red Hat RHSA-2005:102-01 2005-06-08

Comments (none posted)

dhcp: format string vulnerability

Package(s):dhcp CVE #(s):CAN-2004-1006
Created:November 4, 2004 Updated:July 13, 2005
Description: Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server.
Alerts:
Fedora-Legacy FLSA:152835 2005-07-10
Red Hat RHSA-2005:212-01 2005-04-12
Debian DSA-584-1 2004-11-04

Comments (none posted)

Dnsmasq: poisoning and DoS

Package(s):dnsmasq CVE #(s):
Created:April 4, 2005 Updated:July 21, 2005
Description: Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one buffer overflows that could crash DHCP lease files parsing.
Alerts:
Slackware SSA:2005-201-01 2005-07-21
Gentoo 200504-03 2005-04-04

Comments (none posted)

emacs21: format string vulnerability in "movemail"

Package(s):emacs21 CVE #(s):CAN-2005-0100
Created:February 7, 2005 Updated:May 15, 2006
Description: Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the "mail" group.
Alerts:
Fedora-Legacy FLSA:152898 2006-05-12
Debian DSA-685-1 2005-02-17
Mandrake MDKSA-2005:038 2005-02-15
Gentoo 200502-20 2005-02-15
Fedora FEDORA-2005-146 2005-02-14
Fedora FEDORA-2005-145 2005-02-14
Red Hat RHSA-2005:133-01 2005-02-15
Red Hat RHSA-2005:110-01 2005-02-15
Red Hat RHSA-2005:134-01 2005-02-10
Red Hat RHSA-2005:112-01 2005-02-10
Fedora FEDORA-2005-116 2005-02-08
Fedora FEDORA-2005-115 2005-02-08
Debian DSA-671-1 2005-02-08
Debian DSA-670-1 2005-02-08
Ubuntu USN-76-1 2005-02-07

Comments (none posted)

enscript: arbitrary code execution

Package(s):enscript CVE #(s):CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Created:January 21, 2005 Updated:May 27, 2006
Description: Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash.
Alerts:
rPath rPSA-2006-0083-1 2006-05-26
Fedora-Legacy FLSA:152892 2005-12-17
Red Hat RHSA-2005:040-01 2005-02-15
Mandrake MDKSA-2005:033 2005-02-10
Gentoo 200502-03 2005-02-02
Red Hat RHSA-2005:039-01 2005-02-01
Fedora FEDORA-2005-096 2005-01-31
Fedora FEDORA-2005-092 2005-01-28
Fedora FEDORA-2005-091 2005-01-28
Fedora FEDORA-2005-016 2005-01-26
Fedora FEDORA-2005-015 2005-01-26
Ubuntu USN-68-1 2005-01-24
Debian DSA-654-1 2005-01-21

Comments (none posted)

ettercap: format string vulnerability

Package(s):ettercap CVE #(s):CAN-2005-1796
Created:June 13, 2005 Updated:July 13, 2005
Description: The Ettercap suite of networking tools has a format string vulnerability that can be exploited by a remote attacker for the execution of arbitrary code.
Alerts:
Debian DSA-749-1 2005-07-10
Gentoo 200506-07 2005-06-11

Comments (none posted)

evolution: message crash vulnerability

Package(s):evolution CVE #(s):CAN-2005-0806
Created:March 17, 2005 Updated:August 11, 2005
Description: The Evolution mail client can be crashed when reading certain types of messages.
Alerts:
Ubuntu USN-166-1 2005-08-11
Red Hat RHSA-2005:397-01 2005-05-04
Conectiva CLA-2005:950 2005-04-27
Fedora FEDORA-2005-338 2005-04-22
Mandrake MDKSA-2005:059 2005-03-16

Comments (none posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

gdb: multiple vulnerabilities

Package(s):gdb CVE #(s):CAN-2005-1704 CAN-2005-1705
Created:May 20, 2005 Updated:August 11, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
Alerts:
Red Hat RHSA-2006:0354-01 2006-08-10
Red Hat RHSA-2006:0368-01 2006-07-20
Mandriva MDKSA-2005:215 2005-11-23
Fedora FEDORA-2005-1033 2005-10-27
Fedora FEDORA-2005-1032 2005-10-27
Red Hat RHSA-2005:801-01 2005-10-18
Red Hat RHSA-2005:763-01 2005-10-11
Red Hat RHSA-2005:709-01 2005-10-05
Red Hat RHSA-2005:673-01 2005-10-05
Red Hat RHSA-2005:659-01 2005-09-28
Fedora FEDORA-2005-498 2005-06-29
Fedora FEDORA-2005-497 2005-06-29
Gentoo 200506-01 2005-06-01
Trustix TSLSA-2005-0025 2005-05-31
Mandriva MDKSA-2005:095 2005-05-30
Ubuntu USN-136-2 2005-05-27
Ubuntu USN-136-1 2005-05-27
Ubuntu USN-135-1 2005-05-27
Gentoo 200505-15 2005-05-20

Comments (5 posted)

gtk-pixbuf, gtk2: denial of service

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2005-0891
Created:March 30, 2005 Updated:December 19, 2005
Description: The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
Alerts:
Fedora-Legacy FLSA:155510 2005-12-17
Fedora-Legacy FLSA:154272 2005-07-15
SuSE SUSE-SR:2005:010 2005-04-08
Mandrake MDKSA-2005:069 2005-04-07
Mandrake MDKSA-2005:068 2005-04-07
Ubuntu USN-108-1 2005-04-05
Red Hat RHSA-2005:343-01 2005-04-05
Red Hat RHSA-2005:344-01 2005-04-01
Fedora FEDORA-2005-268 2005-03-30
Fedora FEDORA-2005-267 2005-03-30
Fedora FEDORA-2005-266 2005-03-30
Fedora FEDORA-2005-265 2005-03-30

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:July 12, 2005
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (none posted)

gettext: Insecure temporary file handling

Package(s):gettext CVE #(s):CAN-2004-0966
Created:October 11, 2004 Updated:March 1, 2006
Description: gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Alerts:
Mandriva MDKSA-2006:051 2006-02-28
Fedora-Legacy FLSA:136323 2006-01-09
Gentoo 200410-10:02 2004-10-10
OpenPKG OpenPKG-SA-2004.055 2004-12-23
Ubuntu USN-5-1 2004-10-27
Gentoo 200410-10 2004-10-10

Comments (1 posted)

gftp: missing input sanitizing

Package(s):gftp CVE #(s):CAN-2005-0372 CAN-2004-1376
Created:February 17, 2005 Updated:July 13, 2005
Description: gftp has a directory traversal vulnerability. A remote server could use specially crafted filenames to overwrite local files.
Alerts:
Fedora-Legacy FLSA:152908 2005-07-10
Red Hat RHSA-2005:410-01 2005-06-13
Fedora FEDORA-2005-310 2005-04-07
Fedora FEDORA-2005-309 2005-04-07
Mandrake MDKSA-2005:050 2005-03-04
Gentoo 200502-27 2005-02-19
SuSE SUSE-SR:2005:005 2005-02-18
Debian DSA-686-1 2005-02-17

Comments (none posted)

ghostscript: symlink vulnerabilities

Package(s):ghostscript CVE #(s):CAN-2004-0967
Created:October 20, 2004 Updated:September 28, 2005
Description: The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks.
Alerts:
Red Hat RHSA-2005:081-01 2005-09-28
Ubuntu USN-3-1 2004-10-27
Gentoo 200410-18 2004-10-20

Comments (none posted)

glibc: tempfile vulnerability in catchsegv script

Package(s):glibc CVE #(s):CAN-2004-0968
Created:October 21, 2004 Updated:November 14, 2005
Description: The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script.
Alerts:
Fedora-Legacy FLSA:152848 2005-11-13
Red Hat RHSA-2005:261-01 2005-04-28
Debian DSA-636-1 2005-01-12
Mandrake MDKSA-2004:159 2004-12-29
Red Hat RHSA-2004:586-01 2004-12-20
Fedora FEDORA-2004-356 2004-11-11
Ubuntu USN-4-1 2004-10-27
Gentoo 200410-19 2004-10-21

Comments (none posted)

gnupg: information leak

Package(s):gnupg CVE #(s):CAN-2005-0366
Created:March 16, 2005 Updated:August 19, 2005
Description: GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see."
Alerts:
Ubuntu USN-170-1 2005-08-19
Gentoo 200503-29 2005-03-24
Mandrake MDKSA-2005:057 2005-03-15

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:September 16, 2005
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

groff: insecure temporary directory

Package(s):groff CVE #(s):CAN-2004-0969
Created:November 1, 2004 Updated:February 9, 2006
Description: Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Mandriva MDKSA-2006:038 2006-02-08
Gentoo 200411-15 2004-11-08
Ubuntu USN-13-1 2004-11-01

Comments (none posted)

gxine: format string vulnerability

Package(s):gxine CVE #(s):CAN-2005-1692
Created:May 26, 2005 Updated:July 23, 2005
Description: The gxine media player has a format string vulnerability in the hostname decoding function. A specially crafted file can be used to cause a user to execute arbitrary code.
Alerts:
Slackware SSA:2005-203-04 2005-07-23
Gentoo 200505-19 2005-05-26

Comments (none posted)

gzip: race condition and directory traversal

Package(s):gzip CVE #(s):CAN-2005-0988 CAN-2005-1228
Created:May 4, 2005 Updated:July 13, 2005
Description: gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
Alerts:
Debian DSA-752-1 2005-07-11
Red Hat RHSA-2005:357-01 2005-06-13
OpenPKG OpenPKG-SA-2005.010 2005-06-10
OpenPKG OpenPKG-SA-2005.009 2005-06-10
Mandriva MDKSA-2005:092 2005-05-18
Gentoo 200505-05 2005-05-09
Trustix TSLSA-2005-0018 2005-05-06
Ubuntu USN-116-1 2005-05-04

Comments (none posted)

Heimdal: buffer overflow vulnerabilities

Package(s):heimdal CVE #(s):CAN-2005-2040
Created:June 29, 2005 Updated:July 18, 2005
Description: It has been reported that the "getterminaltype" function of Heimdal's (before 0.6.5) telnetd server is vulnerable to buffer overflows. An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
Alerts:
Debian DSA-758-1 2005-07-18
SuSE SUSE-SA:2005:040 2005-07-06
Gentoo 200506-24 2005-06-29

Comments (none posted)

htdig: cross site scripting

Package(s):htdig CVE #(s):CAN-2005-0085
Created:February 14, 2005 Updated:January 10, 2006
Description: Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks.
Alerts:
Fedora-Legacy FLSA:152907 2006-01-09
Mandrake MDKSA-2005:063 2005-03-31
Red Hat RHSA-2005:090-01 2005-02-15
Debian DSA-680-1 2005-02-14
Gentoo 200502-16 2005-02-13

Comments (none posted)

ImageMagick: xwd coder denial of service

Package(s):ImageMagick CVE #(s):CAN-2005-1739
Created:May 26, 2005 Updated:July 19, 2005
Description: The xwd coder in ImageMagick has a vulnerability that can be accessed by working on a maliciously created image. A denial of service can result.
Alerts:
Fedora-Legacy FLSA:152777 2005-07-12
Mandriva MDKSA-2005:107 2005-06-28
Red Hat RHSA-2005:480-01 2005-06-02
Fedora FEDORA-2005-395 2005-05-26

Comments (none posted)

imap: buffer overflow in c-client

Package(s):imap CVE #(s):CAN-2003-0297
Created:February 18, 2005 Updated:April 9, 2006
Description: A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine.
Alerts:
Fedora-Legacy FLSA:184074 2006-04-04
Fedora-Legacy FLSA:152912 2005-05-12
Red Hat RHSA-2005:114-01 2005-02-18

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

infozip: privilege escalation, directory-traversal

Package(s):infozip CVE #(s):CAN-2003-0282 CAN-2004-1010 CAN-2005-0602
Created:May 2, 2005 Updated:August 1, 2005
Description: InfoZip reports that Zip 2.3 and (presumably) all previous versions have a buffer-overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). All versions of UnZip through 5.50 have a number of directory-traversal vulnerabilities.
Alerts:
Ubuntu USN-159-1 2005-08-01
Slackware SSA:2005-121-01 2005-05-02

Comments (1 posted)

junkbuster: heap corruption and settings modification

Package(s):junkbuster CVE #(s):CVE-2005-1108 CVE-2005-1109
Created:April 13, 2005 Updated:November 5, 2005
Description: JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation.
Alerts:
Debian DSA-713-1 2005-04-21
Gentoo 200504-11 2005-04-13

Comments (1 posted)

kdelibs: unsanitzied input

Package(s):kdelibs CVE #(s):CAN-2004-1165
Created:January 10, 2005 Updated:July 19, 2005
Description: Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
Alerts:
Fedora-Legacy FLSA:152769 2005-07-15
Mandrake MDKSA-2005:045 2005-02-17
Red Hat RHSA-2005:065-01 2005-02-15
Red Hat RHSA-2005:009-01 2005-02-10
Fedora FEDORA-2005-064 2005-01-25
Fedora FEDORA-2005-063 2005-01-25
Gentoo 200501-18 2005-01-11
Debian DSA-631-1 2005-01-10

Comments (none posted)

kernel: ELF loader core dump vulnerability

Package(s):kernel CVE #(s):CAN-2005-1263
Created:May 11, 2005 Updated:August 25, 2005
Description: Paul Starzetz has posted an advisory for yet another kernel vulnerability. In this case, by using a specially manipulated ELF binary, a local attacker can compromise the system (via the core dump code) and obtain root access. This vulnerability affects all kernels from 2.2 through 2.6.12-rc4.
Alerts:
Red Hat RHSA-2005:529-01 2005-08-25
Red Hat RHSA-2005:420-01 2005-06-08
Red Hat RHSA-2005:472-01 2005-05-25
Fedora FEDORA-2005-392 2005-05-23
Ubuntu USN-131-1 2005-05-23
Trustix TSLSA-2005-0022 2005-05-13

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-1913 CAN-2005-1761
Created:July 1, 2005 Updated:September 9, 2005
Description: Several vulnerabilities in the 2.6 kernel have been fixed, including a subthread exec problem (CAN-2005-1913) and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761).
Alerts:
Ubuntu USN-178-1 2005-09-09
Red Hat RHSA-2005:551-01 2005-08-25
SuSE SUSE-SA:2005:044 2005-08-04
Fedora FEDORA-2005-510 2005-07-01

Comments (1 posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2005-0003
Created:March 24, 2005 Updated:May 31, 2006
Description: A number of vulnerabilities have been found in the Linux kernel, including a PPP-related denial of service problem, an integer overflow in the epoll() code, memory corruption in the ELF loader, and exploitable overflows in the ISO9660 code.
Alerts:
Debian DSA-1082-1 2006-05-29
Debian DSA-1069-1 2006-05-20
Debian DSA-1070-1 2006-05-21
Debian DSA-1067-1 2006-05-20
Conectiva CLA-2005:945 2005-03-31
Fedora FEDORA-2005-262 2005-03-28
SuSE SUSE-SA:2005:018 2005-03-24

Comments (none posted)

kimgio input validation errors

Package(s):kimgio CVE #(s):CAN-2005-1046
Created:April 22, 2005 Updated:July 19, 2005
Description: KDE has issued a security advisory for kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including KDE 3.4. kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
Alerts:
Ubuntu USN-114-2 2005-05-27
Red Hat RHSA-2005:393-01 2005-05-17
Mandriva MDKSA-2005:085 2005-05-12
Ubuntu USN-114-1 2005-05-03
Fedora FEDORA-2005-350 2005-05-02
Debian DSA-714-1 2005-04-26
Gentoo 200504-22 2005-04-22

Comments (none posted)

libconvert-uulib-perl: arbitrary code execution

Package(s):libconvert-uulib-perl CVE #(s):CAN-2005-1349
Created:May 20, 2005 Updated:January 27, 2006
Description: Mark Martinec and Robert Lewis discovered a buffer overflow in Convert::UUlib (before 1.051), a Perl interface to the uulib library, which may result in the execution of arbitrary code.
Alerts:
Mandriva MDKSA-2006:022 2006-01-26
Debian DSA-727-1 2005-05-20

Comments (1 posted)

libdbi-perl: insecure temporary file

Package(s):libdbi-perl CVE #(s):CAN-2005-0077
Created:January 25, 2005 Updated:March 2, 2006
Description: Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
Alerts:
Fedora-Legacy FLSA:178989 2006-03-01
Gentoo 200501-38:03 2005-01-26
Red Hat RHSA-2005:072-01 2005-02-15
Mandrake MDKSA-2005:030 2005-02-08
Red Hat RHSA-2005:069-01 2005-02-01
Gentoo