LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->One big page
This page
Previous weekFollowing week
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Security
The Personal Data Privacy and Security Act
The good news is that the U.S. Congress is turning its attention to identity theft. The bad news is that Congress is unlikely to produce truly effective legislation. The Personal Data Privacy and Security Act of 2005 is one bill that attempts to address ID theft and misuse of personal information. It was introduced at the end of June by Senators Arlen Specter and Patrick Leahy. Text of the bill is available from thomas.loc.gov.
The bill's summary sounds good:
To prevent and mitigate identity theft; to ensure privacy; and to enhance
criminal penalties, law enforcement assistance, and other protections
against security breaches, fraudulent access, and misuse of personally
identifiable information.
The bill does have some sensible provisions. It would specifically prevent companies from selling social security numbers, for example, without explicit consent of the individual. The bill would also require notification to individuals that their personal information had been compromised, and would require "data collectors" to disclose information being collected upon request. The bill would also beef up penalties for identity theft, and for concealing security breaches.
While there is a lot to like about the bill, it has more than its share of flaws. Section 422 of the act requires "any business entity or agency engaged in interstate commerce that involves collecting, accessing, using, transmitting, storing, or disposing of personally identifiable information" to provide written notification of an information compromise or, if the address is unknown, notification by phone. The problem with requiring a written notice or phone call is that many sites that would be required to comply with the law do not necessarily collect addresses or phone numbers. Forcing them to start gathering that information would be burdensome, intrusive on the privacy of the people who are allegedly being protected, and would add to the amount of data that can be stolen in the event of a successful attack.
The act also provides for a posting on the affected site, if more than 1,000 residents of the U.S. have been affected, and notice to "major media outlets serving that State or jurisdiction" if more than 5,000 residents of a state or jurisdiction are affected. However, these seem to be aggregate requirements -- so if a company has been affected, it seems to require that they notify all individuals by phone or mail, and post a notice, and send notice to "major media outlets."
There are a few flaws of omission in the bill as well. For example, as Jon Oltsik points out, there's no provision for monitoring compliance with the bill. While the bill prescribes heavy penalties for failing to comply, the only way that non-compliance will come to light, in the bill's present form, is once it's too late and a breach has occurred. This is of little comfort to those who have already had their information stolen and misused. Penalties for misuse and theft of data are fine, but prevention would be much better.
While the bill requires data collectors to disclose information upon request, it does not require any notification of collection. It's unlikely that the average person even knows what organizations are collecting data in the first place. To really "ensure privacy" the bill should prevent unauthorized data collection altogether.
Also, the bill protects social security numbers, which in and of itself is a good thing, but too specific. To be truly effective, now and in the future, the bill should cover any government-issued IDs. For example, it would be prudent to include IDs that fall under the Real ID Act.
It would be nice to see a national data security law that would provide notifications to individuals in the event that their information has been stolen, and give additional control to individuals over the aggregation and dissemination of personal data such as social security numbers. The proposed Personal Data Privacy and Security Act of 2005 takes some tentative steps in the right direction; hopefully its weaker points will be addressed as the bill moves forward.
New vulnerabilities
acroread: arbitrary code execution
| Package(s): | acroread | CVE #(s): | CAN-2005-1625 CAN-2005-1841 | |||||||||
| Created: | July 8, 2005 | Updated: | July 14, 2005 | |||||||||
| Description: | Adobe Acrobat Reader (acroread) has a buffer overflow vulnerability. If a user is tricked into opening a specially crafted PDF file, arbitrary code can be executed. | |||||||||||
| Alerts: |
| |||||||||||
centericq: temporary file vulnerability
| Package(s): | centericq | CVE #(s): | CAN-2005-1914 | |||
| Created: | July 13, 2005 | Updated: | July 13, 2005 | |||
| Description: | The centericq messaging client suffers from a classic temporary file vulnerability which could, conceivably, be exploited by a local user to overwrite files. | |||||
| Alerts: |
| |||||
dhcpcd: denial of service
| Package(s): | dhcpcd | CVE #(s): | CAN-2005-1848 | |||||||||||||||
| Created: | July 13, 2005 | Updated: | September 13, 2005 | |||||||||||||||
| Description: | The dhcpcd DHCP client can be tricked into reading past the end of a buffer, causing it to crash. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
FUSE: information disclosure
| Package(s): | fuse | CVE #(s): | CAN-2005-1858 | |||
| Created: | July 13, 2005 | Updated: | July 13, 2005 | |||
| Description: | The filesystems in user space (FUSE) subsystem (not yet part of the mainline kernel) has an information disclosure vulnerability exploitable by local users. | |||||
| Alerts: |
| |||||
ht: arbitrary code execution
| Package(s): | ht | CVE #(s): | CAN-2005-1545 CAN-2005-1546 | |||
| Created: | July 8, 2005 | Updated: | July 13, 2005 | |||
| Description: | The utility ht, an executable file viewer, editor and analyzer, has buffer and integer overflows that can be exploited for the purpose of executing arbitrary code. | |||||
| Alerts: |
| |||||
krb5: double-free flaw
| Package(s): | krb5 | CVE #(s): | CAN-2004-0175 CAN-2005-0488 CAN-2005-1175 CAN-2005-1689 | ||||||||||||||||||||||||||||||
| Created: | July 12, 2005 | Updated: | December 6, 2005 | ||||||||||||||||||||||||||||||
| Description: | The krb5 authentication has a double-free flaw which may be initiated by a remote unauthenticated attacker. Also, a single byte heap overflow in the krb5_unparse_name() function can lead to a denial of service and an information disclosure may be caused by a malicious telnet server. See This report for more information. | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
leafnode: fetchnews vulnerabilities
| Package(s): | leafnode | CVE #(s): | CAN-2004-2068 CAN-2005-1453 CAN-2005-1911 | |||
| Created: | July 12, 2005 | Updated: | July 13, 2005 | |||
| Description: | The fetchnews program from the leafnode NNTP server has a number of vulnerabilities involving corruption of data from the upstream server. The system can hang indefinitely or crash. | |||||
| Alerts: |
| |||||
sharutils: temporary file vulnerability
| Package(s): | sharutils | CVE #(s): | CAN-2005-0990 | |||
| Created: | July 13, 2005 | Updated: | July 13, 2005 | |||
| Description: | Sharutils (and unshar in particular) creates temporary files in an unsafe way, making local file overwrite attacks possible. | |||||
| Alerts: |
| |||||
Updated vulnerabilities
ImageMagick: xwd coder denial of service
| Package(s): | ImageMagick | CVE #(s): | CAN-2005-1739 | ||||||||||||
| Created: | May 26, 2005 | Updated: | July 19, 2005 | ||||||||||||
| Description: | The xwd coder in ImageMagick has a vulnerability that can be accessed by working on a maliciously created image. A denial of service can result. | ||||||||||||||
| Alerts: |
| ||||||||||||||
OpenSSL: denial of service vulnerabilities
| Package(s): | OpenSSL | CVE #(s): | CAN-2004-0081 CAN-2003-0851 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | March 17, 2004 | Updated: | November 2, 2005 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Versions 0.9.7a-c of the OpenSSL library suffer from two denial of service vulnerabilities; see the version 0.9.7d release announcement for details. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RealPlayer HelixPlayer arbitrary code execution
| Package(s): | RealPlayer HelixPlayer | CVE #(s): | CAN-2005-1766 CAN-2005-1277 | |||||||||||||||
| Created: | June 27, 2005 | Updated: | July 6, 2005 | |||||||||||||||
| Description: | RealNetworks, Inc. has addressed security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
a2ps: input validation error
| Package(s): | a2ps | CVE #(s): | CAN-2004-1170 CAN-2004-1377 | ||||||||||||||||||
| Created: | November 26, 2004 | Updated: | December 19, 2005 | ||||||||||||||||||
| Description: | The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
bzip2: race condition and infinite loop
| Package(s): | bzip2 | CVE #(s): | CAN-2005-0953 CAN-2005-1260 | ||||||||||||||||||||||||
| Created: | May 17, 2005 | Updated: | January 10, 2007 | ||||||||||||||||||||||||
| Description: | A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
cacti: SQL injection and PHP file inclusion
| Package(s): | cacti | CVE #(s): | ||||||||||||||||
| Created: | June 22, 2005 | Updated: | July 21, 2005 | |||||||||||||||
| Description: | Cacti (prior to version 0.8.6e) suffers from vulnerabilities which can lead to SQL injection and (on some systems) execution of arbitrary PHP files. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
ClamAV: denial of service
| Package(s): | clamav | CVE #(s): | CAN-2005-2056 CAN-2005-2070 | ||||||||||||
| Created: | June 27, 2005 | Updated: | July 12, 2005 | ||||||||||||
| Description: | Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. A remote attacker could exploit this vulnerability to cause a Denial of Service by sending a specially crafted Quantum archive to the server. | ||||||||||||||
| Alerts: |
| ||||||||||||||
cpio - file permissions error
| Package(s): | cpio | CVE #(s): | CAN-1999-1572 | |||||||||||||||||||||
| Created: | February 2, 2005 | Updated: | July 19, 2005 | |||||||||||||||||||||
| Description: | Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
cpio: directory traversal
| Package(s): | cpio | CVE #(s): | CAN-2005-1111 | |||||||||||||||||||||||||||
| Created: | June 20, 2005 | Updated: | December 26, 2005 | |||||||||||||||||||||||||||
| Description: | There is a vulnerability in cpio (2.6 and previous) that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
crip: insecure temporary files
| Package(s): | crip | CVE #(s): | CAN-2005-0393 | |||
| Created: | June 30, 2005 | Updated: | July 6, 2005 | |||
| Description: | Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts. | |||||
| Alerts: |
| |||||
cURL: buffer overflow
| Package(s): | curl | CVE #(s): | CAN-2005-0490 | ||||||||||||||||||||||||
| Created: | February 28, 2005 | Updated: | July 19, 2005 | ||||||||||||||||||||||||
| Description: | Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
cvs: multiple vulnerabilities
| Package(s): | cvs | CVE #(s): | CAN-2005-0753 | |||||||||||||||||||||||||||||||||
| Created: | April 18, 2005 | Updated: | July 13, 2005 | |||||||||||||||||||||||||||||||||
| Description: | CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error. These can be used to launch a remote denial of service or to remotely execute arbitrary code. | |||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd | CVE #(s): | CAN-2005-0546 | |||||||||||||||||||||||||||
| Created: | February 23, 2005 | Updated: | April 9, 2006 | |||||||||||||||||||||||||||
| Description: | Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
dbus: information disclosure
| Package(s): | dbus | CVE #(s): | CAN-2005-0201 | ||||||||||||
| Created: | June 8, 2005 | Updated: | August 30, 2005 | ||||||||||||
| Description: | From the Red Hat alert: "Dan Reed discovered that a user can send and listen to messages on another user's per-user session bus if they know the address of the socket." At current usage levels, this vulnerability is not particularly threatening. | ||||||||||||||
| Alerts: |
| ||||||||||||||
dhcp: format string vulnerability
| Package(s): | dhcp | CVE #(s): | CAN-2004-1006 | |||||||||
| Created: | November 4, 2004 | Updated: | July 13, 2005 | |||||||||
| Description: | Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server. | |||||||||||
| Alerts: |
| |||||||||||
Dnsmasq: poisoning and DoS
| Package(s): | dnsmasq | CVE #(s): | |||||||
| Created: | April 4, 2005 | Updated: | July 21, 2005 | ||||||
| Description: | Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one buffer overflows that could crash DHCP lease files parsing. | ||||||||
| Alerts: |
| ||||||||
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 | CVE #(s): | CAN-2005-0100 | |||||||||||||||||||||||||||||||||||||||||||||
| Created: | February 7, 2005 | Updated: | May 15, 2006 | |||||||||||||||||||||||||||||||||||||||||||||
| Description: | Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the "mail" group. | |||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||
enscript: arbitrary code execution
| Package(s): | enscript | CVE #(s): | CAN-2004-1184 CAN-2004-1185 CAN-2004-1186 | |||||||||||||||||||||||||||||||||||||||
| Created: | January 21, 2005 | Updated: | May 27, 2006 | |||||||||||||||||||||||||||||||||||||||
| Description: | Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash. | |||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||
ettercap: format string vulnerability
| Package(s): | ettercap | CVE #(s): | CAN-2005-1796 | ||||||
| Created: | June 13, 2005 | Updated: | July 13, 2005 | ||||||
| Description: | The Ettercap suite of networking tools has a format string vulnerability that can be exploited by a remote attacker for the execution of arbitrary code. | ||||||||
| Alerts: |
| ||||||||
evolution: message crash vulnerability
| Package(s): | evolution | CVE #(s): | CAN-2005-0806 | |||||||||||||||
| Created: | March 17, 2005 | Updated: | August 11, 2005 | |||||||||||||||
| Description: | The Evolution mail client can be crashed when reading certain types of messages. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic | CVE #(s): | CAN-2004-0801 | |||||||||||||||
| Created: | September 20, 2004 | Updated: | May 31, 2006 | |||||||||||||||
| Description: | There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
gdb: multiple vulnerabilities
| Package(s): | gdb | CVE #(s): | CAN-2005-1704 CAN-2005-1705 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | May 20, 2005 | Updated: | August 11, 2006 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 | CVE #(s): | CAN-2005-0891 | ||||||||||||||||||||||||||||||||||||
| Created: | March 30, 2005 | Updated: | December 19, 2005 | ||||||||||||||||||||||||||||||||||||
| Description: | The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
gedit: format string vulnerability
| Package(s): | gedit | CVE #(s): | CAN-2005-1686 | |||||||||||||||
| Created: | June 9, 2005 | Updated: | July 12, 2005 | |||||||||||||||
| Description: | A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
gettext: Insecure temporary file handling
| Package(s): | gettext | CVE #(s): | CAN-2004-0966 | ||||||||||||||||||
| Created: | October 11, 2004 | Updated: | March 1, 2006 | ||||||||||||||||||
| Description: | gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
gftp: missing input sanitizing
| Package(s): | gftp | CVE #(s): | CAN-2005-0372 CAN-2004-1376 | ||||||||||||||||||||||||
| Created: | February 17, 2005 | Updated: | July 13, 2005 | ||||||||||||||||||||||||
| Description: | gftp has a directory traversal vulnerability. A remote server could use specially crafted filenames to overwrite local files. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript | CVE #(s): | CAN-2004-0967 | |||||||||
| Created: | October 20, 2004 | Updated: | September 28, 2005 | |||||||||
| Description: | The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. | |||||||||||
| Alerts: |
| |||||||||||
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc | CVE #(s): | CAN-2004-0968 | ||||||||||||||||||||||||
| Created: | October 21, 2004 | Updated: | November 14, 2005 | ||||||||||||||||||||||||
| Description: | The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
gnupg: information leak
| Package(s): | gnupg | CVE #(s): | CAN-2005-0366 | |||||||||
| Created: | March 16, 2005 | Updated: | August 19, 2005 | |||||||||
| Description: | GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see." | |||||||||||
| Alerts: |
| |||||||||||
grip: buffer overflow
| Package(s): | grip | CVE #(s): | CAN-2005-0706 | |||||||||||||||||||||||||||
| Created: | March 10, 2005 | Updated: | September 16, 2005 | |||||||||||||||||||||||||||
| Description: | Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
groff: insecure temporary directory
| Package(s): | groff | CVE #(s): | CAN-2004-0969 | |||||||||
| Created: | November 1, 2004 | Updated: | February 9, 2006 | |||||||||
| Description: | Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program. | |||||||||||
| Alerts: |
| |||||||||||
gxine: format string vulnerability
| Package(s): | gxine | CVE #(s): | CAN-2005-1692 | ||||||
| Created: | May 26, 2005 | Updated: | July 23, 2005 | ||||||
| Description: | The gxine media player has a format string vulnerability in the hostname decoding function. A specially crafted file can be used to cause a user to execute arbitrary code. | ||||||||
| Alerts: |
| ||||||||
gzip: race condition and directory traversal
| Package(s): | gzip | CVE #(s): | CAN-2005-0988 CAN-2005-1228 | ||||||||||||||||||||||||
| Created: | May 4, 2005 | Updated: | July 13, 2005 | ||||||||||||||||||||||||
| Description: | gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Heimdal: buffer overflow vulnerabilities
| Package(s): | heimdal | CVE #(s): | CAN-2005-2040 | |||||||||
| Created: | June 29, 2005 | Updated: | July 18, 2005 | |||||||||
| Description: | It has been reported that the "getterminaltype" function of Heimdal's (before 0.6.5) telnetd server is vulnerable to buffer overflows. An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program. | |||||||||||
| Alerts: |
| |||||||||||
htdig: cross site scripting
| Package(s): | htdig | CVE #(s): | CAN-2005-0085 | |||||||||||||||
| Created: | February 14, 2005 | Updated: | January 10, 2006 | |||||||||||||||
| Description: | Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
imap: buffer overflow in c-client
| Package(s): | imap | CVE #(s): | CAN-2003-0297 | |||||||||
| Created: | February 18, 2005 | Updated: | April 9, 2006 | |||||||||
| Description: | A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine. | |||||||||||
| Alerts: |
| |||||||||||
imlib2: buffer overflows
| Package(s): | imlib2 | CVE #(s): | CAN-2004-0802 CAN-2004-0817 | |||||||||||||||||||||||||||
| Created: | September 8, 2004 | Updated: | October 26, 2005 | |||||||||||||||||||||||||||
| Description: | The imlib2 library contains buffer overflows in the BMP handling code. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
infozip: privilege escalation, directory-traversal
| Package(s): | infozip | CVE #(s): | CAN-2003-0282 CAN-2004-1010 CAN-2005-0602 | ||||||
| Created: | May 2, 2005 | Updated: | August 1, 2005 | ||||||
| Description: | InfoZip reports that Zip 2.3 and (presumably) all previous versions have a buffer-overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). All versions of UnZip through 5.50 have a number of directory-traversal vulnerabilities. | ||||||||
| Alerts: |
| ||||||||
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster | CVE #(s): | CVE-2005-1108 CVE-2005-1109 | ||||||
| Created: | April 13, 2005 | Updated: | November 5, 2005 | ||||||
| Description: | JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. | ||||||||
| Alerts: |
| ||||||||
kdelibs: unsanitzied input
| Package(s): | kdelibs | CVE #(s): | CAN-2004-1165 | ||||||||||||||||||||||||
| Created: | January 10, 2005 | Updated: | July 19, 2005 | ||||||||||||||||||||||||
| Description: | Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
kernel: ELF loader core dump vulnerability
| Package(s): | kernel | CVE #(s): | CAN-2005-1263 | ||||||||||||||||||
| Created: | May 11, 2005 | Updated: | August 25, 2005 | ||||||||||||||||||
| Description: | Paul Starzetz has posted an advisory for yet another kernel vulnerability. In this case, by using a specially manipulated ELF binary, a local attacker can compromise the system (via the core dump code) and obtain root access. This vulnerability affects all kernels from 2.2 through 2.6.12-rc4. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CAN-2005-1913 CAN-2005-1761 | ||||||||||||
| Created: | July 1, 2005 | Updated: | September 9, 2005 | ||||||||||||
| Description: | Several vulnerabilities in the 2.6 kernel have been fixed, including a subthread exec problem (CAN-2005-1913) and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761). | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2005-0003 | |||||||||||||||||||||
| Created: | March 24, 2005 | Updated: | May 31, 2006 | |||||||||||||||||||||
| Description: | A number of vulnerabilities have been found in the Linux kernel, including a PPP-related denial of service problem, an integer overflow in the epoll() code, memory corruption in the ELF loader, and exploitable overflows in the ISO9660 code. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
kimgio input validation errors
| Package(s): | kimgio | CVE #(s): | CAN-2005-1046 | |||||||||||||||||||||
| Created: | April 22, 2005 | Updated: | July 19, 2005 | |||||||||||||||||||||
| Description: | KDE has issued a security advisory for kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including KDE 3.4. kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
libXpm: new buffer overflows
| Package(s): | libXpm | CVE #(s): | CAN-2005-0605 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | March 4, 2005 | Updated: | March 8, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | A new vulnerability has been discovered in libXpm, which is included in OpenMotif and LessTif, that can potentially lead to remote code execution. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl | CVE #(s): | CAN-2005-1349 | ||||||
| Created: | May 20, 2005 | Updated: | January 27, 2006 | ||||||
| Description: | Mark Martinec and Robert Lewis discovered a buffer overflow in Convert::UUlib (before 1.051), a Perl interface to the uulib library, which may result in the execution of arbitrary code. | ||||||||
| Alerts: |
| ||||||||
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl | CVE #(s): | CAN-2005-0077 | ||||||||
| Created: | January 25, 2005 | Updated: | March 2, 2006 | ||||||||
| Description: | Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. | ||||||||||
| Alerts: |
| ||||||||||