Linux in Italian schools
The region of Italy known as Trentino-Alto Adige or South Tyrol has an
interesting history. It became part of Italy as a spoil of World
War 1, and many of its residents have never been entirely comfortable with
Italian control. It is a breathtakingly beautiful region, where German is
heard more than Italian. The unique nature of this area has resulted in it
being given a great deal of autonomy; Trentino-Alto Adige often does things
its own way.
Bolzano, a provincial capital in Trentino-Alto Adige, has just broken some
new ground with this announcement that the area's Italian schools
have switched to Linux. Your editor was able to discuss the project
with three of its principals: Antonio J. Russo, Paolo Zilotti, and
Christopher Gabriel. They deserve thanks for helping to fill in the
details, and for putting up with your editor's Italian.
This project goes by the name "FUSS",
for "Free Upgrade South Tyrol's Schools." Over the course of two months,
the entire computing infrastructure for the region's Italian-language
schools was converted over to a customized version of the Debian
distribution. This effort involved installing Linux on 2640 computers over
the course of 23 days; an installation
party photo gallery has been posted for those who are interested. The
project has also developed a live CD which will be handed out to students
when school opens (September 12) so that they may all run the same
software at home. The students of these schools will be able to do all of
their schoolwork using free software.
And freedom is an important issue in this project; the introduction
page starts out this way:
The decision to use free software in the schools is indeed, beyond
the economic and technical reasons, an ethical and political
choice. It is the choice of remaking oneself, both in the use
and teaching of computing, with the values of freedom and sharing,
and not just in the use of software which is efficient, stable, and
secure, which runs on older machines, and which is not subject to
licensing costs.
(The linked page, like most in this article, is in Italian; translations by
the editor).
To achieve its goals, the FUSS project decided early on that only free
software could be used. All of the usual reasons apply for this choice:
ethics, the ability to give the software to students, ability to modify the
software, etc. Given this constraint, it is not surprising that FUSS
decided to base its effort on Debian.
The 100% free nature of the distribution, combined with its quality, vast
array of packages, and adaptability are given as the reasons for this
choice. The project
developed its own version of Debian, which it calls "FUSS Soledad
GNU/Linux," or just "Soledad."
Soledad is based upon the Sarge release, but the FUSS developers have made
a number of changes. The installer and default configuration have been
adapted to the schools' needs, and a special GNOME-based desktop has been
put together. The mix of packages has carefully selected for the target
audience, with a strong bias toward educational software. The package
list for the desktop
configuration is available; there is also a version of Soledad for
server deployments. ISO images of Soledad are available from the FUSS download page.
Many of us who have dealt with the public school systems in their countries
have often wondered why there is not more free software in use. But
anybody who has tried to convince a school system to change knows what kind
of inertia exists there. So how did the FUSS project supporters get the
approval for a change of this magnitude?
There are a few factors at play here. The Italian schools in Bolzano are
(unlike those in much of Italy) organized around a central purchasing
structure for information technology. Even better, the relationship
between the schools and the central IT folks is good.
This structure made it easier to
convert the entire school system at once. The initial supporters of FUSS
came from within the school administration, and thus had the advantage of
pushing for change from the inside. Even so, the FUSS supporters had to
work for years, and had
to "assemble a fair amount of paper" before getting the project approved.
Mr. Russo adds:
I don't think that there is a formula for bringing this sort of
project to conclusion; the only thing I can say is that, in
Bolzano, people active in the spread of free software have worked
hard for many years, organizing events, conferences, installation
parties, but, most of all, meeting people and explaining to them
the benefits of free software and how their work could be improved
and made more pleasant with the use of cooperatively-developed
tools.
The FUSS developers add that the autonomous nature of Bolzano helped, since
decisions are made locally. But the importance of laying the groundwork is
clear: spend enough time educating people about the benefits of free
software, and they will eventually come around and support it.
2460 Linux installations may seem like a lot, but it is only a beginning.
This deployment only covers Bolzano's Italian-language schools; the region
also runs a great many German-language schools, and a rather smaller number
based on Ladin.
The FUSS developers have made offers of help to their German-speaking
counterparts, but, so far, have received little response. School systems
in various other regions of Italy are said to be interested, however, and
are watching to see how it all turns out.
The acid test will start on September 12, when 16,000 students return to
school. It is hard to imagine that there would be no startup glitches on a
project of this magnitude. How quickly they are ironed out, and how
quickly students and teachers become comfortable with the new systems will
have a big influence on whether other parts of Italy will make the jump to
free software. The odds are in the project's favor: school systems have
few needs which cannot be met nicely by currently-available free software.
The hard part of this project is done; congratulations are due to the many
people who have worked for years to make FUSS a reality.
Comments (8 posted)
A busy week for the courts
Courts in various parts of the world have handed down decisions which, in
one way or another, can affect users and developers of free software.
These decisions are not particularly friendly to our community. Here is a
quick overview of what the courts have said.
ACRA v. Lexmark
We have encountered Lexmark before; that company has attempted to use the
DMCA to shut down alternative manufacturers of alternative ink cartridges
for its printers. That attempt failed, but the company appears to have
found another, stronger way of protecting itself from competition: the
shrink-wrap patent license.
In this case, the Arizona Cartridge Remanufacturers Association (ACRA) took
Lexmark to court, challenging Lexmark's "prebate" offering. This marketing
scheme involves "reduced price" cartridges which are explicitly marked, on
the box, as being "single use only." Customers are supposed to return
empty cartridges to Lexmark, and they are prohibited from giving the
cartridges to other remanufacturers. ACRA alleged that the labeling on the
box was deceptive, since it was not actually binding upon customers. ACRA
failed to convinced the US 9th Circuit Court of Appeals, however; on
August 30, it reaffirmed
a lower-court decision [PDF] in Lexmark's favor.
The two things which come out of this ruling are: (1) patents can be
used to impose post-sale restrictions on customers, and (2) labeling
on a package can be a valid shrink-wrap patent license. So anybody who
disposes of a used Lexmark cartridge in a non-approved manner becomes a
patent infringer - and remanufacturers which accept those cartridges are
inducing infringement.
It is not hard to see where this sort of logic can go. If a product
contains technology subject to a patent, that patent can be used to impose
no end of post-sale conditions. In the current climate, obtaining a patent
which can cover any given product will not be an especially challenging
task. Those patents could be used in interesting new ways. It is already
annoying to buy a laptop with a "designed for Windows" sticker attached to
the case with 1000-year glue. How fun would it be if the sticker read
"designed for Windows only" - and have it be enforceable?
Many of us use free software because it gives us greater control over our
systems. The growing power granted to those who hold intellectual property
rights threatens to take the control away. Increasingly, we do not truly
own the hardware we thought we had purchased; we simply hold a set of
limited rights to use that hardware in specific ways which do not threaten
the manufacturers' interests. That does not seem like the path to freedom.
Universal Music Australia Pty Ltd v Sharman License Holdings Ltd
In Australia, a large number of media companies took Sharman License
Holdings to court, alleging several copyright-related violations.
Sharman, the distributor of Kazaa, does not have entirely clean hands -
nobody disputes that many people use Kazaa to engage in copyright
infringement. In its defense, Sharman argued that it had no control over
the behavior of Kazaa users, that it had warned them about infringing
copyrights, and that the license agreement for the software prohibited its
use to make unauthorized copies of copyrighted materials.
The judge actually bought that argument - to an extent. The ruling
in this case clears the defendants of many charges of copyright
infringement. The judge did find, however, that the defendants had
"authorized" users to infringe copyrights, and that this act violated
Australian copyright law.
The defendants will now have to pay damages. Kazaa will be allowed to
continue to exist, but a new version must be released within two months
with filters designed to block infringing uses. In particular, the
software will have to accept a list (provided by publishers) of claimed
works, and block attempts to trade files which match entries in the lists.
It is not hard to imagine that file traders will respond to the keyword
matching in the same way spammers have; expect to see some creative
spellings attached to music files in the near future.
The judge seemed to have a real interest in not shutting down peer-to-peer
communications altogether, and mandated that the filtering be imposed
"... without unnecessarily intruding on others' freedom of speech and
communication." The fact is, however, that this is yet another
ruling holding software developers responsible for the acts of certain of
their users. Manufacturers of cutlery, automobiles, and firearms are not
held to such standards, but people who innovate in the software area do so
at their own risk. Thus far, most of the legal firepower has been
aimed at commercial file sharing operations, but that does not mean that
pure free software projects are immune to this sort of attack.
Blizzard v. bnetd
One free software project which has been subject to this sort of attack is
bnetd, last mentioned here two
weeks ago. The Eighth Circuit Court of Appeals has now issued its ruling in
this case [PDF], and the news is not good: bnetd lost on all counts.
The logic remains unchanged from the prior court's ruling; for example:
The bnetd.org emulator had limited commercial purpose because its
sole purpose was to avoid the limitations of Battle.net. There is
no genuine issue of material fact that Appellants designed and
developed the bnetd.org server and emulator for the purpose of
circumventing Blizzard's technological measures controlling access
to Battle.net and the Blizzard games. Summary was properly granted
in favor of Blizzard and Vivendi on the anti-trafficking
violations.
The idea that free software has fewer rights because it has "limited
commercial purpose" is chilling, to say the least. In any case, the
interoperability exception to the DMCA has been shown to mean little, once
again.
Comments (15 posted)
Whither UserLinux?
The
UserLinux project was founded by
Bruce Perens in 2003 with this mission:
Provide businesses with freely available, high quality Linux
operating systems accompanied by certifications, service, and
support options designed to encourage productivity and security
while reducing overall costs.
More informally, Bruce was disappointed with the currently-available
"enterprise" Linux offerings, which he sees as taking much of the freedom
out of free software. His goal was to create a new distribution (based on
Debian) which would be 100% free, aimed at the needs of smaller businesses,
and supported by a wide network of independent companies. UserLinux would
thus fill in the gap between the unsupported "development" distributions
and the expensive, restrictive packages offered by Red Hat and Novell.
A small community coalesced around the idea and got busy with peripheral
tasks: creating a web site (carrying the unfortunate tag line "Linux for
Business" once used by Caldera), designing a logo, writing a trademark
policy, and so on. But UserLinux never really got around to building a
distribution. This was partly by design: UserLinux was intended to be a
version of Debian Sarge with only minimal changes. A few metapackages
would be put together, and the package mix as a whole would be greatly
thinned down. But UserLinux never intended to create a new distribution;
it was more of a repackaging effort with an attempt to build a support
network around it.
The UserLinux experience carries a warning for future efforts: any business
or development plan which has a step reading like this:
- Wait for the next Debian stable release to come out.
is more than usually likely to encounter delays. UserLinux got to that
step, and found itself waiting for the Sarge release. For a long time.
This wait killed any momentum UserLinux may have had.
Nonetheless, the Debian Sarge release happened in June. Three months
later, nothing has been heard from UserLinux. So, finally, an interested
observer asked what was going on. Bruce responded that UserLinux was, indeed, still
alive, but, unfortunately, everything was waiting on him personally.
Essentially, the customer who was going to pay me to work on this
evaporated, and some time later I started running out of money to
support the project. I subsequently took a job with Sourcelabs. I
have 50% of my work time to work on whatever Open Source I choose
(courtesy of Sourcelabs) but so far have been pulled in a lot of
directions and thus not much has gotten done on UL of late.
Bruce may indeed succeed in getting others interested in doing some of the
lifting to make UserLinux 1.0 a reality. But a distribution which can
be stalled because one person gets busy is not going to be particularly
appealing to businesses looking for an alternative to the current support
offerings. UserLinux, in other words, appears to have little chance of
achieving its initial goals, even if it does get a release out.
The slow release of Sarge is one thing which happened to UserLinux, but
there is another unexpected event which came along as well: Ubuntu. In
many ways, Ubuntu is what UserLinux intended to be: a 100% free,
Debian-based distribution with relatively long support periods and
available commercial support offerings. Ubuntu seems to have beat out
UserLinux by virtue of not waiting for a stable Debian release, putting a
great deal of attention into ease of use and making things "just work," and
the small advantages that come from having a few tens of millions of
dollars of seed money in the bank. As a result, Ubuntu has a real
distribution, with a large and enthusiastic user community.
Not everybody is comfortable with Ubuntu, despite the fact that the
company's models appear to have put their clothes back on. Bruce's message
puts it this way:
I think the project continues to have value and I don't believe
that basing on the work of any one company, even Ubuntu which may
be more of a rich man's hobby project than a company, is the
solution for support of Linux distributions.
The creation of the
Ubuntu Foundation may help to ease the concerns about the distribution
being controlled by a single company. Meanwhile, Ubuntu has been building
a distributed support network along the lines of the one envisioned by
UserLinux, and a certification scheme is in the works. The 6.04 release,
due next year, will be supported for five years (for server use) - if the
Ubuntu Foundation lasts that long.
In other words, it seems that the distribution UserLinux wanted to create
has come to be - it just didn't happen quite the way they had intended.
Anybody who wants to carry the UserLinux banner forward as a separate
project should first be able to tell the world what they will do that
existing distributors are not doing, and how they will turn UserLinux into
a viable organization that businesses will trust. Without answers to those
questions, UserLinux will remain a project with a nice logo, but with no
software or users.
Comments (9 posted)
Page editor: Jonathan Corbet
Security
A selective look at response times
It is often said that, while free software suffers from security flaws just
like the proprietary variety does, fixes for those flaws come out much more
quickly. For most users, however, security patches do not arrive until
packaged by their distributor. So, every now and then, it is worthwhile to
take a look at how quickly various distributors manage to get the fixes
out. The following table lists a subset of recent vulnerabilities and the
number of days required for each distributor to issue an update. For the
purposes of this table, the clock starts when a vulnerability is disclosed,
or when the first distributor alert is issued, whichever comes first.
The above table lists a subset of relatively important vulnerabilities
disclosed since July, 2005. Distributions marked "n/a" do not ship the
vulnerable package; a marking of "--" means that the update has not, yet,
been released. Missing updates can mean one of two things: (1) the
distributor simply has not gotten around to releasing an update yet, or
(2) the relevant package is of the second class citizen variety, such
as those found in Fedora Extras or Ubuntu's Universe.
Even though the set of vulnerabilities above is relatively small, some
patterns emerge. Some distributors (Fedora, Gentoo, Debian, Red Hat) have
managed to close most of the listed vulnerabilities. A couple of others
have fallen seriously behind, however, leaving users running vulnerable
software. Some distributors tend to be quite fast in getting updates out;
others are slower. Perhaps the biggest surprise is the current lag time on
Debian's updates; Debian used to be one of the faster distributions to get
updates out.
It is worth noting, as well, that the increasingly popular "non-core"
package repositories can be a hazard for administrators who are not paying
attention. Clamav is used as a virus filter on many sites, and the recent
vulnerability is real and exploitable. An administrator who relies upon a
distribution's update mechanism may not have noticed that, when she used
yum or apt-get to install clamav, it came from Fedora
Extras or Ubuntu Universe. As a second class citizen package, clamav will
not be updated by the distributor, and will remain vulnerable for an
unknown period of time. Any security-conscious site which uses such
packages should have a mechanism in place to note and respond to security
problems in those packages.
Comments (12 posted)
New vulnerabilities
affix: remote command execution
| Package(s): | affix |
CVE #(s): | CAN-2005-2716
|
| Created: | September 2, 2005 |
Updated: | September 6, 2005 |
| Description: |
Kevin Finisterre reports that affix, a package used to manage
bluetooth sessions under Linux, uses the popen call in an unsafe
fashion. A remote attacker can exploit this vulnerability to execute
arbitrary commands on a vulnerable system. |
| Alerts: |
|
Comments (none posted)
apache information disclosure if modssl=yes
| Package(s): | apache |
CVE #(s): | CAN-2005-2700
|
| Created: | September 2, 2005 |
Updated: | November 10, 2005 |
| Description: |
An information disclosure vulnerability was discovered in mod_ssl, the SSL/TLS module of the Apache webserver. When "SSLVerifyClient optional" was configured in the global virtual host configuration, an "SSLVerifyClient require" in per-location context was not enforced.
|
| Alerts: |
|
Comments (none posted)
courier: missing input sanitizing
| Package(s): | courier |
CVE #(s): | CAN-2005-2724
|
| Created: | September 1, 2005 |
Updated: | September 6, 2005 |
| Description: |
The courier sqwebmail application has an input sanitizing
vulnerability that can be exploited by a remote attacker for
the purpose of causing a script insertion attack. |
| Alerts: |
|
Comments (none posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
mplayer: heap overflow
| Package(s): | mplayer |
CVE #(s): | CAN-2005-2718
|
| Created: | September 1, 2005 |
Updated: | September 7, 2005 |
| Description: |
mplayer's ad_pcm.c code has a heap overflow vulnerability.
The faulty code handles the strf chunk of PCM audio streams.
A maliciously created audio or video file could be created,
allowing code to be executed with the privileges of the
user who is running mplayer. |
| Alerts: |
|
Comments (none posted)
net-SNMP: packaging flaw
| Package(s): | net-snmp |
CVE #(s): | |
| Created: | September 6, 2005 |
Updated: | September 6, 2005 |
| Description: |
James Cloos reported that Perl modules from the Net-SNMP package look
for libraries in an untrusted location. This is due to a flaw in the
Gentoo package, and not the Net-SNMP suite. |
| Alerts: |
|
Comments (none posted)
openssh: privilege escalation
| Package(s): | openssh |
CVE #(s): | |
| Created: | September 6, 2005 |
Updated: | September 6, 2005 |
| Description: |
A security bug introduced in OpenSSH version 4.0 caused gateway ports (SSH client command line option "-o 'GatewayPorts yes'") to be accidentally activated for dynamic port forwardings (SSH client command line option "-D [address:]port") when the listen address was not explicitly specified. As a result, the SSH client performed a wildcard bind for the listening socket on the SSH client machine instead of a bind to just "localhost". This way the dynamic port forwardings can be accessed also from outside the SSH client machine. |
| Alerts: |
|
Comments (none posted)
openssh: GSSAPI credential disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2005-2798
|
| Created: | September 7, 2005 |
Updated: | February 3, 2006 |
| Description: |
OpenSSH prior to version 4.2 will allow GSSAPI credentials to be delegated to users who are not using GSSAPI authentication, possibly leading to the unwanted disclosure of those credentials. OpenSSH 4.2 has the fix.
|
| Alerts: |
|
Comments (none posted)
OpenTTD: remote execution of arbitrary code
| Package(s): | OpenTTD |
CVE #(s): | CAN-2005-2763
|
| Created: | September 5, 2005 |
Updated: | September 6, 2005 |
| Description: |
Alexey Dobriyan discovered several format string vulnerabilities in
OpenTTD. A remote attacker could exploit these vulnerabilities to crash the
OpenTTD server or client and possibly execute arbitrary code with the
rights of the user running OpenTTD.
|
| Alerts: |
|
Comments (none posted)
polygen: denial of service
| Package(s): | polygen |
CVE #(s): | CAN-2005-2656
|
| Created: | September 1, 2005 |
Updated: | September 6, 2005 |
| Description: |
polygen has a vulnerability in which precompiled grammar objects
are created with world write permissions.
A local attacker can use this to fill up a local filesystem
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
smb4k: temporary file vulnerability
| Package(s): | smb4k |
CVE #(s): | CVE-2005-2851
|
| Created: | September 7, 2005 |
Updated: | December 7, 2005 |
| Description: |
Smb4K has a temporary file vulnerability which can allow an unprivileged user to read certain files which would otherwise be inaccessible.
|
| Alerts: |
|
Comments (none posted)
squid: DoS issues
| Package(s): | squid |
CVE #(s): | CAN-2005-2794
CAN-2005-2796
|
| Created: | September 6, 2005 |
Updated: | November 7, 2005 |
| Description: |
Squid-2.5.10-r2 and earlier has three Denial of Service issues. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
affix: two remote vulnerabilities
| Package(s): | affix |
CVE #(s): | CAN-2005-2250
CAN-2005-2277
|
| Created: | July 19, 2005 |
Updated: | September 2, 2005 |
| Description: |
A buffer overflow in the Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2
and 3.2.0 allows remote attackers to execute arbitrary code via a long
filename in an OBEX file share. Also remote attackers may execute
arbitrary commands via shell metacharacters in the filename argument of a
PUT command. |
| Alerts: |
|
Comments (none posted)
apache2: CGI script denial of service
| Package(s): | apache2 |
CVE #(s): | |
| Created: | August 25, 2005 |
Updated: | August 31, 2005 |
| Description: |
Apache 2 has a vulnerability in which a remote attacker can
access certain CGI scripts, causing exhaustion of all
RAM and a denial of service. |
| Alerts: |
|
Comments (none posted)
httpd: off-by-one overflow and cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CAN-2005-1268
CAN-2005-2088
|
| Created: | July 25, 2005 |
Updated: | November 7, 2005 |
| Description: |
Watchfire reported a flaw that occurred when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL). |
| Alerts: |
|
Comments (none posted)
awstats: command injection vulnerability
| Package(s): | awstats |
CVE #(s): | CAN-2005-1527
|
| Created: | August 11, 2005 |
Updated: | November 10, 2005 |
| Description: |
AWStats has a command injection vulnerability that can
be exploited by specially crafting referrer URLs that
contain Perl code. The code can then be executed with the
privileges of the web server. |
| Alerts: |
|
Comments (2 posted)
backup-manager: insecure permissions and tempfile
| Package(s): | backup-manager |
CVE #(s): | CAN-2005-1855
CAN-2005-1856
|
| Created: | August 26, 2005 |
Updated: | August 31, 2005 |
| Description: |
Two bugs have been found in backup-manager: backup files are created with
default permissions making them world readable, even though they may
contain sensitive information and the optional CD-burning feature of
backup-manager uses a hardcoded filename in a world-writable directory for
logging. This can be subject to a symlink attack. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
courier: DNS failure vulnerability
| Package(s): | courier |
CVE #(s): | CAN-2005-2151
|
| Created: | August 25, 2005 |
Updated: | August 31, 2005 |
| Description: |
The Courier mail server has a problem with DNS failures
and Sender Policy Framework (SPF) records.
Remote attackers can use this to corrupt memory
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
CUPS: multiple vulnerabilities
| Package(s): | CUPS |
CVE #(s): | CAN-2004-2154
|
| Created: | July 14, 2005 |
Updated: | September 20, 2005 |
| Description: |
The CUPS printing system has a problem with queue name
case-sensitivity matching that can cause a security policy override. An
unauthorized user can use this to gain print to a protected queue. |
| Alerts: |
|
Comments (none posted)
cvs: insecure temp file
| Package(s): | cvs |
CVE #(s): | CAN-2005-2693
|
| Created: | August 23, 2005 |
Updated: | September 9, 2005 |
| Description: |
Insecure temporary file usage was found in the cvsbug program. It is possible that a malicious user could use this to execute arbitrary
instructions as the user running cvsbug. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dhcpcd: denial of service
| Package(s): | dhcpcd |
CVE #(s): | CAN-2005-1848
|
| Created: | July 13, 2005 |
Updated: | September 13, 2005 |
| Description: |
The dhcpcd DHCP client can be tricked into reading past the end of a buffer, causing it to crash.
|
| Alerts: |
|
Comments (none posted)
elm: buffer overflow
| Package(s): | elm |
CVE #(s): | CAN-2005-2665
|
| Created: | August 23, 2005 |
Updated: | November 10, 2005 |
| Description: |
A buffer overflow flaw in Elm was
discovered that was triggered by viewing a mailbox containing a message
with a carefully crafted 'Expires' header. An attacker could create a
malicious message that would execute arbitrary code with the privileges of
the user who received it. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
ethereal: dissector vulnerabilities
Comments (none posted)
evolution: format string issues
Comments (2 posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow
| Package(s): | gaim |
CVE #(s): | CAN-2005-2103
|
| Created: | August 10, 2005 |
Updated: | February 27, 2006 |
| Description: |
Gaim suffers from a heap-based buffer overflow which can be exploited via a hostile "away message" to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | September 16, 2005 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdeedu: tempfile handling vulnerabilities
| Package(s): | kdeedu |
CVE #(s): | CAN-2005-2101
|
| Created: | August 15, 2005 |
Updated: | September 22, 2005 |
| Description: |
Ben Burton notified the KDE security team about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion
script for kvoctrain. The script must be manually invoked. The
script uses known filenames in /tmp which allow an local
attacker to overwrite files writeable by the user invoking the
conversion script. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CAN-2005-1913
CAN-2005-1761
|
| Created: | July 1, 2005 |
Updated: | September 9, 2005 |
| Description: |
Several vulnerabilities in the 2.6 kernel have been
fixed, including a subthread exec problem (CAN-2005-1913)
and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761). |
| Alerts: |
|