Mail filtering in Thunderbird 1.5
Your editor recently had a chance to try out the second beta Thunderbird
1.5 release. There are a number of nice additions in this release of
Mozilla's mail client - and a few not-so-nice subtractions, in the form of
broken extensions. This article will concentrate on a couple of
security-related features.
Thunderbird has had spam filtering for some time. Your editor has never
given it a full test, however. Happily, an ideal resource exists for this
purpose: your editor's 4000-spam-per-day mail stream. A quick config file
tweak directed a copy of this stream, unfiltered, into Thunderbird to see
how it would react.
The bayesian filter built into Thunderbird turns out to be a quick learner.
After 100
messages or so, it was busily marking most messages itself. The speed with
which it learns tempts the user to turn on automatic spam-canning of marked
mail early in the process; it is such a delight to see that stuff simply
disappear. Training a SpamAssassin filter takes quite a bit longer.
Unfortunately, the Thunderbird filter appears to learn too quickly,
with the result that false positives become a problem. As long as
Thunderbird is not configured to automatically refile spam, the false
positives can be corrected with, one assumes, an appropriate tweaking of
the filter. Once spams have been diverted, however, there appears to be no
way to tell Thunderbird that it made a mistake. So new Thunderbird users
would be well advised to look over its spam classification decisions for
some time before empowering it to refile mail automatically.
SpamAssassin's more conservative approach may well turn out to be better
for people who cannot afford to lose mail. Happily, Thunderbird 1.5
includes an option which causes it to defer to SpamAssassin on filtering.
Thus, the system administrator can use SpamAssassin to add headers to mail,
and individual users can have Thunderbird act on those headers if desired.
A truly new feature in 1.5 is phishing detection. A few simple rules have
been added to detect phishy links; essentially, a message will be flagged
if a URL contains a numeric IP address or the link text contains an address
which fails to match the link destination. In these cases, clicking on a
suspect link will result in a dialog explaining the situation and asking if
the user wishes to proceed. Thunderbird will also mark such messages with
a line saying "Mail/News thinks this message might be an email scam."
This capability is a step in the right direction, but it has some obvious
shortcomings. It failed to detect a number of random phishes found in your
editor's mailbox. The "this might be junk" message also overrides the
phishing warning; arguably the scam warning should take priority. The real
risk, though, is that users might think that, if Thunderbird does not flag
a message, it must be legitimate. Remember, these are people who fall for
phishing scams in the first place.
The best way to avoid that possibility would be to improve the detection of
phishing messages. One wonders if the bayesian filter could be trained to
this purpose as well as detecting spam. There is also ample opportunity
for cooperation with anti-phishing groups which maintain lists of known
phishing sites - though one would have to be careful to preserve a user's
privacy when checking links.
Quibbles aside, Thunderbird 1.5 is a step in the right direction toward a
more secure email environment. More work clearly remains to be done - but
that is likely to always be the case. Meanwhile, tools which help to reduce the
spam and phishing problems can only be a good thing.
Comments (8 posted)
New vulnerabilities
graphviz: insecure temporary file
| Package(s): | graphviz |
CVE #(s): | CAN-2005-2965
|
| Created: | October 10, 2005 |
Updated: | October 21, 2005 |
| Description: |
Javier Fernández-Sanguino Peña discovered insecure temporary file
creation in graphviz, a rich set of graph drawing tools, that can be
exploited to overwrite arbitrary files by a local attacker. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | linux-source-2.6.10, linux-source-2.6.8.1 |
CVE #(s): | CAN-2005-3053
CAN-2005-3106
CAN-2005-3107
CAN-2005-3108
CAN-2005-3109
CAN-2005-3110
|
| Created: | October 10, 2005 |
Updated: | October 27, 2005 |
| Description: |
A Denial of Service vulnerability was discovered in the
sys_set_mempolicy() function. By calling the function with a negative
first argument, a local attacker could cause a kernel crash.
(CAN-2005-3053)
A race condition was discovered in the handling of shared memory
mappings with CLONE_VM. A local attacker could exploit this to cause a
deadlock (Denial of Service) by triggering a core dump while waiting
for a thread which had just performed an exec() system call.
(CAN-2005-3106)
A race condition was found in the handling of traced processes. When
one thread was tracing another thread that shared the same memory map,
a local attacker could trigger a deadlock (Denial of Service) by
forcing a core dump when the traced thread was in the TASK_TRACED
state. (CAN-2005-3107)
A vulnerability has been found in the "ioremap" module. By performing
certain IO mapping operations, a local attacker could either read
memory pages he has not normally access to (information leak) or cause
a kernel crash (Denial of Service). This only affects the amd64
platform. (CAN-2005-3108)
The HFS and HFS+ file system drivers did not properly verify that the
file system that was attempted to be mounted really was HFS/HFS+. On
machines which allow users to mount arbitrary removable devices as HFS
or HFS+ with an /etc/fstab entry, this could be exploited to trigger a
kernel crash. (CAN-2005-3109)
Steve Herrel discovered a race condition in the "ebtables" netfilter
module. A remote attacker could exploit this by sending specially
crafted packets that caused a value to be modified after it had
been read but before it had been locked. This eventually lead to a
kernel crash. This only affects multiprocessor machines (SMP).
(CAN-2005-3110)
|
| Alerts: |
|
Comments (none posted)
koffice: KWord RTF import buffer overflow
| Package(s): | koffice |
CVE #(s): | CAN-2005-2971
|
| Created: | October 12, 2005 |
Updated: | November 7, 2005 |
| Description: |
The KOffice RTF import module suffers from a buffer overflow vulnerability
which could be exploited via a malicious RTF file. See the KDE
advisory for details. |
| Alerts: |
|
Comments (none posted)
libuser: denial of service
| Package(s): | libuser |
CVE #(s): | CAN-2004-2392
|
| Created: | October 11, 2005 |
Updated: | October 12, 2005 |
| Description: |
Several denial of service bugs were discovered in libuser. Under certain
conditions it is possible for an application linked against libuser to
crash or operate irregularly. |
| Alerts: |
|
Comments (none posted)
mason: open firewall vulnerability
| Package(s): | mason |
CVE #(s): | CAN-2005-3118
|
| Created: | October 6, 2005 |
Updated: | October 10, 2005 |
| Description: |
The mason firewall creating utility fails to install the init
script, leaving the machine without a firewall after the next reboot. |
| Alerts: |
|
Comments (none posted)
mozilla: symlink attack
| Package(s): | mozilla |
CVE #(s): | CAN-2005-2353
|
| Created: | October 7, 2005 |
Updated: | October 10, 2005 |
| Description: |
The run-mozilla.sh script, with debugging enabled, would allow local users
to create or overwrite arbitrary files via a symlink attack on temporary
files. |
| Alerts: |
|
Comments (none posted)
openssl: protocol rollback
| Package(s): | openssl |
CVE #(s): | CAN-2005-2969
|
| Created: | October 12, 2005 |
Updated: | December 19, 2005 |
| Description: |
OpenSSL prior to version 0.9.7h or 0.9.8a contains a vulnerability which could enable an attacker to force the use of the older, less secure SSL 2.0 protocol. See this advisory for details or this analysis for even more details. |
| Alerts: |
|
Comments (1 posted)
ruby: bypass object flags
| Package(s): | ruby1.8 |
CVE #(s): | CAN-2005-2337
|
| Created: | October 10, 2005 |
Updated: | October 21, 2005 |
| Description: |
The object oriented scripting language Ruby supports safely executing
untrusted code with two mechanisms: safe level and taint flag on
objects. Dr. Yutaka Oiwa discovered a vulnerability that allows
Ruby methods to bypass these mechanisms. In systems which use this
feature, this could be exploited to execute Ruby code beyond the
restrictions specified in each safe level. |
| Alerts: |
|
Comments (none posted)
squirrelmail: cross-site scripting
| Package(s): | squirrelmail |
CVE #(s): | CAN-2005-3128
|
| Created: | October 12, 2005 |
Updated: | October 12, 2005 |
| Description: |
Yet another cross-site scripting vulnerability has been found in squirrelmail; this one affects the "Address Add" plugin. |
| Alerts: |
|
Comments (none posted)
up-imapproxy: format string vulnerabilities
| Package(s): | up-imapproxy |
CVE #(s): | CAN-2005-2661
|
| Created: | October 10, 2005 |
Updated: | March 7, 2006 |
| Description: |
up-imapproxy contains two format string vulnerabilities which could be exploited to execute arbitrary code.
|
| Alerts: |
|
Comments (none posted)
uw-imap: buffer overflow
| Package(s): | uw-imap |
CVE #(s): | CAN-2005-2933
|
| Created: | October 11, 2005 |
Updated: | April 9, 2006 |
| Description: |
"infamous41md" discovered a buffer overflow in uw-imap, the University
of Washington's IMAP Server that allows attackers to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
weex: format string vulnerability
| Package(s): | weex |
CVE #(s): | CAN-2005-3150
|
| Created: | October 10, 2005 |
Updated: | October 10, 2005 |
| Description: |
Ulf Härnhammar from the Debian Security Audit Project discovered a
format string vulnerability in the Log_Flush function in Weex 2.6.1.5,
2.6.1, and possibly other versions. This could be exploited to execute
arbitrary code on the clients machine. |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CAN-2005-2967
|
| Created: | October 10, 2005 |
Updated: | October 12, 2005 |
| Description: |
Ulf Harnhammar discovered a format string vulnerability in the CDDB
module's cache file handling in the Xine library, which is used by packages
such as xine-ui, totem-xine, and gxine. By tricking an user into playing a
particular audio CD which has a specially-crafted CDDB entry, a remote
attacker could exploit this vulnerability to execute arbitrary code with
the privileges of the user running the application. Since CDDB servers
usually allow anybody to add and modify information, this exploit does not
even require a particular CDDB server to be selected. |
| Alerts: |
|
Comments (none posted)
xloadimage: buffer overflows
| Package(s): | xloadimage |
CVE #(s): | CAN-2005-3178
|
| Created: | October 10, 2005 |
Updated: | May 15, 2006 |
| Description: |
Three buffer overflows were discovered in xloadimage when handling the image title name. A malicious user can construct a NIFF file that when viewed and processed (with either zoom, reduce or rotate) by xloadimage, will cause the program to overwrite the return address and execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
abiword: buffer overflow
| Package(s): | abiword |
CVE #(s): | CAN-2005-2964
|
| Created: | September 29, 2005 |
Updated: | November 14, 2005 |
| Description: |
The RTF import module of the AbiWord word processor has a
buffer overflow vulnerability. A user can be tricked into
opening a maliciously crafted RTF file, giving the attacker
the ability to execute code with the permissions of the user. |
| Alerts: |
|
Comments (none posted)
apache information disclosure if modssl=yes
| Package(s): | apache |
CVE #(s): | CAN-2005-2700
|
| Created: | September 2, 2005 |
Updated: | November 10, 2005 |
| Description: |
An information disclosure vulnerability was discovered in mod_ssl, the SSL/TLS module of the Apache webserver. When "SSLVerifyClient optional" was configured in the global virtual host configuration, an "SSLVerifyClient require" in per-location context was not enforced.
|
| Alerts: |
|
Comments (none posted)
httpd: off-by-one overflow and cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CAN-2005-1268
CAN-2005-2088
|
| Created: | July 25, 2005 |
Updated: | November 7, 2005 |
| Description: |
Watchfire reported a flaw that occurred when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL). |
| Alerts: |
|
Comments (none posted)
apachetop: insecure temporary file
| Package(s): | apachetop |
CVE #(s): | CAN-2005-2660
|
| Created: | October 4, 2005 |
Updated: | October 5, 2005 |
| Description: |
Eric Romang discovered an insecurely created temporary file in
apachetop, a realtime monitoring tool for the Apache webserver that
could be exploited with a symlink attack to overwrite arbitrary files
with the user id that runs apachetop. |
| Alerts: |
|
Comments (none posted)
arc: temporary file vulnerabilities
| Package(s): | arc |
CVE #(s): | CAN-2005-2945
CAN-2005-2992
|
| Created: | October 5, 2005 |
Updated: | October 5, 2005 |
| Description: |
The arc archiver program suffers from two independent temporary file vulnerabilities.
|
| Alerts: |
|
Comments (none posted)
awstats: command injection vulnerability
| Package(s): | awstats |
CVE #(s): | CAN-2005-1527
|
| Created: | August 11, 2005 |
Updated: | November 10, 2005 |
| Description: |
AWStats has a command injection vulnerability that can
be exploited by specially crafting referrer URLs that
contain Perl code. The code can then be executed with the
privileges of the web server. |
| Alerts: |
|
Comments (2 posted)
backupninja: insecure temporary file
| Package(s): | backupninja |
CVE #(s): | |
| Created: | September 30, 2005 |
Updated: | October 5, 2005 |
| Description: |
Moritz Muehlenhoff discovered the handler code for backupninja creates a
temporary file with a predictable filename, leaving it vulnerable to a
symlink attack. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
cfengine: insecure temporary files
| Package(s): | cfengine |
CVE #(s): | CAN-2005-2960
|
| Created: | October 3, 2005 |
Updated: | October 14, 2005 |
| Description: |
Javier Fernández-Sanguino Peña discovered several insecure temporary
file uses in cfengine, a tool for configuring and maintaining
networked machines, that can be exploited by a symlink attack to
overwrite arbitrary files owned by the user executing cfengine, which
is probably root. |
| Alerts: |
|
Comments (none posted)
common-lisp-controller: design error
| Package(s): | common-lisp-controller |
CVE #(s): | CAN-2005-2657
|
| Created: | September 14, 2005 |
Updated: | November 21, 2005 |
| Description: |
François-René Rideau discovered a bug in common-lisp-controller, a
Common Lisp source and compiler manager, that allows a local user to
compile malicious code into a cache directory which is executed by
another user if that user has not used Common Lisp before.
|
| Alerts: |
|
Comments (none posted)
courier: missing input sanitizing
| Package(s): | courier |
CVE #(s): | CAN-2005-2820
|
| Created: | September 26, 2005 |
Updated: | October 11, 2005 |
| Description: |
Jakob Balle discovered that with "Conditional Comments" in Internet
Explorer it is possible to hide javascript code in comments that will
be executed when the browser views a malicious email via sqwebmail.
Successful exploitation requires that the user is using Internet
Explorer. |
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dia: missing input sanitizing
| Package(s): | dia |
CVE #(s): | CAN-2005-2966
|
| Created: | October 4, 2005 |
Updated: | April 6, 2006 |
| Description: |
Joxean Koret discovered that the SVG import plugin did not properly
sanitize data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user. |
| Alerts: |
|
Comments (none posted)
elm: buffer overflow
| Package(s): | elm |
CVE #(s): | CAN-2005-2665
|
| Created: | August 23, 2005 |
Updated: | November 10, 2005 |
| Description: |
A buffer overflow flaw in Elm was
discovered that was triggered by viewing a mailbox containing a message
with a carefully crafted 'Expires' header. An attacker could create a
malicious message that would execute arbitrary code with the privileges of
the user who received it. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
ethereal: dissector vulnerabilities
Comments (none posted)
evolution: format string issues
Comments (2 posted)
firefox: multiple vulnerabilities
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow
| Package(s): | gaim |
CVE #(s): | CAN-2005-2103
|
| Created: | August 10, 2005 |
Updated: | February 27, 2006 |
| Description: |
Gaim suffers from a heap-based buffer overflow which can be exploited via a hostile "away message" to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
gopher: buffer overflows
| Package(s): | gopher |
CVE #(s): | CAN-2005-2772
|
| Created: | September 30, 2005 |
Updated: | October 5, 2005 |
| Description: |
Several buffer overflows have been discovered in gopher, a
text-oriented client for the Gopher Distributed Hypertext protocol,
that can be exploited by a malicious Gopher server. |
| Alerts: |
|
Comments (1 posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gtkdiskfree: insecure temp file
| Package(s): | gtkdiskfree |
CVE #(s): | CAN-2005-2918
|
| Created: | September 29, 2005 |
Updated: | October 5, 2005 |
| Description: |
The gtkdiskfree utility creates temporary files in
an insecure manner. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
HelixPlayer: arbitrary code execution
| Package(s): | HelixPlayer |
CVE #(s): | CAN-2005-2710
|
| Created: | September 27, 2005 |
Updated: | October 10, 2005 |
| Description: |
A format string bug was discovered in
the way HelixPlayer processes RealPix (.rp) files. It is possible for a
malformed RealPix file to execute arbitrary code as the user running
HelixPlayer. |
| Alerts: |
|
Comments (none posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
Hylafax: insecure temporary file creation in xferfaxstats
| Package(s): | hylafax |
CVE #(s): | CAN-2005-3069
|
| Created: | September 30, 2005 |
Updated: | October 13, 2005 |
| Description: |
Javier Fernandez-Sanguino has discovered that xferfaxstats cron script
supplied by Hylafax < 4.2.2 insecurely creates temporary files with
predictable filenames. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflow
| Package(s): | kernel |
CVE #(s): | CAN-2005-2490
CAN-2005-2492
|
| Created: | September 22, 2005 |
Updated: | October 5, 2005 |
| Description: |
The Linux kernel has a stack-based buffer overflow problem in the
sendmsg function. Local users may use this to execute arbitrary code. |
| Alerts: |
|
