A study on free software in British schools
There have been a number of stories recently about the adoption of free
software in public school systems around the world. Certainly free
software has a lot of attributes which make it well suited for that role:
it is relatively secure, open to curious minds which wish to look inside
it, freely available for students to copy and use at home, easily adapted
to local languages, and easier on a school's (typically stretched) budget.
Of course, not everybody agrees that the use of free software is cheaper;
certain proprietary software companies, in particular, are trying to cast
doubt on that assertion. So the administration of a school contemplating a
switch to free software might well wonder: will it truly save money?
The British Educational Communications and Technology Agency decided that
it needed an answer to that question. So it took a detailed look at 48
British schools - 33 which were not using free software, and 15 which were
- to get a sense for their relative costs. The result of this work is now
available as a
glossy report [PDF], suitable for printing on heavy paper and handing
to a school administrator near you.
The study divided software usage into three broad categories:
(1) servers, (2) class and administrative computer operating
systems, and (3) classroom and administrative applications. The total
costs were summarized in each category, taking a broad view. Costs include
hardware and software, but also support - both purchased from outside and
provided by internal staff. Training was also included. In other words,
the study took into account all of those factors which, according to the
critics, make free software more expensive than the proprietary
alternatives.
The bottom-line result is quite clear:
The annual total cost per PC was less for nearly all the OSS
schools at both primary and secondary school levels. For OSS
schools, cost per PC at primary school level was half that of
non-OSS schools, and cost per PC at secondary school level was
around 20% less than that of the non-OSS schools.
Unsurprisingly, the study found that the best immediate results came from
the use of free software on server systems. There are more obstacles to
deployments on administrative and classroom systems. In some cases -
especially for school administrative functions - the necessary applications
are not yet available (the study notes that projects like SchoolTool are working to provide
those applications). There is also some opposition to free applications
from people who are trained in other packages. Tellingly, most of this
opposition seems to come from the teachers, not the students:
This willingness to "mix and match" was also mentioned by the head
teacher in the case study report on another primary school:
"Children don't seem to care if they have Word at home, or
StarOffice. At school they have never complained about which they
use."
Teachers and administrators, like most adults, have a certain tendency to
get set in their ways and stick with what they already know. Children can
be more flexible. What these schools are seeing corresponds with your
editor's own experience: children have no problem working with free
software, and, if exposed to it, will take to it readily. Just don't
(speaking from experience here, again) expose your children to Battle For Wesnoth, or their homework will
suffer.
In summary: this report is a good thing, as far as it goes. The flood of
hostile "total cost of ownership" studies is unlikely to slow in the near
future, so it is good to have contrary evidence from relatively unbiased
sources. There are, however, no end of reasons, beyond the financial ones,
for using free software in public schools, but this report ignores them
almost completely. At the lower school levels, free software can be made
available to students without licensing hassles or sanctimonious lectures
about not making copies. At higher levels it can teach the students much
about software itself, encourage them to experiment, and demonstrate how
cooperative work can yield benefits for everybody involved. A strict focus
on costs may provide a favorable picture, but risks creating the impression
that cost is the only reason for using free software. In the context of
the public schools, more than in many other situations, it is important
that people understand that there is far more to free software than "free
of cost."
Comments (14 posted)
Open source compliance insurance
The folks at Open Source Risk Management have, for some time now, been
working on indemnification insurance for free software. The idea behind
this offering is that businesses which are worried about an SCO-style lawsuit
can purchase insurance turning that risk into a regular, predictable
business expense. This sort of service may well turn out to be a hard
sell, however; SCO's experience seems unlikely to inspire many copycat
acts. The risk of successful, copyright-based legal attacks against free
software currently seems to be quite low.
Patents may yet prove to be a
different story, though.
Meanwhile, OSRM, in conjunction with Kiln plc and Miller Insurance
Services, has come
up with a new idea: sell insurance to companies which fear GPL
compliance problems:
Open Source Compliance Insurance will initially offer cover of up
to $10 million for direct loss suffered by the insured following a
finding of non-compliance with specific license agreements under
which open source code is obtainable. The insurance will indemnify
the insured for the loss of profits associated with the withdrawal
or alteration of a product incorporating non-compliant code or the
impaired valuation of an acquisition agreement exchanging open
source software. In certain circumstances the policy would pay the
costs to mitigate such losses including the expense of repair or
replacement of code that is found to infringe upon the General
Public License (GPL) or other Open Source licenses.
This is, in other words, a 180-degree change from the previous OSRM
offering. The previously-offered indemnification policies addressed concerns that free
software could be infringing on copyrights through the inclusion of
proprietary code. Now, instead, we have insurance to benefit those who
might just infringe the copyrights associated with free software. This
situation is, certainly, more likely to come about; here's another quote
from the press release:
Worldwide, more than thirty legal claims involving infringement of
open source licenses have been brought against corporations in the
last two years. In each case, plaintiffs have prevailed in
enforcing their rights to restrict the use of their code.
This statement, certainly, is a strong statement in favor of the
enforceability of free software licenses.
One might argue that this sort of insurance policy presents a moral
hazard. A company which hopes to ignore the requirements of the GPL could
ship a product without source, secure in the knowledge that, if somebody
calls them on it, they can fall back on the insurance policy to mitigate
their losses. The plan's fine print must certainly have language excluding
deliberate acts of noncompliance, but proving that a specific infringement
was willful could be a challenge.
Others might say that there should be no inadvertent infringement of the
GPL; any such infringement constitutes, at best, an extreme lack of due
diligence. Consider, however, the much-publicized cases where various
wireless routers have used GPL code in noncompliant ways. In these cases,
the final vendor - the one whose name is on the product - often has little
knowledge of what software was used by
the obscure, far-eastern supplier who actually made the product. As more
GPL rulings are handed down, it seems likely that resellers will start
asking more questions of their suppliers, but surprises still seem
possible. This particular risk - being betrayed by a supplier - seems like
a legitimate thing to insure against.
So OSRM and its partners might just find a market for this particular
offering. If, in the process, they make businesses feel more comfortable
about using free software in their products - and, perhaps, even helping
with the further development of that software - it should be a good thing
for the free software community as a whole.
Comments (3 posted)
EFF: Halloween on the hill
As
reported
on the EFF site: the broadcast flag is back, bigger and badder than ever.
The new
halloween
document [PDF], otherwise known as the "Analog Content Security
Preservation Act of 2005," would impose no end of restrictions. "
The
unprotected analog outputs of computers will be, in perpetuity, restricted
to either DRM-laden standards, or to a 'constrained image', 'no more than
350,000 pixels'. Analog video which has been branded as 'do not copy', will
last for only ninety minutes only in the digital world - and will be
erased, literally frame by frame, megabyte by megabyte, from your PC,
without your control. You'll watch a two hour film, and as you watch the
final half hour, the first few scenes will be being dissolved away by
statute."
Comments (16 posted)
The send-a-link feature
The recent discussion on improving LWN's readership led to one clear action
item: the addition of a feature which would allow subscribers to create
special links which they could use to point out interesting articles to
non-subscribers. These links would bypass the normal subscription gate,
allowing articles to be read while they are still current.
That feature has been implemented, and is now active. There is no limit on
the number of links a subscriber may create, and no limit on how many
people may read an article via a given link. A few caveats do apply,
however:
- For the time being, only "project leader" subscribers have the ability
to create subscriber links. This restriction is meant to be
temporary; its main purpose is to slow the initial use of the new
feature while any remaining bugs are shaken out. It would, however,
be interesting to hear what people think of keeping subscriber links
as a differentiating feature for the high-level subscriptions.
- Subscriber links can be made for individual articles; just look for
the "send a link" line in the left column. These links cannot be made
for entire Weekly Edition pages, however.
- We reserve the right to turn off the subscriber link capability for
specific articles; the annual timeline is a case where we might do
that. No decisions have been made on that point, however, and the mechanism
to implement an exclusion policy has not yet been implemented.
- We reserve the right to turn off the whole thing if it looks like the
feature is being abused and hurting subscription sales. We do not
expect things to go that way, however.
Privacy stuff and details: for each link, we track who created it and the number of
hits it receives. That information will go away some time after the link
expires - which happens when the relevant article becomes freely
available. The links are constructed in such a way that they will continue
to work forever. Currently, following a subscriber link leads directly to
the article in question; in the future, we might throw in some sort of
encouragement to subscribe.
We are most interested to see how this new feature - which was driven by
requests from our subscribers - works out.
Comments (18 posted)
Page editor: Jonathan Corbet
Security
Sony, rootkits, and the escalation of the DRM war
As most readers are likely to have seen by now, a Windows developer recently
discovered
that a rootkit on his system had been installed by the DRM
("digital restrictions management," to use Richard Stallman's apt term)
code from a copy-protected CD. This CD (Van Zant's appropriately named
"Get Right With The Man") was issued by SonyBMG. It happily installed
software on the system, overrode a couple of system calls, and proceeded to
hide itself from casual view. This is not the sort of experience that CD
purchases are normally looking for. SonyBMG should - and will - take a fair
amount of grief from this bit of silliness.
Just how silly is just becoming clear: consider this
weblog entry which suggests that SonyBMG's DRM activities don't really
even have anything to do with copy protection. Instead, SonyBMG is simply
trying to make life more difficult for iPod users as a way of trying to
muscle in on Apple's turf. It is increasingly clear that DRM is being used
as a way of excluding competition, rather than for its stated purpose.
With luck, some politicians might begin to understand this, and the tone of
the debate in various national capitols may change a bit.
Meanwhile, it is also clear that DRM is increasingly a security issue. We
have music discs which install malware, the entertainment industry trying
to poison bittorrent streams, and legislators who would like to legalize
overt attacks against those who are deemed to be pirates. There will
certainly be many computers - including those in companies - which have
been infected with the DRM code shipped by SonyBMG, and the full
capabilities of that code remain unclear. The next security compromise
carried out in the name of piracy prevention may be even worse.
There are some obvious conclusions to be drawn from this episode. The most
obvious of all being that automatically running code from an arbitrary CD
is a stunningly bad idea. Beyond that, avoiding Windows helps, for now.
Even Macintosh systems are unaffected by SonyBMG's DRM. And it has been
made clear that security threats can come from unexpected directions.
SonyBMG is not a bunch of script kiddies in a basement somewhere; it's a
high-profile corporation which, one might expect, would not be in the
business of attacking its customers' computers. This is unlikely to be the
last episode of this kind we will see.
Comments (11 posted)
New vulnerabilities
gallery: privilege escalation
| Package(s): | gallery |
CVE #(s): | CVE-2005-2596
|
| Created: | November 2, 2005 |
Updated: | November 2, 2005 |
| Description: |
The gallery system has a bug which can allow all PostNuke users full access to the gallery. |
| Alerts: |
|
Comments (none posted)
gnump3d: cross-site scripting, directory traversal
| Package(s): | gnump3d |
CVE #(s): | CVE-2005-3122
CVE-2005-3123
|
| Created: | October 28, 2005 |
Updated: | November 7, 2005 |
| Description: |
Steve Kemp discovered two vulnerabilities in gnump3d, a streaming
server for MP3 and OGG files. |
| Alerts: |
|
Comments (none posted)
Mantis: multiple vulnerabilities
| Package(s): | mantisbt |
CVE #(s): | CVE-2005-3091
CVE-2005-3335
CVE-2005-3336
CVE-2005-3338
CVE-2005-3339
|
| Created: | October 28, 2005 |
Updated: | December 22, 2005 |
| Description: |
Mantis contains several vulnerabilities, including a remote file inclusion
vulnerability, an SQL injection vulnerability, multiple cross site
scripting vulnerabilities and multiple information disclosure
vulnerabilities. |
| Alerts: |
|
Comments (none posted)
openvpn: format string vulnerability
| Package(s): | openvpn |
CVE #(s): | CVE-2005-3393
CVE-2005-3409
|
| Created: | November 2, 2005 |
Updated: | December 12, 2005 |
| Description: |
OpenVPN 2.0.x contains a format string vulnerability which can be exploited by a hostile server; see this advisory for details. |
| Alerts: |
|
Comments (none posted)
Squirrelmail: preference modification
| Package(s): | squirrelmail |
CVE #(s): | CAN-2005-2095
|
| Created: | November 2, 2005 |
Updated: | November 2, 2005 |
| Description: |
Versions of Squirrelmail prior to 1.4.5 have an error in how the $_POST variable is handled. As a result, a user's preferences can be viewed and modified. |
| Alerts: |
|
Comments (1 posted)
TikiWiki: XSS vulnerability
| Package(s): | tikiwiki |
CVE #(s): | |
| Created: | October 28, 2005 |
Updated: | November 2, 2005 |
| Description: |
Due to improper input validation, TikiWiki can
be exploited to perform cross-site scripting attacks. A remote
attacker could exploit this to inject and execute malicious script code or
to steal cookie-based authentication credentials, potentially compromising
the victim's browser. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
abiword: buffer overflow
| Package(s): | abiword |
CVE #(s): | CAN-2005-2964
|
| Created: | September 29, 2005 |
Updated: | November 14, 2005 |
| Description: |
The RTF import module of the AbiWord word processor has a
buffer overflow vulnerability. A user can be tricked into
opening a maliciously crafted RTF file, giving the attacker
the ability to execute code with the permissions of the user. |
| Alerts: |
|
Comments (none posted)
apache information disclosure if modssl=yes
| Package(s): | apache |
CVE #(s): | CAN-2005-2700
|
| Created: | September 2, 2005 |
Updated: | November 10, 2005 |
| Description: |
An information disclosure vulnerability was discovered in mod_ssl, the SSL/TLS module of the Apache webserver. When "SSLVerifyClient optional" was configured in the global virtual host configuration, an "SSLVerifyClient require" in per-location context was not enforced.
|
| Alerts: |
|
Comments (none posted)
httpd: off-by-one overflow and cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CAN-2005-1268
CAN-2005-2088
|
| Created: | July 25, 2005 |
Updated: | November 7, 2005 |
| Description: |
Watchfire reported a flaw that occurred when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL). |
| Alerts: |
|
Comments (none posted)
awstats: command injection vulnerability
| Package(s): | awstats |
CVE #(s): | CAN-2005-1527
|
| Created: | August 11, 2005 |
Updated: | November 10, 2005 |
| Description: |
AWStats has a command injection vulnerability that can
be exploited by specially crafting referrer URLs that
contain Perl code. The code can then be executed with the
privileges of the web server. |
| Alerts: |
|
Comments (2 posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
common-lisp-controller: design error
| Package(s): | common-lisp-controller |
CVE #(s): | CAN-2005-2657
|
| Created: | September 14, 2005 |
Updated: | November 21, 2005 |
| Description: |
François-René Rideau discovered a bug in common-lisp-controller, a
Common Lisp source and compiler manager, that allows a local user to
compile malicious code into a cache directory which is executed by
another user if that user has not used Common Lisp before.
|
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
curl/wget: NTLM username buffer overflow
| Package(s): | curl wget |
CVE #(s): | CAN-2005-3185
|
| Created: | October 14, 2005 |
Updated: | November 7, 2005 |
| Description: |
A vulnerability in libcurl's NTLM function can overflow a stack-based
buffer if given too long a user name or domain name in NTLM authentication
is enabled and either a) pass a user and domain name to libcurl that
together are longer than 192 bytes or b) allow (lib)curl to follow HTTP
redirects and the new URL contains a URL with a user and domain name that
together are longer than 192 bytes. See this iDEFENSE Labs advisory for more details. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dia: missing input sanitizing
| Package(s): | dia |
CVE #(s): | CAN-2005-2966
|
| Created: | October 4, 2005 |
Updated: | April 6, 2006 |
| Description: |
Joxean Koret discovered that the SVG import plugin did not properly
sanitize data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user. |
| Alerts: |
|
Comments (none posted)
elm: buffer overflow
| Package(s): | elm |
CVE #(s): | CAN-2005-2665
|
| Created: | August 23, 2005 |
Updated: | November 10, 2005 |
| Description: |
A buffer overflow flaw in Elm was
discovered that was triggered by viewing a mailbox containing a message
with a carefully crafted 'Expires' header. An attacker could create a
malicious message that would execute arbitrary code with the privileges of
the user who received it. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enigmail: information disclosure
| Package(s): | enigmail |
CVE #(s): | CVE-2005-3256
|
| Created: | October 20, 2005 |
Updated: | December 13, 2005 |
| Description: |
The key selection dialog from the Mozilla Thunderbird enigmail plugin
has an information disclosure vulnerability.
A key with an empty user id from a user's keyring will be used by
default, allowing a message to be decrypted. This can lead to an
unauthorized information disclosure. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
ethereal: multiple vulnerabilities
Comments (none posted)
evolution: format string issues
Comments (2 posted)
fetchmailconf: insecure file creation
| Package(s): | fetchmail |
CVE #(s): | CVE-2005-3088
|
| Created: | October 26, 2005 |
Updated: | November 22, 2005 |
| Description: |
The fetchmailconf utility can create files which are world-readable for a brief period. These files may contain passwords, and thus should not be created in this manner.
|
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow
| Package(s): | gaim |
CVE #(s): | CAN-2005-2103
|
| Created: | August 10, 2005 |
Updated: | February 27, 2006 |
| Description: |
Gaim suffers from a heap-based buffer overflow which can be exploited via a hostile "away message" to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
Comments (none posted)
koffice: KWord RTF import buffer overflow
| Package(s): | koffice |
CVE #(s): | CAN-2005-2971
|
| Created: | October 12, 2005 |
Updated: | November 7, 2005 |
| Description: |
The KOffice RTF import module suffers from a buffer overflow vulnerability
which could be exploited via a malicious RTF file. See the KDE
advisory for details. |
| Alerts: |
|
Comments (none posted)
krb5: double-free flaw
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0175
CAN-2005-0488
CAN-2005-1175
CAN-2005-1689
|
| Created: | July 12, 2005 |
Updated: | December 6, 2005 |
| Description: |
The krb5 authentication has a double-free flaw which may be
initiated by a remote unauthenticated attacker.
Also, a single byte heap overflow in the krb5_unparse_name() function
can lead to a denial of service and an information disclosure may
be caused by a malicious telnet server. See
This report for more
information. |
| Alerts: |
|
Comments (none posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
