The end of USENET
Your editor, ancient relic that he is, first discovered the wonders of
global email around 1981, thanks to a BSD-running VAX with a blazingly fast
1200-baud uucp connection. A USENET addiction was quick to follow; on the
net, it was possible to converse with a few thousand people on literally
hundreds of computers! It was an eye-opening introduction to what a
global conversation could be like, both good and bad; hopefully some of
those ill-advised, youthful conversations on net.singles and net.politics
are lost forever.
As it happens, your editor was late to the party, and the old-timers were
busily worrying about how the whole thing was going to collapse under the
load of all these new, clueless users. USENET proved to be resilient,
however, to the point that the "death of the net" idea became a sort of
running joke. It survived its rapid growth, thanks to faster modems,
better software (including a thing called "rn" posted by a young Larry
Wall), and user education. USENET survived the loss of the central
"seismo" hub, in the process (as seismo's connections were shifted over to
a new host called "uunet") kicking off the commercial ISP industry. It
survived the abrupt arrival of AOL, initially connected via a uucp link of
its own (here's a classic
posting on how the AOL folks were perceived at that time). It even
survived the beginning of the spam onslaught - the famous "green card spam"
was carried via USENET, not email.
USENET was a useful medium for a long time. Among other things, much of
the very early Linux development conversation happened over USENET; your
editor decided to go for Linux after noting that the relevant groups had
much more going on than the BSD groups. When LWN was first launched, the
announcement went to comp.os.linux.announce - the news source for
Linux users at that time. Many years earlier, Richard Stallman's first GNU
Manifesto posting happened on USENET. The next time you complain about
your distributor's repository, think back to the joy of receiving GNU emacs
over USENET - as a large number of 50KB chunks which you got to piece back
together yourself.
The legacy of USENET also surrounds us in other forms. Many of the
features in your fancy mail client which allow you to deal with your
incoming flood were first worked out for netnews reading. News clients
still have their uses; your editor would have a hard time keeping up with
so many lists if it weren't for the highly useful, NNTP-based Gmane repository.
The Globe and Mail has recently declared
the death of USENET, as a result of Rogers Communications deciding to
stop providing netnews access to its customers. Others might have noted the
death of USENET earlier this year, when AOL disconnected its customers.
But the fact of the matter is that USENET has been dead as a medium for
useful conversations for some years now. It is too open, too easy to flood
with spam, too easy to forge control messages for. The signal-to-noise
ratio of USENET - often not all that high to begin with - sunk to a point
that most people had no remaining desire to deal with it.
So it is not surprising that the commercial service providers are pulling
the plug on USENET. A news feed requires significant bandwidth, and its
contents seem to be mostly spam and porn. Few customers care anymore.
There are much better alternatives out there now; the global conversation
has moved on to different forums. USENET is dead, and, at this point, few
of us miss it. But USENET played an important role in the history of the
net as a whole. Those of you who were there: raise a glass to the memory
of USENET at your next opportunity.
Comments (48 posted)
Open document formats and the path to world domination
November 22, 2005
This article was contributed by Glyn Moody
It is almost ten years to the day that Bill Gates made his "Pearl Harbor"
speech, which placed the Internet at the heart of everything Microsoft did.
The recent
announcements
of
Windows
Live and
Office
Live may not be quite so epoch making, but it nonetheless represents a
major change of direction for Microsoft, and has interesting implications
for free software.
The parallels between Microsoft's two strategy shifts are striking.
Both were triggered in part by spectacular IPOs: Netscape's in 1995,
Google's in 2004. Both sought to head off the same threat of
OS-independent computing. Back in 1995, Gates was worried that
Netscape's software might create a "Webtop" platform, where Java
applets would be downloaded over the Internet into the browser to
provide word processors, spreadsheets and the rest. In 2005, another
Net-based approach – software services of the kind popularized by
Google – not only allows the browser to provide those same functions,
but comes with a flourishing ad-based revenue model to sustain it.
Gates's response is also similar in both cases: to embrace the basic idea so as to
reduce the appeal of rival offerings, and then, ultimately, to use it
to tie users more closely to his products. The success of that
technique can be seen in the dominance of Internet Explorer, which not
only replaced Netscape
Navigator as the most popular browser, but managed to subvert Web
standards to such an extent that
Navigator was ultimately perceived as inferior since it was unable to
work with the huge number of IE-specific sites.
One lesson to be learned from this history is that Microsoft should never be
underestimated, even – perhaps especially - when it seems to be
wrong-footed and forced to adopt technologies that apparently threaten
its empire. Fear has always given the company focus. The new Windows
Live system may look innocuous and even
conciliatory – it can not only be accessed from GNU/Linux machines,
but also explicitly
supports
Firefox - but the back-end hooks into Microsoft's products
are likely to be deep.
The second and probably more important lesson to be drawn is that the much
talked-about
Google Office service – if and when it does come – is not going to be
the Microsoft Office killer that many seem to imagine. Whatever Google or
anyone else might do in this sphere, Microsoft can simply match it, at
least in terms of functionality.
But one thing that Microsoft is unlikely to offer is support for truly open
file formats, its recent announcement
of the "open standardization" of Office formats notwithstanding. The
technical and legal details of this will need to be examined closely to see
whether it is yet another case of Microsoft apparently promising much, but
in reality delivering considerably less. After all, if it did support a
completely open file format, the barrier to switching to other office
suites would disappear.
Until the approval
of the new OpenDocument Format (ODF) standard by OASIS, there were many
alternatives to Microsoft's office file formats, but none around which
other manufacturers or major users could rally. With ODF, there is now not
only an official standard, but a real
choice of software that supports (or will support) it.
The key role that ODF will play in tomorrow's battles between open and
proprietary approaches is already evident in the furore surrounding the
Commonwealth of Massachusetts's decision
to adopt ODF as an official file format. The rather forced logic of Microsoft's
comments on this move is an indication of the company's
difficulties in neutralizing this threat. Moreover, Massachusetts may turn
out to be no simple loss of business, but a tipping point that could lead
to large-scale defections from Microsoft's proprietary formats to open
standards. Anyone who doubts that such a shift is possible should bear in
mind that WordPerfect and Lotus 1-2-3 once dominated their respective
sectors as totally as the programs that displaced them - Microsoft Word and
Excel - do now.
An even more serious blow to Microsoft's grip on the office market
could come from Europe. The European Union (EU) is keen to promote
what it calls open document
exchange formats. One of its
technical subcommittees approved a series
of recommendations that effectively
back ODF – provided it becomes a recognized standard. Bizarrely,
OASIS does not count as a standards body in this context, and so ODF has
been submitted to
the better-known International Organization for Standardization (ISO). ODF
could emerge as
an ISO standard sometime next year. At that point, the EU may well
throw its considerable weight behind ODF by specifying it as the
preferred format for public sector communications in Europe.
Microsoft is acutely aware of this threat: it is no coincidence that
it announced the standardization of its Office formats in Paris, not
Redmond.
Private sector support is gathering momentum, too. The original donor of
the OpenOffice.org code, Sun, has naturally adopted ODF in its StarOffice
8.0, and also offers
a grid-based service for bulk conversion of Microsoft Office documents
into ODF files. Another major player in this area is IBM, which uses
OpenOffice.org formats for its groupware product Workplace,
likely to be the successor to Lotus Notes.
The strength of both of these companies' commitment is shown by the fact
that, despite their other differences, Sun and IBM jointly
hosted an ODF summit at the beginning of November; those attending
included Google, Nokia, Novell, Oracle and Red Hat. One of the items
discussed was the creation of a formal ODF Foundation to promote the
standard. An Open Document
Fellowship bringing together individuals interested in the development
of ODF (including the present writer) already exists.
ODF is fast emerging as one of the most important recent developments
in the software world – had it not existed, Microsoft would surely
never have embarked on its "open standardization" process. In time,
its appearance in May this year might even turn out to be as pivotal
as Bill Gates' Pearl Harbor Day speech. At the very least, it
represents a rich new vein that can be mined by open source
programmers keen to make their mark. As a young standard, there are
still gaps in its software support. Items on the wish list include:
- A plug-in that would allow Microsoft Office users to read and write
ODF files (a server-based
approach is already under development).
- Improved accessibility for disabled users (one of the issues that is
threatening to derail the Massachusetts decision).
- A simple ODF reader,
along the lines of Adobe's Acrobat, that would enable users to read
ODF documents without installing an entire office suite.
- A lightweight
ODF editor – even smaller than Abiword, say – that would allow
simple changes to ODF text files.
- A Wiki-like collaborative editing system based around ODF Work on OpenFormula, which
complements and extends ODF
In the browser wars of the late 1990s, Bill Gates was able to wrest
control of the web from Netscape because of the latter's short-sighted
attempts to beat Microsoft at its own game – notably by adding
proprietary twists to HTML. Today, as Microsoft re-invents
itself in the image of Web
2.0, the situation is rather different. The importance and power of
open standards is more evident, and the free software community is no
longer a small and apparently marginal group but, instead, the most important
counterpoise to Microsoft, well placed to resist any moves to
"de-commoditize" key technologies like Ajax.
And this time, there is a chance to go on the offensive. The open
source world has long had the desire to end Microsoft's dominance on
the desktop; with ODF – not GNU/Linux, as many have believed – it may
finally have the means.
(Glyn Moody is author of Rebel Code: Linux and the open source
revolution.).
Comments (17 posted)
A SonyBMG update
One might think that the SonyBMG rootkit story would start to fade away,
but that is not, yet, the case. Here's an update on the last week's
developments.
Those of you who have not yet read Bruce
Schneier's Wired article on this episode may want to give it a look.
He points out that one might have reasonably expected all of those security
and anti-virus companies to say something about SonyBMG's software, given
that it has been in circulation for over a year, has arguably infected
hundreds of thousands of computers, and even phones home. Most of these
companies have yet to explain why they missed such an obvious security
compromise for so long.
Meanwhile, the EFF has launched a
class-action suit against SonyBMG. As Ed Felten points out,
the EFF is taking an interesting approach by putting the spotlight on
SonyBMG's other DRM software: Sunncomm's MediaMax. MediaMax lacks some of
the rootkit features found in XCP, but it is still highly unpleasant
software which, among other things, phones home.
Worse yet, one component of MediaMax, a system service called
sbcphid, is loaded into memory and ready to run at all times, even
when there is no disc in the CD drive and no music is being
played. And it runs as a kernel process, meaning that it has access
to all aspects of the system. This is another component that can
only add to security risk; and again the user has no choice.
Widening the focus to other invasive DRM software is an important step to
take if we want to win the larger battle, rather than just punishing
SonyBMG for the XCP episode.
The state of Texas has also filed
suit, charging SonyBMG with violations of the Texas anti-spyware act.
What is perhaps most interesting - and hopeful - about this incident is how
it has expanded the debate on DRM schemes. A quick news search shows just
how widely the mainstream, non-technical press has covered this story.
CERT has highlighted it for its November 15
Current Activity Report, offering some valuable advice: "Use
caution when installing software. Do not install software from sources that
you do not expect to contain software, such as an audio CD." Even
the Gartner Group has chimed in,
pointing out that the software is easily circumvented, and suggesting that
the music industry is now likely to push (even more) for legislation
requiring that DRM features be incorporated into computer products.
A legislative attack seems like a fairly safe prediction - such attacks
have been ongoing for some time, after all. But the climate, which was not
entirely favorable to legally-mandated DRM even before, has become
harsher. SonyBMG's nasty DRM code has not impeded file sharers or
commercial "pirates" in any way - it was, instead, an attack on the people
who chose to actually buy the CD for themselves. DRM schemes are an attack
on paying customers, and those customers are now figuring that out. More
encouragingly, there are occasional
signs that the industry is getting a clue as well.
Even more to the point, though, is that the SonyBMG rootkit has raised the
question of whether we have the right to control our own computers. The
nearly unanimous answer is that, yes, we have that right, and the
entertainment industry cannot take that right away from us in the name of
stopping copyright infringement - or, in the case of SonyBMG's software,
simply keeping their customers from putting music onto their iPods. Your
editor once heard Jim Gettys say, at some conference or other, that the DRM
fight would be like the encryption battle: we would win, but there would be
a decade or two of pain to endure first. SonyBMG, by making the issue so
incredibly clear, may have done us the favor of shorting out several of
those years of pain. Looking back some years from now, we might just find
ourselves thanking them.
Comments (9 posted)
Page editor: Jonathan Corbet
Security
The Senate takes on spyware
While some states in the U.S. have enacted anti-spyware legislation,
nothing has yet happened at the federal level. That may soon change as a
result of
Senate bill
687, which has recently passed its first test in the Commerce, Science,
and Transportation Committee. This bill, sponsored by Conrad Burns,
carries the somewhat awkward title of the "Software Principles Yielding
Better Levels of Consumer Knowledge Act," or "Spy block" for short.
There are several parts to the proposed law:
- Section 2 prevents "surreptitious installation" of software. Illegal
acts include installations which conceal the fact that software is
being installed, or which does not offer an opportunity to block the
installation. Fooling users into installing something other than what
they were expecting is also prohibited. This section makes sense as a
basic protection of a user's control over his or her own computer, but
it contains an important exception: "upgrades" to software which is
already installed. Something which can be called an "upgrade" can be
installed in a hidden manner with no required user consent.
- Section 3 is the spyware section: it disallows the installation of
surreptitious information collection software. Here, too, there is an
important exception: "This section shall not be interpreted to
prohibit a person from causing the installation of software that
collects and transmits only information that is reasonably needed to
determine whether or not the user of a protected computer is licensed
or authorized to use the software."
- Section 4 bans adware (it uses that term). The main activity
prohibited here is to install software which displays advertisements
without making the source of the ad clear.
- Section 5 addresses other ways of taking over control. The first part
blocks the sending of "unsolicited information or material" to other
computers - it essentially outlaws the creation of spammer botnets.
Hijacking web sessions is also disallowed, as is changing a user's
home page, web proxy, bookmarks, or firewall settings.
- Section 6 exempts ISPs for liability if all they did was carry some
malevolent bits from elsewhere. Various other sections describe how
the law would fit with other legislation and how it would be
enforced.
- Finally, section 11 is an umbrella for anti-spyware companies.
Essentially it says that you can't be sued for identifying and
removing software from a system if it (1) violates this law, and
(2) the user consents.
This law, as written, is a good statement of users' rights to control their
computers - as far as it goes. It is an interesting exercise to ponder
how this act would apply to the SonyBMG rootkit episode. The software was
not installed surreptitiously, and it's not clear that it engaged in the
collection of information. Simply phoning home is not addressed by this
bill, unfortunately. The law's exceptions also leave some large holes in
its protection. So, despite its good intentions, the "Spy block" act is
not likely to lead to much in the way of serious change.
Comments (22 posted)
Security news
Web Browser Developers Work Together on Security (KDE.News)
KDE.News
reports on a recent
meeting of the security developers from the leading web browsers.
"
Our initial and primary focus is, and continues to be, addressing
issues in PKI as implemented in our web browsers. This involves finding a
way to make the information presented to the user more meaningful, easier
to recognise, easier to understand, and perhaps most importantly, finding a
way to make a distinction for high-impact sites (banks, payment services,
auction sites, etc) while retaining the accessibility of SSL and identity
for smaller organisations."
Comments (1 posted)
New vulnerabilities
egroupware: multiple vulnerabilities
| Package(s): | egroupware |
CVE #(s): | CVE-2005-0870
CVE-2005-2600
CVE-2005-3347
CVE-2005-3348
|
| Created: | November 17, 2005 |
Updated: | December 9, 2005 |
| Description: |
A number of vulnerabilities have been found in egroupware,
a web-based groupware suite.
Phpsysinfo has several cross-site scripting vulnerabilities,
The the tree view of FUD Forum Bulletin Board Software has
a cross-site scripting problem, phpsyinfo has a local variable
overwrite problem, and phpsyinfo has an input sanitizing
issue. |
| Alerts: |
|
Comments (none posted)
FUSE: mtab corruption through fusermount
| Package(s): | fuse |
CVE #(s): | CVE-2005-3531
|
| Created: | November 22, 2005 |
Updated: | January 24, 2006 |
| Description: |
Thomas Biege discovered that fusermount fails to securely handle
special characters specified in mount points. A local attacker could corrupt the contents of the /etc/mtab file by mounting over a maliciously-named directory using fusermount, potentially allowing the attacker to set unauthorized mount options. |
| Alerts: |
|
Comments (none posted)
gnump3d: insecure temp files, path traversal
| Package(s): | gnump3d |
CVE #(s): | CVE-2005-3349
CVE-2005-3355
|
| Created: | November 21, 2005 |
Updated: | November 22, 2005 |
| Description: |
Ludwig Nussel discovered several temporary files that are created with predictable filenames in an insecure fashion and allows local attackers to craft symlink attacks. Also the theme parameter to HTTP requests may be used for path traversal. |
| Alerts: |
|
Comments (none posted)
inkscape: arbitrary code execution
| Package(s): | inkscape |
CVE #(s): | CVE-2005-3737
|
| Created: | November 21, 2005 |
Updated: | December 7, 2005 |
| Description: |
A buffer overflow has been discovered in the SVG importer of Inkscape.
By tricking an user into opening a specially crafted SVG image this
could be exploited to execute arbitrary code with the privileges of
the Inkscape user. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2005-2709
CVE-2005-2973
CVE-2005-3055
CVE-2005-3180
CVE-2005-3271
CVE-2005-3272
CVE-2005-3273
CVE-2005-3274
CVE-2005-3275
CVE-2005-3276
|
| Created: | November 22, 2005 |
Updated: | March 15, 2006 |
| Description: |
Al Viro discovered a race condition in the /proc file handler of
network devices. A local attacker could exploit this by opening any
file in /proc/sys/net/ipv4/conf/<interface>/ and waiting until that
interface was shut down. Under certain circumstances this could lead
to a kernel crash or even arbitrary code execution with full kernel
privileges. (CVE-2005-2709)
Tetsuo Handa discovered a local Denial of Service vulnerability in the
udp_v6_get_port() function. On computers which use IPv6, a local
attacker could exploit this to trigger an infinite loop in the kernel.
(CVE-2005-2973)
Harald Welte discovered a Denial of Service vulnerability in the USB
devio driver. A local attacker could exploit this by sending an "USB
Request Block" (URB) and terminating the sending process before the
arrival of the answer, which left an invalid pointer and caused a
kernel crash. (CVE-2005-3055)
Pavel Roskin discovered an information leak in the Orinoco wireless
card driver. When increasing the buffer length for storing data, the
buffer was not padded with zeros, which exposed a random part of the
system memory to the user. (CVE-2005-3180)
A resource leak has been discovered in the handling of POSIX timers in
the exec() function. This could be exploited to a Denial of Service
attack by a group of local users. (CVE-2005-3271)
Stephen Hemminger discovered a weakness in the network bridge driver.
Packets which had already been dropped by the packet filter could
poison the forwarding table, which could be exploited to make the
bridge forward spoofed packages. (CVE-2005-3272)
David S. Miller discovered a buffer overflow in the rose_rt_ioctl()
function. By calling the function with a large "ngidis" argument, a
local attacker could cause a kernel crash. (CVE-2005-3273)
Neil Horman discovered a race condition in the connection timer
handling. This allowed a local attacker to set up an expiration
handler which modified the connection list while the list still being
traversed, which could result in a kernel crash. This vulnerability
only affects multiprocessor (SMP) systems. (CVE-2005-3274)
Patrick McHardy noticed a logic error in the network address
translation (NAT) connection tracker. A remote attacker could exploit
this by causing two packets for the same protocol to be NATed at the
same time, which resulted in a kernel crash. (CVE-2005-3275)
Paolo Giarrusso discovered an information leak in the
sys_get_thread_area(). The returned structure was not properly
cleared, which exposed a small amount of kernel memory to userspace
programs. This could possibly expose confidential data.
(CVE-2005-3276) |
| Alerts: |
|
Comments (2 posted)
netpbm-free: buffer overflows
| Package(s): | netpbm-free |
CVE #(s): | CVE-2005-3632
CVE-2005-3662
|
| Created: | November 21, 2005 |
Updated: | December 20, 2005 |
| Description: |
Greg Roelofs discovered and fixed several buffer overflows in pnmtopng
which is also included in netpbm, a collection of graphic conversion
utilities, that can lead to the execution of arbitrary code via a
specially crafted PNM file. |
| Alerts: |
|
Comments (1 posted)
openswan: Denial of Service
| Package(s): | openswan |
CVE #(s): | |
| Created: | November 21, 2005 |
Updated: | November 22, 2005 |
| Description: |
NISCC has reported two Denial of Service issues in Openswan. The first
involves a specially crafted 3DES packet with an invalid key length. These
have been fixed in Openswan 2.4.4. |
| Alerts: |
|
Comments (none posted)
xmail: buffer overflow
| Package(s): | xmail |
CVE #(s): | CVE-2005-2943
|
| Created: | November 21, 2005 |
Updated: | December 14, 2005 |
| Description: |
A buffer overflow has been discovered in the sendmail program of
xmail, an advanced, fast and reliable ESMTP/POP3 mail server that
could lead to the execution of arbitrary code with group mail
privileges. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
acidlab: SQL injection
| Package(s): | acidlab |
CVE #(s): | CVE-2005-3325
|
| Created: | November 14, 2005 |
Updated: | November 16, 2005 |
| Description: |
Remco Verhoef has discovered a vulnerability in acidlab, Analysis
Console for Intrusion Databases, and in acidbase, Basic Analysis and
Security Engine, which can be exploited by malicious users to conduct
SQL injection attacks. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
chmlib: several vulnerabilities
| Package(s): | chmlib |
CVE #(s): | CVE-2005-2659
CVE-2005-2930
CVE-2005-3318
|
| Created: | November 7, 2005 |
Updated: | November 28, 2005 |
| Description: |
Several vulnerabilities have been discovered in chmlib, a library for
dealing with CHM format files. |
| Alerts: |
|
Comments (none posted)
common-lisp-controller: design error
| Package(s): | common-lisp-controller |
CVE #(s): | CAN-2005-2657
|
| Created: | September 14, 2005 |
Updated: | November 21, 2005 |
| Description: |
François-René Rideau discovered a bug in common-lisp-controller, a
Common Lisp source and compiler manager, that allows a local user to
compile malicious code into a cache directory which is executed by
another user if that user has not used Common Lisp before.
|
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dia: missing input sanitizing
| Package(s): | dia |
CVE #(s): | CAN-2005-2966
|
| Created: | October 4, 2005 |
Updated: | April 6, 2006 |
| Description: |
Joxean Koret discovered that the SVG import plugin did not properly
sanitize data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user. |
| Alerts: |
|
Comments (none posted)
emacs: lisp execution vulnerability
| Package(s): | emacs |
CVE #(s): | CAN-2003-1232
|
| Created: | November 10, 2005 |
Updated: | November 16, 2005 |
| Description: |
Version 21.2 of the EMACS editor has a vulnerability in which
text files containing Lisp code can be executed without warning
the user. Attackers can cause users to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enigmail: information disclosure
| Package(s): | enigmail |
CVE #(s): | CVE-2005-3256
|
| Created: | October 20, 2005 |
Updated: | December 13, 2005 |
| Description: |
The key selection dialog from the Mozilla Thunderbird enigmail plugin
has an information disclosure vulnerability.
A key with an empty user id from a user's keyring will be used by
default, allowing a message to be decrypted. This can lead to an
unauthorized information disclosure. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
ethereal: multiple vulnerabilities
Comments (none posted)
evolution: format string issues
Comments (2 posted)
fetchmailconf: insecure file creation
| Package(s): | fetchmail |
CVE #(s): | CVE-2005-3088
|
| Created: | October 26, 2005 |
Updated: | November 22, 2005 |
| Description: |
The fetchmailconf utility can create files which are world-readable for a brief period. These files may contain passwords, and thus should not be created in this manner.
|
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
Comments (none posted)
flash-plugin: buffer overflow
| Package(s): | flash-plugin |
CVE #(s): | CVE-2005-2628
|
| Created: | November 10, 2005 |
Updated: | November 25, 2005 |
| Description: |
The Mozilla browser Macromedia Flash Player plug-in has a
buffer overflow vulnerability. A user who opens a maliciously
created Macromedia Flash file may be tricked into executing
arbitrary code. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
ftpd: remote buffer overflow
| Package(s): | ftpd |
CVE #(s): | CVE-2005-3524
|
| Created: | November 14, 2005 |
Updated: | November 16, 2005 |
| Description: |
A buffer overflow vulnerability has been found in the linux-ftpd-ssl
package. A command that generates an excessively long response from the
server may overrun a stack buffer. An attacker that has permission to create directories that are accessible via the FTP server could exploit this vulnerability. Successful exploitation would execute arbitrary code on the local machine with root privileges. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow
| Package(s): | gaim |
CVE #(s): | CAN-2005-2103
|
| Created: | August 10, 2005 |
Updated: | February 27, 2006 |
| Description: |
Gaim suffers from a heap-based buffer overflow which can be exploited via a hostile "away message" to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gdk-pixbuf: multiple vulnerabilities
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CVE-2005-3186
CVE-2005-2976
CVE-2005-2975
|
| Created: | November 15, 2005 |
Updated: | March 20, 2006 |
| Description: |
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM file
in such a way that it could cause an application linked with gdk-pixbuf to
execute arbitrary code when the file was opened by a victim.
Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code or crash when the file was opened by a
victim.
Ludwig Nussel also discovered an infinite-loop denial of service bug in the
way gdk-pixbuf processes XPM images. An attacker could create a carefully
crafted XPM file in such a way that it could cause an application linked
with gdk-pixbuf to stop responding when the file was opened by a victim. |
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
Comments (none posted)
krb5: double-free flaw
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0175
CAN-2005-0488
CAN-2005-1175
CAN-2005-1689
|
| Created: | July 12, 2005 |
Updated: | December 6, 2005 |
| Description: |
The krb5 authentication has a double-free flaw which may be
initiated by a remote unauthenticated attacker.
Also, a single byte heap overflow in the krb5_unparse_name() function
can lead to a denial of service and an information disclosure may
be caused by a malicious telnet server. See
This report for more
information. |
| Alerts: |
|
Comments (none posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
