Guides to the patent commons
OSDL has recently released two documents aimed at helping free software
developers who wish to make use of software patents which have been made
put into a patent commons. They are (both in PDF format):
The Overview document provides a brief introduction to the legal theory
behind patent infringement and talks about the various ways in which people
can get in trouble for using patented technology. The core bit of advice
would appear to be "know what the covered patent provides and do not go
beyond it." Thus, for example:
Another affirmative act that may serve as a basis for patent
infringement liability is improving on patented technology the
alleged infringer is legally entitled to use, yet the improvements
are already patented.
The paper describes just how easy it is to get into trouble, even when
using technology which, it seems, is covered by a patent which has been
donated to the community:
A patent grants the right to exclude others from a particular area
of claimed technology, but does not confer the right to practice an
invention.... If, for example, Patent A claims a method of using a
particular algorithm with a particular type of processor, and
someone legally entitled to use Patent A tries to improve the
scalability of the algorithm so that it can be used with a second
processor, it is possible that a second patent, Patent B, already
claims this improvement. The result is that someone legally
entitled to use the Patent A must obtain a license to use the
technology claimed in Patent B, and an individual entitled to use
the technology claimed in Patent B must obtain a license to use the
technology claimed in Patent A.
Software patents, in other words, are dangerous territory, and even having the
license to use a particular patented technology does not really mean that
using that technology is safe. But we already knew that.
The developer's guide is similar, in that it advocates understanding what
is truly covered by a patent and not exceeding that patent's claims.
Specifically:
Guideline 3: Developers should only use the technology in the way
described in the pledged patents, staying within the scope of
technology claimed. Developers should not assume that patented
improvements to the technology claimed in the patents have also
been pledged to the Patent Commons. Improvements are, by
definition, distinct from the contributed patents and may, in fact,
already be patented by someone else who has not made a pledge to
the Patent Commons. A search of patents for any improvements (when
you know you want to improve upon a pledged patent) is advisable.
It also suggests being clear on how any patent donation might be terminated
in the future. This can only be good advice; a "patent pledge" which can
vanish in the future is not worth a whole lot.
For developers, however, the best information to be found in these
documents may not be quite what its authors had intended. From the
Overview:
In sum, the more an alleged infringer knows about a patent that is
claiming the technology of a product that she is making, using or
selling, the greater the likelihood that she will be liable for
damages for patent infringement.
Ignorance, sometimes, is bliss. That is why Linus Torvalds discouraged looking at patents
back in 2002:
The fact is, technical people are better off not looking at
patents. If you don't know what they cover and where they are, you
won't be knowingly infringing on them. If somebody sues you, you
change the algorithm or you just hire a hit-man to whack the stupid
git.
The fact of the matter is that all of the discussion in these documents of
"relying on pledged patents" to "innovate safely" is pretty well useless
for developers. A patent pledged for use in free software is much like a
single mine removed from a minefield. It is a good thing, but it does not
make the field much safer to walk across. The existence of the patent
commons does not change the nature of the minefield.
Any developer who tries to "innovate safely" by restricting work to
algorithms covered by pledged patents - while carefully avoiding improving
on those algorithms in any way - will be unable to innovate and will be no
safer. The range of algorithms covered by software patents in the
U.S. (and elsewhere) is astounding; there is no way to write any sort of
non-trivial program without infringing on at least a few of them. The
patent commons will not change that situation in any useful way; it is not
something upon which developers can rely.
Where pledged patents may be more useful is with organizations like the
Open Invention Network (discussed here last week) which can use patents
offensively against those who attack the free software community. But the
real solution is to fix the legal system and - in parts of the world which
do not currently recognize software patents - keep it from becoming
broken. As long as the system empowers and encourages patent trolls, there
will be patent trolls, and a few "maybe safe if you do not try to improve
on them" patents in a patent commons will not discourage them. So, while
the new documents can provide some useful insights into the hazards of
software patents, no developer should, after having read those documents,
feel any safer.
Comments (10 posted)
Rockbox's jewels
LWN readers are familiar with
Rockbox;
this project (which has developed free firmware for a number of digital
audio players) has been mentioned here several times, and was
reviewed in detail last
January. Since Rockbox operates in the sensitive area of media playback,
it is not entirely surprising that the project has managed to attract an
unpleasant cease-and-desist note from an outside party. It
is
surprising, however, that the dispute involves jewels.
In particular, the Rockbox developers have received a notice from a manager
at PopCap Games, the makers of "Bejeweled." He came out swinging:
The game PluginJewels, for use on RockBox and available at
http://www.rockbox.org/twiki/bin/view/Main/PluginJewels, is a
blatant copyright violation of Bejeweled, the popular match-three
game owned by my company, PopCap Games, Inc., of Seattle,
Washington, USA. I am writing to you to demand that you remove
PluginJewels from www.rockbox.org and all other sites where users
may download this game for the Rockbox, no later than April 30,
2006. PopCap Games takes seriously all copyright and trademark
violations of our games and, if necessary, we will enforce our
rights to the fullest extent of the law.
The initial reaction is best described as "befuddled"; the "Jewels" game
found in Rockbox contains no code or other materials from PopCap's game, so
it is hard to see where the copyright violation might come from. A subsequent message makes things more clear,
however; PopCap takes issue with the jewel icons used in Jewels. It is,
says PopCap, "obvious that someone on the PluginJewels team ripped
the graphics from one of the Astraware-licensed versions of our
game."
| Bejewelled | Rockbox |
 | ![[Rockbox
jewels]](/images/ns/rockbox-jewels.png) |
The figure on the right shows a subsection of the images (provided by
PopCap) meant to back up this claim; Bejeweled appears on the left, Rockbox
is on the right. A quick inspection shows some obvious similarities - the
Rockbox jewels were clearly meant to resemble those from the original game.
But they are just as clearly not identical - the Rockbox jewels have not
been "ripped" from an official version of Bejeweled. In fact, they came
from
Gwled, where they
were explicitly developed for use with that game. They are an independent
- if imitative - creation.
The message from PopCap makes it clear that the game itself is not a
problem; it states that "non-infringing gem art needs to be
substituted for the infringing gem art." So not only is Rockbox not
threatened, but even the "Jewels" game should be safe. All that is
required is to replace the artwork with something seen as being
non-infringing. Jewels would be the same game if users were matching
penguins, mathematical symbols, or mug shots of SCO executives. But even a
change of that magnitude is not required; PopCap only wants "non-infringing
gem art."
The Rockbox developers have not, as of this writing, decided how they will
respond to this request. None of them seem to think they have actually
infringed upon PopCap's copyrights. But, says
Daniel Stenberg:
However, I don't think we'd lose anything by being "soft" and
simply modify our jewels somewhat so that they don't look so
similar to their versions, just to be nice.
That seems like it could be a reasonable solution to the problem. There
appears to be a number of people, however, who oppose making any changes to
appease PopCap. Their position is that Rockbox has done nothing wrong, has
violated no copyrights, and that to give in to this sort of demand would be
an invitation to others who would harass the project with infringement
claims. They would rather tell PopCap to simply take a hike.
A smaller group suggests that, since Gwled provided the artwork under the
GPL, (1) Gwled has stated that it has the right to distribute that
artwork, and (2) PopCap should be sent over to present its claims to
the Gwled developers. There would appear to be little support for the idea
of simply dumping the problem onto another GPL-licensed project, however.
Rockbox may well be in the right on this issue, and it may well be that,
legally, the project is under no obligation to change anything. It may
also well be that the project could find itself having to argue that point
in court. The free software community faces a wide variety of legal
challenges, with others certainly to come in the future. We should pick
our battles carefully. The Rockbox developers will have to make their own
decision in this case; in so doing, they will want to consider whether the
goals of the project are truly served by taking a hard-line stand over a
set of little jewel icons.
Comments (10 posted)
Some notes on Linux and free drivers
The good folks at ZDNet have been doing their best to stir up the
proprietary driver debate over the last week. Things got started with
this article
containing a classic quote:
For Nvidia, intellectual property is a secondary issue. 'It's so
hard to write a graphics driver that open-sourcing it would not
help,' said Andrew Fear, Nvidia's software product manager. In
addition, customers aren't asking for open-source drivers, he
said.
The first part seems better suited to somebody holding a management post at
SCO. Free software developers have created a system which scales from tiny
embedded systems to supercomputers. Their work powers much of the net.
When given the necessary information, free software developers are able to
support new hardware more quickly than anybody else.
But, it seems, they are not up to the task of writing a driver for a
graphics adapter.
It is true that contemporary graphics cards are complicated devices. They
are usually the most powerful processor in the system, and they have all
kinds of strange timing and memory management issues. But the idea that
the developers who built an entire free system would be stymied by the
complexity of a graphics adapter would be insulting if it weren't so
comical.
The claim that customers have not been asking for free drivers is more
discouraging, as many, many Linux users have been very clear about their
wishes for years. Nvidia knows that there is demand for free
drivers out there; it simply chooses to ignore that demand.
Perhaps when Nvidia's real customers - large system integrators - start to
complain, the message will be heard. To that end, those of us who buy
systems need to insist that they come with fully free software. The
vendors who sell "Linux-installed" systems with proprietary drivers,
ndiswrapper, etc. are not really helping. When those vendors understand
that their customers want free systems, they will, in turn, put
pressure on their suppliers.
From there, ZDNet columnist John Carroll was shocked to learn that
Linux lacks a stable kernel API.
ATI may claim that they accept the fluidity of the kernel interface
"as part of our day-to-day responsibilities in Linux," but I bet
that is said through clenched teeth after months trying to get a
driver to work across distributions.
Fragmentation didn't work for old-school Unix. Linux solved the
structural issue by providing a level of consistency made possible
through use of the GPL. It's worth remembering that before
attempting to justify an unjustifiable lack of a consistent Linux
kernel interface.
This discussion misses the point entirely. The way to get a driver to work
across distributions is to get it into the mainline kernel. Then it will
work across distributions - more distributions than any company could ever
support - and across architectures as well. When the company abandons the
driver in favor of next year's products, it will still work. When a
security problem comes up, it will be fixed. And there will be no
"fragmentation" problems.
There are a lot of other reasons for insisting on free drivers - see this article from last November
for a more thorough discussion. There also is no defensible
reason for keeping hardware programming information secret. True competitors will
reverse engineer the hardware anyway, and no hardware company makes its
money by selling device drivers. Hardware manufacturers in many areas have
figured this out, with the result that Linux has outstanding support for
their products. Hopefully the remaining holdout vendors will catch on,
soon, that there is a large and growing market waiting for them.
Comments (38 posted)
Page editor: Jonathan Corbet
Security
New Mozilla troubles
The Mozilla Foundation has owned up to a new list of vulnerabilities in its
code; these holes open up the frightening prospect of arbitrary code
execution by remote attackers. Any system running Firefox, Thunderbird,
SeaMonkey, or anything based on the underlying Mozilla components (RSS
aggregators) may be vulnerable, and should be looking for updates. Here's
what has been turned up:
- There is a long list of JavaScript-related vulnerabilities, including
problems with crypto.generateCRMFRequest() (CVD-2006-1728), a
security restrictions bypass vulnerability (CVE-2006-1726), a "cloned
parent" access restriction failure (CVE-2006-1734), and a regular
expression memory corruption bug (apparently no CVE number at the
moment).
- Cascading style sheets account for a couple of problems, including an
integer overflow bug (CVE-2006-1730) and an array overflow
vulnerability (CVS-2006-1739).
- The Extensible
Binding Language (XBL) facility has an access restriction failure
(CVE-2006-1733) and a privilege escalation vulnerability
(CVE-2006-1735).
- Other troubles include "memory corruption via a particular sequence of
HTML tags" (CVE-2006-0749), a DHTML memory corruption bug
(CVE-2006-1724), and "an unspecified vulnerability" in how display
styles are handled.
Disabling JavaScript should protect against the first set of
vulnerabilities, but will do nothing for the rest of them. The only way to
protect against the full set is to update the software; new versions are
available from Mozilla. For distributor updates, see the LWN vulnerability entry.
A list of remotely-exploitable vulnerabilities this long is worrisome,
especially when it refers to a package as popular as Firefox. This browser
has gained millions of users; its reputation for better security is one of
the reasons for this success. But a single, widespread exploit of a
Firefox vulnerability could set things back in a hurry.
Unfortunately, it would seem that such an exploit is bound to happen,
sooner or later. A web browser is a seriously complex piece of code which
is simultaneously exposed to potentially hostile input from the net and
used for tasks requiring a high degree of trust - working with financial
sites, for example. Why should an attacker bother with phishing when a
browser vulnerability can enable the installation of a keystroke logging
"extension"? There can be no doubt that attackers will be tempted by a
potential payoff of that magnitude. We must hope that the security fixes
will continue to reach us ahead of the attackers.
(See also: the CERT advisory
for these vulnerabilities).
Comments (7 posted)
New vulnerabilities
bsdgames: buffer overflow
| Package(s): | bsdgames |
CVE #(s): | CVE-2006-1744
|
| Created: | April 17, 2006 |
Updated: | April 19, 2006 |
| Description: |
A buffer overflow problem has been discovered in sail, a game contained
in the bsdgames package, a collection of classic textual Unix games, which
could lead to games group privilege escalation. |
| Alerts: |
|
Comments (none posted)
fcheck: insecure temporary file
| Package(s): | fcheck |
CVE #(s): | CVE-2006-1753
|
| Created: | April 17, 2006 |
Updated: | April 19, 2006 |
| Description: |
Steve Kemp from the Debian Security Audit project discovered that
a cronjob contained in fcheck, a file integrity checker, creates
a temporary file in an insecure fashion. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
Comments (1 posted)
gdm: improper file permissions
| Package(s): | gdm |
CVE #(s): | CVE-2006-1057
|
| Created: | April 19, 2006 |
Updated: | May 2, 2007 |
| Description: |
The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
ADOdb: PostgresSQL command injection
| Package(s): | adodb |
CVE #(s): | CVE-2006-0410
|
| Created: | February 6, 2006 |
Updated: | April 17, 2006 |
| Description: |
Andy Staudacher discovered that ADOdb does not properly sanitize all
parameters. By sending specifically crafted requests to an application
that uses ADOdb and a PostgreSQL backend, an attacker might exploit the
flaw to execute arbitrary SQL queries on the host. |
| Alerts: |
|
Comments (none posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2005-3352
|
| Created: | December 14, 2005 |
Updated: | May 10, 2006 |
| Description: |
Versions 1 and 2 of the apache web server suffer from a cross-site scripting vulnerability in the mod_imap module; see this bugzilla entry for details. |
| Alerts: |
|
Comments (none posted)
blender: integer overflow
| Package(s): | blender |
CVE #(s): | CVE-2005-4470
|
| Created: | January 6, 2006 |
Updated: | June 15, 2006 |
| Description: |
Damian Put discovered that Blender did not properly validate a 'length'
value in .blend files. Negative values led to an insufficiently sized
memory allocation. By tricking a user into opening a specially crafted
.blend file, this could be exploited to execute arbitrary code with the
privileges of the Blender user. |
| Alerts: |
|
Comments (none posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
ktools: buffer overflow
| Package(s): | centericq |
CVE #(s): | CVE-2005-3863
|
| Created: | December 7, 2005 |
Updated: | August 29, 2006 |
| Description: |
From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H
Research Team discovered a buffer overflow in kkstrtext.h of the ktools
library, which is included in (at least) centericq and motor. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2006-1614
CVE-2006-1615
CVE-2006-1630
|
| Created: | April 6, 2006 |
Updated: | April 12, 2006 |
| Description: |
The ClamAV anti-virus toolkit has three vulnerabilities.
the PE header parser has an integer overflow problem,
the logging code has format string vulnerabilities that may lead
to the execution of arbitrary code, and
the cli_bitset_set() function can be used to create a denial
of service. |
| Alerts: |
|
Comments (1 posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | May 8, 2007 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
crossfire: arbitrary code execution
| Package(s): | crossfire |
CVE #(s): | CVE-2006-1010
|
| Created: | March 14, 2006 |
Updated: | April 24, 2006 |
| Description: |
It was discovered that Crossfire, a multiplayer adventure game, performs
insufficient bounds checking on network packets when run in "oldsocketmode",
which may possibly lead to the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
curl: heap-based buffer overflow
| Package(s): | curl |
CVE #(s): | CVE-2006-1061
|
| Created: | March 21, 2006 |
Updated: | June 28, 2006 |
| Description: |
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows
remote attackers to execute arbitrary commands via a TFTP URL (tftp://)
with a valid hostname and a long path. |
| Alerts: |
|
Comments (none posted)
dia: buffer overflows
| Package(s): | dia |
CVE #(s): | CVE-2006-1550
|
| Created: | April 3, 2006 |
Updated: | May 3, 2006 |
| Description: |
Three buffer overflows were discovered in the Xfig file format importer.
By tricking a user into opening a specially crafted .fig file with dia, an
attacker could exploit this to execute arbitrary code with the user's
privileges. |
| Alerts: |
|
Comments (none posted)
doomsday: format string vulnerability
| Package(s): | doomsday |
CVE #(s): | CVE-2006-1618
|
| Created: | April 6, 2006 |
Updated: | April 12, 2006 |
| Description: |
The doomsday gaming engine has a format string vulnerability
that may be utilized by a remote attacker for
the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
fetchmail: multidrop bug
| Package(s): | fetchmail |
CVE #(s): | CVE-2005-4348
|
| Created: | December 20, 2005 |
Updated: | May 27, 2006 |
| Description: |
Fetchmail contains a bug which allows a malicious mail server to crash the
client by sending a message without headers. This occurs when running in
multidrop mode. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
freeradius: authentication bypass
| Package(s): | freeradius |
CVE #(s): | CVE-2006-1354
|
| Created: | March 24, 2006 |
Updated: | June 5, 2006 |
| Description: |
An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote
attackers to bypass authentication or cause a denial of service (server
crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state
machine module. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gnupg: incorrect signature verification
| Package(s): | gnupg |
CVE #(s): | CVE-2006-0049
|
| Created: | March 13, 2006 |
Updated: | May 15, 2006 |
| Description: |
Another vulnerability has been found in
GnuPG. "Signature verification of non-detached signatures may give a
positive result but when extracting the signed data, this data may be
prepended or appended with extra data not covered by the signature. Thus
it is possible for an attacker to take any signed message and inject extra
arbitrary data." |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
horde: two remotely exploitable vulnerabilities
| Package(s): | horde |
CVE #(s): | CVE-2006-1491
CVE-2006-1260
|
| Created: | April 5, 2006 |
Updated: | April 14, 2006 |
| Description: |
Versions of horde prior to 3.1.1 have two vulnerabilities, both of which are remotely exploitable: code execution in the help viewer and an input validation error which could allow read access to arbitrary files. |
| Alerts: |
|
Comments (none posted)
ipsec-tools: denial of service
| Package(s): | ipsec-tools |
CVE #(s): | CVE-2005-3732
|
| Created: | December 1, 2005 |
Updated: | June 8, 2006 |
| Description: |
ipsec-tools has a remote
denial of service vulnerability in the racoon daemon.
If racoon is running in aggressive mode, it fails to check all peer
payloads during
When the daemon the IKE negotiation phase, allowing a malicious peer
to crash the daemon. One should always be careful around aggressive racoons. |
| Alerts: |
|
Comments (none posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
Comments (none posted)
kernel multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2005-3527
CVE-2005-3783
CVE-2005-3784
CVE-2005-3805
CVE-2005-3806
CVE-2005-3808
|
| Created: | January 20, 2006 |
Updated: | April 18, 2006 |
| Description: |
Here's another set of vulnerabilities in the Linux kernel:
- A race condition in the 2.6 kernel could allow a local user to cause a
DoS by triggering a core dump in one thread while another thread has a
pending SIGSTOP (CVE-2005-3527).
- The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using
CLONE_THREAD, does not use the thread group ID to check whether it is
attaching to itself, which could allow local users to cause a DoS
(CVE-2005-3783).
- The auto-reap child process in 2.6 kernels prior to 2.6.15 include
processes with ptrace attached, which leads to a dangling ptrace
reference and allows local users to cause a crash (CVE-2005-3784).
- A locking problem in the POSIX timer cleanup handling on exit on
kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local
user to cause a deadlock involving process CPU timers (CVE-2005-3805).
- The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to
2.4.32 and 2.6.14 modifies the wrong variable in certain circumstances,
which allows local users to corrupt kernel memory or cause a crash by
triggering a free of non-allocated memory (CVE-2005-3806).
- An integer overflow in 2.6.14 and earlier could allow a local user to
cause a hang via 64-bit mmap calls that are not properly handled on a
32-bit system (CVE-2005-3808).
|
| Alerts: |
|
Comments (none posted)
libapreq2: algorithm weakness
| Package(s): | libapreq2-perl apache2 |
CVE #(s): | CVE-2006-0042
|
| Created: | March 14, 2006 |
Updated: | April 18, 2006 |
| Description: |
An algorithm weakness has been discovered in Apache2::Request, the
generic request library for Apache2 which can be exploited remotely
and cause a denial of service via CPU consumption. |
| Alerts: |
|
Comments (5 posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libimager-perl: denial of service
| Package(s): | libimager-perl |
CVE #(s): | CVE-2006-0053
|
| Created: | April 9, 2006 |
Updated: | April 12, 2006 |
| Description: |
The libimager-perl Perl extension has a vulnerability
in which maliciously created 4-channel JPEG images
can cause a segmentation fault and cause a denial of service.
|
| Alerts: |
|
Comments (none posted)
libpam-ldap: authentication bypass
| Package(s): | libpam-ldap |
CVE #(s): | CAN-2005-2641
|
| Created: | August 25, 2005 |
Updated: | October 6, 2006 |
| Description: |
libpam-ldap, the PAM LDAP interface, has a vulnerability in which
it fails to authenticate with an LDAP server which is not configured
properly, allowing an authentication bypass. |
| Alerts: |
|
Comments (none posted)
mailman: denial of service
| Package(s): | mailman |
CVE #(s): | CVE-2006-0052
|
| Created: | March 30, 2006 |
Updated: | June 9, 2006 |
| Description: |
Mailman 2.1.5 and below have a denial of service vulnerability
in the Scrubber.py script. If a maliciously created message
with a mime multi part format is received, mailman delivery
can be stopped. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | CVE-2005-4134
CVE-2006-0292
CVE-2006-0296
|
| Created: | February 2, 2006 |
Updated: | May 4, 2006 |
| Description: |
Mozilla has three new vulnerabilities.
The Javascript interpreter has a problem with
dereferencing objects. A user can visit a specially crafted web page
which can crash the browser or cause it to execute arbitrary code.
The XULDocument.persist() function has a bug that can be triggered by
viewing specially crafted web sites, RDF data can be injected into the
localstore.rdf file, allowing arbitrary javascript code to be executed.
The Mozilla history saving mechanism is vulnerable to a denial of
service attack, visiting sites with extra-long titles can cause a
crash or very slow startup the next time the browser is run. |
| Alerts: |
|
Comments (none posted)
Mozilla Thunderbird: remote code execution and DoS
| Package(s): | mozilla-thunderbird |
CVE #(s): | CVE-2006-0884
|
| Created: | March 3, 2006 |
Updated: | May 4, 2006 |
| Description: |
The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier
allows user-complicit attackers to bypass javascript security settings and
obtain sensitive information or cause a crash via an e-mail containing a
javascript URI in the SRC attribute of an IFRAME tag, which is executed
when the user edits the e-mail. |
| Alerts: |
|
Comments (1 posted)
mplayer: integer overflows
| Package(s): | mplayer |
CVE #(s): | CVE-2006-1502
|
| Created: | April 9, 2006 |
Updated: | May 1, 2006 |
| Description: |
MPlayer 1.0pre7try2 has multiple integer overflow vulnerabilities.
Remote attackers can maliciously craft an ASF file or an AVI file
in order to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
ncpfs: multiple vulnerabilities
| Package(s): | ncpfs |
CVE #(s): | CAN-2005-0013
CAN-2005-0014
|
| Created: | January 31, 2005 |
Updated: | May 15, 2006 |
| Description: |
Erik Sjolund discovered two vulnerabilities in the programs bundled
with ncpfs: there is a potentially exploitable buffer overflow in
ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities
using the NetWare client functions insecurely access files with
elevated privileges (CAN-2005-0013). |
| Alerts: |
|
Comments (none posted)
ntp: uses wrong gid
| Package(s): | ntp |
CVE #(s): | CAN-2005-2496
|
| Created: | August 26, 2005 |
Updated: | August 11, 2006 |
| Description: |
When starting xntpd with the -u option and specifying the
group by using a string not a numeric gid the daemon uses
the gid of the user not the group. This problem is now fixed
by this update. |
| Alerts: |
|
Comments (none posted)
openmotif: buffer overflows
| Package(s): | openmotif |
CVE #(s): | CVE-2005-3964
|
| Created: | December 29, 2005 |
Updated: | July 27, 2006 |
| Description: |
The libUil component of the OpenMotif toolkit has a pair of buffer
overflow vulnerabilities that can possibly be used for the execution
of arbitrary code.
|
| Alerts: |
|
Comments (none posted)
OpenSSH: double shell expansion
| Package(s): | openssh |
CVE #(s): | CVE-2006-0225
|
| Created: | January 23, 2006 |
Updated: | July 20, 2006 |
| Description: |
OpenSSH has a double shell expansion vulnerability in local to local and
remote to remote copy with scp. |
| Alerts: |
|
Comments (none posted)
openvpn: arbitrary code execution
| Package(s): | openvpn |
CVE #(s): | CVE-2006-1629
|
| Created: | April 11, 2006 |
Updated: | April 27, 2006 |
| Description: |
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute
arbitrary code on the client by using setenv with the LD_PRELOAD
environment variable. |
| Alerts: |
|
Comments (none posted)
perl: setuid vulnerabilities
| Package(s): | perl |
CVE #(s): | CAN-2005-0155
CAN-2005-0156
|
| Created: | February 2, 2005 |
Updated: | August 11, 2006 |
| Description: |
There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access. |
| Alerts: |
|