The PostgreSQL business
Back at the beginning of 2005,
Pervasive
Software decided that there was money to be made by
selling support services for the
PostgreSQL relational database management
system. It seems like a good idea; PostgreSQL is a rock-solid system,
increasingly fast, offering a number of interesting features. It is
running in no end of production environments - including, it should be
said, on the LWN.net server. Free RDBMS systems look poised to create
trouble for their proprietary competition just like Linux made life
difficult for proprietary Unix systems. PostgreSQL is clearly around for
the long haul, and looks like a winning bet.
Not for Pervasive, however; the company has just published an open letter to the
PostgreSQL community stating that, while the company remains a big fan
of PostgreSQL, it is getting out of the PostgreSQL business.
The money, it seems, simply wasn't there. Pervasive is not the first to
come to this conclusion; a few years ago, a company called Great Bridge
failed with the same model, despite employing several high-profile
PostgreSQL developers. Red Hat still offers its version of PostgreSQL, but
the last posted news for that product is dated November, 2005, and the
product is not mentioned anywhere in Red Hat's last annual report.
PostgreSQL, it seems, is a hard business. According to Pervasive, the
problem is that the free support is just too good:
While we always knew that PostgreSQL is a solid product with
advanced database capabilities and that it has a very real
opportunity to shake up the high-end database market, we
underestimated the high level of quality support and expertise
already available within the PostgreSQL community. In this
environment, we found that the opportunity for Pervasive Software
to meaningfully increase adoption of PostgreSQL by providing an
alternative source for support and services was quite limited.
It is true that the PostgreSQL community is capable and helpful; any
company which wishes to offer something better than what the community
provides has a very high standard to meet. But there almost certainly has
to be more to it than that. MySQL AB has had a fair amount of commercial
success - something which companies working with PostgreSQL have not been
able to duplicate. One might guess that the
PostgreSQL community is more helpful than the MySQL community, and, as a
result, there is more commercial opportunity in the MySQL realm. This does
not seem like an idea that is likely to go very far. Something else is
happening.
Perhaps commercial PostgreSQL support is simply an idea whose time has not
come. Most PostgreSQL users may still be early adopters - people who are
willing and able to handle the support details themselves. The larger
market of users who are more interested in buying support services,
perhaps, has simply not developed yet. To the extent that this hypothesis
holds water, the companies which have tried to create a market in
PostgreSQL services have not done an adequate job of selling its merits to
potential customers. That would indicate that more work has to be done to
spread the word on what a good product PostgreSQL truly is; there needs to
be a serious brand-building effort.
There is another factor which should be taken into account here, however.
Much of MySQL AB's success does not come from support services; instead, it
comes from licensing. The MySQL code is licensed under the GPL, and the
copyrights are all held by MySQL AB; as a result, MySQL AB is able to offer
proprietary-style licenses to companies which wish to use MySQL, but which
do not wish to license their own products under the GPL. PostgreSQL,
instead, carries a BSD license and its copyrights are held by a number of
different groups. So there is no "GPL exception" business model possible
for PostgreSQL. Anybody wanting to use PostgreSQL in a proprietary product
can do so without asking permission (or buying licenses) from anybody.
What all this means is that anybody trying to build a business around
PostgreSQL must rely entirely upon services. They must convince potential
customers that PostgreSQL is good enough to merit consideration over any
number of proprietary alternatives, but not so good that these customers
can support it themselves. The latter part should be relatively easy -
there's still no end of customers who require support services before they
will consider deploying a system. But convincing companies to walk away
from their proprietary database vendors remains a hard sell. PostgreSQL,
along with a number of other free database management systems, is a
high-quality project. Eventually the commercial world will
understand that fact, just like it has slowly figured out that Linux is
worthy of its attention. But, until that time comes, making money from
PostgreSQL will be a challenging task.
Comments (30 posted)
GPLv3 beta 2 and LGPLv3 beta 1
The Free Software Foundation has released
a second draft of version 3 of
the GPL. This draft incorporates comments made in the first draft,
filtered, of course, by the FSF's goals. The resulting changes tweak some
terms, clarify others, and generally increase the international
applicability of the license. The fundamental nature of the license and
its goals has not changed, however, and quite a few people who disliked the
first draft will have reason to be displeased with this version as well.
Those interested in the details of the changes and why they were made may
want to look at the FSF's
rationale document [PDF].
The term which, perhaps, upset the most people was the anti-DRM provision
requiring recipients to be able to install and run modified versions
of the software. In particular, if GPLv3-licensed software is shipped on a
device which will only run binaries signed by a particular private key,
that key must be provided with the source code. The wording of this term
has changed in the second draft, but its intent has not. It now reads:
The Corresponding Source also includes any encryption or
authorization keys necessary to install and/or execute modified
versions from source code in the recommended or principal context
of use, such that they can implement all the same functionality in
the same range of circumstances. (For instance, if the work is a
DVD player and can play certain DVDs, it must be possible for
modified versions to play those DVDs. If the work communicates with
an online service, it must be possible for modified versions to
communicate with the same online service in the same way such that
the service cannot distinguish.)
The FSF, it seems, is serious about not allowing
GPLv3-licensed code to be used on locked-down systems.
The first draft included a term saying, in effect, that any covered
software was not an "effective technical measure" protecting access to
copyrighted work. That term was intended to block use of the DMCA to lock
down systems built with GPL-licensed code. That term has been reworded:
When you convey a covered work, you waive any legal power to forbid
circumvention of technical measures that include use of the covered
work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing the legal rights
of third parties against the work's users.
The new wording has the same intent, but it is intended to apply to
anti-circumvention laws in other countries (and the EU Copyright Directive
in particular).
A fundamental term is the one stating that anybody who distributes software
under the GPL, and who owns patents covering some of the techniques used by
that software, is giving the recipients the right to use those techniques.
The first draft expressed this term as an explicit grant of licenses to use
the relevant patents. The second draft, instead, requires anybody distributing
the software to accept a covenant not to assert their patents against users of
the software. The FSF has evidently written a separate opinion document -
not yet published - which describes the reasons for making this change.
The prohibition on distribution of "covered works that illegally
invade users' privacy" has been removed. Evidently, there was a
strong public reaction against this term, so it came out.
The language in the first draft which allowed charging up to ten times the
actual cost for source code distribution is gone. The GPLv2 language,
limiting charges to the "reasonable cost" of shipping the source, is back.
The second draft has added a new term stating that making the source
available for free download (for three years) is sufficient to satisfy the
source distribution requirements of the license. It has also been made
clear that redistribution of a program through a peer-to-peer client (as
happens automatically with a protocol like BitTorrent) does not require
accepting the license and taking on the source distribution requirements.
The language on additional terms has been changed somewhat. There is now
an explicit prohibition on terms regarding who pays attorney's fees,
choice-of-venue terms, arbitration clauses, etc. There is also a clause
saying that, if the software has been received with any disallowed
additional restrictions ("no commercial use" restrictions being given as an
example), the recipient may simply ignore those restrictions.
The first draft of version 3
of the Lesser GPL is also available. The new LGPL is much shorter and
simpler than its predecessor, mostly because it is expressed as a patch to
GPLv3. The intent of the LGPL has not changed much. There are
terms intended to make it possible to run a proprietary application with a
modified version of the LGPL-licensed library, however - including a
requirement that installation keys, if needed, be distributed with the
source.
By the FSF's schedule, the rest of the year will be dedicated to receiving
comments on the new draft of the GPLv3. The FSF has previously said that
it would like to adopt the final version of the new license in January,
2007, and there is no indication that this timeline has changed. There
will be another series of public meetings, with the next meeting happening in
Bangalore, India, on August 23 and 24. Anybody who has opinions
on the drafts, and who has not yet expressed them to the FSF, may want to
do so in the near future or forever hold their peace.
Comments (53 posted)
ATI, AMD, and free drivers
August 2, 2006
This article was contributed by Stacey Quandt
On July 24, 2006, AMD and ATI announced they will merge in order to
combine AMD's strength in microprocessor technology with ATI's
proficiency in graphics, chipsets and consumer electronics. The
transaction, valued at US $5.4 billion, is expected to close toward the end
of 2006,
subject to approval by ATI shareholders, regulatory
approvals and other customary closing conditions. At first blush, the
obvious implications of the merger focus on the market pressure this
combination
will place on Nvidia and Intel, and how it will enable AMD and ATI to
accelerate innovation in the commercial, consumer electronics and mobile
computing segments.
In the near term, the merger enables the companies to create an
integrated graphics business and deliver core logic chipsets to compete
with Intel in the consumer market. In the long-term, the combined company
should be well positioned to develop
coprocessor-based media and physics acceleration technologies which will enable
advances in chips beyond today's cores.
If viewed from an open source perspective, some additional questions surface:
1) Will AMD, which has cultivated a strong relationship with the Linux
community, work with ATI to release open source drivers - including
supporting suspend/resume on laptops?; and 2) How will a combined AMD and
ATI influence the growth of the Linux desktop and handheld market?
There will probably be no comments from the companies until after the sale has closed. But
the potential benefits to the open source community resulting from a combined AMD
and ATI are intriguing. In this context, it is worth remembering that
Intel - AMD's primary competitor - has been working to provide free
Linux drivers for its video chipsets.
It would be absurd to believe that open source
graphics drivers and advances in Linux laptops and handheld devices are
the motivation behind this merger. But the opportunity for AMD to prosper in the Linux market
from embedded systems to servers, coupled with AMD's long-term goal of
beating Intel to market, makes the release of open source drivers
possible as a tactical outcome of a larger strategic vision. Any
augmentation of AMD's Linux and open source strategies will most likely
be revealed subsequent to the merger, so look for possible changes in
early 2007.
Comments (12 posted)
Page editor: Jonathan Corbet
Security
Is my distribution vulnerable?
We recently posted
a brief item
about an Apache vulnerability which has the potential to be remotely
exploitable. A number of distributors have responded to this vulnerability
with the appropriate updates, but there is no update for Red Hat Enterprise
Linux. Thanks to
a helpful
comment, we know that this is not a case of Red Hat letting its
customers down; instead, RHEL is simply not vulnerable to this particular
bug. Since there is no need for an update, none has been issued.
In this case, RHEL users can get information about this (non-)
vulnerability from the Red Hat knowledge
base - as long as they don't mind the disclaimer that "Red Hat
makes no express or implied claims to its validity." In general,
however, it remains difficult for users of any distribution to determine
whether their installed systems are exposed to any specific vulnerability.
The release of an update generally provides a positive answer, but, until
that update comes out, users do not know for sure. Linux distributors
would do well for their users by providing this information in an
easily-found location.
As it happens, there are a couple of distributions which do make some
information available:
- Fedora maintains a
list of CVE numbers, along with comments on whether the
distribution is vulnerable or not. It fails the "easily found" test,
however: the list is maintained as a text file in a CVS repository,
and one must go into the CVS web interface to see it. But, once one
knows about the file, it is easy to pull it up and get information on
specific problems. For the Apache problem, Fedora was indeed
vulnerable, and the problem was fixed via a backport.
- Some time back, LWN received a somewhat indignant message to the
effect that we should have looked up a vulnerability in the Debian Security Bug Tracker.
There is a lot of good information there on specific vulnerabilities;
the CVE-2006-3747
page (for the same Apache vulnerability) notes that stable has
been fixed, but that testing and unstable are vulnerable.
This tracker also fails the "easily found" test: it is not hosted
under a debian.org domain, and there is no mention of it on the Debian security
information or security FAQ
pages. A determined user can find a non-vulnerabilities
page which has some useful information, but it does not have the full
story.
Most of the time, Linux distributors do a high-quality job of tracking and
responding to vulnerabilities. It is rare that users of a high-profile
distribution remain without updates for serious vulnerabilities for any
serious period of time. They could help their users a bit more, however,
if they were to make more of their tracking information available. More
visibility into the system will increase confidence that problems are being
addressed - especially in cases where a distribution is not vulnerable and
the problem does not exist in the first place.
Comments (4 posted)
New vulnerabilities
apache: off-by-one buffer overflow
| Package(s): | apache apache2 httpd |
CVE #(s): | CVE-2006-3747
|
| Created: | July 28, 2006 |
Updated: | August 2, 2006 |
| Description: |
Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite
module's ldap scheme handling. On systems which activate
"RewriteEngine on", a remote attacker could exploit certain rewrite
rules to crash Apache, or potentially even execute arbitrary code
(this has not been verified).
"RewriteEngine on" is disabled by default. Systems which have this
directive disabled are not affected at all. |
| Alerts: |
|
Comments (3 posted)
audacious: buffer overflow
| Package(s): | audacious |
CVE #(s): | CVE-2006-3581
CVE-2006-3582
|
| Created: | August 2, 2006 |
Updated: | September 13, 2006 |
| Description: |
Audacious (prior to version 1.1.0) suffers from a buffer overflow which could be exploitable via a maliciously crafted media file. |
| Alerts: |
|
Comments (none posted)
drupal: arbitrary file execution
| Package(s): | drupal |
CVE #(s): | CVE-2006-2742
CVE-2006-2743
CVE-2006-2831
CVE-2006-2832
CVE-2006-2833
|
| Created: | July 27, 2006 |
Updated: | August 2, 2006 |
| Description: |
The Drupal web platform has a number of remotely exploitable
vulnerabilities including:
An SQL injection vulnerability in the "count" and "from" variables of the database interface.
Incorrect file extension handling in an Apache/mod_mime environment.
A cross-site scripting vulnerability in the upload module.
A cross-site scripting vulnerability in the taxonomy module. |
| Alerts: |
|
Comments (none posted)
freeciv: denial of service
| Package(s): | freeciv |
CVE #(s): | CVE-2006-3913
|
| Created: | August 1, 2006 |
Updated: | August 4, 2006 |
| Description: |
A buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN from July 15,
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative chunk_length
or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK
packet in the generic_handle_player_attribute_chunk function in
common/packets.c, and (3) a large packet->length value in the
handle_unit_orders function in server/unithand.c. |
| Alerts: |
|
Comments (none posted)
heartbeat: permission error
| Package(s): | heartbeat |
CVE #(s): | CVE-2006-3815
|
| Created: | July 28, 2006 |
Updated: | August 15, 2006 |
| Description: |
Yan Rong Ge discovered that wrong permissions on a shared memory page in
heartbeat, the subsystem for High-Availability Linux could be exploited by
a local attacker to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: privilege escalation
| Package(s): | kernel-source-2.6.8 |
CVE #(s): | CVE-2006-3626
|
| Created: | July 27, 2006 |
Updated: | August 23, 2006 |
| Description: |
The kernel process filesystem has a race condition that can be
exploited for the purpose of privilege escalation.
This affects multiple architectures. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflows
Comments (none posted)
mantis: cross-site scripting
Comments (none posted)
mozilla: multiple vulnerabilities
Comments (none posted)
osiris: format string vulnerability
| Package(s): | orisis |
CVE #(s): | CVE-2006-3120
|
| Created: | July 28, 2006 |
Updated: | August 3, 2006 |
| Description: |
Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a
network-wide system integrity monitor control interface. A remote
attacker could exploit them and cause a denial of service or execute
arbitrary code. |
| Alerts: |
|
Comments (none posted)
sitebar: missing input validation
| Package(s): | sitebar |
CVE #(s): | CVE-2006-3320
|
| Created: | August 1, 2006 |
Updated: | August 2, 2006 |
| Description: |
A cross-site scripting vulnerability has been discovered in sitebar,
a web based bookmark manager written in PHP, which allows remote
attackers to inject arbitrary web script or HTML. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
asterisk: buffer overflow
| Package(s): | asterisk |
CVE #(s): | CVE-2006-2898
|
| Created: | June 15, 2006 |
Updated: | July 27, 2006 |
| Description: |
The Asterisk PBX application has a buffer overflow vulnerability in the
IAX2 channel driver that can be used for the remote execution of
arbitrary code.
|
| Alerts: |
|
Comments (none posted)
binutils: buffer overflow
| Package(s): | binutils |
CVE #(s): | CVE-2006-2362
|
| Created: | May 27, 2006 |
Updated: | August 29, 2006 |
| Description: |
The GNU Binutils has a buffer overflow vulnerability in libbfd.
Maliciously crafted Tektronix Hex Format files with improper length
characters can cause a crash and possibly lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
busybox: insecure password generation
| Package(s): | busybox |
CVE #(s): | CVE-2006-1058
|
| Created: | May 5, 2006 |
Updated: | May 2, 2007 |
| Description: |
The BusyBox 1.1.1 passwd command does not use a proper salt when generating
passwords. This would create an instance where a brute force attack could
take very little time. |
| Alerts: |
|
Comments (2 posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
ktools: buffer overflow
| Package(s): | centericq |
CVE #(s): | CVE-2005-3863
|
| Created: | December 7, 2005 |
Updated: | August 29, 2006 |
| Description: |
From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H
Research Team discovered a buffer overflow in kkstrtext.h of the ktools
library, which is included in (at least) centericq and motor. |
| Alerts: |
|
Comments (none posted)
courier: denial of service
| Package(s): | courier |
CVE #(s): | CVE-2006-2659
|
| Created: | June 9, 2006 |
Updated: | August 4, 2006 |
| Description: |
A denial of service vulnerability has been found in the function for
encoding email addresses. Addresses containing a '=' before the '@'
character caused the Courier to hang in an endless loop, rendering the
service unusable. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | May 8, 2007 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
| Package(s): | cyrus-sasl |
CVE #(s): | CVE-2006-1721
|
| Created: | April 21, 2006 |
Updated: | September 4, 2007 |
| Description: |
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service. An attacker could possibly
exploit this vulnerability by sending specially crafted data stream to the
Cyrus-SASL server, resulting in a Denial of Service even if the attacker is
not able to authenticate. |
| Alerts: |
|
Comments (none posted)
fbi: incorrect filtering
| Package(s): | fbi |
CVE #(s): | CVE-2006-3119
|
| Created: | July 24, 2006 |
Updated: | August 24, 2006 |
| Description: |
Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer
contains a typo, which prevents the intended filter against malicious
postscript commands from working correctly. This might lead to the
deletion of user data when displaying a postscript file. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | October 10, 2007 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gdm: improper file permissions
| Package(s): | gdm |
CVE #(s): | CVE-2006-1057
|
| Created: | April 19, 2006 |
Updated: | May 2, 2007 |
| Description: |
The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
gimp: arbitrary code execution
| Package(s): | gimp |
CVE #(s): | CVE-2006-3404
|
| Created: | July 10, 2006 |
Updated: | July 27, 2006 |
| Description: |
Henning Makholm discovered that gimp did not sufficiently validate the
'num_axes' parameter in XCF files. By tricking a user into opening a
specially crafted XCF file with Gimp, an attacker could exploit this
to execute arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
gnupg: remote denial of service
| Package(s): | gnupg |
CVE #(s): | CVE-2006-3082
|
| Created: | June 21, 2006 |
Updated: | July 28, 2006 |
| Description: |
A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that
could allow a remote attacker to cause gpg to crash and possibly overwrite
memory via a message packet with a large length. |
| Alerts: |
|
Comments (1 posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
hiki: denial of service
| Package(s): | hiki |
CVE #(s): | CVE-2006-3379
|
| Created: | July 24, 2006 |
Updated: | July 26, 2006 |
| Description: |
Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine
written in Ruby that allows remote attackers to cause a denial of
service via high CPU consumption using by performing a diff between
large and specially crafted Wiki pages. |
| Alerts: |
|
Comments (none posted)
ImageMagick: heap overflow vulnerability
| Package(s): | ImageMagick |
CVE #(s): | CVE-2006-2440
|
| Created: | May 25, 2006 |
Updated: | September 5, 2006 |
| Description: |
The ImageMagick DisplayImageCommand has a heap overflow vulnerability.
If an maliciously created unexpanded glob is passed to ImageMagick,
a heap overflow can result. |
| Alerts: |
|
Comments (none posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdebase: privilege escalation
| Package(s): | kdebase |
CVE #(s): | CVE-2006-2449
|
| Created: | June 15, 2006 |
Updated: | August 28, 2006 |
| Description: |
The KDE Display Manager(KDM) is vulnerable to a local symlink attack.
A local user can use this to read arbitrary files that they do not
have permission to access. See this KDE
advisory for more information. |
| Alerts: |
|
Comments (none posted)
kdelibs: denial of service
| Package(s): | kdelibs |
CVE #(s): | CVE-2006-3672
|
| Created: | July 21, 2006 |
Updated: | July 26, 2006 |
| Description: |
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial
of service (application crash) by calling the replaceChild method on a DOM
object, which triggers a null dereference, as demonstrated by calling
document.replaceChild with a 0 (zero) argument. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: privilege escalation
| Package(s): | kernel |
CVE #(s): | CVE-2006-2451
|
| Created: | July 7, 2006 |
Updated: | July 26, 2006 |
| Description: |
The Linux kernel, versions 2.6.13 through 2.6.17.3, has a privilege
escalation vulnerability that is related to the handling of core dumps.
Local users can create a program that can core dump to a
directory that the user does not have permission to write to.
This can be exploited for the use of a disk consumption denial
of service attack, or the unauthorized gaining of root privileges. |
| Alerts: |
|
Comments (2 posted)
kernel: denial of service by memory consumption
| Package(s): | kernel |
CVE #(s): | CVE-2006-2936
|
| Created: | July 17, 2006 |
Updated: | November 14, 2007 |
| Description: |
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-2445
CVE-2006-2448
CVE-2006-3085
|
| Created: | June 23, 2006 |
Updated: | August 11, 2006 |
| Description: |
There is a race condition error in the "posix-cpu-timers.c" script that
does not prevent another CPU from attaching the timer to an exiting
process. This could be exploited by attackers to cause a denial of
service.
A flaw due to errors in "powerpc/kernel/signal_32.c" and
"powerpc/kernel/signal_32.c" could allow userspace to provoke a machine
check on 32-bit kernels.
An infinite loop in "netfilter/xt_sctp.c" could be exploited by attackers
to exhaust all available memory resources, creating a denial of service
condition. |
| Alerts: |
|
Comments (none posted)
libdumb: arbitrary code execution
| Package(s): | libdumb |
CVE #(s): | CVE-2006-3668
|
| Created: | July 24, 2006 |
Updated: | August 9, 2006 |
| Description: |
Luigi Auriemma discovered that DUMB, a tracker music library, performs
insufficient sanitizing of values parsed from IT music files, which might
lead to a buffer overflow and execution of arbitrary code if manipulated
files are read. |
| Alerts: |
|
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: denial of service
| Package(s): | libgd2 |
CVE #(s): | CVE-2006-2906
|
| Created: | June 14, 2006 |
Updated: | January 16, 2007 |
| Description: |
Certain GIF images can cause libgd2 to go into an infinite loop, adversely affecting the performance of image processing applications. |
| Alerts: |
|
Comments (none posted)
libmms: buffer overflows
| Package(s): | libmms |
CVE #(s): | CVE-2006-2200
|
| Created: | July 6, 2006 |
Updated: | December 25, 2006 |
| Description: |
Several buffer overflows were found in libmms. By tricking a user into
opening a specially crafted remote multimedia stream with an application
using libmms, a remote attacker could overwrite an arbitrary memory portion
with zeros, thereby crashing the program. |
| Alerts: |
|
Comments (none posted)
Net::Server: format string vulnerability
| Package(s): | libnet-server-perl per-net-server |
CVE #(s): | CVE-2005-1127
|
| Created: | July 24, 2006 |
Updated: | August 11, 2006 |
| Description: |
Peter Bieringer discovered that the Perl Net::Server, is vulnerable to a format string attack which may be exploitable by remote attackers. Among others, the "postgrey" utility is affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
libpam-ldap: authentication bypass
| Package(s): | libpam-ldap |
CVE #(s): | CAN-2005-2641
|
| Created: | August 25, 2005 |
Updated: | October 6, 2006 |
| Description: |
libpam-ldap, the PAM LDAP interface, has a vulnerability in which
it fails to authenticate with an LDAP server which is not configured
properly, allowing an authentication bypass. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | November 17, 2006 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libtunepimp: buffer overflows
| Package(s): | libtunepimp |
CVE #(s): | CVE-2006-3600
|
| Created: | July 13, 2006 |
Updated: | August 2, 2006 |
| Description: |
The libtunepimp tag parser has multiple buffer overflow vulnerabilities.
If a user can be tricked into opening specially crafted tagged
multimedia files, arbitrary code can be executed with the user's
privileges. |
| Alerts: |
|
Comments (none posted)
libwmf: integer overflow
| Package(s): | libwmf |
CVE #(s): | CVE-2006-3376
|
| Created: | July 13, 2006 |
Updated: | November 6, 2006 |
| Description: |
libwmf, a library that is used for processing Windows MetaFile vector graphics files, has an integer overflow vulnerability. |
| Alerts: |
|
Comments (none posted)
mozilla products have multiple vulnerabilities
Comments (none posted)
mutt: IMAP namespace buffer overflow
| Package(s): | mutt |
CVE #(s): | CVE-2006-3242
|
| Created: | June 28, 2006 |
Updated: | October 24, 2006 |
| Description: |
TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently
check the validity of namespace strings. If an user connects to a malicious
IMAP server, that server could exploit this to crash mutt or even execute
arbitrary code with the privileges of the mutt user. See this Secunia advisory for more
information. |
| Alerts: |
|
