LWN.net Logo

Advertisement

E-Commerce & credit card processing - the Open Source way!

Advertise here

LWN.net Weekly Edition for August 31, 2006

The Linux Standard Base gets some applications

The Linux Standard Base project will provide a vendor-neutral standard, backed by source code, upon which to build Linux distributions, much as the Linux kernel project provides a single kernel that is shared by all distributions....

The application of the standard will be that any program that runs successfully on the reference platform can be expected to run on all Linux systems.

With these words, the Linux Standard Base project was launched in May of 1998. This project set out to create a reference platform which would encourage the porting of commercial application programs to the Linux system. By eliminating the need to create a separate version of a program for every supported distribution, the LSB, it was thought, would bring about a wealth of Linux-based applications without impeding the free development of a variety of Linux distributions.

Over the subsequent years, the LSB has limped along under a succession of leaders. Various LSB standards addressing various parts of the system have been created. Most of the major distributions have made the effort to implement LSB compliance, so there is a vast number of deployed, LSB-certified Linux systems out there. Only one little, nagging problem has remained, however: no application vendors have stepped forward to certify their products for Linux.

That situation changed quietly a couple of weeks ago, however, when the Free Standards Group (the parent organization which is developing the LSB) announced the first two certified LSB applications. These applications - RealPlayer and MySQL - are no strangers to the Linux platform, so their certification is unlikely to change life for many Linux users. RealPlayer already works on the bulk of Linux distributions, and MySQL, being free software, is shipped with most of them. But the fact that these vendors made the effort to certify their products shows that the LSB effort - recently returned to life under the leadership of Ian Murdock - might just go somewhere this time.

The real test, however, will be whether any new applications, previously unsupported under Linux, hit the market with LSB certification. Thus far, the LSB has failed to encourage any vendors - any at all - to support Linux by porting to the LSB platform. The recent announcement has not changed that fact - RealPlayer and MySQL were already available to Linux users in an uncertified form.

Clearly, in 1998, the LSB was ahead of its time. The proprietary application vendors, for the most part, were not even close to being ready to support their products on Linux. There is not much that the LSB effort could have done to change that fact. As Linux grows, however, vendors will begin to believe that there might be a worthwhile market to be found there; the LSB intends to be there when they come around. To that end, the Free Standards Group has set up a new developers network with information for vendors writing applications for the LSB.

Many LWN readers have little interest in the creation of a vibrant market for proprietary Linux applications. The available free software meets their needs, and, where it doesn't, projects are underway to improve the situation. For many, the installation of proprietary applications would only compromise the years-long effort to create a free system. These people care little about the progress of the LSB.

The fact remains, however, that there is a large variety of proprietary software for which no free equivalent exists, not even in an early stage of development. There is also a large body of potential users who will not consider moving over to Linux until the applications they need are available. If the LSB succeeds in encouraging ports of some of those applications, it could encourage some of those users to make the jump to free software. And that, in the end, should be a good thing.

Comments (11 posted)

Managing Gentoo - a study in quotes

People outside of the Gentoo Linux project may be surprised to learn that the Gentoo developers are currently electing a new management council. Unlike, say, Debian, Gentoo tends to do a fair amount of its deliberations out of public view. There has recently been a discussion, however, which has brought out some of the concerns that Gentoo developers have. Here are some excerpts.

I started my fourth year as a Gentoo developer in June, and Gentoo's changed a lot since I started back in 2003. We've become a drastically more democratic organization. But the question remains - _Is this a good thing?_

When I think about where Gentoo was when we turned into a democracy years ago, and where Gentoo is now, I don't see much of a difference on the large scale. We lack any global vision for where Gentoo is going, we can't agree on who our audience is, and everyone's just working on pretty much whatever they feel like. [...]

I'm not the only one to suggest that a democracy isn't the most productive way to run Gentoo. When people wanted to change in how Gentoo was run, democracy was the only option considered, rather than simply changing the leaders. There's an ongoing assumption that if problems exist, it must be somewhere in the structure rather than in the people.

If I could go back in time a couple of years and prevent this democracy from ever happening, I would. If I could fix these problems myself, I would. But it requires buy-in from the entire Gentoo community if we're to do anything about it.

-- Donnie Berkholz

In addition to the conclusion that too much freedom has entered the life-blood that drives Gentoo it is also often the case that from the stance of upper management there is not enough freedom given. Part of what paralyzes the Council and devrel and any other historical body that has tried to keep Gentoo healthy is that there is an understanding that they can only act as a whole...as individuals none of them have power as there is fear that a rogue person in a position to abuse their responsibility will do so. It is my contention that with a body of multiple individuals such as the Council that there would be the ability to recognize and mitigate the damage done by such a rogue. I'd posit that by voting someone onto the council you are saying that you trust them enough to carry this duty on their shoulders. The Council itself should not be just a technical body to validate the merits of GLERs and/or emerging projects, it (or some other yet to be established group) has to carry the solemn duty of carrying Gentoo into the future, nurturing it as only a parent could....

All in all I suppose that is the platform that I am running on for this years Council...take it for what you will but that is where I stand.

-- Daniel Ostrow

If there's a lack of respect at the moment, it's not for devrel. It's between individual developers, who either do not value each other as people, or do not value each other as contributors.

A good way to sort that out is to get them together in the physical world, and use group de-polarisation exercises to help folks understand that their view of the world isn't the only view that is valid. This is why I'm hoping to see Gentoo establish a regular international dev conference. You'll find that the vast majority of issues won't arise once folks actually know each other better - and the personality clashes that are left are easier to see for what they are.

-- Stuart Herbert

Maybe its a cultural thing between some of us, or maybe its the 'pre-daniel' versus 'post-daniel' devs. I'm curious the demographics of our active developers that were on prior to daniel's leaving compared to those who joined after. To most of the recent active folks, they never knew what it was like before. Hell, I just got on towards the tail end of the daniel-era, so I don't have much validity in that realm myself! But I do remember how it used to be and how well we did things and how we usually respected each other in some fashion or another.

I'm afraid those days are in the past unless some kind of fork happens where the folks who think we need a leader go their way and the folks who prefer the leader-by-committee approach go their way. We all hate forks, none of us have time for forks, but looking at the dividing line, I don't see how we'll be able to compromise with out adding more policies and BS.

-- Lance Albertson

It's very easy to claim that "there are too many flamewars", even if that isn't actually true. It's hard to claim "Portage needs replacing, the tree has huge QA issues, several archs are horribly unmaintained and too many developers don't have a clue what they're doing" because a) they're difficult problems to address, b) if you do say them, Condorcet ensures that you won't get elected and c) you might be expected to fix them.

Most of these problems could be solved if we had a council that was far less spineless, a council that's prepared to address the *real* issues rather than doing nothing, a council that shows leadership and provides direction where it's needed without screwing things up where it's not.

-- Ciaran McCreesh

I definitely agree here. What has made me decide to run for the council is my wish to see things improve before we honestly do start hemorrhaging developers. We have seen indications that it is coming, but it hasn't started quite yet. A strong leadership is needed to give us direction where needed, and also to leave people well enough alone where it is not needed.

-- Chris Gianelloni

At the top level, the council, in its present form does not manage Gentoo. It can't, it's pretty much disempowered as a management organisation due to the rules for its agenda setting. Further, don't see any any evidence of it setting targets and measuring progress or even getting progress reports.

-- Roy Bamford

So, now straight to the point, we could elect a Core Team, including people from each team. And those will be the responsible to take Gentoo into new 'realms', with its 'risks' included. I am also scared about this model .. it might not work, it actually might create the next armageddon for many. But what if it does?, it might help solving this stagnation state Gentoo is facing right now, and bring more new ideas into play.

-- Luis F. Araujo

There's no detail in what you want to do, only a vague unhappiness with how things are, a desire to return to the "good old days" that never were, backed up by arguments that are demonstrably and factually incorrect or incomplete.

What is your plan? Where do you want to take Gentoo, where it isn't already going? ...

_If_ you're looking at Ubuntu with envious eyes, my advice is that you cross the floor and join them. There's no sense whatsoever in putting Gentoo head-to-head with any of the other Linux distros, unless they try to come after what we are good at.

-- Stuart Herbert

As an aside, this has long been the fundamental structural problem in the open source movement. Within a given project, things generally find a way to get done, but when a problem lies between two projects (be they peers, one dependent on the other, whatever) then things often remain unresolved....

This is actually the cutting edge area in the free software movement at the moment - trying to find a common ground for not just projects but constellations of projects and above them distros to collaborate.

-- Andrew Cowie

In this context, it can also be interesting to read Matthew Garrett's note on his departure from the Debian Project:

There's a balance to be struck between organisational freedom and organisational effectiveness. I'm not convinced that Debian has that balance right as far as forming a working community goes. In that respect, Ubuntu's an experiment - does a more rigid structure and a greater willingness to enforce certain social standards result in a more workable community?

The management of large-scale projects is hard - this has been known for centuries (or longer). Free software projects bring in some interesting new factors, however, as a result of their voluntary nature and distribution over a wide range of languages and cultures. We are unlikely to find definitive solutions to issues which have been around so long, but, perhaps, we'll learn some interesting lessons in the attempt.

Comments (18 posted)

The Blackboard Patent: Where's Waldo?

August 30, 2006

By Pamela Jones, Editor of Groklaw

I'm sure you have heard about the intense outrage over Blackboard, Inc.'s patent on a method of e-learning and about its initiating a patent infringement lawsuit against Canadian-based competitor Desire2Learn in the U.S. District Court for the Eastern District of Texas in July. But there is a part of the story you may not know.

Blackboard has already been called "the SCO of the educational software market". Here's the complaint [PDF], if you'd like to read it. Like most patent infringement legal filings, it's dry as dust, but if you look at paragraph 10, you will see that Blackboard's litigation appears to target Desire2Learn's entire product line:

Upon information and belief, in violation of 35 U.S.C. Section 271, D2L uses, offers to sell, and sells within the United States, and/or imports into the United States, products and services that infringe the '138 patent, including, but not limited to all D2L products based on the D2L learning system or platform, such as the D2L eLearning Technology Suite, which includes the D2L Learning Environment, Learning Repository and LiveRoom, and all services supporting these D2L products, such as hosting services, training services, help desk support services, implementation and customization professional services, and content services.

According to an open letter by the CEO of Desire2Learn, John Baker, Blackboard didn't even contact Desire2Learn prior to filing in July. Yet Blackboard is asking the court to award it treble damages for "willful" infringement.

There's already a Boycott Blackboard site, a No EDU Patents site, with a History of Internet-based learning page where you can contribute prior art, and many in higher education are blogging intensely -- studiously one might even say -- to chronicle every detail of this patent story. There is also now a Wikipedia page as mentioned by Tim O'Reilly in mid August.

Indeed, it's mighty hard not to feel outrage, or at least keep your lip from curling, when you read the patent, or better yet a plain English version of it. Here's a diagram mocking what Blackboard "invented".

The British Educational Communications and Technology Agency (BECTA), reportedly took a look and issued guidance on the patent to all companies involved in e-learning in the UK. This report, while noting that the patent has no force in the UK, reveals that Blackboard has applied for four patents at the European Patent Office (EPO). Here's a list of other patents it has applied for in the US too, including one ominously titled "Method and system for conducting online transactions." Is there some kind of a contest going on to see who can get the most obvious patent on planet earth? By the way, the US Supreme Court will be reviewing a case that speaks to the issue of what the standard should be for obviousness. Better late than never, as they say. Michael Geist reports that Blackboard "expects similar patents to be granted in nearly a dozen countries around the world including Canada, Australia, and the European Union."

Initial review by the EPO found the claims not to be novel. Alfred Essa on "The NOSE: Information Technology in Higher Education," prefers the word "trivial" to describe the issued US patent:

By now I have read the Blackboard patent carefully, including the notorious "44 claims". Despite what Blackboard has said in public, the claims taken together describe a generic system for e-learning and potentially covers every learning tool, present or future....

Once you strip the "44 Claims" from its stylistic dross one can immediately see that Blackboard's "Idea", or innovation as they would claim, is laughably trivial and obvious. The core ideas in the system part of the claim originated with those individuals who developed the idea of network computing and using the Internet for collaboration. If there is one individual who deserves prior art for that Idea it's Tim Berners-Lee. But Berners-Lee himself would claim that hundreds, if not thousands of people worldwide, have contributed to developing and establishing the Idea of network and collaborative computing.

The FOSS community is naturally very concerned that, after Blackboard finishes suing Desire2Learn, it will come after Open Source e-learning projects like Moodle. In response, the Sakai Foundation, which helps colleges and universities run open source e-learning systems, has hired the Software Freedom Law Center to advise these projects. I think they are right to be worried despite assurances from Matthew Small, Blackboard's general counsel, that the company has no plans to challenge Open Source projects. For one thing, not having current plans doesn't prevent Blackboard from changing its mind at any time if this patent stands. Then there is the SCO comparison. It started me researching.

The SCO Comparison Gets Me Looking for Waldo

Ever since SCO sued over allegedly infringing code in Linux and we found Microsoft a shadowy figure in the background, I have formed the habit of looking for a Microsoft connection whenever I see a story about FOSS being threatened. It's my personal "Where's Waldo" game. I remember Bill Gates saying in 2003, shortly after SCO began its campaign, that Linux would be hounded by IP legal troubles for 4 or 5 years. At the time, I took that as a 5-year plan. So when I heard about the Blackboard litigation, I went to Google and just searched by the keywords "blackboard microsoft."

Bingo.

I found a number of articles from 2001, which is when Blackboard and Microsoft first teamed up as partners. Yes, Blackboard and Microsoft. Here's one from June of 2001 on the deal and its purpose, "Internet Strategies for Education Markets: The Heller Report:"

Microsoft's .NET technologies (www.microsoft.com/net) will be more common in higher education through a significant agreement with Blackboard, Inc. (Washington, DC, www.blackboard.com). The co-marketing partnership calls for Blackboard to develop the next version of its e learning platform using the technologies, and for Microsoft to recognize Blackboard as its preferred e-education partner.

The goal? In this article in The Chronicle of Higher Education, dated November 23, 2001, an analyst from Directions on Microsoft said the purpose of the deal was for Microsoft to "own the educational-software market." Blackboard, according to Essa, now has a 75% share of the e-learning market.

The article quotes from a Mark V. East, worldwide general manager for the education-solutions group at Microsoft as saying, "Learning could take over from e-commerce as the number-one use of the Internet." To be able to take over a market, it probably helps if your product works better than your competition, and that was the stated plan:

Despite its emphasis on Microsoft products, Blackboard will still write versions for Unix and Linux, says Matthew S. Pittinsky, chairman of Blackboard. All versions will have the same set of basic features, although Blackboard for Microsoft will eventually have more features than Blackboard for Unix or Linux, he says.

"It will be more feature-rich to run Blackboard out of the box on Microsoft" than on other platforms, Mr. Pittinsky says. System administrators will have more options for configuring the Microsoft version of Blackboard than the non-Microsoft versions. End users will notice a difference between systems run on Microsoft and those run on other platforms, he says. It will be easier for users to incorporate documents from any Microsoft applications in Blackboard's online courses. They will have just one log-on for all Blackboard and Microsoft software through Microsoft's Passport technology.

There are other articles too, like this one in the Daily Princetonian, where academics worried out loud about Microsoft inducing Blackboard to create its software in such a way that they would be forced to switch to Microsoft or give up Blackboard. They were thinking way too simply. The goal, judging from the litigation against Desire2Learn is not just market share; it's about money, honey. Patents are all about money, and when you have a broad patent -- and this one is nothing if not broad -- you can make all your competitors pay you licensing fees or if they refuse, you can shut them down. Think RIM and the Blackberry story. If there is any connection between patents and innovation, it seems to be to snuff it out wherever it happens to pop up in a competitor.

When you look into who has funded Blackboard, what do we discover? Microsoft invested in Blackboard back in 2001, according to a BusinessWire press release, "Oak Hill Capital Leads Investors in $48 Million Financing of Blackboard Inc." And then in February of 2005, Business Week reported that Bill Gates himself had invested in Oak Hill Capital Partners to the tune of $55 million in the past and was ponying up $70 million for a second fund, Oak Hill Capital II. Business Week says the II fund was promising investors a 25% return. While it doesn't specify that the personal investment went to Blackboard, the Microsoft investment did. Bingo. There's Waldo. Geist puts his finger on the central point, I think:

Shock quickly gave way to fear, since the community worried that Blackboard would leverage the patent to force competitors into expensive licensing agreements, thereby increasing costs and reducing innovation.

Moreover, educators have expressed concern that the patent will create confusion within the academic community, leading some institutions to drop better learning management systems alternatives due to the legal uncertainties.

Of course, some might say that's not a bug; it's a feature.

Comments (14 posted)

Page editor: Jonathan Corbet

Security

The OLPC and BIOS upgrades

The One Laptop Per Child project will, if successful, place special laptop computers into the hands of millions of children all over the world. Most of these children will have never worked with a computer before. The consequences of providing Linux-based systems to this many children are likely to be huge. If this project is done right, these kids will grow up seeing free software as the preferred thing to use. Done wrong, it could turn them (and the adults around them) against Linux in a big way.

Many aspects of the OLPC systems are interesting; one of those is that they will use LinuxBIOS as their onboard, boot-time firmware. LinuxBIOS will bring a high degree of flexibility to the system, and some complexity as well. There is a real possibility that, as the result of some late bug or security problem, an in-field upgrade to LinuxBIOS will be called for. In addition, some users may want to hack on the firmware and install their own version - after all, the source is available. For both reasons, the OLPC systems will be able to rewrite their BIOS on demand.

There is a potential problem there, however. If it is too easy to rewrite the BIOS, no end of unpleasant things could happen. In the worst case, some sort of OLPC-based worm could, over a brief period, turn all online systems into expensive bricks. Or, perhaps even worse, the mass implantation of a low-level back door could be performed. For this reason, the OLPC design requires the user to give explicit permission before the BIOS can be rewritten. In particular, a specific sequence of keys on the keyboard must be held down before rewriting the BIOS will be possible.

Ivan Krstić has recently been thinking about the BIOS issue; in particular, he is worried that the keyboard-based interlock still leaves the system open to phishing attacks. The target user base for the OLPC, remember, will be very young. If something pops up on their screen telling them to push a certain set of keys, some of them may well do it. Adults may be immune to this sort of attack, but children need to be treated with more care.

So Ivan floated a proposal for a different way of doing things. It does away with the keyboard interlock; instead, the operating system is always forbidden to rewrite the BIOS. The BIOS, however, can rewrite itself, and would do so upon finding a new BIOS image in a specific place in the filesystem. That image would have to be cryptographically signed, however, so attackers would, presumably, be unable to get a new BIOS image written. Ivan says:

Voila. This is now a completely secure BIOS solution which requires no TPM, allows fully automatic upgrades without the user's cooperation (such as pressing keys), and fully protects both against phishing and automated attacks -- in fact, it's vector-independent.

Some who responded were not entirely happy with this approach, however. The potential for performing BIOS upgrades (even if properly signed) without the user's knowledge or consent is troubling. If a bug is found in the signature verification code, the fully automated mass bricking scenario becomes real again. Users who want to put in their own version of the BIOS will be frustrated - they cannot be given the signing key without compromising the entire mechanism (though this problem can be mitigated through the addition of a unique key for each system). Some countries may be unwilling to buy and distribute the OLPC systems without the ability to create and install their own BIOS images. And so on; see the list archive for the full discussion thread.

There was no obvious consensus reached on the list - and no immediate decision to change the OLPC hardware design. It is an issue requiring some additional thought, however. The OLPC systems are designed, in general, to be easy to fix when a user breaks things - they are meant to be experimented with. A BIOS-level bricking, however, is decidedly not easy to fix; it is not a scenario which can be allowed to come about. So it will be interesting to see what solution the OLPC designers arrive at in the end.

(Update: the OLPC project has decided to implement the new mechanism as originally described in the article).

Comments (18 posted)

New vulnerabilities

AlsaPlayer: multiple buffer overflows

Package(s):alsaplayer CVE #(s):CVE-2006-4089
Created:August 28, 2006 Updated:September 19, 2006
Description: AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB querying mechanism. An attacker could exploit the first vulnerability by enticing a user to load a malicious URL resulting in the execution of arbitrary code with the permissions of the user running AlsaPlayer.
Alerts:
Debian DSA-1179-1 2006-09-19
Gentoo 200608-24 2006-08-26

Comments (none posted)

gtetrinet: buffer overflows

Package(s):gtetrinet CVE #(s):CVE-2006-3125
Created:August 30, 2006 Updated:September 6, 2006
Description: A number of out-of-bounds index accesses have been found in gtetrinet; they could conceivably be exploited by a hostile server to execute arbitrary code.
Alerts:
Gentoo 200609-02 2006-09-06
Debian DSA-1163-1 2006-08-30

Comments (none posted)

lesstif: libXm library privilege escalation

Package(s):lesstif CVE #(s):CVE-2006-4124
Created:August 29, 2006 Updated:August 30, 2006
Description: The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
Alerts:
Mandriva MDKSA-2006:154 2006-08-28

Comments (none posted)

libmusicbrainz: buffer overflows

Package(s):libmusicbrainz-2.0 CVE #(s):CVE-2006-4197
Created:August 30, 2006 Updated:October 23, 2006
Description: Several buffer overflows have been discovered in the libmusicbrainz CD index library.
Alerts:
Gentoo 200610-09 2006-10-22
Ubuntu USN-363-1 2006-10-11
Mandriva MDKSA-2006:157-1 2006-09-28
rPath rPSA-2006-0161-1 2006-08-30
Mandriva MDKSA-2006:157 2006-08-30
Debian DSA-1162-1 2006-08-30

Comments (none posted)

MySQL: privilege violations

Package(s):mysql CVE #(s):CVE-2006-4031 CVE-2006-4226
Created:August 25, 2006 Updated:July 30, 2008
Description: MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).

MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Red Hat RHSA-2007:0152-01 2007-04-03
Red Hat RHSA-2007:0083-01 2007-02-19
Fedora FEDORA-2006-1298 2006-11-27
Fedora FEDORA-2006-1297 2006-11-27
Ubuntu USN-338-1 2006-09-05
Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

streamripper: buffer overflow

Package(s):streamripper CVE #(s):CVE-2006-3124
Created:August 28, 2006 Updated:September 6, 2006
Description: Ulf Harnhammer from the Debian Security Audit Project discovered that streamripper, a utility to record online radio-streams, performs insufficient sanitizing of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code.
Alerts:
Gentoo 200609-01 2006-09-06
Debian DSA-1158-1 2006-08-25

Comments (none posted)

wireshark: several vulnerabilities

Package(s):wireshark CVE #(s):CVE-2006-4330 CVE-2006-4331 CVE-2006-4332 CVE-2006-4333
Created:August 25, 2006 Updated:November 2, 2006
Description: There are multiple problems in Wireshark, versions 0.7.9 to 0.99.2.
Alerts:
Red Hat RHSA-2006:0658-01 2006-09-12
Debian DSA-1171-1 2006-09-07
Gentoo 200608-26 2006-08-29
Fedora FEDORA-2006-936 2006-08-25
Mandriva MDKSA-2006:152 2006-08-25
rPath rPSA-2006-0158-1 2006-08-25

Comments (none posted)

X.org: local privilege escalations

Package(s):xorg-x11 CVE #(s):CVE-2006-4447
Created:August 28, 2006 Updated:April 30, 2007
Description: Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result. Local users could deliberately exceed their assigned resource limits and elevate their privileges after an unsuccessful set*uid() system call. This requires resource limits to be enabled on the machine.
Alerts:
Gentoo 200704-22 2007-04-27
Mandriva MDKSA-2006:160 2006-08-31
Gentoo 200608-25 2006-08-28

Comments (none posted)

Updated vulnerabilities

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

audacious: buffer overflow

Package(s):audacious CVE #(s):CVE-2006-3581 CVE-2006-3582
Created:August 2, 2006 Updated:September 13, 2006
Description: Audacious (prior to version 1.1.0) suffers from a buffer overflow which could be exploitable via a maliciously crafted media file.
Alerts:
Gentoo 200609-06 2006-09-12
Gentoo 200607-13 2006-07-29

Comments (none posted)

binutils: buffer overflow

Package(s):binutils CVE #(s):CVE-2005-4807
Created:August 17, 2006 Updated:October 19, 2006
Description: The GNU assembler (gas) in binutils is vulnerable to a buffer overflow. If a user can be tricked into assembling a specially crafted file with gcc or gas, arbitrary code can be executed with the privileges of the user.
Alerts:
Ubuntu USN-366-1 2006-10-18
Ubuntu USN-336-1 2006-08-16

Comments (3 posted)

binutils: buffer overflow

Package(s):binutils CVE #(s):CVE-2006-2362
Created:May 27, 2006 Updated:August 29, 2006
Description: The GNU Binutils has a buffer overflow vulnerability in libbfd. Maliciously crafted Tektronix Hex Format files with improper length characters can cause a crash and possibly lead to the execution of arbitrary code.
Alerts:
Mandriva MDKSA-2006:153 2006-08-28
Ubuntu USN-292-1 2006-06-09
OpenPKG OpenPKG-SA-2006.009 2006-05-26

Comments (none posted)

busybox: insecure password generation

Package(s):busybox CVE #(s):CVE-2006-1058
Created:May 5, 2006 Updated:May 2, 2007
Description: The BusyBox 1.1.1 passwd command does not use a proper salt when generating passwords. This would create an instance where a brute force attack could take very little time.
Alerts:
Red Hat RHSA-2007:0244-02 2007-05-01
Fedora FEDORA-2006-511 2006-05-04
Fedora FEDORA-2006-510 2006-05-04

Comments (2 posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

ktools: buffer overflow

Package(s):centericq CVE #(s):CVE-2005-3863
Created:December 7, 2005 Updated:August 29, 2006
Description: From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H Research Team discovered a buffer overflow in kkstrtext.h of the ktools library, which is included in (at least) centericq and motor.
Alerts:
Gentoo 200608-27 2006-08-29
Debian DSA-1088-1 2006-06-03
Debian DSA-1083-1 2006-05-31
Gentoo 200512-11 2005-12-20
Debian-Testing DTSA-23-1 2005-12-05

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:May 8, 2007
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):cyrus-sasl CVE #(s):CVE-2006-1721
Created:April 21, 2006 Updated:September 4, 2007
Description: Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:
Red Hat RHSA-2007:0878-01 2007-09-04
Red Hat RHSA-2007:0795-01 2007-09-04
SuSE SUSE-SA:2006:025 2006-05-05
Fedora FEDORA-2006-515 2006-05-04
Debian DSA-1042-1 2006-04-25
Mandriva MDKSA-2006:073 2006-04-24
Ubuntu USN-272-1 2006-04-24
Gentoo 200604-09 2006-04-21

Comments (none posted)

fbi: incorrect filtering

Package(s):fbi CVE #(s):CVE-2006-3119
Created:July 24, 2006 Updated:August 24, 2006
Description: Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file.
Alerts:
Gentoo 200608-22 2006-08-23
Debian DSA-1124-1 2006-07-24

Comments (none posted)

mozilla: multiple vulnerabilities

Package(s):firefox seamonkey thunderbird CVE #(s):CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812
Created:July 27, 2006 Updated:September 15, 2006
Description: This CERT advisory contains details on multiple vulnerabilities in Mozilla products, including Firefox, SeaMonkey and Thunderbird. The most serious vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system.
Alerts:
Debian DSA-1160-2 2006-09-15
Debian DSA-1161-2 2006-09-13
Debian DSA-1159-2 2006-09-08
Debian DSA-1161-1 2006-08-29
Debian DSA-1160-1 2006-08-29
Red Hat RHSA-2006:0594-02 2006-08-28
Debian DSA-1159-1 2006-08-28
Mandriva MDKSA-2006:146 2006-08-21
Mandriva MDKSA-2006:145 2006-08-21
Mandriva MDKSA-2006:143-1 2006-08-17
Mandriva MDKSA-2006:143 2006-08-16
SuSE SUSE-SA:2006:048 2006-08-16
Fedora FEDORA-2006-902 2006-08-09
Fedora FEDORA-2006-903 2006-08-09
Gentoo 200608-04 2006-08-03
Gentoo 200608-03 2006-08-03
Gentoo 200608-02 2006-08-03
Red Hat RHSA-2006:0609-01 2006-08-02
Ubuntu USN-327-2 2006-08-01
Ubuntu USN-329-1 2006-07-28
Red Hat RHSA-2006:0611-01 2006-07-28
Red Hat RHSA-2006:0610-01 2006-07-28
Slackware SSA:2006-208-01 2006-07-28
rPath rPSA-2006-0138-1 2006-07-27
Red Hat RHSA-2006:0608-01 2006-07-27
Ubuntu USN-327-1 2006-07-27
rPath rPSA-2006-0137-1 2006-07-26

Comments (none posted)

freeradius: several vulnerabilities

Package(s):freeradius CVE #(s):CVE-2005-4745 CVE-2005-4746
Created:August 8, 2006 Updated:April 24, 2007
Description: Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
Alerts:
Mandriva MDKSA-2007:092 2007-04-23
Debian DSA-1145-1 2006-08-08

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:October 10, 2007
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gdm: improper file permissions

Package(s):gdm CVE #(s):CVE-2006-1057
Created:April 19, 2006 Updated:May 2, 2007
Description: The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem.
Alerts:
Red Hat RHSA-2007:0286-02 2007-05-01
Mandriva MDKSA-2006:083 2006-05-09
Ubuntu USN-278-1 2006-05-03
Debian DSA-1040-1 2006-04-24
Fedora FEDORA-2006-338 2006-04-19

Comments (none posted)

gzip: arbitrary command execution

Package(s):gzip CVE #(s):CAN-2005-0758
Created:August 1, 2005 Updated:January 9, 2007
Description: zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names.
Alerts:
OpenPKG OpenPKG-SA-2007.002 2007-01-08
Mandriva MDKSA-2006:027 2006-01-30
Mandriva MDKSA-2006:026 2006-01-30
Fedora-Legacy FLSA:158801 2005-11-14
Fedora-Legacy FLSA:157696 2005-08-10
Ubuntu USN-161-1 2005-08-04
Ubuntu USN-158-1 2005-08-01

Comments (2 posted)

heartbeat: out-of-bounds read

Package(s):heartbeat CVE #(s):CVE-2006-3121
Created:August 15, 2006 Updated:August 25, 2006
Description: Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the subsystem for High-Availability Linux. This could be used by a remote attacker to cause a denial of service.
Alerts:
Gentoo 200608-23 2006-08-24
Ubuntu USN-335-1 2006-08-16
Debian DSA-1151-1 2006-08-15

Comments (none posted)

imagemagick: buffer overflow

Package(s):imagemagick CVE #(s):CVE-2006-4144
Created:August 17, 2006 Updated:August 29, 2006
Description: The imagemagick SGI file format decoder is vulnerable to a buffer overflow. If a user can be tricked into processing a specially crafted SGI image, arbitrary code may be executed with the privileges of the user.
Alerts:
Mandriva MDKSA-2006:155 2006-08-29
rPath rPSA-2006-0159-1 2006-08-29
Trustix TSLSA-2006-0048 2006-08-25
Red Hat RHSA-2006:0633-03 2006-08-24
Fedora FEDORA-2006-929 2006-08-23
Ubuntu USN-337-1 2006-08-16

Comments (none posted)

ImageMagick: heap overflow vulnerability

Package(s):ImageMagick CVE #(s):CVE-2006-2440
Created:May 25, 2006 Updated:September 5, 2006
Description: The ImageMagick DisplayImageCommand has a heap overflow vulnerability. If an maliciously created unexpanded glob is passed to ImageMagick, a heap overflow can result.
Alerts:
Debian DSA-1168-1 2006-09-04
Fedora FEDORA-2006-588 2006-05-24
Fedora FEDORA-2006-587 2006-05-24

Comments (none posted)

kdebase: privilege escalation

Package(s):kdebase CVE #(s):CVE-2006-2449
Created:June 15, 2006 Updated:August 28, 2006
Description: The KDE Display Manager(KDM) is vulnerable to a local symlink attack. A local user can use this to read arbitrary files that they do not have permission to access. See this KDE advisory for more information.
Alerts:
Fedora FEDORA-2006-942 2006-08-28
Debian DSA-1156-1 2006-08-27
Red Hat RHSA-2006:0576-01 2006-07-25
SuSE SUSE-SA:2006:039 2006-07-03
Slackware SSA:2006-178-01 2006-06-28
Gentoo 200606-23 2006-06-22
Fedora FEDORA-2006-726 2006-06-19
Fedora FEDORA-2006-725 2006-06-19
Mandriva MDKSA-2006:106 2006-06-15
Mandriva MDKSA-2006:105 2006-06-15
rPath rPSA-2006-0106-1 2006-06-15
Ubuntu USN-301-1 2006-06-14
Red Hat RHSA-2006:0548-01 2006-06-14

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:November 27, 2006
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):kernel CVE #(s):CVE-2006-2936
Created:July 17, 2006 Updated:November 14, 2007
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Mandriva MDKSA-2006:151 2006-08-25
Mandriva MDKSA-2006:150 2006-08-25
Ubuntu USN-331-1 2006-08-03
rPath rPSA-2006-0130-1 2006-07-17

Comments (none posted)

kernel: privilege escalation

Package(s):kernel-source-2.6.8 CVE #(s):CVE-2006-3626
Created:July 27, 2006 Updated:August 23, 2006
Description: The kernel process filesystem has a race condition that can be exploited for the purpose of privilege escalation. This affects multiple architectures.
Alerts:
Red Hat RHSA-2006:0617-01 2006-08-22
SuSE SUSE-SA:2006:049 2006-08-18
Debian DSA-1111-2 2006-07-26

Comments (1 posted)

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:September 8, 2006
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:
SuSE SUSE-SR:2006:022 2006-09-08
Gentoo 200608-21 2006-08-23
Ubuntu USN-334-1 2006-08-16
Fedora FEDORA-2006-905 2006-08-09
Mandriva MDKSA-2006:139 2006-09-09
Gentoo 200608-15 2006-08-10
rPath rPSA-2006-0150-1 2006-08-09
Red Hat RHSA-2006:0612-01 2006-08-08
Debian DSA-1146-1 2006-08-09

Comments (none posted)

libgadu: memory alignment bug

Package(s):libgadu CVE #(s):CAN-2005-2370
Created:July 29, 2005 Updated:June 25, 2007
Description: Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.
Alerts:
Debian DSA-813-1 2005-09-15
Red Hat RHSA-2005:627-01 2005-08-09
Debian DSA-769-1 2005-07-29

Comments (none posted)

libgd2: denial of service

Package(s):libgd2 CVE #(s):CVE-2006-2906
Created:June 14, 2006 Updated:January 16, 2007
Description: Certain GIF images can cause libgd2 to go into an infinite loop, adversely affecting the performance of image processing applications.
Alerts:
rPath rPSA-2007-0008-1 2007-01-15
Debian DSA-1117-1 2006-07-21
Mandriva MDKSA-2006:113 2006-06-27
Mandriva MDKSA-2006:112 2006-06-27
Ubuntu USN-298-1 2006-06-13

Comments (none posted)

libmms: buffer overflows

Package(s):libmms CVE #(s):CVE-2006-2200
Created:July 6, 2006 Updated:December 25, 2006
Description: Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program.
Alerts:
Slackware SSA:2006-357-05 2006-12-25
Gentoo 200607-07 2006-07-20
Mandriva MDKSA-2006:121 2006-07-12
Mandriva MDKSA-2006:117-1 2006-07-12
Ubuntu USN-315-1 2006-07-12
Mandriva MDKSA-2006:117 2006-07-06
Ubuntu USN-309-1 2006-07-05

Comments (none posted)

libpam-ldap: authentication bypass

Package(s):libpam-ldap CVE #(s):CAN-2005-2641
Created:August 25, 2005 Updated:October 6, 2006
Description: libpam-ldap, the PAM LDAP interface, has a vulnerability in which it fails to authenticate with an LDAP server which is not configured properly, allowing an authentication bypass.
Alerts:
rPath rPSA-2006-0183-1 2006-10-05
Mandriva MDKSA-2005:190 2005-10-20
Gentoo 200508-22 2005-08-31
Debian DSA-785-1 2005-08-25

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:November 17, 2006
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libtiff: buffer overflows

Package(s):libtiff CVE #(s):CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465
Created:August 2, 2006 Updated:September 5, 2006
Description: An audit of the libtiff library (done by Tavis Ormandy at Google) turned up several buffer overflow vulnerabilities.
Alerts:
Red Hat RHSA-2006:0648-01 2006-08-28
Slackware SSA:2006-230-01 2006-08-18
Gentoo 200608-07 2006-08-04
Ubuntu USN-330-1 2006-08-02
Red Hat RHSA-2006:0603-01 2006-08-02
Debian DSA-1137-1 2006-08-02
rPath rPSA-2006-0142-1 2006-08-01
Mandriva MDKSA-2006:136 2006-08-01
Mandriva MDKSA-2006:137 2006-08-01
Fedora FEDORA-2006-877 2006-08-02
Fedora FEDORA-2006-878 2006-08-02

Comments (none posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14
Red Hat RHSA-2008:0848-01 2008-08-28
CentOS CESA-2008:0848 2008-08-30

Comments (none posted)

libvncserver: authentication bypass

Package(s):libvncserver CVE #(s):CVE-2006-2450
Created:August 4, 2006 Updated:March 19, 2007
Description: LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the server.
Alerts:
Gentoo 200703-19 2007-03-18
Gentoo 200608-12 2006-08-07
Gentoo 200608-05 2006-08-04

Comments (none posted)

libwmf: integer overflow

Package(s):libwmf CVE #(s):CVE-2006-3376
Created:July 13, 2006 Updated:November 6, 2006
Description: libwmf, a library that is used for processing Windows MetaFile vector graphics files, has an integer overflow vulnerability.
Alerts:
OpenPKG OpenPKG-SA-2006.031 2006-11-06
Debian DSA-1194-1 2006-10-09
Gentoo 200608-17 2006-08-10
Ubuntu USN-333-1 2006-08-09
Mandriva MDKSA-2006:132 2006-07-28
Fedora FEDORA-2006-831 2006-07-18
Fedora FEDORA-2006-832 2006-07-18
Fedora FEDORA-2006-805 2006-07-12
Fedora FEDORA-2006-804 2006-07-12

Comments (none posted)

mutt: IMAP namespace buffer overflow

Package(s):mutt CVE #(s):CVE-2006-3242
Created:June 28, 2006 Updated:October 24, 2006
Description: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. See this Secunia advisory for more information.
Alerts:
Fedora FEDORA-2006-1061 2006-10-24
Slackware SSA:2006-207-01 2006-07-27
OpenPKG OpenPKG-SA-2006.013 2006-07-15
SuSE SUSE-SR:2006:016 2006-07-14
Red Hat RHSA-2006:0577-01 2006-07-12
Debian DSA-1108-1 2006-07-11
Fedora FEDORA-2006-761 2006-06-29
Fedora FEDORA-2006-760 2006-06-29
Trustix TSLSA-2006-0038 2006-06-30
rPath rPSA-2006-0116-1 2006-06-29
Mandriva MDKSA-2006:115 2006-06-28
Gentoo 200606-27 2006-06-28
Ubuntu USN-307-1 2006-06-28

Comments (none posted)

mysql: format string bug

Package(s):mysql CVE #(s):CVE-2006-3469
Created:July 21, 2006 Updated:July 30, 2008
Description: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Slackware SSA:2006-211-01 2006-07-31
Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

ncompress: buffer underflow

Package(s):ncompress CVE #(s):CVE-2006-1168