Updating the Creative Commons Licenses
September 20, 2006
By Pamela Jones, Editor of Groklaw
It isn't just the GPL that is being updated. Creative Commons is working on
changes to its licenses also, and for some of the same reasons. It was
announced
early in August that changes were in the works, and you can read the
proposed draft language on that page, and while it was hoped that the
license would be finished by the beginning of September, the discussions
continue on the CC public discussion board. A major sticking point? What
to do about DRM.
There is already an anti-DRM clause in the Creative Commons licenses which
reads like this:
You may not distribute,
publicly display, publicly perform, or publicly digitally perform the
Work with any technological measures that control access or use of
the Work in a manner inconsistent with the terms of this License
Agreement.
What is proposed are some amendments to clarify
the language, but some, particularly in the Debian camp, worried that the
language in the draft was inconsistent with the Debian Free Software
Guidelines, and instead proposed a kind of parallel distribution
clause, in order to give programmers freedom to code for both open and
closed systems.
Creative Commons project lead Mia Garlick opened the
topic up for discussion.
Some find it ridiculous to argue that the way to promote freedom is by
allowing DRM, with its potential to take CC works and close them off. They
see DRM as the fast track to destroying the share-alike community that
Creative Commons authors are choosing to be a part of. The whole point of
having such a license, after all, is precisely to avoid the sort of total
freedom to do whatever
you wish with the work, as would be possible by the author choosing to
release into the public domain.
As one comment put it, allowing DRM on CC'd works in the name of
freedom is like saying the way to promote democracy is to vote in a
dictator.
And so the upgrading to CC version 3.0 is going through a
similar discussion as the GPLv3. Because of the opposition, the dual
license idea isn't currently in the draft, as Garlick explained:
Consequently, CC is currently not proposing to include this new
parallel distribution language as part of version 3.0; however,
because it is not clear whether the Debian community will declare the
CC licenses DFSG-free without it and because it represents an
interesting proposal, we felt that it was appropriate to circulate
the proposal as part of the public discussions of version
3.0.
It's a fascinating discussion, and polite. If you
wish to join in, here's where
you go. You must subscribe
to post a comment.
To get up to speed on what has already been
discussed, here's
a PDF that summarizes the discussion so far, along with Creative
Commons' reactions to various suggestions, available here.
The Debian point of view, as far as I can see, is being expressed by
Evan Prodromou, and the contrary view by many, but outstandingly by Rob
Meyers and Greg London. You can find the archives by author here. My
best suggestion would be to start
here, and just click on "next message" for a while to follow the
discussion in a straight line. At that starting link, London suggests
making sure "DRM can't be used to take a work private
or set someone up as sole source for DRM-versions
of works," and Meyers answers
Prodromou's expressed concerns about "licensees being free to distribute
works in their format of choice." Prodromou expresses
this worry:
Sony's not going to change their platform for
us. They're just not.
Millions of users aren't going to throw out their PS2's because they
can't play Free Content games on them. It's not going to happen. So the
question becomes whether we're going to hamstring Free Software
developers who want to port to this kind of platform. What purpose does
it serve, besides restricting the freedom of those developers?
Again, I'll contrast to Free Software applications running on
proprietary operating systems. If the GPL had forbidden running or
developing a Free app on a propriety OS, there would be no Free Software
today.
Letting people make their own accommodations with the increasingly DRM'd
world means we will see Free Content on more platforms, not less.
Turning up our nose and saying that our content is too good for DRM'd
platforms won't stop DRM; it'll just impede the distribution of Free
Content.
I don't like DRM. I think it sucks. But license provisions are the wrong
place to fight it.
He amplifies
in this comment:
There are millions of people who have
game consoles, text readers, and music players that require some sort of
DRM. And even if it's just one person who can't use a work on one piece
of hardware, it's still wrong.
Of course, that's when the
discussion gets really interesting. Meyers points
out:
Embracing DRM will not move the movement
forward. Unless you spin it
180 degrees.
My son tells me that Sony are now allowing people to play vanilla
MPEGs on PSPs. So problem solved. We don't need a blanket DRM
permission to use free culture on PSPs.
When one comment states,
"That's why pleas for DRM are *not* pleas for user freedom," Prodromou
argues,
Parallel distribution doesn't restrict freedom. It gives *at
least* the
same freedoms as distributing in an unencumbered format, *plus* the
freedom to run on a DRM-only platform. That's more freedom, not less.
To
which London responds:
If it means you can put FLOSS work on an DRM-only
player, and you can't play non-DRM versions on the player,
and you cant even legally convert your works to a
DRM-compatible format without paying iSuck Corp a lot
of money, then the barn door is open and it's only
a question of when the wolves are coming in.
Another issue, and again this is identical to efforts in GPLv3, is to
internationalize the license. The CC proposed solution is this, according
to the August announcement:
Another big feature of version 3.0
is that we will be spinning off
what has been called the "generic" license to now be the US license
and have crafted a new "generic" license that is based on the
language of international IP treaties and takes effect according to
the national implementation of those treaties. This may only be
something that gets IP lawyers excited but I thought it might be good
to share this draft with the community as well in order to ensure
full transparency and in case people were interested and/or had any
comments.
And finally, there is discussion
on just what the definition of "noncommercial" is.
I would suggest that you
take the time to read all the comments
themselves in August and September, though, and not just rely on the PDF
summary, as there is already a comment
indicating the summary didn't get every point precisely as the commenter
intended. Besides, figuring out the appropriate response to DRM is a very
important task, one the community needs to get right.
Comments (6 posted)
WOS4: Lawrence Lessig on read/write culture
Lawrence Lessig appeared at the third edition of the Wizards of OS to
launch Creative Commons Germany. He returned at
WOS4, instead,
to talk about free culture. As it turns out, Mr. Lessig has
![[Lawrence Lessig]](/images/conf/wos4/lessig1-sm.jpg)
recently moved to Berlin to spend the next year working on his next book,
so there may well be other opportunities for the locals to hear him speak.
For the rest of us, though, it was a rare treat.
He started by talking about the composer John Phillip Sousa, who had
expressed frustration (to a Congressional committee) with the "talking
machines" which were just becoming
common in his time. These machines, he feared, would turn the public into
mere listeners, rather than people who participated in the creation of
music. Many years later, Mr. Lessig notes, this "read-only" approach to
culture has indeed taken over, especially in the U.S.
The talk then shifted to the founding of the U.S. Republican party, which
was based, at that time, on the idea of "free labor." Working for others
was seen as a form of indentured slavery - especially given the kind of
labor contracts which were in use at that time. The idea motivating the
Republicans was a vision of a country where people owned their own means of
production and worked for themselves. Needless to say, things did not work
out that way. Industrialization pushed the economy in a different
direction, and, by the 1870's, 70% of the workers in the U.S. were
employees. Free labor, he says, is a "fantasy" now.
The idea is beginning to come back, however, as the net is enabling more
people to own their own production equipment. We are also seeing similar
trends in politics - the 20th century mode of being told what to think by
politicians on the television is giving way to a blog-driven participatory
democracy. It's becoming a read-write system. And that, Mr. Lessig says, is
how things have been for most of our history; the 20th century was an
aberration in this regard.
Moving back to culture, Lessig noted that the Internet can enable both
read-only and read-write culture. In the read-only mode, the net is a
channel by which we can consume culture created elsewhere. The classic
example here would be iTunes, which allows the purchase of music for
specific devices, to be used in specific ways. The Internet can be a way of
perfecting the control held by content owners.
But it need not be that way.
To demonstrate the read-write alternative, he showed a few videos taken
from the net. These varied from silly works involving reworked anime clips
set to music rather different from that used by the original creators
through to highly political pieces. Something to offend everybody - but
highly amusing. Text, says Lessig, is "the Latin of our time"; video is
the way to communicate in this era. Unfortunately, many of the videos he
showed have been subjected to takedown notices and other attacks from
copyright holders. Lessig also mentioned a film which won a prize at
Cannes; it was made for all of $218, but then the creator was faced with a
$400,000 bill to clear the rights for the background music used.
There are many differences between the read-only and read-write views of
culture, starting with the way that the read-write view departs from the
"couch potato" mode. Read-write culture is a participatory medium. The
read-write culture is also far larger, by almost any measure. It certainly
involves more people, but it can also be economically larger.
Unfortunately, current copyright law heavily favors the read-only mode. It
controls the right to make copies, but, in the digital world, any use of a
work involves copying it. So every use requires permission. Content
holders are making full use of this legal view, which, in the end, means
they have control over how people use culture.
Copyright law, in other words, conflicts with the read-write net. It
smothers it.
Jack Valenti described "piracy" as his own terrorist war. We are, it
seems, fighting a war where the terrorists are our own children. And the
tools which are being deployed in this war, in the name of stopping piracy,
are also killing read-write culture.
So what do we do about all this? The first step, says Lessig, is to enable
free culture in any way we can. And that requires building free tools.
The free software community, for all of its successes, has not yet
succeeded in building a comprehensive set of friendly tools which can be
used by artists. We need to fight DRM in any way we can, support free
codecs and protocols to the greatest extent possible, and support free
software everywhere.
We must also build a legal platform for free culture. The Creative Commons
license is aimed at that goal. It seems to be having some success; by one
measure, there are now as many as 140 million CC-licensed works
available on the net.
Finally, Lessig says, we must reach out and support the creation of free
culture on proprietary platforms. In particular, the estimated one million
Flash developers should be brought into the read-write world. That
involves encouraging them to share their code, putting "view source"
buttons on Flash products, etc. By reaching out to these people, we'll
grow the support for free culture, and, ultimately, free platforms. Free
software, he says, was not initially built on free platforms; free culture
will need to take a similar path.
In summary, says Lessig, the 20th century is best described as the
"weirdest century." But it's over. If we can grow the free culture
movement, we will enter truly into the read-write world, and we'll all be
richer for it.
During the question period, Mr. Lessig was asked what he thought of Richard
Stallman's refusal to support the Creative Commons licenses. The day of
that announcement, he responded, was one of the most depressing of his
life. He stands by the Creative Commons licenses, however. The artistic
community still has not really had the discussion of what rights it needs
to be truly free. There is no artistic equivalent to the "four freedoms"
for software. Until that discussion has happened, the Creative Commons can
only defer to the free-culture friendly musicians it is working with
(Gilberto Gil was mentioned) and go with what they suggest. Mr. Lessig
does not feel that he knows better, and will not try to force a particular
vision of freedom on them - even if it means losing Richard Stallman's
support.
The question was asked: don't the Creative Commons licenses constitute an
admission that many of the rights often claimed under fair use do not
actually exist, since those rights must be codified separately in a
license? That can be a problem, he responded, which is why these licenses
have always been written as a grant of additional rights beyond all of
those already permitted by law. In the end, it comes down to a choice of
trying to build this legal platform, or doing nothing at all; they chose to
act.
Comments (16 posted)
WOS4: Quality management in free content
One problem which must be faced by any cooperative project is that of
quality management. If anybody can contribute to a work, how can a project
ensure that its output is up to the standards it has set for itself? A
Wizards of
OS 4 panel session on this topic highlighted three very different
approaches to this issue.
Ullrich Pöschl, a researcher at the Max Planck Institute for Chemistry, is
trying to address a number of problems with the scientific publishing
world. Publication is crucial to scientists - it is, in the end, the one
concrete result from their work which matters. But the process to
publication is long and frustrating, and can often be hampered by personal
agendas and scientific conservatism. Your editor who, in a previous life,
actually published a paper in a
refereed journal can attest to what a
painful process it can be. There are also problems with scientific fraud
and (much more often) plain old carelessness. Scientists, in their rush to
get their work out, will often not take the time to produce work of the
needed quality. Quite a few papers are published which contribute little
and actually dilute the pool of scientific knowledge.
On the other side, scientific journals are tremendously expensive, and they
publish last year's work. There are a lot of pressures for faster - and
more open - access to scientific results. It seems that a more open
approach would benefit everybody, but only if the quality level can be
maintained.
Ullrich is a founder of a relatively new journal (Atmospheric Chemistry
and Physics) which has set out to demonstrate a
new approach to scientific publication. This journal has retained much of
the classic scientific publication process - every paper is still reviewed by
anonymous referees whose questions must be answered to the editor's
satisfaction. Where things differ is in the openness of the process.
When a paper is submitted, as long as it's not complete junk, it will be
immediately published as a "discussion paper" on the journal's web site. It is
clearly marked as an unreviewed paper, not to be taken as definitive
results at that time. While the referees are reviewing the paper, others
can post comments and questions as well. These others are limited to "registered
scientists," since the desire is to keep the conversation at a high level.
The comments become part of the permanent record stored with the paper, and
they can, at times, be cited by others in their own right. The editor will
consider outside comments when deciding whether the paper is to be accepted
and what revisions are to be required.
After using this process for five years, Atmospheric Chemistry and Physics
has the highest level of citations in the field. Citations are important
in the scientific world: they are an indication that a given set of
research results has helped and inspired discoveries elsewhere. The high
level of citations here indicates that this publication process is
succeeding in attracting high-level papers and filtering out the less
useful submissions.
Things are at an early stage - out of approximately 7,000 scientific
journals, about five are currently publishing with this sort of technique.
Others are interested, however, and that number can be expected to grow in
the future.
Martin Haase then took the podium to talk about quality management in
Wikipedia. While Wikipedia is a useful resource, there have been a number
of well-reported problems. Some articles can be flat-out wrong, or,
sometimes, distorted to meet somebody's political goals. Maintaining and
improving Wikipedia's reputation will require getting a handle on
these problems.
Some measures being taken by Wikipedia are:
- Putting restrictions on anonymous access. In particular, anonymous
editors cannot create new articles.
- Getting a better handle on attribution of work. Wikipedia maintains
an article editing history now, and has lists of contributors. Some
people, it seems, have been surprised to learn this, and have
changed the style of their contributions afterward.
- A two-level reviewing process. Articles which have been heavily
reviewed and deemed to be correct can be designated as "featured"
articles. This process, however, turns out to be slow, so a new, less
rigorous "good article" designation has been created as well.
- Specific metadata about validation is being added to articles.
- There is a mechanism for creating permanent links to specific
versions of articles. These links can be used by outside sites to
link to a "known good" version of an article with no need to worry
about what subsequent changes could bring.
While agreeing that improving the quality of Wikipedia articles will be a
never-ending process, Martin seems to think that the measures being taken
will move things in the right direction. He warned explicitly about
"expertism" - requiring that articles be written by experts in the field.
It can be hard for experts to write articles for people who are unfamiliar
with the field - their work tends to be jargon-heavy and written at the
wrong level. They also tend to run in schools, and expert-written
articles tend to reflect the views of one school only. Limiting
contributions to experts would, in Mr. Haase's view, rob Wikipedia of much
of its usefulness.
The third panelist, Larry Sanger, disagrees. Larry was a part of the
creation of Wikipedia, but has since fallen out with that project. So,
while claiming to be a "big fan of Wikipedia," he spent much time
criticizing it. Wikipedia, he says, was meant to be the wild side
of Nupedia, it was never supposed to be the whole thing. With only
half of the original design, he says, it is not surprising that things have
gone wrong.
So what has gone wrong? According to Larry, the Wikipedia rules are not
enforced uniformly, leading to lots of abuses. Anonymous editing attracts
trolls and other people whose main purpose is not the creation of a
top-quality encyclopedia. The Wikipedia community is insular and hard to
join. And there is no place for academics, people who are experts in
their field. Wikipedia people may fear expertism, but Larry, instead, is
on a campaign against amateurism. This amateurism, he says, is behind many of the
problems with Wikipedia, but the community will not recognize these
problems, and, thus, he says, will never fix them.
So Larry is going to fork Wikipedia. His project, called The Citizendium, will, he says, be very
different. It will start out very much the same, however: the same
software, and copies of all the Wikipedia articles. Those articles will
track changes to their Wikipedia equivalents until they are changed
locally, at which point they will become a hard fork. There are no plans
to fork the software. In essence, the Citizendium intends to make full use
of Wikipedia's free licensing (as is its right) to bootstrap the new site,
and only move away from Wikipedia content when and where it feels it has
something better to offer.
There will be some distinct roles for members of the Citizendium project. People who
are deemed to be sufficiently expert in a given field will be called
"editors"; regular contributors will be expected to defer to the editors in
their field of expertise. These editors will be self-selecting, but they
must publicly state their credentials. Editors can mark an article as
being "approved," indicating that, in their opinion, it has reached a
certain level of quality.
There will be no anonymous editing allowed in the Citizendium, and no
pseudonyms either. All contributors must work under their own names.
There will be a number of rules on how contributors and editors are
supposed to work, with quick expulsion from the project for those who do
not follow them. To that end, there will also be "constables," whose job
is to enforce these rules.
There are vague plans for a meeting to draft and approve the charter under which
the project operates. For now, however, the Citizendium is very much Larry
Sanger's project, with goals and processes set by him. Whether it will be
able to build a community and maintain it while keeping quality high
remains to be seen.
Comments (15 posted)
Page editor: Jonathan Corbet
Security
Fuzz testing
September 20, 2006
This article was contributed by Jake Edge.
Providing random or semi-random data to a program to see what happens is
an excellent black-box testing technique known as
fuzzing. Programs that
generate this data are, unsurprisingly, called fuzzers and are a potent
tool for folks doing penetration or other kinds of testing. After
sitting through some interesting presentations at this summer's
Black Hat Briefings, it seems like a good opportunity for an overview
of fuzzing and some pointers to tools, techniques and research.
Generating bad input for programs is a time-honored tradition for test
engineers, but human generated test cases tend to contain fewer tests
than a fuzzer can produce. In addition, test engineers may make
implicit assumptions about the kind of data that can or will be fed into
a program where an automated, brainless fuzzer will just try anything.
The simplest fuzzer will just send random bytes of data to a
program and see what, if anything, happens. It might also vary the length
of the data that it sends to explore buffer length issues and the like.
More sophisticated fuzzers extend those simple techniques with more
domain specific data. A fuzzer targeted at web applications might
generate GET and POST queries using (and abusing) the variables that
the form or page submits as well as adding in some random variables and
values. A fuzzer targeting a web browser might generate random input that
conformed to HTML syntax, with random tags and attributes as well as abusing
the defined tags. This domain specific approach tends to yield better
results by limiting the search space but that can lead to some of the same
implicit assumption problems that are prevalent in human generated
tests. A combination of both simple and complex fuzzing is likely the
best approach.
Open source tools for fuzzing various applications and protocols are
available; Jack Koziol provides a nice, but not exhaustive,
list.
While it is not specifically a fuzzer, one must mention
Metasploit, the swiss army knife of
penetration testing, which provides a framework for all kinds of exploit
testing. It would appear that the Ruby language is gaining some traction
for penetration testing as Metasploit has been rewritten in Ruby for its
next version and
RFuzz provides a nice library
for web application fuzzing. Most other popular languages (C, Perl, Python,
Java) are represented as well.
Researchers at the University of Central Florida are trying to take fuzzing
a step further by using information about what portions of the code
were exercised by various inputs and whether they led to program crashes
to drive a
genetic
algorithm that 'optimizes' for inputs that are likely to cause
crashes. Obviously, this is no longer black-box testing, but it could be
a fairly useful technique for projects that are looking for vulnerabilities
in their own code. Slides from the Black Hat presentation are available
here
(PDF).
An input source that is often overlooked is data files. Because these files
are often generated by a program, it is easy to write code that
blindly believes what a data file says; this mistake has led
to many exploits. Dan Kaminsky briefly talked about data format fuzzing in
his "Black Ops 2006" presentation. He presented some ideas from his research
into automated recognition of formats for the purposes of fuzzing them.
Just feeding a random stream of bytes into a program meant to read a specific
format is less likely to cause it to fail. With some rudimentary understanding
of the format and fuzzing within that framework, much more interesting
program failures can be provoked. Dan's slides are available
here,
unfortunately in PowerPoint format, but readable by OpenOffice.org.
Internationalization (i18n) is another potentially exploitable area for many
applications. Scott Stender presented some ideas on fuzzing i18n data
at Black Hat, in particular using Unicode representations to get bad data
past validators when different levels of the application handle character
encodings differently. He gave some explicit examples of input that might
validate within a web application, but be interpreted differently by a database
leading to various kinds of misbehavior. His slides are
here
(PDF).
Fuzzing can be used to find all kinds of security issues with a program:
buffer overflows, SQL injection, cross-site scripting, denial of service,
etc. It is, of course, no silver bullet. It is just a powerful
technique to help a developer or tester pinpoint areas where input
validation and filtering are not working and to give some level of confidence
that validation is working in other areas.
Comments (5 posted)
New vulnerabilities
bomberclone: information disclosure and denial of service
| Package(s): | bomberclone |
CVE #(s): | CVE-2006-4005
CVE-2006-4006
|
| Created: | September 19, 2006 |
Updated: | September 20, 2006 |
| Description: |
Luigi Auriemma discovered two security related bugs in bomberclone, a free
Bomberman clone. The program copies remotely provided data unchecked which
could lead to a denial of service via an application crash. Bomberclone
uses remotely provided data as length argument which can lead to the
disclosure of private information. |
| Alerts: |
|
Comments (1 posted)
dokuwiki: arbitrary command execution
| Package(s): | dokuwiki |
CVE #(s): | CVE-2006-4674
CVE-2006-4675
CVE-2006-4679
|
| Created: | September 15, 2006 |
Updated: | September 20, 2006 |
| Description: |
"rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR
HTTP header, allowing the injection of arbitrary contents - such as PHP
commands - into a file. Additionally, the accessory scripts installed
in the "bin" DokuWiki directory are vulnerable to directory traversal
attacks, allowing to copy and execute the previously injected code. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | mozilla firefox thunderbird |
CVE #(s): | CVE-2006-4565
CVE-2006-4566
CVE-2006-4571
CVE-2006-4253
CVE-2006-4567
CVE-2006-4568
CVE-2006-4569
|
| Created: | September 15, 2006 |
Updated: | November 14, 2006 |
| Description: |
Two flaws were found in the way Firefox/Thunderbird processed certain regular
expressions. A malicious web page/HTML email could crash the browser or
possibly execute arbitrary code as the user running
Firefox/Thunderbird. (CVE-2006-4565, CVE-2006-4566)
A number of flaws were found in Firefox/Thunderbird. A malicious web
page/HTML email could crash the browser or possibly execute arbitrary code
as the user running Firefox/Thunderbird. (CVE-2006-4571)
A flaw was found in the handling of JavaScript timed events. A malicious
web page could crash the browser or possibly execute arbitrary code as the
user running Firefox/Thunderbird. (CVE-2006-4253)
A flaw was found in the Firefox/Thunderbird auto-update verification
system. An attacker who has the ability to spoof a victim's DNS could get
Firefox to download and install malicious code. In order to exploit this
issue an attacker would also need to get a victim to previously accept an
unverifiable certificate. (CVE-2006-4567)
Firefox did not properly prevent a frame in one domain from injecting
content into a sub-frame that belongs to another domain, which facilitates
website spoofing and other attacks (CVE-2006-4568)
Firefox did not load manually opened, blocked popups in the right domain
context, which could lead to cross-site scripting attacks. In order to
exploit this issue an attacker would need to find a site which would frame
their malicious page and convince the user to manually open a blocked
popup. (CVE-2006-4569) |
| Alerts: |
|
Comments (none posted)
ffmpeg: buffer overflows
| Package(s): | ffmpeg |
CVE #(s): | CVE-2006-4799
CVE-2006-4800
|
| Created: | September 14, 2006 |
Updated: | May 28, 2007 |
| Description: |
the AVI processing code in FFmpeg has a number of buffer overflow
vulnerabilities.
If an attacker can trick a user into loading a specially crafted
crafted AVI, arbitrary code can be executed with the user's privileges. |
| Alerts: |
|
Comments (2 posted)
gdb: buffer overflow
| Package(s): | gdb |
CVE #(s): | CVE-2006-4146
|
| Created: | September 15, 2006 |
Updated: | June 12, 2007 |
| Description: |
A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU
Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to
execute arbitrary code via a crafted file with a location block
(DW_FORM_block) that contains a large number of operations. |
| Alerts: |
|
Comments (none posted)
gnutls: signature forge vulnerability
| Package(s): | gnutls |
CVE #(s): | CVE-2006-4790
|
| Created: | September 14, 2006 |
Updated: | September 26, 2006 |
| Description: |
GnuTLS has a vulnerability with PKCS #1 v1.5 signatures.
If an RSA key with exponent 3 is used, an attacker may be able to
forge a PKCS #1 v1.5 signature. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | June 1, 2007 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | December 3, 2007 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
nss: signature forgery vulnerability
| Package(s): | nss |
CVE #(s): | CVE-2006-4340
|
| Created: | September 15, 2006 |
Updated: | October 18, 2006 |
| Description: |
Daniel Bleichenbacher recently described an implementation error in RSA
signature verification. For RSA keys with exponent 3 it is possible for an
attacker to forge a signature that which would be incorrectly verified by
the NSS library. |
| Alerts: |
|
Comments (1 posted)
usermin: programming error
| Package(s): | usermin |
CVE #(s): | CVE-2006-4246
|
| Created: | September 15, 2006 |
Updated: | September 20, 2006 |
| Description: |
Hendrik Weimer discovered that it is possible for a normal user to
disable the login shell of the root account via usermin, a web-based
administration tool. |
| Alerts: |
|
Comments (none posted)
zope2.7: information disclosure
| Package(s): | zope2.7 |
CVE #(s): | CVE-2006-4684
|
| Created: | September 14, 2006 |
Updated: | September 20, 2006 |
| Description: |
Version 2.7 of Zope has an information disclosure vulnerability.
The csv_table directive is not disabled in web pages containing ReST
markup. Files that the Zope server has access to can be exposed. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
AlsaPlayer: multiple buffer overflows
| Package(s): | alsaplayer |
CVE #(s): | CVE-2006-4089
|
| Created: | August 28, 2006 |
Updated: | September 19, 2006 |
| Description: |
AlsaPlayer contains three buffer overflows: in the function that handles
the HTTP connections, the GTK interface, and the CDDB querying mechanism.
An attacker could exploit the first vulnerability by enticing a user to
load a malicious URL resulting in the execution of arbitrary code with the
permissions of the user running AlsaPlayer. |
| Alerts: |
|
Comments (none posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
audacious: buffer overflow
| Package(s): | audacious |
CVE #(s): | CVE-2006-3581
CVE-2006-3582
|
| Created: | August 2, 2006 |
Updated: | September 13, 2006 |
| Description: |
Audacious (prior to version 1.1.0) suffers from a buffer overflow which could be exploitable via a maliciously crafted media file. |
| Alerts: |
|
Comments (none posted)
bind: denial of service
| Package(s): | bind |
CVE #(s): | CVE-2006-4095
CVE-2006-4096
|
| Created: | September 7, 2006 |
Updated: | February 1, 2007 |
| Description: |
Bind has two denial of service vulnerabilities.
Recursive servers queries for SIG records will trigger an assertion
failure if more than one RR set is returned.
An INSIST failure can be triggered by sending a large number of
recursive queries. |
| Alerts: |
|
Comments (none posted)
binutils: buffer overflow
| Package(s): | binutils |
CVE #(s): | CVE-2005-4807
|
| Created: | August 17, 2006 |
Updated: | October 19, 2006 |
| Description: |
The GNU assembler (gas) in binutils is vulnerable to a buffer overflow.
If a user can be tricked into assembling a specially crafted file with
gcc or gas, arbitrary code can be executed with the privileges of the user. |
| Alerts: |
|
Comments (3 posted)
busybox: insecure password generation
| Package(s): | busybox |
CVE #(s): | CVE-2006-1058
|
| Created: | May 5, 2006 |
Updated: | May 2, 2007 |
| Description: |
The BusyBox 1.1.1 passwd command does not use a proper salt when generating
passwords. This would create an instance where a brute force attack could
take very little time. |
| Alerts: |
|
Comments (2 posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
capi4hylafax: missing input sanitizing
| Package(s): | capi4hylafax |
CVE #(s): | CVE-2006-3126
|
| Created: | September 1, 2006 |
Updated: | October 18, 2006 |
| Description: |
Lionel Elie Mamane discovered a security vulnerability in capi4hylafax,
tools for faxing over a CAPI 2.0 device, that allows remote attackers to
execute arbitrary commands on the fax receiving system. |
| Alerts: |
|
Comments (none posted)
cheesetracker: buffer overflow
| Package(s): | cheesetracker |
CVE #(s): | CVE-2006-3814
|
| Created: | September 4, 2006 |
Updated: | October 27, 2006 |
| Description: |
Luigi Auriemma discovered a buffer overflow in the loading component
of cheesetracker, a sound module tracking program, which could allow a
maliciously constructed input file to execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | May 8, 2007 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
| Package(s): | cyrus-sasl |
CVE #(s): | CVE-2006-1721
|
| Created: | April 21, 2006 |
Updated: | September 4, 2007 |
| Description: |
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service. An attacker could possibly
exploit this vulnerability by sending specially crafted data stream to the
Cyrus-SASL server, resulting in a Denial of Service even if the attacker is
not able to authenticate. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
Comments (none posted)
flash-plugin: arbitrary code execution
| Package(s): | flash-plugin |
CVE #(s): | CVE-2006-3311
CVE-2006-3587
CVE-2006-3588
|
| Created: | September 13, 2006 |
Updated: | October 5, 2006 |
| Description: |
Security issues were discovered in the Adobe Flash Player. It may be
possible to execute arbitrary code on a victim's machine if the victim
opens a malicious Adobe Flash file. |
| Alerts: |
|
Comments (none posted)
freeradius: several vulnerabilities
| Package(s): | freeradius |
CVE #(s): | CVE-2005-4745
CVE-2005-4746
|
| Created: | August 8, 2006 |
Updated: | April 24, 2007 |
| Description: |
Several remote vulnerabilities have been discovered in freeradius, a
high-performance RADIUS server, which may lead to SQL injection or denial
of service. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | October 10, 2007 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gdm: improper file permissions
| Package(s): | gdm |
CVE #(s): | CVE-2006-1057
|
| Created: | April 19, 2006 |
Updated: | May 2, 2007 |
| Description: |
The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
ImageMagick: buffer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2006-3743
CVE-2006-3744
|
| Created: | September 6, 2006 |
Updated: | September 26, 2006 |
| Description: |
The latest set of buffer overflow vulnerabilities in ImageMagick can be found in the Sun Raster and XCF decoders. |
| Alerts: |
|
Comments (2 posted)
isakmpd: programming error
| Package(s): | isakmpd |
CVE #(s): | CVE-2006-4436
|
| Created: | September 13, 2006 |
Updated: | September 13, 2006 |
| Description: |
A flaw has been found in isakmpd, OpenBSD's implementation of the
Internet Key Exchange protocol, that caused Security Associations to be
created with a replay window of 0 when isakmpd was acting as the
responder during SA negotiation. This could allow an attacker to
re-inject sniffed IPsec packets, which would not be checked against the
replay counter. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service by memory consumption
| Package(s): | kernel |
CVE #(s): | CVE-2006-2936
|
| Created: | July 17, 2006 |
Updated: | November 14, 2007 |
| Description: |
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: denial of service
| Package(s): | libgd2 |
CVE #(s): | CVE-2006-2906
|
| Created: | June 14, 2006 |
Updated: | January 16, 2007 |
| Description: |
Certain GIF images can cause libgd2 to go into an infinite loop, adversely affecting the performance of image processing applications. |
| Alerts: |
|
Comments (none posted)
libmms: buffer overflows
| Package(s): | libmms |
CVE #(s): | CVE-2006-2200
|
| Created: | July 6, 2006 |
Updated: | December 25, 2006 |
| Description: |
Several buffer overflows were found in libmms. By tricking a user into
opening a specially crafted remote multimedia stream with an application
using libmms, a remote attacker could overwrite an arbitrary memory portion
with zeros, thereby crashing the program. |
| Alerts: |
|
Comments (none posted)
libmusicbrainz: buffer overflows
| Package(s): | libmusicbrainz-2.0 |
CVE #(s): | CVE-2006-4197
|
| Created: | August 30, 2006 |
Updated: | October 23, 2006 |
| Description: |
Several buffer overflows have been discovered in the libmusicbrainz CD index library. |
| Alerts: |
|
Comments (none posted)
libpam-ldap: authentication bypass
| Package(s): | libpam-ldap |
CVE #(s): | CAN-2005-2641
|
| Created: | August 25, 2005 |
Updated: | October 6, 2006 |
| Description: |
libpam-ldap, the PAM LDAP interface, has a vulnerability in which
it fails to authenticate with an LDAP server which is not configured
properly, allowing an authentication bypass. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | November 17, 2006 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvncserver: authentication bypass
| Package(s): | libvncserver |
CVE #(s): | CVE-2006-2450
|
| Created: | August 4, 2006 |
Updated: | March 19, 2007 |
| Description: |
LibVNCServer fails to properly validate protocol types effectively
letting users decide what protocol to use, such as "Type 1 - None".
LibVNCServer will accept this security type, even if it is not offered
by the server. |
| Alerts: |
|
Comments (none posted)
libwmf: integer overflow
| Package(s): | libwmf |
CVE #(s): | CVE-2006-3376
|
| Created: | July 13, 2006 |
Updated: | November 6, 2006 |
| Description: |
libwmf, a library that is used for processing Windows MetaFile vector graphics files, has an integer overflow vulnerability. |
| Alerts: |
|