Firefox and Linux distributors
The Mozilla Foundation is a valuable contributor to the free software
community; it has, among other things, provided us with a free browser
which has restored the notion of standards to the World Wide Web. The
relationship between the Foundation and Linux distributors has occasionally
been a little bumpy, however. Mozilla's trademark policies have created
stress for distributors, a few of whom have decided to leave the
trademarked names behind altogether. The Foundation's security update and
maintenance policies have also made life harder, sometimes having the
effect of force-upgrading users to newer versions in otherwise stable
distributions. To some, it seems that Mozilla's main interest is now its
Windows users, with Linux support relegated to second-tier status.
At the recent Firefox summit, the Foundation got together with
representatives from Red Hat and Novell and faced the problem directly:
Historically, there has been a great deal of tension between
mozilla.org and the Linux distros, notably over maintenance of
branches, divergence between distros, and lack of sustained
communication between the groups. All seemed in agreement that
closer cooperation and dividing responsibilities appropriately
would benefit everyone involved. A number of changes were proposed
that have general consensus among the stakeholders.
What came out of this meeting was an agreement on a number of changes
which, going forward, should improve the relationship between Mozilla and
the distributors; it should also make life better for Linux-based Mozilla
users.
A new group of maintainers - representing Linux distributors - will be
pulled together "in the Firefox 3 timeline." These maintainers will
have a much bigger say on what goes into the Linux builds of Firefox and
will be able to help ensure that the browser integrates better with Linux.
They will also have the explicit goal of moving many of the patches
currently carried by distributors into the Firefox mainline, decreasing
their divergence from the mainline (and from each other).
Another advantage of pushing the patches up, evidently, is that it will
make compliance with the Firefox trademark rules easier, since there will
be fewer patches to get rubber-stamped.
These maintainers will also have a bigger role in the long-term upkeep of
Firefox releases. Red Hat's Christopher Aillon notes
that this group will be maintaining Firefox 1.5 past the date when the
Mozilla Foundation plans to let it go. This work should help the
distributors keep that version secure into the future, with the result that
they need not push their users to the 2.0 release before they want to go
there.
The Mozilla Foundation has also recognized that most Linux users run
versions of Firefox built by their distributors rather than the official
Mozilla builds. In the future, distributor packages will be available
directly from the Mozilla web pages. That, too, should make life easier
for the user community. Overall, this new cooperation seems like a step
in the right direction; having Mozilla more tightly tied to the free
software community can only be a good thing.
These changes are unlikely to bring Debian back into the Firefox camp,
however, since they will still see the trademark policy as not being
DFSG-free. Debian's policy of shipping "iceweasel" will almost certainly
continue. But there is an interesting
conversation going on about how iceweasel is shipped as well.
The issue is this: on a Debian system, it is still possible to type:
apt-get install firefox
What the packaging system will do, however, is install iceweasel. Given
that the driving force behind the switch in the first place was trademark
usage, it seems unlikely that the Mozilla people will be amused by this
behavior - though they have made no public statements on it as of this
writing. Moving away from Firefox as a result of disagreement with the
rules attached to that name is arguably a reasonable thing to do. But,
once that decision is made, the right thing is almost certainly to move
away from the "firefox" name altogether - before the next round of "cease
and desist" letters shows up.
Comments (17 posted)
The Free Ryzom Campaign
Ryzom is a multi-player online game
operated by a company called
Nevrax.
It has a dedicated following, but has
never reached anything close to the level of popularity seen by some of its
competitors. In fact, it has not reached a sufficient level of popularity
![[Ryzom]](/images/ns/ryzom1.jpg)
to keep Nevrax alive; that company has found its way into French bankruptcy
court. The future of this game is currently in doubt.
Interestingly, Ryzom has some free software roots. Just over six years
ago, LWN's Development
Page carried a notice about the release of NeL, Nevrax's GPL-licensed
library for the creation of online games. Richard Stallman once visited
the company's office. It would appear, however, that
Nevrax, once it started accepting venture capital, lost interest in free
software. The GPL releases slowed; instead, Nevrax started
offering closed-source
versions of its code. Whether Nevrax would have
succeeded had it maintained its free software approach will never be known;
the proprietary plan has visibly failed to work, however.
Some of the original developers have not lost interest in the code,
however, and they have a number of friends. Together they have founded the
Free Ryzom Campaign. The plan is to raise
enough money to buy Nevrax's assets in bankruptcy court, release the code
under the GPL, and take the game into the future. The inspiration is
clearly the Blender
project, whose code was bought through donations in a very similar
way back in 2002. The Free Blender project surprised everybody by raising
€100,000 in less than two months. If the Blender folks can do it, the
reasoning goes, why not online game supporters? Those people, after all,
are already accustomed to paying for their experience.
The first step is to sell this plan to the bankruptcy court. The Free
Ryzom folks have not yet been able to release their proposal publicly, but
the core
concepts have been posted. There will be a non-profit organization
allied with the for-profit company Mekensleep and Valentin Lacambre. With
this combination, the project hopes to convince the court that it has the
most interesting offer. In this way, they can also put some
significant money on the table before the donations from the community come
in.
If the plan is accepted by the court, Mekensleep will end up owning the
code, along with the artwork, trademarks, and so on. There is some
sentiment in the Free Ryzom community for transferring the copyrights to
the non-profit group, but it seems that this decision has not yet been
made. What is clear is that all of the code would be immediately released
under the GNU General Public License (with the "any later version"
language).
From there, the code would be managed under the terms of the project's social
contract, which is based on the Debian social contract. Among other
things, it says that players own their avatars and other objects, and
should be able to transfer them from one server to another.
The plans call for there to be multiple servers. The current Nevrax
servers would continue to be run - on a paid membership basis - as they
have been until now. But the (Linux-based) server code would be free, so
anybody with an interest could set up their own world and allow access in
whatever way pleases them best. According to the Free Ryzom folks (who
kindly talked with your editor about the project), multiple worlds were a
part of the plan from the very beginning. One of the long-term goals is to
revise that vision, creating the prospect of a community-driven metaverse
of cooperating game servers.
In the near future, however, a number of other problems need to be solved.
There is, for example, no Linux client for Ryzom; one assumes that, once
the source becomes available, that little problem could be taken care of.
Some players are concerned about the
security implications of opening up the source; in particular, they
would hate to see the gameplay ruined by a proliferation of robots. There
is, inevitably, some third-party code in the mix which would have to
be stripped out and replaced. There is even some tension within the
community about whether the primary goal is the preservation of Ryzom or
the freeing of the code.
Before work can begin on any of those issues, however, a more immediate
problem must be overcome: the project must convince the bankruptcy court
that it is the best custodian for the code. The proposal was considered on
December 5, along with proposals from other interested parties. The
current word is that some sort of decision will be announced sometime after
December 12. Should the project prevail in court, it must then
collect enough donations to complete the purchase. To that end, the
project is now asking for
donation pledges; at this time, all that is needed is to promise to give
some money. Should the project go ahead, donors will be expected to follow
through with cash. The list
of pledges is quite long; if all of those people are serious, the
project will be off to a good start.
The free software community has accomplished a great many things in recent
years, but the creation of a high-quality online multiplayer game is not
among them. This is an important area, even for those of us who lack the
time or interest for gaming; the sorts of virtual worlds being created for
gamers can
only become more prevalent and important in coming years. They may be the
only place where we'll be able to find our children. Clearly, we need some
good, free virtual world infrastructure. It would be nice if we could develop it
entirely ourselves, but the fact is that software cast off from corporate
failures has long been an important source of code. Perhaps this
particular corporate disaster could yet yield benefits for the free
software community.
[The images all come from the Ryzom screenshots
gallery, which has many more.]
Comments (11 posted)
What the desktop architects are talking about
The third
Desktop
Architects' Meeting (DAM3) is being held on December 7 and 8 at
OSDL's offices in Portland. Despite some rumors to the contrary, there
will still
be a few people in those offices, and the meeting is
going ahead as planned. LWN, unfortunately, will not be represented
there. Happily, most of the attendees have
posted
their slides ahead of the event, so it is possible to get a sense for
what some of the common themes will be.
Outsiders like to criticize Linux for its proliferation of distributions,
desktops, and more. Within the community, we recognize this diversity as a
form of wealth. The variety of Linux distributions encourages
experimentation with different approaches, with the resulting lessons being
learned by the community as a whole. They also ensure that we will never
be locked into a single source for our software; switching distributions is
an easy thing to do. Similarly, the competition between free desktop
projects has inspired them all to identify their users and give them the
best experience they can. There are few people who would wish for a world
with a single distribution and a single desktop.
Some of those who might wish for that world, however, may well be at
DAM3. Diversity is good for the community, but it does make life harder
for those who would support binary applications on Linux. Having to deal
with a range of desktops, packaging systems, library versions, encoding
choices, etc. creates a lot of work for application vendors. Someday,
maybe, the free software community will be so rich that nobody will ever
wish for a proprietary application for their Linux systems. Until that
time, we will either have to make life easier for those vendors or simply
write off a large subset of potential desktop Linux users.
Some other old complaints have been raised: lack of support for proprietary
codecs and DVD playback, for example. Most of the people involved seem to
understand why Linux has these limitations. But they can still wish for a
world where more things just worked.
Hardware support also shows up in a few sets of slides. This is an area
where things are getting better quickly - most wireless network adapters
should be supported before too long, for example. But video adapters
are still a problem.
A certain amount of slide space was reserved for complaints about sound
support under Linux. At the driver level, things seem to work, but not
everybody likes the ALSA API. Above that, there seems to be no consensus
on which sound server should be used. Without a consistent and reliable
way to make noise, many desktop applications will remain hard to support.
Printing also, apparently, remains a sore point, despite the great progress
that has been made in recent years. One initiative which may go forward
soon is the certification of printers which are well supported under
Linux. Beyond that, it appears that the Portland Project is going to try
to create a unified structure for print dialogs. This mechanism would try
to present a consistent interface to printing which would make it easier to
export - and use - printer-specific features. Desktop-specific dialogs
would still do the actual user interaction, but they would be using the
Portland mechanism underneath.
Perhaps the most interesting thing to be seen from the slides, however, is
the expanded view of the "desktop" being taken by the group. Mobile and
embedded systems - from the OLPC to the Nokia 770 and telephones - are
clearly seen as a sort of desktop system. Many of the issues are the same,
but the incorporation of mobile applications brings new pressures. One
can, with little effort, find plenty of evidence that the desktop projects
have not, so far, been overly concerned with memory use and overall bloat.
Small systems are forcing people to reconsider their priorities, however,
and there is likely to be an increase in the amount of development time
which goes into making things smaller. A few of the participants note that
better tools for memory profiling would be most helpful in this task.
Overall, there appears to be nobody who is willing to predict total World
Desktop Domination anytime in the near future. There is, however, a clear
level of interest in the Linux desktop, especially when one considers
desktops which fit in a shirt pocket. Interesting things are going
to happen in this area.
Comments (10 posted)
Page editor: Jonathan Corbet
Security
Keeping current with SpamAssassin rules
December 6, 2006
This article was contributed by Jake Edge.
Anyone who pays attention to their spam knows that its character changes
frequently; spammers are always adding new tricks to try and evade spam
filters. There is an arms race of sorts going on; the filters get better
at recognizing the latest evasion attempts and so the spammers come up
with new ones and the cycle repeats. To reduce the effectiveness of this
spam evolution, frequent updates of the filter rulesets are needed. For
users of SpamAssassin (SA), the
sa-update tool makes it very easy to pick up the latest ruleset and
keep that unwanted spam out of the inbox.
Before sa-update, official SA rulesets updates were only available
by installing an updated version of SA. Because the release cycle was often
lengthy (measured in months), the developers added the ability to easily
update the rulesets over the internet. At its core, sa-update
communicates with a server or servers picking up rule and score files
and installs them in a directory that SA uses for its updates. SA will
immediately start using the new rules, though restarting spamd
will be required if SA is configured that way.
sa-update is configured by default to use the official 'channel'
(updates.spamassassin.org), but that can be altered to tune into other
SA rules repositories. The
SpamAssassin Rules
Emporium (SARE) is one collection of rules and scores that
sa-update can use. There are multiple channels
available each of which handles a different type of spam and one can
mix and match the rulesets to tune the filter for the kinds of spam
being seen.
There are some security implications to consider: injecting bad rules or scores
could lead to worse spam filtering, for example. More worrisome, however,
is the fact that the update mechanism allows for
plugins to be distributed, leading to potential arbitrary code execution.
SA plugins are arbitrary Perl code that will be run by the filter; because
it generally runs as root or another privileged user, that can be quite
dangerous. sa-update uses
GPG signatures on the updates to reduce
this hazard, as long as the signer is really trustworthy (and the recent GPG security problem has been patched). The official
channel will not distribute plugins, thereby eliminating that problem.
The rulesets available change frequently and automating the sa-update process
via cron can bring the system up to date on a daily or weekly basis. Another
tool,
rule-get
is available which uses the update mechanism and provides a command line
syntax based on apt-get.
This is an excellent tool for helping to reduce the ever-evolving
spam problem. As long
as one is careful about which GPG keys to trust, it should be secure as
well. Spammers are, no doubt, taking advantage of this tool to tune their
spam to avoid the new rules, but using it can reduce the false negatives
from the older evasion schemes or from those who have yet to test their
stock scam email with the latest rules.
More information and additional channels are available from the SA wiki, a
good starting point is
here.
Comments (7 posted)
Security news
A severe, remotely-exploitable GnuPG vulnerability
The GnuPG developers have sent out an advisory regarding a rather
unpleasant vulnerability which has surfaced: "
Using malformed OpenPGP
packets an attacker is able to modify and
dereference a function pointer in GnuPG. This is a remotely
exploitable bug and affects any use of GnuPG where an attacker can
control the data processed by GnuPG. It is not necessary limited to
encrypted data, also signed data may be affected." It would be
prudent to be very careful about feeding messages to gpg until you have a
fix installed.
Full Story (comments: 4)
New vulnerabilities
gnupg: buffer overflow
| Package(s): | gnupg |
CVE #(s): | CVE-2006-6169
|
| Created: | November 30, 2006 |
Updated: | December 11, 2006 |
| Description: |
GnuPG has a buffer overflow vulnerability. If a user can be tricked
into running gpg interactively on a specially crafted message,
arbitrary code can be executed with the user's privileges. |
| Alerts: |
|
Comments (none posted)
kernel: bridging code buffer overflow
| Package(s): | kernel |
CVE #(s): | CVE-2006-5751
|
| Created: | December 6, 2006 |
Updated: | January 3, 2007 |
| Description: |
A buffer overflow in the bridging code in kernels through 2.6.18.3 can lead to a denial of service or potential code execution. The 2.6.18.4 kernel contains the fix. |
| Alerts: |
|
Comments (none posted)
koffice: integer overflow
| Package(s): | koffice |
CVE #(s): | CVE-2006-6120
|
| Created: | November 30, 2006 |
Updated: | February 20, 2007 |
| Description: |
The KOffice office suite has an integer overflow
vulnerability. If an attacker can trick a user into opening a
specially crafted PowerPoint (PPT) file, KOffice can be caused to crash or
possibly execute arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
libgsf: heap buffer overflow
| Package(s): | libgsf |
CVE #(s): | CVE-2006-4514
|
| Created: | November 30, 2006 |
Updated: | January 11, 2007 |
| Description: |
The GNOME library libgsf, which is used for writing structured file
formats, has a heap buffer overflow that can be exploited for the
purpose of executing arbitrary code. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-6172
|
| Created: | December 5, 2006 |
Updated: | June 5, 2007 |
| Description: |
A buffer overflow was discovered in the Real Media input plugin in
xine-lib. If a user were tricked into loading a specially crafted stream
from a malicious server, the attacker could execute arbitrary code with the
user's privileges. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache-mod_auth_kerb: off-by-one error
| Package(s): | apache-mod_auth_kerb |
CVE #(s): | CVE-2006-5989
|
| Created: | November 24, 2006 |
Updated: | January 23, 2007 |
| Description: |
An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows
remote attackers to cause a denial of service (crash) via a crafted
Kerberos message that triggers a heap-based buffer overflow in the
component array. |
| Alerts: |
|
Comments (none posted)
asterisk: arbitrary code execution
| Package(s): | asterisk |
CVE #(s): | CVE-2006-5444
|
| Created: | October 19, 2006 |
Updated: | December 6, 2006 |
| Description: |
The Asterisk telephony PBX application has a heap overflow vulnerability
in the skinny channel driver. A remote attacker can use this to
arbitrarily execute code with the privileges of the Asterisk user.
See this
vulnerability report
for more information. |
| Alerts: |
|
Comments (none posted)
avahi: sender id check
| Package(s): | avahi |
CVE #(s): | CVE-2006-5461
|
| Created: | November 13, 2006 |
Updated: | December 20, 2006 |
| Description: |
Steve Grubb discovered that netlink messages were not being checked for
their sender identity. This could lead to local users manipulating the
Avahi service. |
| Alerts: |
|
Comments (1 posted)
bind: denial of service
| Package(s): | bind |
CVE #(s): | CVE-2006-4095
CVE-2006-4096
|
| Created: | September 7, 2006 |
Updated: | February 1, 2007 |
| Description: |
Bind has two denial of service vulnerabilities.
Recursive servers queries for SIG records will trigger an assertion
failure if more than one RR set is returned.
An INSIST failure can be triggered by sending a large number of
recursive queries. |
| Alerts: |
|
Comments (none posted)
bugzilla: multiple vulnerabilities
| Package(s): | bugzilla |
CVE #(s): | CVE-2006-5453
CVE-2006-5454
CVE-2006-5455
|
| Created: | November 10, 2006 |
Updated: | August 28, 2007 |
| Description: |
Bugzilla has the following vulnerabilities:
Input data passed to various fields is not properly sanitized before
being passed back to users.
Users can gain unauthorized access to read attachment
descriptions while using diff mode.
HTTP GET and HTTP POST requests can be used to perform unauthorized
actions due to improper verification.
Input that is passed to showdependencygraph.cgi is not properly
sanitized before being returned to users. |
| Alerts: |
|
Comments (none posted)
busybox: insecure password generation
| Package(s): | busybox |
CVE #(s): | CVE-2006-1058
|
| Created: | May 5, 2006 |
Updated: | May 2, 2007 |
| Description: |
The BusyBox 1.1.1 passwd command does not use a proper salt when generating
passwords. This would create an instance where a brute force attack could
take very little time. |
| Alerts: |
|
Comments (2 posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | May 8, 2007 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
| Package(s): | cyrus-sasl |
CVE #(s): | CVE-2006-1721
|
| Created: | April 21, 2006 |
Updated: | September 4, 2007 |
| Description: |
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service. An attacker could possibly
exploit this vulnerability by sending specially crafted data stream to the
Cyrus-SASL server, resulting in a Denial of Service even if the attacker is
not able to authenticate. |
| Alerts: |
|
Comments (none posted)
dovecot: index cache file handling error
| Package(s): | dovecot |
CVE #(s): | CVE-2006-5973
|
| Created: | November 29, 2006 |
Updated: | May 8, 2007 |
| Description: |
The dovecot IMAP server has an error in its index cache file handling code which could be exploited by an authenticated user to execute arbitrary code. Only servers with the (non-default) mmap_disable=yes option setting are vulnerable. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | February 1, 2007 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
ffmpeg: buffer overflows
| Package(s): | ffmpeg |
CVE #(s): | CVE-2006-4799
CVE-2006-4800
|
| Created: | September 14, 2006 |
Updated: | May 28, 2007 |
| Description: |
the AVI processing code in FFmpeg has a number of buffer overflow
vulnerabilities.
If an attacker can trick a user into loading a specially crafted
crafted AVI, arbitrary code can be executed with the user's privileges. |
| Alerts: |
|
Comments (2 posted)
freeradius: several vulnerabilities
| Package(s): | freeradius |
CVE #(s): | CVE-2005-4745
CVE-2005-4746
|
| Created: | August 8, 2006 |
Updated: | April 24, 2007 |
| Description: |
Several remote vulnerabilities have been discovered in freeradius, a
high-performance RADIUS server, which may lead to SQL injection or denial
of service. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | October 10, 2007 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
ftpd: privilege escalation
| Package(s): | ftpd |
CVE #(s): | CVE-2006-5778
|
| Created: | November 10, 2006 |
Updated: | February 14, 2007 |
| Description: |
Ftpd is vulnerable to a privilege escalation attack,
an incorrect seteuid() call can be used by an FTP user to gain
unauthorized access to files or directories. |
| Alerts: |
|
Comments (none posted)
fvwm: fvwm-menu-directory command injection
| Package(s): | fvwm |
CVE #(s): | CVE-2006-5969
|
| Created: | November 24, 2006 |
Updated: | November 29, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that
fvwm-menu-directory does not sufficiently sanitize directory names prior to
generating menus. A local attacker who can convince an fvwm-menu-directory
user to browse a directory they control could cause fvwm commands to be
executed with the privileges of the fvwm user. Fvwm commands can be used to
execute arbitrary shell commands. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gdb: buffer overflow
| Package(s): | gdb |
CVE #(s): | CVE-2006-4146
|
| Created: | September 15, 2006 |
Updated: | June 12, 2007 |
| Description: |
A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU
Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to
execute arbitrary code via a crafted file with a location block
(DW_FORM_block) that contains a large number of operations. |
| Alerts: |
|
Comments (none posted)
gdm: improper file permissions
| Package(s): | gdm |
CVE #(s): | CVE-2006-1057
|
| Created: | April 19, 2006 |
Updated: | May 2, 2007 |
| Description: |
The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
gv: stack-based buffer overflow
| Package(s): | gv |
CVE #(s): | CVE-2006-5864
|
| Created: | November 20, 2006 |
Updated: | April 9, 2007 |
| Description: |
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv
3.6.2, and possibly earlier versions, allows user-assisted attackers to
execute arbitrary code via a PostScript (PS) file with certain headers that
contain long comments, as demonstrated using the DocumentMedia header. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | June 1, 2007 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
imagemagick: buffer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2006-5868
|
| Created: | November 28, 2006 |
Updated: | February 16, 2007 |
| Description: |
Daniel Kobras discovered multiple buffer overflows in ImageMagick's SGI
file format decoder. By tricking a user or an automated system into
processing a specially crafted SGI image, this could be exploited to
execute arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
ImageMagick: buffer overflows
| Package(s): | ImageMagick |
CVE #(s): | CVE-2006-5456
|
| Created: | October 31, 2006 |
Updated: | March 8, 2007 |
| Description: |
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick
6.0.7 allow user-assisted attackers to cause a denial of service and
possibly execute execute arbitrary code via (1) a DCM image that is not
properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a
PALM image that is not properly handled by the ReadPALMImage function in
coders/palm.c. |
| Alerts: |
|
Comments (2 posted)
imlib2: arbitrary code execution
| Package(s): | imlib2 |
CVE #(s): | CVE-2006-4806
CVE-2006-4807
CVE-2006-4808
CVE-2006-4809
|
| Created: | November 6, 2006 |
Updated: | August 13, 2007 |
| Description: |
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the
validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user
were tricked into viewing or processing a specially crafted image with
an application that uses imlib2, the flaws could be exploited to execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
jbossas: arbitrary code execution
| Package(s): | jbossas |
CVE #(s): | CVE-2006-5750
|
| Created: | November 27, 2006 |
Updated: | November 29, 2006 |
| Description: |
Symantec discovered a flaw in the DeploymentFileRepository class of the
JBoss Application Server. A remote attacker who is able to access the
console manager could read or write to files with the permissions of the
JBoss user. This could potentially lead to arbitrary code execution as the
jboss user. |
| Alerts: |
|
Comments (none posted)
kdelibs: integer overflow
| Package(s): | kdelibs |
CVE #(s): | CVE-2006-4811
|
| Created: | October 18, 2006 |
Updated: | March 5, 2007 |
| Description: |
The KDE khtml library can pass untrusted parameters into Qt, allowing a hostile user to trigger an integer overflow there and execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4623
|
| Created: | October 18, 2006 |
Updated: | November 14, 2007 |
| Description: |
The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | December 3, 2007 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4572
CVE-2006-4997
|
| Created: | November 6, 2006 |
Updated: | January 17, 2007 |
| Description: |
Some vulnerabilities were discovered in the Linux 2.6 kernel:
There are possibly exploitable bugs in the netfilter for IPv6 code.
(CVE-2006-4572)
The ATM subsystem of the Linux kernel could allow a remote attacker to
cause a Denial of Service (panic) via unknown vectors that cause the ATM
subsystem to access the memory of socket buffers after they are freed.
(CVE-2006-4997) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service by memory consumption
| Package(s): | kernel |
CVE #(s): | CVE-2006-2936
|
| Created: | July 17, 2006 |
Updated: | November 14, 2007 |
| Description: |
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-5757
|
| Created: | November 13, 2006 |
Updated: | November 14, 2007 |
| Description: |
From the MOKB-05-11-2006
advisory: "The ISO9660 filesystem handling code of the Linux
2.6.x kernel fails to properly handle corrupted data structures, leading to
an exploitable denial of service condition. This particular vulnerability
seems to be caused by a race condition and a signedness issue. When
performing a read operation on a corrupted ISO9660 fs stream, the
isofs_get_blocks() function will enter an infinite loop when
__find_get_block_slow() callback from sb_getblk() fails ("due to various
races between file io on the block device and getblk")." |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: denial of service
| Package(s): | libgd2 |
CVE #(s): | CVE-2006-2906
|
| Created: | June 14, 2006 |
Updated: | January 16, 2007 |
| Description: |
Certain GIF images can cause libgd2 to go into an infinite loop, adversely affecting the performance of image processing applications. |
| Alerts: |
|
Comments (none posted)
libmms: buffer overflows
| Package(s): | libmms |
CVE #(s): | CVE-2006-2200
|
| Created: | July 6, 2006 |
Updated: | December 25, 2006 |
| Description: |
Several buffer overflows were found in libmms. By tricking a user into
opening a specially crafted remote multimedia stream with an application
using libmms, a remote attacker could overwrite an arbitrary memory portion
with zeros, thereby crashing the program. |
| Alerts: |
|
Comments (none posted)
libpam-ldap: insecure password control
| Package(s): | libpam-ldap |
CVE #(s): | CVE-2006-5170
|
| Created: | November 3, 2006 |
Updated: | December 21, 2006 |
| Description: |
Steve Rigler discovered that the PAM module for authentication against
LDAP servers processes PasswordPolicyReponse control messages incorrectly,
which might lead to an attacker being able to login into a suspended
system account. |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2006-5793
|
| Created: | November 16, 2006 |
Updated: | December 4, 2006 |
| Description: |
Applications that use libpng are vulnerable to a denial of service attack
that may be brought about by the decoding of malformed PNG files. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvncserver: authentication bypass
| Package(s): | libvncserver |
CVE #(s): | CVE-2006-2450
|
| Created: | August 4, 2006 |
Updated: | March 19, 2007 |
| Description: |
LibVNCServer fails to properly validate protocol types effectively
letting users decide |