LWN.net Logo

LWN.net Weekly Edition for May 17, 2007

On Microsoft's patent claims

By now, most LWN readers will have seen this Fortune article in which a Microsoft representative makes the claim that Linux distributions violate 235 of its patents. This article has caused a fair amount of concern in the community, with some people seeing it as the beginning of some sort of Final Battle between Microsoft and free software. That might even be the case, but the true nature of the situation is far from clear. Here's a few thoughts on Microsoft's claims.

To begin, these claims are not exactly new. Consider what the BBC was reporting in November, 2004:

Reuters said chief executive Steve Ballmer told Asian leaders Linux violated at least 228 patents. The Linux community disputes these claims. Mr Ballmer said countries using Linux which entered the World Trade Organisation would be at risk.

So this is not the first time we have heard this sort of charge from Microsoft; perhaps the only real difference is that we have somehow managed to find another seven patents to infringe upon in the last 2-1/2 years. The possibility exists that we may not hear any more about this "violation" for another two years or so - but one shouldn't necessarily count on that.

As companies go, Microsoft is relatively uninclined to pursue patent infringement suits. There was an interesting quote from the Open Source Think Tank report (covered here last week):

Sam [Ramji] defended Microsoft from the accusation that its deal with Novell will lead to Microsoft suing other Linux distributors for patent infringement. Sam described Microsoft's patent portfolio as primarily defensive--at any given moment, Microsoft is the defendant in 25-35 patent lawsuits, and that Microsoft has offensively sued another party for patent infringement only twice in its history.

Microsoft has, indeed, spent more time being the victim of patent trolls than a patent aggressor itself - and it has lost vast amounts of money to patent judgments in the process. This company has little to gain by heating up the patent litigation scene even more. That said, one should see the remainder of the quote above:

Sam emphasized that Microsoft has robust patent licensing programs, and would much rather license its patents than sue.

Even if we believe that Microsoft will take a relatively enlightened approach as a result of its time at the defendant's table, we should not lose track of an important fact: companies whose core business goes away have a disturbing tendency to turn to their "intellectual property" portfolios as a way to keep the revenue flowing. Should Microsoft someday decide that Linux world domination really is inevitable, it could react in any of a number of unpleasant ways.

The SCO Group's attack on Linux holds a number of lessons which can be applied to any future Microsoft attack - but those lessons only go so far. There is no doubt that interesting things will happen if you anger our community, especially if you attempt to lay claim to our work. There would be a massive outcry, publicity campaigns, boycotts, and an extended effort to invalidate as many of the patents as possible. Microsoft clearly fears the capabilities of the wider community; the Fortune article notes that Microsoft is not disclosing its specific patents "lest FOSS advocates start filing challenges to them." But invalidating even a single patent is hard; invalidating 235 would certainly tax even the capabilities of our extended community.

On the other hand, Microsoft would have to name specific patents in any legal action, and, presumably, it would not base a suit on all 235 patents. There is also the unknown effect of the recent U.S. Supreme Court ruling in KSR International v. Teleflex; this ruling has raised the bar on the amount of innovation a patent must contain. Some have speculated that this ruling could lead to the end of software patents altogether. That seems like wishful thinking, but it should help those who seek to invalidate many of the software patents currently on the books.

In the SCO case, a weak and incompetent company took on the strongest target it could find, and that target chose to stand its ground. There are no guarantees that things would go the same way this time around. Microsoft is strong financially and has a large, seasoned legal operation. It may well choose to attack smaller companies which cannot afford to put up an extended fight. In theory, a patent attack against Linux should evoke a strong response from the companies working with Linux, many of which hold considerable patent portfolios of their own. In practice, we will never know who would jump into that fight until they make their move. In particular, a defense which challenges the validity of software patents in general could be seen by a number of potential allies as being against their interests.

We should, at least, be able to count on the intervention of the Open Invention Network, which was formed for just this purpose. If OIN's patents are as strong as some believe, the resulting fireworks should be worth watching - from a safe distance.

There are a few other interesting things to keep in mind. Software patents are a U.S. problem, primarily; a successful patent attack against Linux could have the effect of driving its developers and users out of the country. Linux is now sufficiently firmly entrenched that attacking its users or developers could cause extended chaos - it might even upset more people than threatening to shut down the Blackberry network. That, in turn, could inspire more thought on the true costs and benefits of the current patent regime in the U.S. Some people believe that, by selling Novell's coupons, Microsoft has become a Linux distributor and is now subject to the terms of the GPL. Any serious attempt by Microsoft to bring down Linux would bring renewed attention from the world's anti-trust authorities.

Clearly, there are quite a few unknowns here. What it all comes down to is that, sooner or later, this may well be a battle we cannot avoid fighting. Once it hits, there is no telling where things will go. About the only guarantee is that it is certain to be interesting.

Comments (25 posted)

The sincerest form of flattery

Sun Microsystems has made a big show of its open source Solaris release and its attempts to build a working development community around that system. So a number of members of the OpenSolaris community were rather surprised when the press started running articles stating that Sun had decided to embark upon a project to make Solaris look more like Linux. This community was of the opinion that, if it was expected to endorse and participate in "Project Indiana," it might have been nice to know before Sun employees started talking to the media about it.

The person behind this effort, of course, is Ian Murdock, formerly of the Linux community. His position now can be understood from this interview:

When people say they want Linux, they don't actually mean they want Linux. What they want is the Linux userland user environment and the Linux business model. They want choice. They want the Linux distribution and I'm the Linux distribution guy.

Project Indiana, it seems, is Sun's attempt to win over all of those people who only think they want Linux, but who really want a version of Solaris that looks likes Linux.

Many of the goals of this project, as far as they can be determined at this early stage, would seem to make sense. Better package management, for example. More device drivers. Easier installation. A more Linux-like user space with our (relatively) bleeding-edge 1990's shell. And, says Ian, a switch to timed release cycles:

The big feature from my point of view though is the 6 mo. timed release cycle. Timed release cycles have done wonders to introduce predictability into other open source projects (e.g., Gnome, Ubuntu). And 6 mos. is the clear winner in terms of frequency among Linux community/developer distros--it's just enough time to do interesting work AND have a reasonably long hardening period so the thing is stable.

Ubuntu comes up frequently in the discussion; it's clear that some people at Sun see Ubuntu as a model worth emulating.

For those of us who have been working with free software for a while, there is a certain irony in this whole plan. A Linux-like Solaris is not a particularly new concept; for many years, that's how much of the community experienced free software. Before there was a Linux system in a reasonably usable state, the best system to have on one's desk usually came from Sun. As soon as it came in the door, however, it would be loaded up with crucial packages like the X Window System, gcc, netrek, emacs, and so on. Many years ago, we all had systems which, in some ways, looked like what Project Indiana is trying to build now. Those systems did not keep an awful lot of us from jumping to Linux, though, and their cost was only part of the reason for switching.

We switched to Linux because it was free, alive, fun, and clearly going places. There was always something new and interesting happening, especially in those days when running development kernels on production systems was a necessary part of making things work. All these years later, there is still always something new and interesting, and, often, it even comes nicely packaged on a regular schedule. Not many of us are looking back to the systems we used to run.

So it is no surprise that the folks at Sun are putting such a big emphasis on trying to duplicate the things that Linux does right. A similar user space, timely releases, easy upgrades, and, especially, the creation of a vibrant community around Solaris. The thinking seems to be that, if they make a system which looks like Linux but which contains their kernel (which they feel to be superior - a view which is not universally shared in the Linux community), the world will flock to their door.

There have been no real (public) decisions on how this project will proceed; the process for creating an official OpenSolaris project has not yet begun. There has been some initial discussion where it has been suggested that the project start by adopting the work of either BeleniX or Nexenta. This idea drew an immediate complaint from our old friend Jörg Schilling, creator of SchilliX, but it appears that the OpenSolaris community listens to Jörg about as much as the Linux community does. Regardless, it will take some time before the real shape of Project Indiana emerges.

It will take even more time before we see if this project has any real impact. Certainly it should make life easier for Solaris users. But "a better Linux than Linux" is not a particularly compelling sales message. It might just turn out that people who say they want Linux actually want Linux, not another system dressed up in similar clothes. Imitation may be the sincerest form of flattery, but it is usually a poor way to regain one's past prominence.

Comments (48 posted)

ATI starts to come around?

A fair number of LWN readers have wondered: why hasn't LWN posted anything about the statements by ATI at the Red Hat Summit to the effect that it would be changing its relationship with the open source community? Certainly this is a relationship which could use some reworking; ATI has been one of the most stubborn vendors in its refusal to release free drivers or the programming information needed to let us create those drivers ourselves. As a result, free support for ATI's older hardware has required reverse engineering efforts - and the current chipsets have no free support at all. So, one would think, a statement from ATI that it plans to change its approach would be a welcome change.

As it happens, the developers in charge of making graphics work on Linux systems are pretty much unanimous in their lack of enthusiasm. This is not the first time that ATI has made promising sounds, but, so far, the corresponding actions have not been forthcoming. Graphics hacker Dave Airlie is particularly unimpressed, noting that ATI has not yet bothered to communicate its intentions to the developers:

As for working with the community I'd expect they'd at least try talking to the ppl who maintain the ATI open source driver if they intend on doing something with it...

Dave is particularly annoyed because he has been sitting on the code which implements 2D support for the R500 chipset for many months while waiting for ATI to give him permission to distribute it. There is no ATI code in this driver; Dave is asking permission because he signed a non-disclosure agreement with the company. So far, that permission has not been granted. Until that changes, it's hard to believe that ATI is interested in free support for its hardware.

There is one thing which has changed: ATI is now part of AMD. Historically, AMD has been much more friendly toward the free software community. It could well be that this approach is now filtering down through ATI and could result in some real changes. But we should not celebrate too much until ATI follows its words with some concrete actions.

Comments (7 posted)

Waiting for Emacs 22 (and looking forward to Emacs 23)

The much-delayed Emacs 22 release has been covered here a couple of times recently. Since the last article, it would appear that the Emacs process has hit its lowest point, and things should be getting better from here. In the long term, though, the Emacs developers may have to take a hard look at their release management process if they want to keep the project healthy.

The low point was probably sometime around when Richard Stallman got tired of people asking when a release might happen:

I have been insulted and abused many times here lately. I did not respond to most of these insults, but I did take offense.

A number of developers responded that they had no intent to insult or abuse, but that they do have real concerns about how the process works. A couple of examples:

The current feature freeze has now lasted for more than 3 years, during which Emacs _development_ has practically been at a stand-still, so it is no wonder your team of _loyal_ developers is getting frustrated and starts to question your principles, and may start looking for other (more productive) projects to work on.

(Kim Storm).

I learned a bit of lisp, applied some basic color scaling theory, and produced a patch which added great new functionality.... That was Summer, 2001. Six years later, and the fruits of my early toil still aren't available in any released version of Emacs. So, while I continue to maintain a personally relevant programming mode, and contribute bug fixes where they impact that mode, I have not taken on any other "feature improvements" to Emacs. To me, the value equation just doesn't compute.

(JD Smith).

Clearly, the extended Emacs development cycle is proving frustrating for developers. The situation with the Linux kernel was once similar; changes merged at the beginning of a development cycle could take years to make it to a stable release. In that case, distributors responded by backporting changes into older releases, but that doesn't happen with Emacs.

The good news is that the biggest blocker - some questions about whether the Python mode code could be distributed by the FSF - appears to have resolved itself in the best possible way: the code has been cleared. Inevitably, there's another bug or two in need of squashing before the release can happen, but the remaining wait should be relatively short. Hopefully.

Some of the Emacs developers are already looking forward to the Emacs 23 development cycle. One of the first things that may go in is multi-tty support, which allows a single emacs instance to drive multiple terminals or X connections. This code apparently still does not work on all architectures, though, meaning it needs some work before it is truly ready. The other big change is a complete rework of character set handling; only Emacs would come with a news item reading "The Emacs character set is now a superset of Unicode. (It has about four times the code space, which should be plenty)." There's a lot of other work waiting to be merged, but getting the unicode-2 branch and multi-tty working together looks like it should be enough to keep the developers busy for a little while. Happily, they are starting to think about this sort of challenge rather than wondering if their previous work will ever be released.

Comments (16 posted)

The Open Source Business Conference

The Open Source Business Conference is happening on May 22 and 23. For the first time, LWN will be present at this event. Look next week for coverage on what's happening on the business side of Linux.

Beyond that, your editor somehow got talked into sitting on a panel dedicated to the question "is the Novell-Microsoft deal good for open source?". Given recent events, one might expect interest in this topic to be high. It should be a memorable experience; your editor can only hope that there is a pub within quick walking distance of the venue for the post-event recovery process.

Comments (none posted)

Page editor: Jonathan Corbet

Security

Critical Vulnerabilities in Samba

May 16, 2007

This article was contributed by Jake Edge.

The three vulnerabilities in Samba reported this week should have network administrators scrambling to patch vulnerable servers. Most distributors have already done their scrambling to pick up and apply the fixes so they could release updated samba packages. Each of the vulnerabilities could lead to root privileges; two of them are remotely exploitable - just the kinds of security holes that give administrators nightmares. No exploits have yet been reported, but it is probably only a matter of time; unless they run a completely trusted environment, Samba users need to patch these holes.

The Samba project provides a free implementation of the SMB/CIFS protocols that allow file and print sharing on Windows networks. With Samba, Linux (and other free operating systems) can participate as either a client or server in a mixed OS environment. As Microsoft is not known for its ability (or, perhaps more accurately, willingness) to play well with others, the Samba team has reverse engineered the protocols and the way they are used by Windows so that Samba can bridge that gap. Somewhat surprisingly, the project was not singled out in the latest patent saber rattling by Microsoft; it is probably just an oversight as Samba is precisely the kind of package that Microsoft would want to spread patent FUD about.

The vulnerabilities themselves are fairly straightforward bugs, but it is instructive to look at them; understanding security holes helps avoid them in future code. The first is the shortest lived of the three, only affecting versions 3.0.23d through 3.0.25pre2, whereas the other two affected all versions from 3.0.0. An attempt to simplify the handling of transitions to and from root privileges in the smbd server process is the cause. When looking up System Identifiers (SIDs) in a local list of users and groups, it may transition to rather than from the root user allowing a local attacker to perform some operations as root.

The second reported vulnerability appears to be the most serious as it is remotely exploitable without requiring authentication with the Samba server. By sending specifically crafted packets to the server, an attacker could cause the heap to be overwritten, leading to execution of code provided by the attacker. The underlying cause, as shown by this patch, is not checking for NULL as the return value from a memory allocation routine.

The final report concerns unsanitized user input that is passed to /bin/sh to be executed. By using shell metacharacters in the data sent, an attacker could execute code on the server. If the 'username map script' option has been enabled in smb.conf (it is off by default), the remote attacker need not be authenticated with the server to execute the code. In the standard install, a remote user would be required to authenticate to gain access to the file and print sharing management features before being able to exploit this vulnerability.

With the exception of the SID lookup botch, these kinds of bugs are not new and not specific to Samba. Some variant of the user input filtering problem is the root cause of the majority of web-based security problems and forgetting to check for NULL in allocations is as old as the C language itself. It is probably a bit embarrassing to the team, but it is not surprising that these kinds of problems creep in. Programming securely is difficult and there are a lot of ways to go wrong. Based on the timelines, the Samba team responded promptly in getting fixes out and made sure the word got out. This is the right response in the face of these inevitable bugs.

Comments (15 posted)

New vulnerabilities

bind: denial of service

Package(s):bind CVE #(s):CVE-2007-2241
Created:May 10, 2007 Updated:June 8, 2007
Description: ISC BIND 9.4.0 is vulnerable to a denial of service attack. If recursion is enabled a remote attacker can use a special sequence of queries to cause the daemon to exit.
Alerts:
Fedora FEDORA-2007-0300 2007-06-08
OpenPKG OpenPKG-SA-2007.014 2007-05-18
Mandriva MDKSA-2007:100 2007-05-09

Comments (1 posted)

samba: several vulnerabilities

Package(s):samba CVE #(s):CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
Created:May 14, 2007 Updated:June 5, 2007
Description: Three vulnerabilities have been fixed in Samba 3.0.25:
Alerts:
Debian DSA-1291-4 2007-06-04
Debian-Testing DTSA-41-1 2007-05-31
Mandriva MDKSA-2007:104-1 2007-05-23
Ubuntu USN-460-2 2007-05-22
SuSE SUSE-SA:2007:031 2007-05-21
Fedora FEDORA-2007-518 2007-05-21
Debian DSA-1291-3 2007-05-20
OpenPKG OpenPKG-SA-2007.012 2007-05-18
Trustix TSLSA-2007-0017 2007-05-17
Debian DSA-1291-2 2007-05-15
Ubuntu USN-460-1 2007-05-16
Foresight FLEA-2007-0017-1 2007-05-15
Gentoo 200705-15 2007-05-15
Debian DSA-1291-1 2007-05-15
Slackware SSA:2007-134-01 2007-05-15
rPath rPSA-2007-0098-1 2007-05-15
Mandriva MDKSA-2007:104 2007-05-14
Fedora FEDORA-2007-506 2007-05-14
Fedora FEDORA-2007-507 2007-05-14
Red Hat RHSA-2007:0354-01 2007-05-14

Comments (none posted)

squirrelmail: missing input sanitizing

Package(s):squirrelmail CVE #(s):CVE-2007-1262
Created:May 14, 2007 Updated:June 15, 2007
Description: It was discovered that the webmail package Squirrelmail performs insufficient sanitizing inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
Alerts:
rPath rPSA-2007-0123-1 2007-06-14
Mandriva MDKSA-2007:106 2007-05-19
Red Hat RHSA-2007:0358-01 2007-05-17
Fedora FEDORA-2007-505 2007-05-14
Debian DSA-1290-1 2007-05-13

Comments (none posted)

Updated vulnerabilities

aircrack-ng: remote execution of arbitrary code

Package(s):aircrack-ng CVE #(s):CVE-2007-2057
Created:April 23, 2007 Updated:May 23, 2007
Description: Jonathan So reported that the airodump-ng module does not correctly check the size of 802.11 authentication packets before copying them into a buffer. A remote attacker could trigger a stack-based buffer overflow by sending a specially crafted 802.11 authentication packet to a user running airodump-ng with the -w (--write) option. This could lead to the remote execution of arbitrary code with the permissions of the user running airodump-ng, which is typically the root user.
Alerts:
Debian-Testing DTSA-35-1 2007-05-16
Debian DSA-1280-1 2007-04-24
Gentoo 200704-16 2007-04-22

Comments (none posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

Asterisk: two SIP denial of service vulnerabilities

Package(s):Asterisk CVE #(s):CVE-2007-1561 CVE-2007-1594
Created:April 3, 2007 Updated:August 27, 2007
Description: The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979 discovered that Asterisk 1.2.x fails to properly handle SIP responses with return code 0. A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP message or answering with a 0 return code.
Alerts:
Debian DSA-1358-1 2007-08-26
SuSE SUSE-SA:2007:034 2007-06-06
Gentoo 200704-01 2007-04-02

Comments (none posted)

bluez-utils: hidd vulnerability

Package(s):bluez-utils CVE #(s):CVE-2006-6899
Created:January 16, 2007 Updated:May 14, 2007
Description: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the Mouse and Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Alerts:
Red Hat RHSA-2007:0065-01 2007-05-14
Ubuntu USN-413-1 2007-01-24
Mandriva MDKSA-2007:014 2006-01-15

Comments (none posted)

bugzilla: multiple vulnerabilities

Package(s):bugzilla CVE #(s):CVE-2006-5453 CVE-2006-5454 CVE-2006-5455
Created:November 10, 2006 Updated:August 28, 2007
Description: Bugzilla has the following vulnerabilities:

Input data passed to various fields is not properly sanitized before being passed back to users.

Users can gain unauthorized access to read attachment descriptions while using diff mode.

HTTP GET and HTTP POST requests can be used to perform unauthorized actions due to improper verification.

Input that is passed to showdependencygraph.cgi is not properly sanitized before being returned to users.

Alerts:
Debian DSA-1208-1 2006-11-11
Gentoo 200611-04 2006-11-09

Comments (none posted)

clamav: several vulnerabilities

Package(s):clamav CVE #(s):CVE-2007-1745 CVE-2007-1997
Created:April 20, 2007 Updated:May 9, 2007
Description: The chm_decompress_stream function in libclamav/chmunpack.c leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file. (CVE-2007-1745)

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c might allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. (CVE-2007-1997)

Alerts:
Mandriva MDKSA-2007:098 2007-05-08
Debian DSA-1281-1 2007-04-25
Gentoo 200704-21 2007-04-24
Trustix TSLSA-2007-0013 2007-04-20
SuSE SUSE-SA:2007:026 2007-04-20

Comments (none posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Mandriva MDVSA-2008:036 2007-02-06
Mandriva MDKSA-2007:086 2007-04-16
Red Hat RHSA-2007:0123-01 2007-04-16
Gentoo 200703-28 2007-03-31
Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):cyrus-sasl CVE #(s):CVE-2006-1721
Created:April 21, 2006 Updated:September 4, 2007
Description: Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:
Red Hat RHSA-2007:0878-01 2007-09-04
Red Hat RHSA-2007:0795-01 2007-09-04
SuSE SUSE-SA:2006:025 2006-05-05
Fedora FEDORA-2006-515 2006-05-04
Debian DSA-1042-1 2006-04-25
Mandriva MDKSA-2006:073 2006-04-24
Ubuntu USN-272-1 2006-04-24
Gentoo 200604-09 2006-04-21

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

elinks: code execution

Package(s):elinks CVE #(s):CVE-2007-2027
Created:May 7, 2007 Updated:June 7, 2007
Description: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
Alerts:
Gentoo 200706-03 2007-06-06
Ubuntu USN-457-1 2007-05-07

Comments (none posted)

evolution: format string error

Package(s):evolution CVE #(s):CVE-2007-1002
Created:March 27, 2007 Updated:February 27, 2008
Description: A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200706-02 2007-06-06
Red Hat RHSA-2007:0158-01 2007-05-03
Foresight FLEA-2007-0010-1 2007-04-05
Fedora FEDORA-2007-404 2007-04-04
Fedora FEDORA-2007-393 2007-04-04
Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

pop mail man-in-the-middle attacks

Package(s):evolution thunderbird mutt fetchmail CVE #(s):CVE-2007-1558
Created:May 8, 2007 Updated:August 7, 2007
Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
Alerts:
Fedora FEDORA-2007-1447 2007-08-06
rPath rPSA-2007-0127-1 2007-06-19
Foresight FLEA-2007-0026-1 2007-06-18
rPath rPSA-2007-0122-1 2007-06-14
Red Hat RHSA-2007:0385-01 2007-06-07
rPath rPSA-2007-0114-1 2007-06-04
Mandriva MDKSA-2007:113 2007-06-04
Red Hat RHSA-2007:0386-01 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-550 2007-05-31
Fedora FEDORA-2007-551 2007-05-31
Red Hat RHSA-2007:0401-01 2007-05-30
Fedora FEDORA-2007-539 2007-05-30
Fedora FEDORA-2007-540 2007-05-30
Red Hat RHSA-2007:0344-01 2007-05-30
Mandriva MDKSA-2007:107 2007-05-19
Mandriva MDKSA-2007:105 2007-05-17
Red Hat RHSA-2007:0353-01 2007-05-17
Fedora FEDORA-2007-484 2007-05-07
Fedora FEDORA-2007-485 2007-05-07

Comments (none posted)

fail2ban: denial of service

Package(s):fail2ban CVE #(s):CVE-2006-6302
Created:February 16, 2007 Updated:July 30, 2007
Description: fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in to ssh using a login name containing certain strings with an IP address.
Alerts:
Gentoo 200702-05 2007-02-16

Comments (3 posted)

ffmpeg: buffer overflows

Package(s):ffmpeg CVE #(s):CVE-2006-4799 CVE-2006-4800
Created:September 14, 2006 Updated:May 28, 2007
Description: the AVI processing code in FFmpeg has a number of buffer overflow vulnerabilities. If an attacker can trick a user into loading a specially crafted crafted AVI, arbitrary code can be executed with the user's privileges.
Alerts:
Gentoo 200609-09 2006-09-13

Comments (2 posted)

file: denial of service

Package(s):file CVE #(s):CVE-2007-2026
Created:April 18, 2007 Updated:May 25, 2007
Description: The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
Alerts:
rPath rPSA-2007-0109-1 2007-05-24
Foresight FLEA-2007-0022-1 2007-05-24
Gentoo 200704-13 2007-04-17

Comments (none posted)

file: arbitrary code execution

Package(s):file CVE #(s):CVE-2007-1536
Created:March 22, 2007 Updated:May 30, 2007
Description: The "file" utility incorrectly checks the allocated heap memory size. If a remote attacker can trick a user into looking at specially crafted files with file, arbitrary code can be executed with the user's privileges.
Alerts:
Red Hat RHSA-2007:0391-01 2007-05-30
Slackware SSA:2007-093-01 2007-04-04
Gentoo 200703-26 2007-03-30
Debian DSA-1274-1 2007-04-02
Fedora FEDORA-2007-391 2007-03-30
Red Hat RHSA-2007:0124-01 2007-03-23
Mandriva MDKSA-2007:067 2007-03-22
rPath rPSA-2007-0059-1 2007-03-22
Ubuntu USN-439-1 2007-03-21

Comments (1 posted)

firefox: FTP PASV port-scanning

Package(s):firefox seamonkey CVE #(s):CVE-2007-1562
Created:March 23, 2007 Updated:June 4, 2007
Description: According to this advisory, the FTP protocol includes the PASV (passive) command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice.
Alerts:
Fedora FEDORA-2007-0066 2007-06-01
Fedora FEDORA-2007-0050 2007-06-01
Fedora FEDORA-2007-0001 2007-06-04
rPath rPSA-2007-0112-1 2007-05-31
Foresight FLEA-2007-0023-1 2007-05-31
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-554 2007-05-31
Fedora FEDORA-2007-549 2007-05-31
Fedora FEDORA-2007-549 2007-05-31
Fedora FEDORA-2007-549 2007-05-31
Fedora FEDORA-2007-549 2007-05-31
Red Hat RHSA-2007:0402-01 2007-05-30
Red Hat RHSA-2007:0400-01 2007-05-30
rPath rPSA-2007-0062-1 2007-04-04
Ubuntu USN-443-1 2007-03-27
Foresight FLEA-2007-0001-1 2007-03-22

Comments (1 posted)

freeradius: memory leak

Package(s):freeradius CVE #(s):CVE-2007-2028
Created:April 17, 2007 Updated:May 15, 2007
Description: A memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
Alerts:
Fedora FEDORA-2007-499 2007-05-14
Red Hat RHSA-2007:0338-01 2007-05-10
Gentoo 200704-14 2007-04-17
Mandriva MDKSA-2007:085 2007-04-16

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:October 10, 2007
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:February 28, 2008
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gdb: buffer overflow

Package(s):gdb CVE #(s):CVE-2006-4146
Created:September 15, 2006 Updated:June 12, 2007
Description: A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
Alerts:
Red Hat RHSA-2007:0469-01 2007-06-11
Red Hat RHSA-2007:0229-02 2007-05-01
Ubuntu USN-356-1 2006-10-02
Fedora FEDORA-2006-975 2006-09-14

Comments (none posted)

gimp: arbitrary code execution

Package(s):gimp CVE #(s):CVE-2007-2356
Created:May 1, 2007 Updated:June 11, 2007
Description: From this Secunia advisory: "Marsu has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "set_color_table()" function in plug-ins/common/sunras.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .RAS file."
Alerts:
Debian DSA-1301-1 2007-06-09
Ubuntu USN-467-1 2007-05-31
Mandriva MDKSA-2007:108 2007-05-22
Red Hat RHSA-2007:0343-01 2007-05-21
SuSE SUSE-SR:2007:011 2007-05-16
Gentoo 200705-08 2007-05-07
rPath rPSA-2007-0090-1 2007-05-03
Foresight FLEA-2007-0015-1 2007-04-30

Comments (3 posted)

gimp: symlink issue

Package(s):gimp CVE #(s):
Created:May 8, 2007 Updated:May 9, 2007
Description: The GIMP package in Fedora includes a helper script /usr/sbin/gimp-plugin-mgr for plugins contained in other packages, for example, xsane-gimp. This script manages symlinks from the GIMP plugin directory (which may change between upgrades) to the actual location of the plugins. A bug has been fixed in this erratum of GIMP that was in all older GIMP packages. The bug concerns the execution order in which the symlinks are installed and removed, causing the symlinks to vanish when the GIMP package is updated.
Alerts:
Fedora FEDORA-2007-491 2007-05-07
Fedora FEDORA-2007-489 2007-05-07

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:June 1, 2007
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:April 17, 2008
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Red Hat RHSA-2008:0165-01 2008-04-16
Red Hat RHSA-2008:0145-01 2008-04-16
Fedora FEDORA-2007-1340 2007-07-30
Mandriva MDKSA-2007:147 2007-07-20
Ubuntu USN-481-1 2007-07-10
Gentoo 200705-13 2007-05-10
Fedora FEDORA-2007-414 2007-04-17
Fedora FEDORA-2007-413 2007-04-05
rPath rPSA-2007-0064-1 2007-04-04

Comments (none posted)

imlib2: arbitrary code execution

Package(s):imlib2 CVE #(s):CVE-2006-4806 CVE-2006-4807 CVE-2006-4808 CVE-2006-4809
Created:November 6, 2006 Updated:August 13, 2007
Description: M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.
Alerts:
Mandriva MDKSA-2007:156 2007-08-10
Gentoo 200612-20 2006-12-20
Fedora FEDORA-EXTRAS-2006-004 2006-11-09
Mandriva MDKSA-2006:198-1 2006-11-06
Mandriva MDKSA-2006:198 2006-11-06
Ubuntu USN-376-2 2006-11-06
Ubuntu USN-376-1 2006-11-03

Comments (none posted)

ipsec-tools: denial of service

Package(s):ipsec-tools CVE #(s):CVE-2007-1841
Created:April 10, 2007 Updated:August 28, 2007
Description: A flaw was discovered in the IPSec key exchange server "racoon". Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service.
Alerts:
Fedora FEDORA-2007-665 2007-08-27
Debian DSA-1299-1 2007-06-07
Red Hat RHSA-2007:0342-01 2007-05-17
Gentoo 200705-09 2007-05-08
SuSE SUSE-SR:2007:008 2007-04-27
Mandriva MDKSA-2007:084 2007-04-16
Ubuntu USN-450-1 2007-04-09

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 8, 2007
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

kdelibs: cross-site scripting

Package(s):kdelibs konqeror CVE #(s):CVE-2007-0537
Created:February 5, 2007 Updated:August 13, 2007
Description: Konqueror 3.5.5 does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.
Alerts:
Mandriva MDKSA-2007:157 2007-08-10
Gentoo 200703-10 2007-03-10
rPath rPSA-2007-0052-1 2007-03-07
Ubuntu USN-420-1 2007-02-06
Mandriva MDKSA-2007:031 2007-02-02

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1357
Created:April 16, 2007 Updated:November 14, 2007
Description: The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Ubuntu USN-464-1 2007-05-23
SuSE SUSE-SA:2007:030 2007-05-10
SuSE SUSE-SA:2007:029 2007-05-03
rPath rPSA-2007-0071-1 2007-04-16
Fedora FEDORA-2007-432 2007-04-13
Fedora FEDORA-2007-433 2007-04-13

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:May 7, 2008
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4623
Created:October 18, 2006 Updated:November 14, 2007
Description: The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data.
Alerts:
Ubuntu USN-489-1 2007-07-19
rPath rPSA-2006-0194-1 2006-10-17

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-0005 CVE-2007-1000
Created:March 15, 2007 Updated:November 14, 2007
Description: The Linux kernel has a boundary error problem with the Omnikey CardMan 4040 driver read and write functions. This can be used to cause a buffer overflow and possible execution or arbitrary code with kernel privileges.

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference. Local users can use this to crash the kernel or to disclose kernel memory.

Alerts:
Fedora FEDORA-2007-599 2007-06-21
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Debian DSA-1286-1 2007-05-02
Red Hat RHSA-2007:0169-01 2007-04-30
Mandriva MDKSA-2007:078 2007-04-04
Fedora FEDORA-2007-336 2007-03-14
Fedora FEDORA-2007-335 2007-03-14

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-0007 CVE-2007-0006
Created:February 15, 2007 Updated:November 14, 2007
Description: Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service vulnerability. A remote attacker can cause the key_alloc_serial function's key serial number collision avoidance code to have a null dereference, resulting in a crash.
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Red Hat RHSA-2007:0099-02 2007-03-14
rPath rPSA-2007-0050-1 2007-03-06
Red Hat RHSA-2007:0085-01 2007-02-27
Mandriva MDKSA-2007:047 2007-02-21
Fedora FEDORA-2007-226 2007-02-13
Fedora FEDORA-2007-225 2007-02-13

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:December 3, 2007
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1861 CVE-2007-2242
Created:May 1, 2007 Updated:February 8, 2008
Description: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. Also the IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Alerts:
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-508-1 2007-08-31
Mandriva MDKSA-2007:171 2007-08-28
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0347-01 2007-05-16
Debian DSA-1289-1 2007-05-13
Foresight FLEA-2007-0016-1 2007-05-08
rPath rPSA-2007-0084-1 2007-05-01
Fedora FEDORA-2007-483 2007-05-01
Fedora FEDORA-2007-482 2007-05-01

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):kernel