|
|
| |
|
| |
LWN.net Weekly Edition for February 14, 2008
By Jake Edge February 13, 2008
Escaping the cold for 70 degree days in Los Angeles might be a reason for
some—Colorado-based LWN Editors for example—but it clearly is
not the reason that most folks choose to attend Southern
California Linux Expo (SCALE). Many of the approximately 1400 attendees already live in the region, so it
is the speakers, participants, and the expo floor that bring them in.
I attended
the sixth annual
SCALE (SCALE 6x), just held, February 8-10 and it didn't take me very long to see
why it continues to grow and prosper.
SCALE is a three day event, with two main conference days on Saturday and
Sunday and a set of mini-conferences running in parallel on Friday. Each
mini-conference covers a focused topic of interest to the community, with
this year's topics examining Women
in Open
Source (WIOS), Open Source Software in Education (OSSIE), and Demonstrating Open Source
Healthcare Solutions (DOHCS). It was a full day as each had eight or more
hour-long sessions.
Allison Randal kicked off the WIOS track with a
presentation aimed at encouraging more women to give presentations at
conferences. Her talk, "The Art of Conference Presentations", was not
particularly gender specific, of course. It covered the process of proposing,
creating and giving talks to conferences. Randall's advice was cogent,
from avoiding "cute" titles to establishing credibility via your
biography without feeling like you are bragging. Her most important point was
to not wait around until you are the perfect speaker, but to go out and
start speaking; your voice and style will come with practice.
Over in the OSSIE track, Dan Anderson related his experiences teaching
computer science concepts to middle and high school students over the last
fourteen years. His approach
is to use computing as a bridge between math, science, and technology. He
discussed the process of creating, or trying to create, a stable curriculum
in the face of rapid technological change. Because the hardware, operating
systems, and languages all change quickly, his courses need to focus on
concepts that are not specific to any of those. Over the years he has
taught, the language used in the advanced placement course—dictated
by the state CollegeBoard company—has gone from Pascal, through C++, and now uses Java,
with some rumblings being heard about moving to Python. As he points out,
"much of what a High School student learns about technology will be
outdated by the time they graduate from college."
He uses How to Design Programs as the
core text for his courses. It uses a graphical
programming environment called DrScheme, which is based on Scheme,
that allows different subsets of the language to be used based on the skill
level of the student. Anderson has integrated various peripherals, like
cameras and audio equipment, into the environment so that students can
interact with the real world in interesting ways. His students work on
projects like voice authentication and computer vision; this year's project
is to recognize tic-tac-toe as drawn on a white board.
Other topics from OSSIE included a tutorial introduction to
the moodle content management system (CMS) for
online learning. Much like other CMS projects, moodle allows the creation
of websites with various kinds of content—audio,
video, images, and text—but organized as a course. It provides a
framework and philosophy to guide the development of online classes.
Students access the content via the web, completing tasks, taking quizzes,
and participating in forums and chats with other students.
Charles Edge (no relation) spoke about the challenges of implementing
directory services for educational institutions. One problem is that the
term "directory services" cover a large amount of ground, from tracking
users (both employees and students) to allowing single sign-on (SSO) into
multiple machines and services throughout the school. The biggest
challenge can be handling the sheer numbers of people to be tracked. Open
source solutions do exist, OpenLDAP
for storing the information, Kerberos for single sign-on and Simple Authentication and Security
Layer (SASL) for extending the reach of the SSO into other services,
but it is complex to configure and administer. For scalability and
robustness in large installations, Edge suggests Microsoft's Active
Directory, which was not a particularly popular opinion with the open
source oriented audience.
The first day closed with a WIOS panel discussion, where
six of the women presenting or showing at the conference discussed the
issues facing women in open source. The discussion was informal and
wide-ranging with a great deal of audience participation. Audience members
asked questions as well as offered opinions and theories on why the
participation of women is low and what can be done to make things better.
No real conclusions were reached, as is usual for discussions of this
topic; it is one of the more puzzling attributes of the free/open source
community.
The animated and amusing Ubuntu community manager Jono Bacon gave a
rousing keynote to start things off on Saturday. He tried to ensure that
everyone was awake by leading a greeting in multiple languages (including
Klingon). His main point was to describe the responsibilities of the
various "factions" that jockey to determine the future of open source
software—companies, distributions, and communities—trying to
show that each has an important role. In fact, it is up to all
constituents to ensure that the greater Linux ecosystem thrives and that
each group works well with the others. It was all pretty much "motherhood and
apple pie" stuff, but well described and illustrated—all with Chuck
Norris to keep track of the score. Bacon did provide the quote of the show
when he said that free software was "started by a guy with a beard
who was pissed off at a printer."
Saturday was also the first day that the expo floor was open. Some 80
booths were there, representing companies large and small as well as lots
of free software projects. One of the more interesting booths contained a
working simulator of a 747 cockpit. All of the instruments were driven
from a realtime Linux box and the FlightGear flight simulator was used
to generate the cockpit window view. The two machines communicated over
the network and various laptops were able to view the flight from other
perspectives by getting updates from the simulator. It was rather impressive.
The linuxastronomy.org project
was also on hand with their telescope prototype. The telescope will be
controlled via a Linux machine allowing it to be pointed at locations as
specified by users. A Linux desktop application will send locations to the
telescope over the internet, allowing it to be remotely controlled so that
it can be installed in a mountaintop or other location with (relatively)
little light pollution and good viewing conditions. In addition, the
project was demonstrating many of the free astronomy programs available for
Linux.
A mobile audio studio product, Indamixx, did not have a booth, but
could be seen all over the show. The company loaned two of the UMPC-based
devices to the conference which were used to do podcasts of interviews with
speakers and attendees. The device runs Linux with Audacity and ardour along with other free software. The
company has tweaked things to make it all work well and be easy to use on
the device. It looks to be quite capable as well as easily portable.
In another interesting talk, David Maxwell of Coverity gave an update on their project
to scan free software for security holes. The US Department of Homeland
Security gave Coverity a grant to work with free software projects to use
the Coverity Prevent static code analysis tool (once known
as the "Stanford Checker") on the code. The scan project has found over 7,000
defects in around a hundred free software projects since its inception. Maxwell
is the Open Source Strategist for Coverity; he is looking for more projects
to participate. He is encouraging any free/open source software project to
get in touch with him to get signed up for the program.
Projects that join get their code scanned
with a report being generated on the Coverity website for project members to
view. The projects can then fix any of the issues that are actually bugs,
mark others as "not a bug", and resubmit the code. The Coverity system
will check the latest code out of their source code repository and check it
again. Once all issues that the tool finds are handled, the project can
move up to a higher "rung on the scan ladder" which will allow them to be
scanned by more recent versions of the Coverity tool.
Bdale Garbee had perhaps the geekiest talk of the show on Saturday afternoon with
"Open Avionics for Model Rockets". Garbee gave an overview of the hobby,
which has gone far beyond the Estes rockets that many of us dabbled with in
our youth. These rockets can go to 10,000 feet and above; just how high
they go is one of the questions that led folks to start outfitting them
with instruments. Deploying the recovery system—typically a
parachute—at apogee is very desirable and a barometric sensor with a
little bit of logic tied to the ejection charge can do just that.
Unfortunately, all of the commercially available options for these systems
are completely closed; even the protocol to talk to the
device is not released by the manufacturers.
Garbee decided to once again combine one of his hobbies with open source to
design and build an open device. Both the hardware and software will be
released under free licenses (GPL and
Open Hardware License); he had
version 0.1 of the hardware (missing the accelerometer due to a problem in
the board layout) with him at the show. The AltusMetrum system also has an onboard
barometric sensor and will be able to support things like GPS devices and
radio transmitters—so that lost rockets do not stay lost. Garbee
expects to flight test the board and design version 0.2 of the hardware
over the coming months.
Sunday's keynote, by Stormy Peters of OpenLogic was entitled "Would you do
it again for free?". Peters looked at whether external rewards, usually
money, affect the motivation of open source developers; in particular, if
the pay stops, will the project work stop as well? She cited four
separate "studies" (including two that weren't intended as studies) that
seemed to show that adding a reward, or penalty, can sometimes have a counter-intuitive
effect (see an entry
in her weblog for more information).
Peters came to no firm conclusions about what the long-term effects of paying
open source developers would be, but there are some mitigating factors that
seem to provide hope that developers would continue if the paychecks
stopped. When a payment or reward is in line with expectations for doing
a particular task, it is much less demotivating. Also, if the payment is
for working on the project, not tied to a specific goal or milestone, it is
also less of a problem. Both of those are typically the case with folks
who are paid—40% of open source developers are, according to
Peters—for their work in the community.
After a last wander through the show floor, I was able to catch a few
minutes of the talk given by Ken Gilmer and Angel Roman of Bug Labs describing their modular embedded
Linux gadget building system. The system consists of a core module along
with various plug-in devices: camera, motion detector, GPS, etc. that can
be combined into a single Java programmable device. Many additional peripheral
modules are planned. The software that runs on the device is free and Bug
Labs has a community site to share application code; they are clearly
hoping that they can foster a community of users and developers.
As can be seen, SCALE offers a wide variety of technical content in a well
organized and fun conference. It has grown beyond the capacity of the
Airport Westin where it has been held for the last few years; expect a new,
bigger venue somewhere in LA next year. Over the last few years, SCALE has
drawn from more areas of the southwest US in moving from a small, local
conference to a regional one. If things continue, in another few years it
may grow into a national conference; one can only hope that if that
happens, it will continue to be as well run and interesting as it is today.
Comments (12 posted)
By Jonathan Corbet February 8, 2008
The X window system is the kernel of the desktop Linux experience; if X
does not work well, nothing built on top of it will work well either. Despite
its crucial role, X suffered from relative neglect for a number of years
before being revitalized by the X.org project. Two talks at linux.conf.au
covered the current state of the X window system and where we can expect
things to go in the near future.
Keith Packard is a fixture at Linux-related events, so it was no surprise
to see him turn up at LCA. His talk covered X at a relatively high,
feature-oriented level. There is a lot going on with X, to say the least.
Keith started, though, with the announcement that Intel had released
complete documentation for some of its video chips - a welcome move, beyond
any doubt.
There are a lot of things that X.org is shooting for in the near future.
The desktop should be fully composited, allowing software layers to provide
all sorts of interesting effects. There should be no tearing (the
briefly inconsistent windows which result from partial updates). We need
integrated 2D and 3D graphics - a goal which is complicated by the fact
that the 2D and 3D APIs do not talk to each other. A flicker-free boot
(where the X server starts early and never restarts) is on most
distributors' wishlist. Other desired features include fast and secure
user switching, "hotplug everywhere," reduced power consumption, and a
reduction in the (massive) amount of code which runs with root privileges.
So where do things stand now? 2D graphics and textured video work well.
Overlaid video (where video data is sent directly to the frame
buffer - a performance technique used by some video playback applications)
does not work with compositing, though. 3D graphics does not always work
that well either; Keith put up the classic example of glxgears running
while the window manager is doing the "desktops on a cube" routine - the 3D
application runs outside of the normal composite mechanism and so cannot be
rotated with all the other windows.
On the tearing front, only 3D graphics supports no-tearing operations now.
Avoiding tearing is really just a matter of waiting for the video retrace
before making changes, but the 2D API lacks support for that.
The integration of APIs is an area requiring some work still. One problem
is that Xv (video) output cannot be drawn offscreen - again, a problem for
compositing. Some applications still use overlays, which really just have
no place on the contemporary desktop. It is impossible to do 3D graphics
to or from pixmaps, which defeats any attempt to pass graphical data
between the 2D and 3D APIs. On the other side, 2D operations do not
support textures.
Fast user switching can involve switching between virtual terminals, which
is "painful." Only one user session can be running 3D graphics at a time,
which is a big limitation. On the hotplug front, there are some
limitations on how the framebuffer is handled. In particular, the X server
cannot resize the framebuffer, and it can only associate one framebuffer
with the graphics processor. Some GPUs have maximum line widths, so the
one-framebuffer issue limits the maximum size of the internal desktop.
With regard to power usage: Keith noted that using framebuffer compression
in the Intel driver saves 1/2 watt of power. But there are a number of
things to be fixed yet. 2D graphics busy-waits on the GPU, meaning that a
graphics-intensive program can peg the system's CPU, even though the GPU is
doing all of the real work. But the GPU could be doing more as well; for
example, video playback does most of the decoding, rescaling, and color
conversion in the CPU. But contemporary graphics processors can do all of
that work - they can, for example, take the bit stream directly from a DVD
and display it. The GPU requires less power than the CPU, so shifting that
work over would be good for power consumption as well as system
responsiveness.
Having summarized the state of the art, Keith turned his attention to the
future. There is quite a bit of work being done in a number of areas - and
not being done in others - which leads toward a better X for everybody. On
the 3D compositing front, what's needed is to eliminate the "shared back
buffers" used for 3D rendering so that the rendered output can be handled
like any other graphical data.
Eliminating tearing requires providing the ability to synchronize with the
vertical retrace operation in the graphics card. The core mechanism to do
this is already there in the form of the X Sync extension. But, says
Keith, nobody is working on bringing all of this together at the moment.
Getting rid of boot-time flickering, instead, is a matter of getting the X
server properly set up sufficiently early in the process. That's mostly a
distributor's job.
To further integrate APIs, one thing which must be done is to get rid of
overlays and to allow all graphical operations (including Xv operations) to
draw into pixmaps. There is a need for some 3D extensions to create a
channel between GLX and pixmaps.
Supporting fast user switching means adding the ability to work with
multiple DRM master. Framebuffer resizing, instead, means moving
completely over to the EXA acceleration architecture and finishing the
transition to the TTM memory
manager. In the process, it may become necessary to break all existing
DRI applications, unfortunately. And multiple framebuffer support is the
objective of a project called "shatter," which will allow screens to be
split across framebuffers.
Improving the power consumption means getting rid of the busy-waiting with
2D graphics (Keith say the answer is simple: "block"). The XvMC protocol
should be extended beyond MPEG; in particular, it needs work to be able to
properly support HDTV. All of this stuff is currently happening.
Finally, on the security issue, Keith noted the ongoing work to move
graphical mode setting into the kernel. That will eliminate the need for
the server to directly access the hardware - at least, when DRM-based 2D
graphics are being done. In that case, it will become possible to run the
X server as "nobody," eliminating all privilege. There are few people who
would argue against the idea of taking root privileges away from a massive
program like the X server.
In a separate talk, Dave Airlie covered the state of Linux graphics at a
lower level - support for graphics adapters. He, too, talked about moving
graphical mode setting into the kernel, bringing an end to a longstanding
"legacy issue" and turning the X server into just a rendering system. That
will reduce security problems and help with other nagging issues (graphical
boot, suspend and resume) as well.
Mode setting is the biggest area of work at the moment. Beyond that, the
graphics developers are working on getting TTM into the kernel; this will
give them a much better handle on what is happening with graphics memory.
Then, graphics drivers are slowly being reworked around the Gallium3D
architecture. This will improve and simplify these drivers significantly, but "it's
going to be a while" before this work is ready. The upcoming DRI2 work will improve buffering and
fix the "glxgears on a cube" problem.
Moving on to graphics adapters: AMD/ATI has, of course, begun the process
of releasing documentation for its hardware. This happened in an
interesting way, though: AMD went to SUSE in order to get a driver
developed ahead of the documentation release; the result was the "radeonhd"
driver. Meanwhile, the Avivo project, which had been reverse-engineering
ATI cards, had made significant progress toward a working driver. Dave
took that work and the AMD documentation to create the
improved "radeon" driver. So now there are two competing projects writing
drivers for ATI adapters. Dave noted that code is moving in both
directions, though, so it is not a complete duplication of work. (As an
aside, from what your editor has heard, most observers expect the radeon
driver to win out in the end).
The ATI R500 architecture is a logical addition to the earlier (supported)
chipsets, so R500 support will come relatively quickly. R600, instead, is
a totally new processor, so R600 owners will be "in for a wait" before a
working driver is available.
Intel has, says Dave, implemented the "perfect solution": it develops free
drivers for its own hardware. These drivers are generally well done and
well documented. Intel is "doing it right."
NVIDIA, of course, is not doing it right. The Nouveau driver is coming
along, now, with 5-6 developers working on it. Dave had an RandR
implementation in a state of half-completion for some time; he finally
decided that he would not be able to push it forward and merged it into the
mainline repository. Since then, others have run with it and RandR support
is moving forward quickly. It was, he says, a classic example of why it is
good to get the code out there early, whether or not it is "ready."
Performance is starting to get good, to the point that NVIDIA suddenly
added some new acceleration improvements to its binary-only driver.
Dave is still hoping that NVIDIA might yet release some documents - if it
happens by next year, he says, he'll stand in front of the room and dance a
jig.
Comments (69 posted)
By Jonathan Corbet February 13, 2008
Part 4 of this retrospective
ended in October, 2002, when LWN adopted its current subscription model.
That change brought a certain amount of stability for LWN (too much, we
might argue), but, in the wider Linux world, things continued to happen.
This installment picks up where the last left off.
During this period, the business of Linux was relatively quiet - not that
many acquisitions, but not many failures either. But quite a bit was
happening around legal issues, copyright enforcement, and more...
- October 10, 2002:
BitKeeper flames return as the non-compete clause in its license comes
to light.
The sendmail source distribution is trojaned.
BitKeeper flames were a more-or-less constant feature in those days, but BitKeeper
became an established part of the kernel development process anyway.
In the October 10, 2002 edition, your editor wrote: "If Larry
McVoy (or his board of directors) wakes up hung over one morning and
decides to end free access to BitKeeper, the show is over." That
was, unfortunately, an example of your editor's crystal ball working rather
better than usual.
The trojaning of sendmail was the first of a few such incidents. It looked
like a scary trend for a while, but, in fact, the frequency of this kind of
attack has dropped quite a bit in the intervening years.
- October 31, 2002: the
first cryptographic code is finally merged into the Linux kernel. The
first Reiser4 snapshot is posted.
- December 19, 2002: The
Creative Commons project is launched. ElcomSoft (Dmitry Sklyarov's
employer) is acquitted of DMCA violation charges. Kernel developers
start to complain that the 2.5 feature freeze is thawing.
- January 16, 2003: The
U.S. Supreme Court decides in favor of unlimited copyright term
extensions. MandrakeSoft enters bankruptcy. The SCO Group starts
making noises about its "Unix IP."
- January 30, 2003: SCO
forms SCOSource and makes rather more dire noises about Linux.
By this point, there was a certain amount of discomfort over the direction
SCO was taking. But nobody had any clue of just how weird it would
actually get.
Remember the days of disruptive worms? MS-SQL was one of the scariest, in
that it did most of its propagation in just a few minutes. We don't see to
many worms like that anymore; contemporary crackers prefer to turn systems
into zombies and rent them out.
And so it began, with SCO telling the world that the Linux community could
not possibly have achieved what it did unless the work had been stolen by
IBM.
For the remainder of this retrospective, your editor will attempt to keep
the number of SCO-related entries to a minimum. It has been quite an
experience to go back and reread all of those
McBride/Enderle/Boies/DiDio/Lyons/etc. quotes, and it is tempting to put
them all here. But that temptation will be resisted; those who want to
relive that bit of bizarre history in more detail can read the LWN pages
directly or dig through the considerable resources at Groklaw.
SCO is about as scary as Y2K now, but, in 2003, the SCO suit was a
frightening event. To many of us it seemed possible that, maybe, one out
of thousands of developers might have slipped something improper into the
kernel code base. And, in any case, we were under attack by a company with
millions of dollars to burn and a loud-mouthed CEO. The whole thing cost
us a lot of time and anxiety - and, for those most directly involved -
money.
Nonetheless, your editor will reiterate his claim that, overall, the SCO
attack has been good for us. We needed to improve our legal defenses; as
Linux grew, there could be no doubt that people would attempt to use the
legal system to grab a piece of the pie. In SCO we had an arrogant assailant
with no substance; we were attacked by a clown. We got the ability to
straighten up our processes, arrange better legal help, and prove that our
code is clean without the inconvenience of facing a complaint with a bit of
legitimacy. The community is now close to immune from copyright-based
attack, and is much better poised to deal with similar attackers (patent
trolls, for example) who could still do us some serious damage.
- March 27, 2003: Keith
Packard is kicked out of the XFree86 core team. Red Hat Linux 9
- the last Red Hat Linux release - is announced.
- May 15, 2003: SCO
suspends Linux sales and sends a warning letter to 1500 Linux users.
- May 22, 2003: The GNU and
Ghostscript projects part ways. Microsoft buys a $10 million
Unix license from SCO.
- May 29, 2003: Novell
claims that it, not SCO, owns Unix. Kernel developers get upset about
the fact that there has been no 2.4 kernel release for six months.
The 2.5 kernel gets a reworked char device layer, IDE tagged command
queueing support and the USB gadget subsystem - seven months into the 2.5
feature freeze. The city of Munich decides to move to Linux.
Novell's claim was clearly significant at the time, though it fell below
the radar again for several months. In the end, of course, this was the
factor which killed SCO. That is convenient, but almost unfortunate too:
there would have been value in seeing the substance of SCO's claims
demolished in court.
In these days of fast releases, it is interesting to consider that, for the
first half of 2003, there were no stable kernel releases at all.
- June 19, 2003: Linus
Torvalds moves to OSDL. The kernel gets a massively reworked ext3
filesystem - eight months into the feature freeze. SCO raises its
claim for damages to $3 billion and "terminates" IBM's AIX
license. Software patents return to the European Parliament.
- July 10, 2003: Andrew
Morton moves to OSDL.
OSDL was often controversial in the Linux community, but nobody doubted
that providing a home for developers like Linus and Andrew was a good
thing. Until now, neither had held a job where working on Linux was their
primary duty.
Meanwhile, few suspected how big the software patent battle in Europe would
become - or that the anti-patent side would emerge victorious (for now).
- July 17, 2003: The
2.6.0-test1 kernel is released; it includes the new anticipatory disk
I/O scheduler. Slackware celebrates its 10th anniversary. The
Mozilla Foundation is created.
- July 24, 2003: Red Hat
gets out of the boxed distribution business. Mozilla starts
requesting donations from users.
Selling Linux in boxes was how Red Hat got going, so the end of that
business was a clear sign that things had changed. The separation of
Mozilla and AOL (which had bought Netscape) was a little scary at the time;
it seemed that the project could fade away before the Mozilla browser became
truly ready and that it was an Internet Explorer future for all of us.
Things were a little lean at Mozilla for a while. Now that Mozilla is
bringing in tens of millions of dollars every year, the idea that it once
sought donations is amusing.
- August 7, 2003: Novell
acquires Ximian. Red Hat files suit against SCO. SCO offers the
"intellectual property license for Linux." SELinux is merged for the
2.6.0-test3 kernel.
- August 21, 2003: SCO
shows some "copied code."
SCO, remember, "encrypted" its slides of "copied" code by switching them to
a Greek font - a scheme which the community, somehow, managed to overcome.
The code in question was straight from ancient Unix; it had been
contributed by SGI, and had already been removed by the time it was
revealed. After this, nobody worried that SCO might come up with the
"millions of lines" of code that, it said, it could prove it owned.
- September 25, 2003: The
Fedora project launches. Software patents pass in the European
Parliament. Sun's Jonathan Schwartz says "We do not believe
that Linux plays a role on the server. Period."
- October 16, 2003: Under
pressure from the FSF and others, LinkSys releases source for its
WRT54G routers.
Fedora started with all kinds of talk about what a community-oriented
project it would be. The reality was rather slower in coming, but is
beginning to be visible now. Meanwhile, Fedora was a useful (and used)
distribution from the outset.
The LinkSys settlement was the result of a long battle. It was an important
early GPL enforcement action which led to the creation of a number of
distributions created for the sole purpose of doing interesting things on
LinkSys routers. The ironic result is that LinkSys almost certainly sold
quite a few more units than it would have if it had continued to hold on to
the code.
- October 23, 2003: SCO
gets $50 million from BayStar.
- November 6, 2003: Novell
acquires SUSE. A fight erupts over the "Linux Gazette" name.
- December 24, 2003: SCO
claims ownership of the Unix ABI. The 2.6.0 kernel is released. Red
Hat acquires Sistina. The Mozilla Foundation asks for more
donations.
2.6.0 took almost exactly three years after 2.4.0 came out. For the few
developers who had observed the 2.4 feature freezes, their code - which
could be four years old at this point - was only now making it into an
official mainline release. It was not yet understood at this point, but,
once 2.6.0 came out, the "new kernel development model" started to take
shape. Never again would we go years between major stable releases.
- January 22, 2004: SCO
files its "slander of title" suit against Novell. Linus gets dunked.
- January 29, 2004:
UnitedLinux dies a quiet death. SCO sends a letter to the
U.S. Congress. Version 2 of the Apache License is adopted.
- February 5, 2004: XFree86
leader David Dawes changes the project's license.
There had been trouble in XFree86 for a long time, but the license change
brought it all to a head. This was the move which killed XFree86, led to
the creation of the revitalized X.org, and, eventually, brought life back
to X development.
The first Grumpy Editor
article was never intended to be the beginning of a series; your editor
was simply grumpy that the Galeon browser had gone the route of many early
GNOME 2.x applications: less configurability, fewer features, and worse
performance. The persona proved popular with readers, though, and the
Grumpy Editor has been making irregular appearances on LWN ever since.
- February 19, 2004: The
Netfilter team settles its first GPL enforcement action in Europe.
- February 26, 2004: X11
development moves to the freedesktop.org project. MandrakeSoft is
ordered by a French court to stop using the "Mandrake" name.
- March 4, 2004: SCO sues
AutoZone and DaimlerChrysler. EV1Servers.Net buys an expensive SCO
license - a move they certainly still regret. FreeS/WAN shuts down.
The attack on Linux users had been long foreshadowed - and feared.
Regardless of the validity of its claims, SCO could certainly make life
hard for Linux by attacking those who use it. The attacks were so
laughable, though, that they had no appreciable effect, even in the short
term.
- March 11, 2004: The
Anderer memo surfaces, tying SCO to Microsoft. The tenth anniversary
of the green card spam.
- March 18, 2004: Open
Source Risk Management launches. MandrakeSoft files its plan to exit
bankruptcy.
For those who don't remember, OSRM was a scheme to sell insurance against
legal attacks to users of free software. But, by this point, nobody was
all that worried about SCO, and OSRM never did take off. On the other
hand, MandrakeSoft did succeed in getting out of bankruptcy and is still
with us.
- March 25, 2004: BitMover
claims that the pace of kernel development has doubled as a result of
the adoption of BitKeeper.
This installment started with BitKeeper, and will end there. For all the
complaints about BitKeeper and its associated "don't piss off Larry"
license, few could contest the claim that kernel development was proceeding
at a much faster pace. We needed a tool like that. To this day, it
remains discouraging that we were not able to develop a distributed
revision control system for ourselves until Larry McVoy and BitMover showed
the way. If there was ever an itch in need of scratching, this was it.
The next installment (which will most likely appear two weeks from now)
will start with April, 2004 and come fairly close to the present. Stay
tuned.
Comments (4 posted)
Page editor: Jake Edge
Security
By Jake Edge February 13, 2008
The Eee PC has garnered a lot of press
for its small form factor, low weight, and solid-state disk, but it has
also made a poor showing with security researchers. RISE Security released
a report on the security of
the Eee last week, showing that it can be subverted ("rooted") right out of
the box from ASUS. Unfortunately, it is even worse than that as, even after
updating an Eee using the standard mechanism, the hole is not patched.
The vulnerability identified by RISE is in the Samba daemon (smbd), version
3.0.24, which is installed and runs on stock Eee PCs. The vulnerability, CVE-2007-2446
was identified and patched last May, so the Eee is shipping with a version
of Samba known to be vulnerable to an arbitrary code execution flaw for
nine months or so. In itself, that is not completely surprising.
When hardware vendors install a distribution—or commercial OS like
Windows—they tend to install the latest released version, which is likely to be out of date with respect to security
issues. A vendor installing Fedora 8 or Debian etch today will be behind
on countless security updates. But, unlike the Samba problem discovered on
the Eee, updates do exist in the standard places. If the new user updates
their system immediately, there is a fairly small window of vulnerability.
Unfortunately for Eee owners, the modified Xandros distribution that comes
with it does not yet have an update for Samba. This leaves all Eee PCs
vulnerable to being rooted by anyone on the same network. Since the Eee is
meant as a mobile device, it likely spends a lot of its time connected to
various public networks, especially wireless networks. The Eee makes an
interesting target for attackers because it very well might have
authentication information for banks or brokerages as well as other private
or confidential files.
Some have seriously
downplayed the threat but it is clear they don't understand it:
The root attack performed was relatively easy to do, if you like command
lines. Maybe Asus or Xandros could work on a patch for this. It almost
makes one wonder how many other exploits are lying under the surface just
waiting to be found. But, it's not like this actually puts you in danger,
just how many hackers are going to be looking for the Asus EeePC or even
Xandros based system online and attack them? Probably not many.
Sales of the Eee last year was around 300,000 units; large
enough to be an attractive target for the malicious. Because there is not an
update to close the hole, Eee users have to rely on other means to protect
themselves. This eeeuser.com
comment thread provides some of the better advice for dealing with the
problem. Removing the Samba package seems to be the simplest, but fairly
heavy handed, way to avoid the hole—but many folks need a working
Samba. There is no way to disable Samba from the Eee GUI which is the way
most owners plan to interact with the machine. This whole incident makes
it seem like ASUS (and perhaps Xandros) are not terribly interested in the
security of the machines that they sell.
There is a larger issue here. When the normal means of getting security
patches comes from the same medium that is also the biggest security
threat, there will always be windows of vulnerability. Even if hardware vendors
diligently update the distribution they install, there is still some
shelf-life and shipping time where security updates can be
released. Various studies have shown that
there may not be enough time to download patches before an unpatched
system succumbs to an attack.
It is a difficult problem to solve completely. Any solution must be very
straightforward and consistent so that unsophisticated users can be trained
to do it as a matter of course. News about security issues needs to get
more widespread attention as well, so that those same users know
when the procedure needs to be followed. Firewalls and other
network protections only go so far if the machine needs to reach out to the
internet to pick up its updates.
If distributions provided some kind of blob (tar file, .deb, .rpm,
etc.) that contained all of the security updates since the release, users
could grab that from a different (presumably patched or not vulnerable)
machine, put it on a USB stick or some other removable media and get it to
the new machine. A utility provided by the distribution could then process
that blob to apply all the relevant patches—all while the vulnerable
machine stayed off the net. As the world domination plan continues,
threats against Linux will become more commonplace; we need to try and
ensure that users, especially the unsophisticated ones, can be secure in
their choice of Linux.
Comments (22 posted)
Brief items
The folks at the Pittsburgh Supercomputing Center have posted a special version of
OpenSSH aimed at high-bandwidth applications. " This cipher mode
introduces multi-threading into the OpenSSH application in order to allow
it to make full use of CPU resources available on multi-core systems. As
the canonical distribution of OpenSSH is unable to make use of more than
one core, high performance transfers can be bottlenecked by the
cryptographic overhead." It's worth noting that the OpenSSH
developers fear the security implications of multi-threading the program
and seem uninclined to incorporate this work.
Comments (23 posted)
New vulnerabilities
clamav: arbitrary code execution
| Package(s): | clamav |
CVE #(s): | CVE-2008-0318
|
| Created: | February 13, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE:
Integer overflow in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (1 posted)
Doomsday: multiple vulnerabilities
| Package(s): | Doomsday |
CVE #(s): | CVE-2007-4642
CVE-2007-4643
CVE-2007-4644
|
| Created: | February 7, 2008 |
Updated: | February 13, 2008 |
| Description: |
From the Gentoo alert:
Luigi Auriemma discovered multiple buffer overflows in the
D_NetPlayerEvent() function, the Msg_Write() function and the
NetSv_ReadCommands() function. He also discovered errors when handling
chat messages that are not NULL-terminated (CVE-2007-4642) or contain a
short data length, triggering an integer underflow (CVE-2007-4643).
Furthermore a format string vulnerability was discovered in the
Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages
(CVE-2007-4644).
This vulnerability can be used for the execution of arbitrary code
or to create a denial of service. |
| Alerts: |
|
Comments (none posted)
duplicity: password disclosure
| Package(s): | duplicity |
CVE #(s): | CVE-2007-5201
|
| Created: | February 13, 2008 |
Updated: | February 13, 2008 |
| Description: |
From the CVE:
The FTP backend for Duplicity sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. |
| Alerts: |
|
Comments (1 posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey thunderbird |
CVE #(s): | CVE-2008-0412
CVE-2008-0413
CVE-2008-0415
CVE-2008-0417
CVE-2008-0418
CVE-2008-0419
CVE-2008-0591
CVE-2008-0592
CVE-2008-0593
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Red Hat advisory:
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)
Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)
A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)
A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)
A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type "plain/text", rather than "text/plain",
Firefox will not show future "text/plain" content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)
|
| Alerts: |
|
Comments (2 posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2008-0414
CVE-2008-0416
CVE-2008-0420
CVE-2008-0594
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Ubuntu advisory:
Flaws were discovered in the file upload form control. A malicious
website could force arbitrary files from the user's computer to be
uploaded without consent. (CVE-2008-0414)
Various flaws were discovered in character encoding handling. If a
user were ticked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-0416)
Flaws were discovered in the BMP decoder. By tricking a user into
opening a specially crafted BMP file, an attacker could obtain
sensitive information. (CVE-2008-0420)
Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
warning dialog wasn't displayed under certain circumstances. A
malicious website could exploit this to conduct phishing attacks
against the user. (CVE-2008-0594)
|
| Alerts: |
|
Comments (none posted)
glib2: buffer overflow
| Package(s): | glib2 |
CVE #(s): | |
| Created: | February 13, 2008 |
Updated: | February 13, 2008 |
| Description: |
From the Fedora advisory:
PCRE 7.6 fixed following bug: A character class containing a very large
number of characters with codepoints greater than 255 (in UTF-8 mode, of
course) caused a buffer overflow. The GLib release 2.14.6 updates the
included copy of PCRE to version 7.6.
|
| Alerts: |
|
Comments (none posted)
gnumeric: arbitrary code execution
| Package(s): | gnumeric |
CVE #(s): | CVE-2008-0668
|
| Created: | February 13, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE:
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
gnumeric: integer overflow and signedness errors
| Package(s): | gnumeric |
CVE #(s): | |
| Created: | February 8, 2008 |
Updated: | February 13, 2008 |
| Description: |
Gnumeric has an integer overflow and signedness errors in the XLS
processing, with unknown consequences. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2008-0657
|
| Created: | February 12, 2008 |
Updated: | April 25, 2008 |
| Description: |
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
| Alerts: |
|
Comments (none posted)
kernel: insufficient range checks
| Package(s): | kernel |
CVE #(s): | CVE-2008-0007
|
| Created: | February 8, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the SUSE advisory: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. |
| Alerts: |
|
Comments (none posted)
kernel: local root privilege escalation
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2008-0010
CVE-2008-0600
|
| Created: | February 11, 2008 |
Updated: | June 23, 2008 |
| Description: |
From the Debian advisory:
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
(CVE-2008-0010, CVE-2008-0600).
|
| Alerts: |
|
Comments (1 posted)
kernel: memory access violation
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2008-0163
|
| Created: | February 11, 2008 |
Updated: | February 13, 2008 |
| Description: |
From the Debian advisory:
In the vserver-enabled kernels, a missing access check on certain
symlinks in /proc enabled local attackers to access resources in other
vservers (CVE-2008-0163).
|
| Alerts: |
|
Comments (none posted)
mailman: cross-site scripting
| Package(s): | mailman |
CVE #(s): | CVE-2008-0564
|
| Created: | February 13, 2008 |
Updated: | April 15, 2011 |
| Description: |
From the Red Hat bugzilla entry:
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before
2.1.10b1 allow remote attackers to inject arbitrary web script or HTML
via unspecified vectors related to (1) editing templates and (2) the
list's "info attribute" in the web administrator interface, a
different vulnerability than CVE-2006-3636.
|
| Alerts: |
|
Comments (none posted)
moin: file overwrite via crafted cookie
| Package(s): | moin |
CVE #(s): | |
| Created: | February 13, 2008 |
Updated: | February 13, 2008 |
| Description: |
From the Fedora advisory:
It was discovered that moin allowed to overwrite arbitrary files writable by the
user running moin using a crafted cookie with certain user IDs via a directory
traversal flaw. This updated package fixes this issue.
|
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | |
| Created: | February 13, 2008 |
Updated: | July 29, 2008 |
| Description: |
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
Upgraded to firefox-2.0.0.12.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack12.0.tgz:
Upgraded to seamonkey-1.1.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
+--------------------------+
|
| Alerts: |
|
Comments (none posted)
mplayer: multiple vulnerabilities
| Package(s): | mplayer |
CVE #(s): | CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
|
| Created: | February 13, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the Debian advisory:
Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0485:
Felipe Manzano and Anibal Sacco discovered a buffer overflow in
the demuxer for MOV files.
CVE-2008-0486:
Reimar Doeffinger discovered a buffer overflow in the FLAC header
parsing.
CVE-2008-0629:
Adam Bozanich discovered a buffer overflow in the CDDB access code.
CVE-2008-0630:
Adam Bozanich discovered a buffer overflow in URL parsing.
|
| Alerts: |
|
Comments (none posted)
netpbm: buffer overflow
| Package(s): | netpbm |
CVE #(s): | CVE-2008-0554
|
| Created: | February 8, 2008 |
Updated: | November 7, 2008 |
| Description: |
From the Mandriva advisory: A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-6698
|
| Created: | February 8, 2008 |
Updated: | April 25, 2008 |
| Description: |
From the CVE entry: The BDB backend for slapd in OpenLDAP before 2.3.36,
allows remote authenticated users to cause a denial of service (crash) via
a potentially-successful modify operation with the NOOP control set to
critical, possibly due to a double free vulnerability. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2008-0658
|
| Created: | February 13, 2008 |
Updated: | July 3, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the openldap package are vulnerable to a Denial of
Service attack in which authenticated users can crash the slapd server.
|
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-4758
CVE-2006-6839
CVE-2006-6840
CVE-2006-6508
CVE-2006-6841
CVE-2008-0471
|
| Created: | February 11, 2008 |
Updated: | February 13, 2008 |
| Description: |
From the Debian advisory:
CVE-2008-0471:
Private messaging allowed cross site request forgery, making
it possible to delete all private messages of a user by sending
them to a crafted web page.
CVE-2006-6841 / CVE-2006-6508:
Cross site request forgery enabled an attacker to perform various
actions on behalf of a logged in user. (Applies to sarge only)
CVE-2006-6840:
A negative start parameter could allow an attacker to create
invalid output. (Applies to sarge only)
CVE-2006-6839:
Redirection targets were not fully checked, leaving room for
unauthorised external redirections via a phpBB forum.
(Applies to sarge only)
CVE-2006-4758:
An authenticated forum administrator may upload files of any
type by using specially crafted filenames. (Applies to sarge only)
|
| Alerts: |
|
Comments (none posted)
SDL_image: buffer overflows
| Package(s): | SDL_image |
CVE #(s): | CVE-2007-6697
CVE-2008-0544
|
| Created: | February 8, 2008 |
Updated: | March 27, 2008 |
| Description: |
From the Mandriva advisory: The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
tk: buffer overflow
| Package(s): | tk |
CVE #(s): | CVE-2008-0553
|
| Created: | February 8, 2008 |
Updated: | November 6, 2008 |
| Description: |
From the Mandriva advisory: The ReadImage() function in Tk did not check CodeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. |
| Alerts: |
|
Comments (none posted)
tomcat: multiple vulnerabilities
Comments (none posted)
wml: multiple file overwrite vulnerabilities
| Package(s): | wml |
CVE #(s): | CVE-2008-0665
CVE-2008-0666
|
| Created: | February 11, 2008 |
Updated: | April 28, 2008 |
| Description: |
From the Debian advisory:
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
generation toolkit, creates insecure temporary files in the eperl and
ipp backends and in the wmg.cgi script, which could lead to local denial
of service by overwriting files.
|
| Alerts: |
|
Comments (none posted)
wordpress: remote editing via unknown vectors
| Package(s): | wordpress |
CVE #(s): | CVE-2008-0664
|
| Created: | February 13, 2008 |
Updated: | July 4, 2008 |
| Description: |
From the CVE:
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache2: information disclosure
| Package(s): | apache |
CVE #(s): | CVE-2007-1862
|
| Created: | June 20, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users." |
| Alerts: |
|
Comments (2 posted)
apache: multiple vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-3304
CVE-2006-5752
|
| Created: | June 27, 2007 |
Updated: | February 18, 2008 |
| Description: |
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752) |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache: several vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-5000
CVE-2007-6388
CVE-2008-0005
|
| Created: | January 15, 2008 |
Updated: | July 29, 2008 |
| Description: |
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005) |
| Alerts: |
|
Comments (1 posted)
apache2: denial of service
| Package(s): | apache2 |
CVE #(s): | CVE-2007-1863
|
| Created: | November 19, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the CVE entry:
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
| Alerts: |
|
Comments (1 posted)
httpd: denial of service, cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CVE-2007-3847
CVE-2007-4465
|
| Created: | September 25, 2007 |
Updated: | February 15, 2008 |
| Description: |
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465) |
| Alerts: |
|
Comments (none posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: insecure permissions
| Package(s): | bind |
CVE #(s): | CVE-2007-6283
|
| Created: | December 21, 2007 |
Updated: | July 10, 2008 |
| Description: |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named. |
| Alerts: |
|
Comments (1 posted)
bind: off-by-one error
| Package(s): | bind |
CVE #(s): | CVE-2008-0122
|
| Created: | January 22, 2008 |
Updated: | July 10, 2008 |
| Description: |
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3,
and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via crafted
input that triggers memory corruption. |
| Alerts: |
|
Comments (none posted)
boost: denial of service
| Package(s): | boost |
CVE #(s): | CVE-2008-0171
CVE-2008-0172
|
| Created: | January 17, 2008 |
Updated: | March 22, 2012 |
| Description: |
From the Ubuntu alert:
Will Drewry and Tavis Ormandy discovered that the boost library
did not properly perform input validation on regular expressions.
An attacker could send a specially crafted regular expression to
an application linked against boost and cause a denial of service
via application crash. |
| Alerts: |
|
Comments (none posted)
cacti: SQL injection vulnerability
| Package(s): | cacti |
CVE #(s): | CVE-2007-6035
|
| Created: | November 22, 2007 |
Updated: | February 18, 2008 |
| Description: |
Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability.
Remote attackers can execute arbitrary SQL commands via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2007-4510
CVE-2007-4560
|
| Created: | September 3, 2007 |
Updated: | February 13, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
|
| Alerts: |
|
Comments (none posted)
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2007-0720
|
| Created: | March 26, 2007 |
Updated: | February 7, 2008 |
| Description: |
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service. |
| Alerts: |
|
Comments (none posted)
cups: buffer overflow
| Package(s): | cups |
CVE #(s): | CVE-2007-5848
|
| Created: | January 7, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the CVE entry:
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
From the rPath advisory:
Previous versions of the cups package contain a buffer-overflow
weakness. It is not believed that this weakness can be exploited
to execute malicious code. |
| Alerts: |
|
Comments (1 posted)
cups: multiple vulnerabilities
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2007-6598
|
| Created: | January 3, 2008 |
Updated: | October 7, 2008 |
| Description: |
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user. |
| Alerts: |
|
Comments (none posted)
e2fsprogs: integer overflows
| Package(s): | e2fsprogs |
CVE #(s): | CVE-2007-5497
|
| Created: | December 7, 2007 |
Updated: | February 12, 2008 |
| Description: |
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
exiftags: multiple vulnerabilities
| Package(s): | exiftags |
CVE #(s): | CVE-2007-6354
CVE-2007-6355
CVE-2007-6356
|
| Created: | December 31, 2007 |
Updated: | April 1, 2008 |
| Description: |
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356). |
| Alerts: |
|
Comments (none posted)
exiv2: integer overflow
| Package(s): | exiv2 |
CVE #(s): | CVE-2007-6353
|
| Created: | December 21, 2007 |
Updated: | October 15, 2008 |
| Description: |
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey |
CVE #(s): | CVE-2007-5947
CVE-2007-5959
CVE-2007-5960
|
| Created: | November 27, 2007 |
Updated: | March 3, 2008 |
| Description: |
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
|
| Alerts: |
|
Comments (1 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gallery2: multiple vulnerabilities
| Package(s): | gallery2 |
CVE #(s): | CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6688
CVE-2007-6689
CVE-2007-6690
CVE-2007-6691
CVE-2007-6692
CVE-2007-6693
|
| Created: | December 27, 2007 |
Updated: | February 12, 2008 |
| Description: |
Versions of the Gallery photo management application before 2.2.4
have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem,
(5) problems with checks for disallowed file
extensions with file uploads, (6) missing permissions checks on GR commands,
(7) several information disclosures, (8) an arbitrary URL redirection
problem and (9) a proxied request weakness. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
gnatsweb: cross-site scripting
| Package(s): | gnatsweb |
CVE #(s): | CVE-2007-2808
|
| Created: | February 6, 2008 |
Updated: | February 6, 2008 |
| Description: |
From the Debian advisory: "r0t" discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script. This
could allow the injection of arbitrary HTML, or javascript code.
|
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
goffice: multiple vulnerabilities
| Package(s): | goffice |
CVE #(s): | |
| Created: | January 31, 2008 |
Updated: | February 6, 2008 |
| Description: |
GOffice is vulnerable to buffer overflows and memory corruption in PCRE.
If an attacker can convince a user to open specially crafted documents,
it may be possible to execute arbitrary code, disclose information
or cause a denial of service. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde3: remote email deletion
| Package(s): | horde3 |
CVE #(s): | CVE-2007-6018
|
| Created: | January 21, 2008 |
Updated: | March 24, 2009 |
| Description: |
From the Debian advisory:
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client. |
| Alerts: |
|
Comments (none posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
httpd: cross-site scripting, denial of service
| Package(s): | httpd |
CVE #(s): | CVE-2007-6421
CVE-2007-6422
|
| Created: | January 15, 2008 |
Updated: | April 4, 2008 |
| Description: |
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422) |
| Alerts: |
|
Comments (1 posted)
icu: arbitrary code execution
| Package(s): | icu |
CVE #(s): | CVE-2007-4770
CVE-2007-4771
|
| Created: | January 25, 2008 |
Updated: | May 15, 2008 |
| Description: |
From the Red Hat advisory:
Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
|
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kazehakase: multiple vulnerabilities
| Package(s): | kazehakase |
CVE #(s): | |
| Created: | January 31, 2008 |
Updated: | April 23, 2008 |
| Description: |
The kazehakase web browser is vulnerable to buffer overflows and
memory corruption in PCRE. If a remote attacker can convince a user to
open specially crafted bookmarks, it can lead to the
execution of arbitrary code, denial of service or
arbitrary information disclosure. |
| Alerts: |
|
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-4130
CVE-2007-6694
|
| Created: | February 1, 2008 |
Updated: | June 20, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way the Red Hat
Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA
method for accessing memory on Itanium architectures. A local unprivileged
user could trigger this flaw and cause a denial of service (system panic).
A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a local
unprivileged user to cause a denial of service (crash). |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1861
CVE-2007-2242
|
| Created: | May 1, 2007 |
Updated: | February 8, 2008 |
| Description: |
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: local filesystem corruption
| Package(s): | kernel |
CVE #(s): | CVE-2008-0001
|
| Created: | January 17, 2008 |
Updated: | June 13, 2008 |
| Description: |
From the mitre.org CVE description:
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-4133
CVE-2007-5093
|
| Created: | January 12, 2008 |
Updated: | November 20, 2008 |
| Description: |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kvirc: remote arbitrary code execution
| Package(s): | kvirc |
CVE #(s): | CVE-2007-2951
|
| Created: | September 14, 2007 |
Updated: | February 27, 2008 |
| Description: |
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system. |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libarchive: pax extension header vulnerabilities
| Package(s): | libarchive |
CVE #(s): | CVE-2007-3641
CVE-2007-3644
CVE-2007-3645
|
| Created: | August 9, 2007 |
Updated: | February 27, 2008 |
| Description: |
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libcdio: arbitrary code execution
| Package(s): | libcdio |
CVE #(s): | CVE-2007-6613
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Gentoo advisory:
Devon Miller reported a boundary error in the "print_iso9660_recurse()"
function in files cd-info.c and iso-info.c when processing long
filenames within Joliet images.
A remote attacker could entice a user to open a specially crafted ISO
image in the cd-info and iso-info applications, resulting in the
execution of arbitrary code with the privileges of the user running the
application. Applications linking against shared libraries of libcdio
are not affected. |
| Alerts: |
|
Comments (1 posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-2645
|
| Created: | June 1, 2007 |
Updated: | February 11, 2008 |
| Description: |
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-2878
CVE-2007-6151
|
| Created: | January 29, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
|
| Alerts: |
|
Comments (none posted)
kernel: information leak, denial of service
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-6206
CVE-2007-6417
|
| Created: | December 21, 2007 |
Updated: | September 1, 2010 |
| Description: |
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
mantis: cross-site scripting
| Package(s): | mantis |
CVE #(s): | CVE-2007-6611
|
| Created: | January 7, 2008 |
Updated: | March 4, 2008 |
| Description: |
From the CVE entry:
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename. |
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2008-0123
|
| Created: | January 16, 2008 |
Updated: | November 12, 2008 |
| Description: |
Moodle suffers from a cross-site scripting vulnerability which is only open during the install process. |
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd |
CVE #(s): | CVE-2007-5825
CVE-2007-5824
|
| Created: | December 31, 2007 |
Updated: | September 1, 2008 |
| Description: |
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824). |
| Alerts: |
|
Comments (none posted)
MySQL: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-5925
|
| Created: | November 19, 2007 |
Updated: | February 8, 2008 |
| Description: |
From the CVE entry:
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2007-6304
|
| Created: | December 21, 2007 |
Updated: | April 7, 2008 |
| Description: |
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mysql: buffer overflows
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2008-0226
CVE-2008-0227
|
| Created: | January 29, 2008 |
Updated: | July 21, 2008 |
| Description: |
From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
net-snmp: denial of service
| Package(s): | net-snmp |
CVE #(s): | CVE-2007-5846
|
| Created: | November 16, 2007 |
Updated: | February 7, 2008 |
| Description: |
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-4367
CVE-2007-3929
CVE-2007-3142
CVE-2007-3819
|
| Created: | August 23, 2007 |
Updated: | February 27, 2008 |
| Description: |
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites. |
| Alerts: |
|
Comments (none posted)
paramiko: insecure random pool usage
| Package(s): | paramiko |
CVE #(s): | CVE-2008-0299
|
| Created: | January 16, 2008 |
Updated: | March 4, 2008 |
| Description: |
Programs which keep more than one paramiko connection open may leak random pool information. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: denial of service
| Package(s): | pcre |
CVE #(s): | CVE-2006-7225
CVE-2006-7226
|
| Created: | February 1, 2008 |
Updated: | February 6, 2008 |
| Description: |
From the CVE entries: Perl-Compatible Regular Expression (PCRE) library
before 6.7 allows context-dependent attackers to cause a denial of service
(error or crash) via a regular expression that involves a "malformed POSIX
character class", as demonstrated via an invalid character after a [[
sequence. Perl-Compatible Regular Expression (PCRE) library before 6.7
does not properly calculate the compiled memory allocation for regular
expressions that involve a quantified "subpattern containing a named
recursion or subroutine reference," which allows context-dependent
attackers to cause a denial of service (error or crash). |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
peercast: buffer overflow
| Package(s): | peercast |
CVE #(s): | CVE-2007-6454
|
| Created: | December 28, 2007 |
Updated: | May 21, 2008 |
| Description: |
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpbb2: missing input sanitizing
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-1896
|
| Created: | May 22, 2006 |
Updated: | February 11, 2008 |
| Description: |
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users. |
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
|
| Created: | December 22, 2005 |
Updated: | February 11, 2008 |
| Description: |
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
poppler and xpdf: multiple vulnerabilities
| Package(s): | poppler xpdf |
CVE #(s): | CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
| Created: | November 8, 2007 |
Updated: | February 26, 2008 |
| Description: |
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well. |
| Alerts: |
|
Comments (none posted)
PostgreSQL: multiple vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
|
| Created: | January 9, 2008 |
Updated: | January 17, 2013 |
| Description: |
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
pulseaudio: ignores setuid() return value
| Package(s): | pulseaudio |
CVE #(s): | CVE-2008-0008
|
| Created: | January 25, 2008 |
Updated: | February 14, 2008 |
| Description: |
Pulseaudio ignores setuid() return value. A user can cause the call to
fail by exhausting the resources in some cases. |
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
python-cherrypy: unauthorized file access via malicious cookie
| Package(s): | python-cherrypy |
CVE #(s): | CVE-2008-0252
|
| Created: | January 9, 2008 |
Updated: | February 6, 2008 |
| Description: |
From the Fedora advisory:
Malicious cookies may allow access to
files outside the session directory. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qt4: security restriction bypass
| Package(s): | qt4 |
CVE #(s): | CVE-2007-5965
|
| Created: | January 3, 2008 |
Updated: | February 21, 2008 |
| Description: |
Trolltech Qt has a privilege escalation vulnerability.
An error can be triggered in QSslSocket when verifying SSL certificates,
attackers can use this to bypass the SSL certificate verification
and acquire unauthorized access to a vulnerable application. |
| Alerts: |
|
Comments (1 posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rb_libtorrent: stack overflow
| Package(s): | rb_libtorrent |
CVE #(s): | |
| Created: | February 4, 2008 |
Updated: | February 6, 2008 |
| Description: |
From the Fedora advisory: A potential remote exploit was found in the bdecode_recursive routine that
could trigger a stack overflow when passed malformed message data. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
scponly: arbitrary command execution
| Package(s): | scponly |
CVE #(s): | CVE-2007-6350
CVE-2007-6415
|
| Created: | January 22, 2008 |
Updated: | February 18, 2008 |
| Description: |
scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking dangerous subcommands
including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally
demonstrated by creating a Subversion (SVN) repository with malicious
hooks, then using svn to trigger execution of those hooks. (CVE-2007-6350)
In addition, it was discovered that it was possible to invoke with scp
with certain options that may lead to execution of arbitrary commands.
(CVE-2007-6415). |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
t1lib: buffer overflow
| Package(s): | t1lib |
CVE #(s): | CVE-2007-4033
|
| Created: | September 20, 2007 |
Updated: | February 12, 2008 |
| Description: |
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
tomcat: information disclosure
| Package(s): | tomcat5.5 |
CVE #(s): | CVE-2008-0128
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Debian advisory:
Olaf Kock discovered that HTTPS encryption was insufficiently
enforced for single-sign-on cookies, which could result in
information disclosure.
|
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
wireshark: lots of dissector vulnerabilities
Comments (1 posted)
wireshark: denial of service
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3389
|
| Created: | January 21, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the NVD entry:
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. |
| Alerts: |
|
Comments (1 posted)
wireshark: denial of service
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3391
|
| Created: | January 21, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the NVD entry:
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. |
| Alerts: |
|
Comments (1 posted)
xdg-utils: arbitrary command execution
| Package(s): | xdg-utils |
CVE #(s): | CVE-2008-0386
|
| Created: | January 31, 2008 |
Updated: | February 3, 2009 |
| Description: |
From the Gentoo alert:
Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell
scripts do not properly sanitize their input before processing it.
A remote attacker could entice a user to open a specially crafted link
with a vulnerable application using Xdg-Utils (e.g. an email client),
resulting in the execution of arbitrary code with the privileges of the
user running the application. |
| Alerts: |
|
Comments (1 posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0225
|
| Created: | January 16, 2008 |
Updated: | August 7, 2008 |
| Description: |
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0238
|
| Created: | January 23, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
Xorg: multiple vulnerabilities
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 prepatch is 2.6.25-rc1, released by Linus on
February 10. It is a huge patch. Among many
other things, 2.6.25 will have realtime group scheduling, preemptible RCU, LatencyTop support, a bunch of
ext4 filesystem enhancements,
the controller area network
protocol, Atheros wireless support, the reworked timerfd() system
call, the page map patches,
the SMACK security module,
the container memory use
controller, the ACPI thermal regulation API,
and support for the MN10300/AM33 architecture. See the short-form changelog for lots of details,
or the
long changelog for more detail than anybody can cope with.
As of this writing, a few dozen small fixes have gone into the mainline git
repository since the -rc1 release.
The current stable 2.6 kernel is 2.6.24.2, released on February 10.
This update contains a single patch fixing the vmsplice()
vulnerability. 2.6.24.1 was
released - with a rather longer list of fixes - on February 8.
For older kernels: 2.6.23.16 and 2.6.22.18 both come out on
February 10; they, too, contain the vmsplice() fix. 2.6.23.15 was released on
February 8 with a few dozen fixes. And 2.6.22.17, also with quite a few
fixes, came out on February 6.
Comments (1 posted)
Kernel development news
Remember, we are currently clocking along at the steady rate of:
4000 lines added every day
1900 lines removed every day
1300 lines modified every day
-- Greg Kroah-Hartman
???? lines reviewed every day.
-- Al Viro
Comments (none posted)
By Jonathan Corbet February 12, 2008
The 2.6.25 merge window closed on February 10, after the merging of an
eye-opening 9450 non-merge changesets. Most of the changes merged for
2.6.25 were covered in the first and second "what got merged"
articles. This, the third in the series, covers the final 1900 patches
merged before the window closed.
User-visible changes include:
- There are new drivers for SC2681/SC2691-based serial ports, Dallas
DS1511 timekeeping chips, AT91sam9 realtime clock devices, Compaq
ASIC3 multi-function chips, Cell Broadband Engine memory controllers,
Marvell MV64x60 memory controllers, PA Semi PWRficient NAND flash
interfaces, Marvell Orion NAND flash controllers, Freescale eLBC NAND
flash controllers, Sharp Zaurus SL-6000x keyboards, Fujitsu Lifebook
Application Panel buttons, IPWireless 3G UMTS PCMCIA cards,
intelligent storage device enclosures, Winbond W83L786NG
and W83L786NR sensor chips, Texas Instruments ADS7828
12-bit 8-channel ADC devices, and Sony MemoryStick cards.
- Also added are updated video drivers for Radeon R500 chipsets (2D
acceleration is now supported) and Intel i915 chipsets (suspend and
resume now work properly).
- Several more obsolete OSS audio drivers have been removed. The old
mxser driver has also been removed in favor of mxser_new, now called
simply "mxser."
- File descriptors returned by inotify_init() now support
signal-based (using SIGIO) I/O. There is also a new
notification event (IN_ATTRIB) sent when the link count of a
watched file changes.
- The mac80211 (formerly Devicescape) wireless subsystem is no longer
marked "experimental."
- The memory use controller for containers has been merged. This
controller was described in this LWN article, but the
patch has evolved somewhat since then and the details have changed.
Some documentation can be found in Documentation/controllers/memory.txt.
- ACPI thermal regulation support has been added; see Documentation/thermal/sysfs-api.txt for
details on how it works. The ACPI code also now supports the Windows
Management Instrumentation interface, and uses that support to make
recent Acer laptops work.
- ACPI now provides support for users who want to override their
system's Differentiated System Description Table (DSDT).
- The XFS filesystem now supports the fallocate() system call.
- ATA-over-Ethernet (AoE) now properly supports devices with multiple
network interfaces (and, thus, multiple paths to the host).
- Support for the MN10300
architecture (little-endian mode only) has been added.
- Support for a.out binaries has been removed from the ELF loader. Pure
a.out systems will still work, though.
- Disk I/O statistics (as seen in /proc/diskstats and under
/sys/block) have been augmented with more information about
request merging and I/O wait time.
- The S390 architecture now implements dynamic page tables - processes
will use 2-, 3-, or 4-level page tables depending on the size of their
address space.
- The ext4 "in development" flag has been added; mounting an ext4
filesystem will now require an explicit "I know this might explode"
option.
Changes visible to kernel developers include:
- Many nopage() methods have been replaced by the newer
fault() API; the near-term plan is to remove
nopage() altogether. See this article for a
description of the new way of "page not present" handling.
- This cycle has also seen a bit of a reinvigoration of the long-stalled
project to eliminate the big kernel lock. A number of BKL-removal
patches have been merged, with more certainly to come.
- A generic resource counter mechanism was merged as part of the memory
controller patch set; see <linux/res_counter.h> for the
details.
- reserve_bootmem() has a new flags parameter. Most
callers will set it to BOOTMEM_DEFAULT; the kdump code,
though, uses BOOTMEM_EXCLUSIVE to ensure that it is the only
one to touch the memory.
- Most architectures now have support for cmpxchg64() and
cmpxchg_local().
- There is a new set of string functions:
extern int strict_strtoul(const char *string, unsigned int base,
unsigned long *result);
extern int strict_strtol(const char *string, unsigned int base,
long *result);
extern int strict_strtoull(const char *string, unsigned int base,
unsigned long long *result);
extern int strict_strtoll(const char *string, unsigned int base,
long long *result);
These functions convert the given strings to various forms of
long values, but they will return an error status if the
given string value, as a whole, does not represent a proper
integer value. These functions are now used in the parsing of kernel
parameters.
At this point, the merging of features is done (though there has been a bit
of pushing for one or two things to slip in) and the stabilization period
begins. With luck, that process will go a little more quickly than it did
with 2.6.24.
Comments (7 posted)
By Jonathan Corbet February 13, 2008
The kernel development process operates at a furious pace, merging
on the order of 10,000 changesets over the course of a 2-3 month
release cycle. There have been many changes over the last few years which
have helped to make this level of patch flow possible, and the process has
been optimized significantly. An ongoing discussion on the kernel mailing
list has made it clear, though, that a truly optimal solution has not yet
been found.
It started with the announcement
of the linux-next tree. This tree, to be maintained by Stephen
Rothwell, is intended to be a gathering point for the patches which are
planned to be merged in the next development cycle. So, since we are
currently in the 2.6.25 cycle, linux-next will accumulate patches for
2.6.26. The idea is to solve the patch integration issues there and reduce
the demands on Andrew Morton's time.
The question which was immediately raised was this: how do we deal with big
API changes which require changes in multiple subsystems? These changes
are already problematic, often requiring maintainers to rework their trees
in the middle of the merge window. Trying to integrate such changes
earlier, in a separate tree, could bring a new set of problems. There will
be a lot of conflicts between patches done before and after the API change,
and somebody is going to have to put the pieces back together again.
Andrew does some of that now, but the problem is big enough that not even
Andrew can solve it all the time. The bidirectional SCSI patches merged
for 2.6.25 were held up as an example; that
change required coordinated SCSI and block layer patches, and it never was
possible to get the whole thing working in -mm.
Arjan van de Ven asserted that the only way
to make large API changes work is to merge them first, at the beginning of
the merge window. The merged patch would fix all in-tree users of the
changed API, as is
the usual rule. Maintainers of all other trees could then merge with the
updated mainline, fixing any new code which might be affected by the API
change. This is, essentially, the approach which was taken for the big
device model changes in 2.6.25; they hit the mainline at the beginning of
the merge window, then everybody else got to adapt to the new way of doing
things.
Greg Kroah-Hartman worries that this approach
is not sufficient, especially when live trees are being merged. If an
API change in one tree forces a change to a separate tree, the coordination
issues just get hard. Keeping the secondary changes in the primary tree
risks conflicts with patches in the proper subsystem tree. Patches which
reach across trees are also, increasingly, being discouraged as making life
harder for everybody. But the fixup patch will not apply to its nominal subsystem
tree as long as the API change itself is not there. In the -mm tree, this
sort of problem is glued together by a series of fixup patches maintained
by Andrew; Greg says that the linux-next tree would need something similar.
David Miller's suggestion was to resolve
this sort of conflict through frequent rebasing of the -next tree.
Rebasing is an operation (supported by git and other code management tools)
which takes a set of patches against one tree and does what's required to
make them apply to a different version of the tree. It can be quite useful
for maintaining patches against a moving target - which kernel trees tend
to be. David talked about how he rebases his (networking subsystem) trees
frequently as a way of eliminating conflicts with the mainline and, in the
process, cleaning some cruft out of the development history.
It turns out, though, that this frequent rebasing is not popular with the
developers who are downstream of David. Rebasing the tree forces all
downstream contributors to do the same thing, and to deal with any merge
conflicts that result. It makes it much harder to prepare trees which can
be pulled upstream and creates extra work.
This was where Linus jumped into the
conversation and expressed his dislike of rebasing. He echoed the
complaints from downstream developers that a constantly-rebased tree is
hard to prepare patches against. It also confuses the development history,
making changes to other developers' patches in silent ways. After
somebody's patch set has been rebased, it is no longer the patches that
were sent. So, says Linus:
So there's a real reason why we strive to *not* rewrite
history. Rewriting history silently turns tested code into totally
untested code, with absolutely no indication left to say that it
now is untested.
It is about here that Andrew Morton commented that git does not appear to be
matching entirely well with the way that kernel developers work. Some of
the solution may be found in tools more oriented toward the management of
patch queues - such as quilt. There may be a renewed push to get more
quilt-like functionality built into git (along the lines of the stacked git project) in the near
future.
Linus is also not entirely pleased with how
the integration of patches only happens in the mainline:
I'm also a bit unhappy about the fact you think all merging has to
go through my tree and has to be visible during the two-week merge
period. Quite frankly, I think that you guys could - and should -
just try to sort API changes out more actively against each other,
and if you can't, then that's a problem too.
His suggestion is that a separate git tree should be created to contain a
large API change - and nothing else. Affected subsystem maintainers could
then merge that tree and develop against the result. In the end, all of
the pieces should merge nicely in the mainline.
This approach raises a number of interesting issues. The API-change tree
has to be agreed upon by everybody, and it must be quite stable - lots of
changes at that level will create downstream trouble. There must also be a
high degree of confidence that this API-change tree will, in fact, get
merged into the mainline; should Linus balk, everybody else's trees will no
longer be applicable to the mainline. Replacing the current "tree of
trees" patch flow with something messier could create a number of
coordination issues. And there are fears that a mainline tree built from
this process would fail to build in many of its intermediate states, which
would make tools like "git bisect" much harder to use. Even so, it could
be part of the long-term solution.
Linus also took the opportunity to complain about large-scale API changes
in general:
Really. I do agree that we need to fix up bad designs, but I
disagree violently with the notion that this should be seen as some
ongoing thing. The API churn should absolutely *not* be seen as a
constant pain, and if it is (and it clearly is) then I think the
people involved should start off not by asking "how can we
synchronize", but looking a bit deeper and saying "what are we
doing wrong?"
He also stated that the costs of big API
changes are high enough that we should, more often, stay with older
interfaces, even if they are not as good as they could be. Others disagreed, claiming that Linux must continue
to evolve if it is to stay alive and relevant.
The rate of change seems unlikely to fall in the near future. There may be
some changes to how big changes are done, though. As suggested by Ted Ts'o, more changes could be
done by creating entirely new interfaces rather than breaking old ones.
With Ted's scheme, the old interface would be marked "deprecated" at the
beginning of the merge window. Developers would then have the entire
development cycle to adjust to the change, and the deprecated interface
would be removed before the final release.
There is resistance to this approach, based on the observation that getting
rid of deprecated interfaces tends to be harder than one would expect.
But, still, it is a relatively painless way of making changes. The current
transition (in the memory management area) from the nopage() VMA
operation to fault() is an example of how it can work. Nick
Piggin has been slowly changing in-tree users with the eventual goal of
removing nopage() altogether. For now, though, both interfaces
coexist in the tree and nothing has been broken.
Like the kernel itself, its development process is undergoing constant
change and (hopefully) improvement. As the development community and the
rate of change continues to grow, the process will have to adjust
accordingly. What changes come out of this discussion remain to be seen.
But it's worth noting that Andrew Morton fears that the biggest problem - regressions
and bugs - will be relatively unaffected.
Comments (none posted)
By Jonathan Corbet February 12, 2008
As this is being written, distributors are working quickly to ship kernel
updates fixing the local root vulnerabilities in the vmsplice()
system call. Unlike a number of other recent vulnerabilities which have
required special situations (such as the presence of specific hardware) to
exploit, these vulnerabilities are trivially exploited and the code to do
so is circulating on the net. Your editor found himself wondering how such
a wide hole could find its way into the core kernel code, so he set himself
the task of figuring out just what was going on - a task which took rather
longer than he had expected.
The splice() system call, remember, is a mechanism for creating
data flow plumbing within the kernel. It can be used to join two file
descriptors; the kernel will then read data from one of those descriptors
and write it to the other in the most efficient way possible. So one can
write a trivial file copy program which opens the source and destination
files, then splices the two together. The vmsplice() variant
connects a file descriptor (which must be a pipe) to a region of user
memory; it is in this system call that the problems came to be.
The first step in understanding this vulnerability is that, in fact, it is
three separate bugs. When the word of this problem first came out, it was
thought to only affect 2.6.23 and 2.6.24 kernels. Changes to the
vmsplice() code had caused the omission of a couple of important
permissions checks. In particular, if the application had requested that
vmsplice() move the contents of a pipe into a range of memory, the
kernel didn't check whether that application had the right to write to that
memory. So the exploit could simply write a code snippet of its choice
into a pipe, then ask the kernel to copy it into a piece of kernel memory.
Think of it as a quick-and-easy rootkit installation mechanism.
If the application is, instead, splicing a memory range into a pipe, the
kernel must, first, read in one or more iovec structures
describing that memory range. The 2.6.23 vmsplice() changes omitted
a check on whether the purported iovec structures were in readable
memory. This looks more like an information disclosure vulnerability than
anything else - though, as we will see, it can be hard to tell sometimes.
These two vulnerabilities (CVE-2008-0009 and CVE-2008-0010) were patched in
the 2.6.23.15 and 2.6.24.1 kernel updates,
released on February 8.
On February 10, Niki Denev pointed out that
the kernel appeared to be still vulnerable after the fix. In fact, the
vulnerability was the result of a different problem - and it is a much worse one, in
that kernels all the way back to 2.6.17 are affected. At this point, a
large proportion of running Linux systems are vulnerable. This one has
been fixed in the 2.6.22.18,
2.6.23.16, and 2.6.24.2 kernels, also released
on the 10th. At this point, with luck, all of these bugs have been firmly
stomped - though, now, we need to see a lot of distributor updates.
The problem, once again, is in the memory-to-pipe implementation. The
function get_iovec_page_array() is charged with finding a set of
struct page pointers corresponding to the array of iovec
structures passed in by the calling application. Those pointers are stored
in this array:
struct page *pages[PIPE_BUFFERS];
Where PIPE_BUFFERS happens to be 16. In order to avoid
overflowing this array, get_iovec_page_array() does the following
check:
npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
if (npages > PIPE_BUFFERS - buffers)
npages = PIPE_BUFFERS - buffers;
Here, off is the offset into the first page of the memory to be
transferred, len is the length passed in by the application, and
buffers is the current index into the pages array.
Now, if we turn our attention to the exploit code for a
moment, we see it
setting up a number of memory areas with mmap(); some of that
setup is not necessary for the exploit to work, as it turns out. At the
end, the code does this (edited slightly):
iov.iov_base = map_addr;
iov.iov_len = ULONG_MAX;
vmsplice(pi[1], &iov, 1, 0);
The map_addr address points to one of the areas created with
mmap() which, crucially, is significantly more than
PIPE_BUFFERS pages long. And the length is passed through as the
largest possible unsigned long value.
Now let's go back to fs/splice.c, where the vmsplice()
implementation lives. We note that, prior to the fix, the
kernel did not check whether the memory area pointed to by the
iovec structure was readable by the calling process. Once again,
this looks like an information disclosure vulnerability - the process could
cause any bit of kernel memory to be written to the pipe, from which it
could be read. But the exploit code is, in fact, passing in a valid
pointer - it's just the length which is clearly absurd.
Looking back at the code which calculates npages, we see
something interesting:
npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
if (npages > PIPE_BUFFERS - buffers)
npages = PIPE_BUFFERS - buffers;
Since len will be ULONG_MAX when the exploit runs, the
addition will cause an integer overflow - with the effect that
npages is calculated to be zero. Which, one would think, would
cause no pages to be examined at all. Except that there is an unfortunate
interaction with another part of the kernel.
Once npages has been calculated, the next line of code looks like
this:
error = get_user_pages(current, current->mm,
(unsigned long) base, npages, 0, 0,
&pages[buffers], NULL);
get_user_pages() is the core memory management function used to
pin a set of user-space pages into memory and locate their struct
page pointers. While the npages variable passed as an
argument is an unsigned quantity, the prototype for
get_user_pages() declares it as a simple int called len. And, to
complete the evil, this function processes pages in a
do {} while(); loop which ends thusly:
len--;
} while (len && start < vma->vm_end);
So, if get_user_pages() is passed with a len argument of
zero, it will pass through the mapping loop once, decrement len to a
negative number, then continue faulting in pages until it hits an address
which lacks a valid mapping. At that point it will stop and return. But,
by then, it may have stored far more entries into the pages array
than the caller had allocated space for.
The practical result in this case is that get_user_pages() faults
in (and stores struct page pointers for) the entire region mapped
by the exploit code. That region (by design) has more than
PIPE_BUFFERS pages - in fact, it has three times that many, so 48
pointers get stored into a 16-pointer array. And this turns the failure to read-verify
the source array into a buffer overflow vulnerability
within the kernel. Once that is in place, it is a relatively
straightforward exercise for any suitably 31337 hacker to cause the kernel
to jump into the code of his or her choice. Game over. (Update: as
a linux-kernel reader pointed out, the
story is a little more complicated still at this point; this is an unusual
sort of buffer overflow attack).
The fix
which was applied simply checks the address range that the
application is trying to splice into the pipe. Since a range of length
ULONG_MAX is unlikely to be valid, the vulnerability is closed -
as are any potential information disclosure problems.
This vulnerability is a clear example of how a seemingly read-only
vulnerability can be escalated into something rather more severe. It also
shows what can happen when certain types of sloppiness find their way into
the code - if get_user_pages() is asked to get zero pages, that's
how many it should do. Your editor is working on a patch to clean that up
a bit. Meanwhile, everybody should ensure that they are running current
kernels with the vulnerability closed.
Comments (91 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jake Edge
Distributions
By Jonathan Corbet February 13, 2008
A Fedora user recently asked: might it be
possible for the project to put together a package which would
automatically download and install the (proprietary) Google Earth
application? Debian has googleearth-package,
which makes an installable package from the downloaded application, but
there is no such convenience for Fedora users. The quick answer appeared
to be "no" - Fedora is for free software only, and packaging tools for
proprietary programs do not fit the bill.
It did not take long for others to point out the "autodownloader" facility
shipped with the Fedora games spin now. This tool is needed to make
certain games work where the game is free software, but it needs
proprietary data to provide the full experience. Games like Quake3 and
Rise of the Triad fit this description. With autodownloader, these games
can be shipped with Fedora and the proprietary data will be fetched
automatically on the destination machine. This scenario does not seem all
that different than downloading a proprietary application like Google Earth
and installing it.
The difference, as seen by the Fedora camp, is that autodownloader can only
obtain data, not code. The fact that much of that data may, in
fact, be code which is fed to a virtual machine within the game is sort of
glossed over. In the discussion, it was also suggested that games
requiring autodownloader should come with enough free data to be minimally
usable, though that does not seem to have been enforced with great vigor.
Alan Cox's suggestion that the real test
should be "is it possible to create free data for this game?" makes some
sense, but that is not the operative rule now.
Such a discussion cannot go on long, though, before somebody brings up the
real sore point: CodecBuddy. This time, it was Hans de Goede who raised the issue:
Not only does it automatically download some gratis closed source
code, it even offers the user to buy closed source code,
effectively free advertising for commercial closed source!
According to Hans, there is no point in discussing autodownloader as long
as CodecBuddy remains in the repository.
Outgoing Fedora leader Max Spevack is trying to organize a discussion aimed
at reaching some sort of clarity on these issues. Christopher Blizzard had
an interesting idea: hand more of the
decisions about (and responsibility for) the shipping of problematic code
to the upstream projects. The Miro
project was held up as an example. Christopher's proposal has some echoes
of the disintermediation of
distributions discussion which was covered here last week. When it
comes to patent-encumbered codecs, distributions like Fedora would happily
accept disintermediation.
In the absence of a real solution to the patent problem, some sort of
disintermediation may be the only workable answer for distributions like
Fedora. They may not be willing to ship the code, but others are. So it's
mostly just a matter of making the connection between those repositories
and the users as straightforward and painless as possible. Spending time
with search engines to find useful programs or data may build character,
but it does not help create a useful or pleasurable Linux user experience.
Comments (2 posted)
New Releases
Version 1.0 of the Nexenta Core Platform - essentially a port of the Ubuntu
Dapper distribution onto the Solaris kernel - is available. " With
the power of
Debian tools behind it, NexentaCore could be customized for any vertical
application or distribution: KDE, GNOME, XFCE centric Desktops, LAMP
servers, Xen Dom0 ZFS-powered servers, and more. Unlike NexentaOS
desktop distribution, NexentaCore does not aim to provide a complete
desktop. The overriding objective for NexentaCore is - stable
foundation."
Full Story (comments: 11)
The OpenSolaris Developer Preview 2 is available for download. " This
is an x86-based LiveCD install image, containing some new and emerging
OpenSolaris technologies and should be considered a developer preview
only." This Project Indiana
release is a binary distribution based on the OpenSolaris source code.
Full Story (comments: none)
For the Xfce users out there: the Fedora 8 Xfce spin is now available. " Fedora Xfce Spin is a bootable Fedora
Live CD image available for x86 and x86_64 architecture. It can be
optionally installed to hard disk or converted into boot USB images and
is ideal for Xfce fans and for users running Fedora on relatively low
resource systems."
Full Story (comments: 3)
The Fedora Unity project has the Fedora 9 Alpha release available via
Jigdo. " Jigdo saves you a lot of bandwidth and time if you already
have the data (maybe a local mirror or previously released media), and has
been proposed as a feature for Fedora 9."
Full Story (comments: none)
The Fedora Unity Project has announced the release of new ISO Re-Spins (DVD
and CD Sets) of Fedora 8. " These Re-Spin ISOs are based on the
officially released Fedora 8 installation media and include all updates
released as of February 4,2008. The ISO images are available for i386 and
x86_64 architectures via jigdo."
Full Story (comments: none)
Distribution News
Debian GNU/Linux
Pierre Habouzit has been working on removing all the bits of GNOME 1.x for
Debian Lenny. " If there is a package you love in that list, it'd be
_really_ great to send patches to migrate them to gnome2/gtk2
libraries. This is a call for help, because it requires some knowledge of
gnome/gtk core libraries for some of those."
Full Story (comments: none)
Colin Watson is working on changing all the legacy encodings in Debian
documents to UTF-8. " Historically, translated manual pages have been
installed using a variety of character encodings, usually legacy ones
(ISO-8859-*, KOI8-R, EUC-*, and so on). While these encodings are still
supported, I now recommend that Debian developers begin to install all
manual pages in UTF-8."
Full Story (comments: none)
Francesco P. Lovergine looks at the status of Tcl/Tk as it is being
packaged for Debian Lenny. " The Tcl/Tk team announced in October
that some work is happening off-stage about Tcl/Tk versions and their
reverse dependencies. A new policy document is currently available whose
aim is introducing some order and improvements in the current Tcl/Tk
status. We are now moving forward by defining a few release goals for
Lenny, which are of interest for the release team and all involved
maintainers and packages."
Full Story (comments: none)
Fedora
Click below for a look at the February 6 meeting of the Fedora Board.
Topics include the Xfce spin, board goals, the Fedora account system, and a
community architecture update.
Full Story (comments: none)
SUSE Linux and openSUSE
SuSE Linux Enterprise Server 8 has been moved to the
Extended Maintenance classification.
" So lets take a look back at the history of SLES 8...
SuSE Linux Enterprise Server 8 was released end of October 2002, making its
regular maintenance lifetime 5 years.
SLES 8 was based on the UnitedLinux development also done by SUSE which
was a cooperation between SUSE, Caldera, Connectiva and TurboLinux.
The Linux kernel was originally 2.4.19, but was upgraded to 2.4.21 base with
Service Pack 3."
Full Story (comments: 3)
Distribution Newsletters
The Fedora Weekly News for February 4, 2008 is out. Announcements include
"Announcing Fedora 9 Alpha", "Fedora 9 Alpha Jigdo" and "Fedora 8 20080204
Re-Spin", Planet Fedora articles include "A word of thanks", "Happy 10th
Birthday, Open Source!", "Field report from GNUnify 2008", "SCALE 6x: I'm
Here - Saturday in Review", "SCALE 6x: cally four nya" and "Fedora
General-Purpose Posters Part 2", plus several other topics.
Full Story (comments: none)
This edition of the openSUSE Weekly
News covers openSUSE 11.0 Alpha 2 is out, openSUSE Membership Now Open
for Applications, Hackweek Part II this week at SUSE, In Planet SUSE:
Lightning-fast package management for 11.0, Command-line 1-Click-Install,
Upcoming: FOSDEM, and much more.
Comments (none posted)
The February 2008 edition of PCLinuxOS
Magazine (PDF) is available. Get the latest news, tip and tricks for
PCLinuxOS.
Comments (none posted)
The Ubuntu Weekly Newsletter for the weeks February 3 - February 10, 2008
covers MOTU Elections, Clutch BitTorrent WebUI, Parallels in the Ubuntu
partner repository, Firefox 3 in 7.10, and much more.
Full Story (comments: none)
The DistroWatch
Weekly for February 11, 2008 is out. " Slackware Linux isn't the
most user-friendly distribution, but thanks to the effort of several
independent projects, it has been turned into a more palatable operating
system for novice users. One of them, Zenwalk Linux, has matured into a
sophisticated distribution, complete with superb hardware detection, a
graphical package configuration tool, and several setup utilities; read
below for a first-look review of Zenwalk Linux 5.0. In the news section,
Fedora and openSUSE present new development builds, Software Wydawnictwo
launches BSD Magazine, gOS hints at the change of user interface for
deployment on Everex Cloudbooks, and CIO.com interviews Joe "Zonker"
Brockmeier, the new openSUSE community manager. Finally, good news for the
fans of SLAX - the long awaited version 6.0 of the Slackware-based live CD
will finally arrive this week."
Comments (none posted)
Distribution meetings
There will be four Debian work meetings sponsored by the government of
Extremadura, Spain in 2008. " These meetings will look very much like
those in the years before. Extremadura will pay european flights, food and
accommodation for up to 20 people. Several smaller teams can share a
meeting. The DPL will most likely approve sponsorship for additional
participants or travel from abroad if need arises. The meetings will last
from wednesday to sunday (with travel on wednesday and sunday)."
Full Story (comments: none)
The Ubuntu Developer Week (February 18 - 22, 2008) is an IRC event where
potential contributors can learn more ways to get involved with Ubuntu.
Full Story (comments: none)
Distribution reviews
TuxMachines reviews
Vector Linux 5.9. " Vector Linux 5.9, released in late December of
last year, is a Slackware 12.0-based distribution that uses Xfce 4.4.2 as
its default user interface ("UI"). Generally speaking, Xfce requires less
horsepower than other UIs, like GNOME and KDE, and so Vector Linux ("VL"
for short) bills itself as an excellent operating system to install on
older, lower-powered computers. I've been using it for the past two weeks,
and like what I see."
Comments (none posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook February 12, 2008
The Chandler Project
is a small-group collaboration application that is being produced
by the non-profit
Open Source Applications Foundation (OSAF).
OSAF was founded by Mitchell Kapor. The foundation's
History
document reveals some background information.
The project has been under development for a number of years.
Version 0.1 of Chandler was
announced
in April, 2003.
From the Chandler
FAQ
entry on What is Chandler?
Chandler Project is an open source, standards-based personal information manager (PIM) built around small group collaboration and a core set of information management workflows modelled on Inbox usage patterns and David Allen's GTD (Getting Things Done) methodology.
See
Vision
for a more in-depth answer to this question.
Chandler provides an all-inclusive view of personal information,
it can operate on notes, email, tasks, appointments, events,
contacts, documents and additional personal resources.
The Chandler Desktop application provides a single user interface
with the ability to enter, view, search, group and share all
of the supported types of information.
The software is cross-platform, it currently runs on the Linux, Windows
and Macintosh platforms.
The Chandler software is being distributed under version 2.0 of the
Apache Software License.
The Chandler
features
document explains how the project is arranged:
Chandler consists of a cross-platform (Windows, Mac OS X and Linux) Chandler Desktop application and
Chandler Hub,
a sharing service and web application. Chandler is open source and standards-based.
The
FeatureList document covers the Chandler capabilities in
more detail, some screenshots are included.
OSAF provides free access to the Chandler Hub, information there is
available to any user with an account and a web browser.
The Chandler Server provides a central store for locally
managed information.
There are some
demo movies that show Chandler in action, some of the basic
Chandler concepts and terms are explained:
- Item Chandler has four kinds of items: Note, Message, Task and Event. Chandler items can be of multiple kinds, e.g. Scheduled Tasks and Invitations.
- Collection Chandler's primary mechanism for grouping items. Collections can contain items of any kind.
- Application Area Chandler has four application areas: Mail, Tasks, Calendar and an all-inclusive All area. Chandler's application areas are a way to filter down your collections by item kind.
- Triage Status An attribute on every item that is Chandler's principle mechanism for helping you manage what you're working on. The three triage statuses are NOW, LATER and DONE.
- Tickler Alarm A custom alarm you can set on any item to automatically triage that item to NOW at a time you specify.
Two new releases were recently announced,
Chandler Desktop 0.7.4
and
Chandler Server 0.12.0.
The new Chandler Desktop change summary says:
"The 0.7.4 release adds a Tip of the day feature and a German
translation contributed by a user. The triage status behavior was
improved to be more useful. There have been dozens of bug fixes across
the application, as well as fixes to the build and testing
infrastructures." The new Chandler Server change summary says:
"This release supports a standalone WAR form of Cosmo ready to
drop in to an existing Tomcat installation. A security issue
allowing unauthorized access when a collection had been shared was
fixed. A number of smaller bugs have also been fixed for
Unicode usernames, error logging, and the calendar web UI."
Chandler is in an active phase of development. The software has evolved
from an interesting concept to a functioning system in recent years.
Organizations and individuals who have a need for some advanced
management and communications capabilities should be able to
find some benefits from using Chandler.
Comments (13 posted)
System Applications
Clusters and Grids
Version 2.4.0 beta4 of rsplib has been announced.
" RSPLIB is the Open Source implementation (GPLv3) of the IETF's upcoming
standard for Reliable Server Pooling (RSerPool). It provides protocols and
functionalities for the management of server pools and sessions between
users and pools. In particular, RSerPool takes care for server selection and
session failover support among servers of a pool. The RSPLIB package contains
a library for the session communication (the rsplib), an implementation of
the pool management component (registrar) as well as multiple example service
implementations."
Full Story (comments: none)
Database Software
Version 1.2.0 of
pgDesigner
has been announced.
" pgDesigner is an open source program for graphic design database to PostgreSQL. The code is written in the language Gambas, and currently runs only on Linux operating system."
This release adds support for the latest version of Gambas2 and some
bug fixes.
Comments (none posted)
The February 10, 2008 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Version 3.5.6 of SQLite has been
announced.
" Version 3.5.6 fixes a minor regression in 3.5.5 - a regression that had nothing to do with the massive change ove(r) the virtual machine to a register-based design. No problems have been reported with the new virtual machine. This release of SQLite is considered stable and ready for production use."
Comments (none posted)
Networking Tools
Version 1.3.10 of OpenNMS, a
Java/XML-based Distributed Network and Systems Management platform,
has been
announced.
" This is mainly a bug fix release with some new features, including integration with the Hyperic HQ agent and a Mail Transport Monitor."
Comments (none posted)
Web Site Development
Version 1.4.6 of OpenSwing has been
announced, it includes many new capabilities.
" OpenSwing is a components library that provides a rich set of advanced graphics components for developing desktop applications and HTTP based java applications/RIAs based on Swing front-end."
Comments (none posted)
Desktop Applications
Audio Applications
Version 2.3 of Ardour,
a multi-track audio recording system, has been announced.
" 2.3 includes major new features in the area of tempo management and feature analysis, dozen or so important-to-useful bug fixes, another dozen or so improvements, and also provisional LV2 support (provisional)."
Comments (none posted)
Version 1.2 of
CLAM, a software framework for
research and application development in the Audio and Music Domain,
has been announced.
" We are jubilous to announce CLAM 1.2 'GSoCket plugged-in release'.
We had to wait for some months to make this release as we had to
redeploy the multiplatform release infrastructure. Thus, the
feature buffer for this release is pretty full. It incorporates both,
the results of the Summer of Code students work and the
involvement of David and Pau with Barcelona Media Foundation Audio
Research Lab."
Full Story (comments: none)
Calendar Software
Version 0.7.4 of Chandler Desktop has been announced.
" Chandler Desktop is an open source, standards-based personal
information manager (PIM) built around small group collaboration and a
core set of information management workflows modelled on Inbox usage
patterns.
The 0.7.4 release adds a Tip of the day feature and a German
translation contributed by a user. The triage status behavior was
improved to be more useful. There have been dozens of bug fixes across
the application, as well as fixes to the build and testing
infrastructures."
Full Story (comments: none)
Version 0.12.0 of Chandler Server has been announced.
" Chandler Server is a server and Ajax web UI for managing and sharing
calendars, events, and tasks. It implements open data standards
including CalDAV, WebDAV, Atom, and Atompub.
This release supports a standalone WAR form of Cosmo ready to drop in
to an existing Tomcat installation. A security issue allowing
unauthorized access when a collection had been shared was fixed. A
number of smaller bugs have also been fixed for Unicode usernames,
error logging, and the calendar web UI."
Full Story (comments: none)
Desktop Environments
The following new GNOME software has been announced this week:
- Accerciser 1.1.91 (code cleanup and translation work)
- Anjuta 2.3.4 (bug fixes and translation work)
- cheese 2.21.91 (new features, bug fixes and translation work)
- Clutter 0.5.6 (new features and bug fixes)
- Deskbar-Applet 2.21.91 (bug fixes and translation work)
- Devhelp 0.19 (bug fixes and translation work)
- Empathy 0.21.9 (new features, bug fixes and translation work)
- Evince 2.21.91 (bug fixes and translation work)
- Eye of GNOME 2.21.90 (bug fixes, documentation and translation work)
- gcalctool 5.21.91 (bug fixes and translation work)
- gdl 0.7.9 (documentation and translation work)
- GLib 2.14.6 (bug fixes and translation work)
- GLib 2.15.5 (new features and translation work)
- glibmm 2.15.4 (new features)
- glibmm 2.15.5 (bug fix)
- gnome-applets 2.21.91 (new features, bug fixes and translation work)
- gnome-build 0.2.2 (bug fixes and translation work)
- gnome-games 2.21.91 (new features, bug fixes, documentation and translation work)
- gnome-keyring 2.21.91 (new features, bug fixes and translation work)
- Gnome-schedule 2.0.2 (bug fixes)
- gnome-settings-daemon 2.21.91 (new features and bug fixes)
- GTK+ 2.12.8 (new features, bug fixes and translation work)
- Gtk2-Perl 2.21.91 (new features, bug fixes and documentation work)
- Hotwire 0.710 (new features and bug fixes)
- metacity 2.21.8 (new features, bug fixes and translation work)
- mousetweaks 2.21.91 (new features, bug fixes and translation work)
- Orca 2.21.91 (new features, bug fixes and translation work)
- PyClutter 0.5.2 (bug fixes and code cleanup)
- Tomboy 0.9.6 (bug fixes and translation work)
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
The following new Xorg software has been announced this week:
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Desktop Publishing
Version of StorYBook has been
announced.
" StorYBook is a summary-based software for novelist and authors that helps you to keep the overview over the strands while writing a book, a novel or a story. It helps you to structure your book."
Comments (none posted)
Electronics
Stable version 1.4 of gEDA/gaf,
a collection of electronic CAD tools, has been announced.
A new version of PCB,
an associated printed circuit CAD application, is also available.
Comments (none posted)
Interoperability
Version 0.9.55 of Wine has been
announced.
Changes include:
Photoshop CS/CS2 should now work, please help us testing it,
See
http://wiki.winehq.org/AdobePhotoshop for details,
A number of RPC fixes, Various improvements to the debugger support and
Lots of bug fixes.
Comments (none posted)
Mail Clients
Version 3.3.0 of Claws Mail has been
announced.
Changes include the removal of the the ClamAV plugin due to licensing
issues, numerous new capabilities and bug fixes.
Comments (none posted)
Video Applications
Version 0.0.20080209 of
Open Movie Editor
has been announced.
" This release fixes a crash in the Node Editor, improves on some color-scheme issues, and adds a fallback mechanism for graphics hardware with limited texture size."
Comments (none posted)
Web Browsers
The February 8, 2008 edition of the Mozilla Links Newsletter
is online, take a look for the latest news about the Mozilla browser
and related projects.
Full Story (comments: none)
Miscellaneous
The SANE optical scanner
interface project has announced the release of version 1.0.19 of
SANE-Backends. Changes include support for many new scanners,
improvements to existing scanners, bug fixes and more.
Comments (none posted)
Languages and Tools
C
Version 2.2 of the LLVM compiler is out. New features include a CellSPU
backend, better Ada and Fortran support, and more; see the release
notes for details. " This release is the result of hundreds of great contributions by many
people, far too many to list here. I'm happy to say that LLVM has a
strong and thriving community, consisting of dozens of people that are
driving a whole new generation of open source compiler technology
forward."
Full Story (comments: 15)
Caml
The February 12, 2008 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Perl
use Perl
reports
on the effort to fix the Y2038 time problem in Perl:
" They said it couldn't be done. They said it SHOULDN'T be done! But I have here a working 64 bit localtime_r() on a machine with just 32 bits of time_t. Time zones, daylight savings time... it all works.
$ ./miniperl -wle 'print scalar localtime(2**35)'
Mon Oct 25 20:46:08 3058
Perl will be Y2038 safe. And yes, I'm going to get it backported to 5.10."
Comments (none posted)
This Week on perl5-porters (use Perl)
The January 27 - February 2, 2008 edition of
This Week on perl5-porters is out with the latest Perl 5 news.
Comments (none posted)
PHP
The January 29, 2008 edition of the
Zend Weekly Summary is out with new articles about PHP.
Contents include:
" Syslog segfault; late binding for parent (and other options); struct initializations; array_slice bug; json_encode flags; 64-bit assembler optimizations; CLA in CVS"
Comments (none posted)
PostScript
Version 1.1.0 of the libLASi is available.
" libLASi is a library
originally written by Larry Siden that provides a C++ stream output
interface ( with operator << ) for creating Postscript documents that can
contain characters from any of the scripts and symbol blocks supported in
Unicode and by Owen Taylor's Pango layout engine."
Full Story (comments: none)
Python
The February 11, 2008 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
Tcl/Tk
The February 13, 2008 edition of the Tcl-URL! is online with new
Tcl/Tk articles and resources.
Full Story (comments: none)
XML
Version 1.7.10 of RNV, the Relax NG Compact Syntax validator, has been
announced.
" This release brings the patches from RNV 1.7.9's Debian package upstream. Besides the addition of a man page this includes build related fixes only. If RNV 1.7.9 worked for you there is no need to update."
Comments (none posted)
Libraries
Version 20080211 of MicroNova YUZU has been
announced, it adds several new capabilities.
" MicroNova YUZU is a BSD-licensed JSP tag library designed to augment JSTL (JSP Standard Tag Library) using EL (Expression Language)."
Comments (none posted)
Version Control
Version 1.5.4.1 of GIT, a distributed version control system,
has been announced.
" Among a handful of documentation patches, there are a few true
bugfixes."
Full Story (comments: none)
Miscellaneous
A new stable version of YALC has been
announced.
" YALC is a virtual architecture designed for educational purpose. It models a DLX like processor and its set of ASM instruction, a compiler from a high level language (C-like), and an IDE with s[y]ntax checking and highlighting."
Comments (none posted)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Sean Daly talks
with Nicholas Reville about Miro and open media, on Groklaw.
" Nicholas Reville: Miro is software that you download into your
computer that turns it into something like a TV for the Internet. It's
free; it's open source; it's made by a nonprofit which is the organization
that I work for. And the idea behind Miro is to give you a comprehensive
TV-like experience on your computer. And we're trying to do that not just
because we want to have a great experience for our users, which we do, but
also because we've built the software in a very open, very democratic, very
accessible way. The goal is to open up video online, to not have the same
kind of gatekeepers and restrictions that creators face in traditional
broadcasting, to not have those as television moves online."
Comments (none posted)
Malicious DNS servers that return results directing traffic to phishing or malware sites are the subject of some recent research reported on by Dark Reading. " In their study of DNS resolution, they found around 17 million open-recursive DNS servers on the Net, and discovered that about .4 percent, or 68,000 of them, are performing malicious operations by answering DNS queries with false information that sends them to malicious sites. About 2 percent are returning suspicious results, they reported."
Comments (24 posted)
Trade Shows and Conferences
PC Magazine tries to untangle some of the different players in the mobile Linux space. Reporting from the Mobile World Congress being held in Barcelona, the article tries to decipher the LiMo vs. Android as well as where Azingo and others fit into the picture. " Monday's announcements show the huge range of systems LiMo is trying to subsume. The group announced fifteen commercial handsets supposedly running LiMo-compliant Linux. LiMo also announced a plan for a LiMo software developers' kit, coming out in the second half of 2008. True LiMo phones will appear starting in the fourth quarter of 2008, the organization said."
Comments (none posted)
Companies
LinuxWorld
investigates the Zvents Hypertable project.
" Event search firm Zvents is releasing a massively parallel database server, based on a published Google design, as an open source project. The new software, Hypertable, is designed to scale to 1000 nodes, all commodity PCs, said Doug Judd, principal search architect for Zvents, in a LinuxWorld.com podcast.
Moving the project from in-house to open source is a way for a relatively small company to get the infrastructure software it needs, Judd says."
Comments (none posted)
Linux Adoption
ITnews knows what open source's real problem is: lack of sufficient PR. " Right now the invisibility of open source across the general community is a problem. This lack of visibility will hurt open source far more than any technological barriers preventing people from using it. Open source companies who aren't focusing on educating the market are shooting themselves in the foot."
Comments (19 posted)
Interviews
Not the Gentoo Weekly News has an interview
with Amarok developer Mark Kretschmann. " Mark Kretschmann: I make no
secret of being a very strong Ruby supporter. In fact I even consciously
forced Ruby to be a hard dependency of Amarok; partly for technical
reasons, partly simply for using my leverage to promote this language
more. For me Ruby programming was an eye opener: it's so smart and
wonderful on so many levels, and yet easy to learn. I tend to be vocal
about such things, and I openly fight Python (which is of course the
antichrist) wherever I can. Give Ruby a try, it's just a work of art, and
actually useful. I use it whenever I'm not forced to use C++, and I'm even
known for my wilds plans to rewrite part of Amarok in Ruby. Maybe with
Amarok 3.0, we'll see :)"
Comments (79 posted)
The Southern California Linux Expo has posted an
interview with OpenMoko's Michael Shiloh, who will be at the event. " The
Neo FreeRunner looks a lot like the earlier model, the Neo 1973, with some
additions: we've added WiFi, a faster processor, more memory, a 2D/3D
graphics accelerator, and a pair of accelerometers. The goal of our
extensive testing, before we go into mass production, is to verify the
hardware so that no changes will be necessary."
Comments (4 posted)
Resources
Techthrob.com takes a look at virtualization choices for Linux.
" This article looked at four different products for virtualization in Linux, specifically Ubuntu Linux. The findings were interesting - the only product that requires the purchase of a licence for personal use, Parallels, actually performed the worst of the group. Qemu did well for a completely free-as-in-speech application, although VMware and VirtualBox blew the competition away in terms of performance."
Comments (21 posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Bruce Perens has put up a lengthy "state of open source" message to celebrate the tenth anniversary of the Open Source Definition. " We have actually changed the way that innovation happens. Innovation has gone public. Many companies, institutions, and individuals share innovation on a daily basis, entirely in the open, through Free Software development communities. The products they produce are the leaders in their field."
Comments (none posted)
Commercial announcements
Misys has
announced plans to release some of its proprietary code during the
SCALE conference.
" "In October 2007, we announced our intention to release the Misys
Connect Healthcare solution to the open source community and now we're
delivering on our promise," said Bob Barthelmes, Executive Vice President
and General Manager of the newly created Open Source Solutions division at
Misys. "We've been focusing on forming partnerships that will (eventually)
advance the collaborative development and quality of new products and
reduce the price of software. We hope to improve healthcare delivery.
That's our goal," said Bob."
Comments (none posted)
Novell, Inc. has
announced the acquisition of SiteScape.
" SiteScape, the founder of the
ICEcore open source collaboration project, brings impressive team workspace
and real-time collaboration capabilities to Novell -- key components of a
broad unified communications and collaboration strategy. The melding of the
two firms creates the industry's clear leader in open, enterprise-strength
collaboration and social networking offerings, giving customers powerful,
flexible ways to integrate new communications technologies into their
environment and drive employee productivity and business innovation."
Comments (none posted)
Purple Labs has announced an under $100 LiMo feature phone at the
Mobile World Congress.
" Purple Labs, a leading supplier of
embedded Linux solutions for mobile phones, announced today that its new Purple Magic feature phone
has received LiMo Foundation(tm) certification. The 3G Linux phone is a LiMo Platform(tm) Type I
device, and will serve as a reference product for ODMs and phone manufacturers wanting to
accelerate time to market for low-cost 3G handsets."
Full Story (comments: none)
STMicroelectronics has
announced the integration of Linux and the Trolltech Qtopia
application environment to the Nomadik multimedia application
processor ecosystem.
" This powerful platform provides equipment manufacturers with a complete
reference design that facilitates fast development and customization of the
latest generations of multimedia applications including smart phones,
wireless PDAs, internet appliances and car entertainment systems.
Based on ST's distributed-processing architecture with smart multimedia
accelerators, the Nomadik processors enable compelling multimedia
applications with ultra-low power consumption."
Comments (none posted)
SYSOPENDIGIA has announced
the release of the source code for its 3G Linux smartphone.
" The SYSOPENDIGIA 3G Linux smartphone has been created using Linux operating system and other open-source software components, as well as commercially licensed Qtopia application platform and user interface from Trolltech.
"We see that the only way for the mobile industry to answer the rapidly growing need for new functionality and services is increased re-use of existing software asset. Leveraging open-source software is a good way to avoid re-implementing such functionality that is not important for differentiation." says Tuukka Turunen, Director, Special Projects from SYSOPENDIGIA."
Comments (4 posted)
Trolltech has announced the continued evolution of Qtopia Phone Edition,
its application platform and user interface for Linux-based mobile phones.
With version 4.3 of Qtopia Phone Edition, Trolltech boasts major
improvements in real-world start-up speeds, external benchmarking for
compliance with key industry standards, and a range of new features.
Full Story (comments: none)
Trolltech has announced the integration of its Qt cross-platform development
framework with the WebKit mobile phone browser technology.
" Google(tm) Earth and iTunes are examples of such services currently
available on the desktop. With Trolltech's Qt WebKit Integration, these
type of applications - along with services such as social networking,
instant messaging and real-time financial updates - can also be
delivered to mobile phones."
Full Story (comments: none)
Vimicro International Corporation has
announced the launch of its Vinno-III Linux-based open mobile platform.
" Vinno-III-Linux platform is based on Vimicro's newly launched Vinno-III
application processor running popular open source Linux OS. Along with
traditional, strong multimedia processing capabilities enabled by Vimicro
chips, the platform also integrates useful applications such as office file
reader, WAP and MMS. Vimicro's new Mobile Multimedia Processors enhance the
user experience in video, audio, camera and file transfer when adopted for
basic mobile phones."
Comments (none posted)
New Books
O'Reilly has published the book Ajax: The Definitive Guide
by Anthony T. Holdener III.
Full Story (comments: none)
Pragmatic Bookshelf has published the book Rails for PHP Developers
by Derek DeVries and Mike Naberezny.
Full Story (comments: none)
No Starch Press has published the book Wicked Cool PHP
by William Steinmetz with Brian Ward.
Full Story (comments: none)
Resources
AMD has announced the existence of its open GPU
documentation site, wherein one can find register-level documentation
on several ATI graphics processors (R5xx and R6xx can be found there now).
Comments (18 posted)
The February 12, 2008 edition of the FSFE Newsletter is online
with the latest Free Software Foundation Europe news.
Topics include:
GPL-violations.org and FSFE's Freedom Task Force plan future interaction,
NLnet continues to support FSFE's Freedom Task Force,
Berlin Fellowship meeting and talk,
Duesseldorf Fellowship meeting and planning future events,
FSFE meeting in Göteborg, Sweden and SELF Open Documentary Contest.
Full Story (comments: none)
Contests and Awards
c|net
notes
the winning of an a Annie Award
by DreamWorks.
" Linux (and principally Red Hat Enterprise Linux) has become the primary production platform for the animation industry, largely due to the engineering efforts of DreamWorks. Behind that effort sits Ed Leonard, chief technology officer at DreamWorks, who has been recognized for his work with an Annie Award for "promoting the Linux open system for animation in animation studios and gaming software development.""
Comments (5 posted)
Meeting Minutes
The minutes from the January 30, 2008 GNOME Foundation directors meeting
have been published.
Full Story (comments: none)
The minutes from the February 6, 2008 Perl 6 Design Meeting
have been published. " The Perl 6 design team met by phone on 06 February 2008. Larry, Jerry, Will, Jesse, Nicholas, and chromatic attended."
Comments (none posted)
The
minutes from the January 14, 2008 Python
Software Foundation board meeting have been published.
Full Story (comments: none)
Calls for Presentations
Computer Measurement Group has
announced a call for papers and presentations for the
CMG'08 Conference.
" The Computer
Measurement Group (CMG), the Information Technology professionals
responsible for planning, measuring, analyzing, and managing the world's
largest IT infrastructures, announced today its call for papers and
presentations for the 34th International Conference to be held in Las
Vegas, Nevada, December 7th through 12th, 2008 at the Paris Hotel."
Abstracts are due by May 16, 2008.
Comments (none posted)
Upcoming Events
KDE.News has announced
a meeting of the KDevelop developers on April 12 and 13, 2008.
" It is the time of the year to gather and spend some time on our favourite IDE. Continuing the tradition to meet in cities famous for alcohol-based beverages and oversized servings of meat, Munich was the obvious pick. Pretending to be a civilised crowd, we managed to convince the boss of the Trolltech's Munich office to generously provide us with a room, a 4MBit SDSL line and lots of coffee."
Comments (none posted)
An installfest is planned for Saturday March 1 in four bay area locations to benefit schools. Organized by Untangle and the Alameda County Computer Resource Center (ACCRC), the plan is to try to install Linux on several hundred computers that have been pieced together from old computers recycled at ACCRC. The installfest locations are in San Francisco, Berkeley, Novato, and San Mateo in northern California. The rejuvenated computers will be donated to local schools and non-profit organizations. More information can be found here.
Comments (none posted)
Events: February 21, 2008 to April 21, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
February 22 February 24 |
freed.in/2008 |
Delhi, India |
February 23 February 24 |
Free/Open Source Developers' European Meeting 2008 |
Brussels, Belgium |
February 23 February 26 |
Linux World Mexico |
Mexico City, Mexico |
February 25 February 26 |
2008 Linux Storage and Filesystem Workshop |
San Jose, CA, USA |
February 25 February 29 |
NEW PHP 5 and PostgreSQL Bootcamp with Mark Fenoglio |
Atlanta, Georgia, USA |
February 25 February 27 |
German Perl Workshop |
Frankfurt, Germany |
February 28 March 1 |
Linux Audio Conference |
Cologne, Germany |
March 1 March 2 |
Chemnitzer Linux-Tage 2008 |
Chemnitz, Germany |
March 3 March 6 |
O'Reilly Emerging Technology Conference |
San Diego, CA, USA |
March 3 March 6 |
Drupalcon Boston 2008 |
Boston, MA, USA |
March 4 March 9 |
CeBIT Germany |
Hannover, Germany |
March 8 March 14 |
Asia OSS Conference & Showcase 2008 |
Guangzhou, China |
March 11 March 12 |
4th AustralAsian Cleantech Forum |
Melbourne, Australia |
March 14 March 16 |
PyCon 2008 |
Chicago, IL, USA |
| March 15 |
FSF Associate Members Meeting |
Cambridge, MA, USA |
March 16 March 19 |
BossaConference 2008 - International Conference on Open Source Software for Mobile Embedded Platforms |
Pernambuco, Brazil |
March 16 March 21 |
Novell BrainShare 2008 |
Salt Lake City, UT, USA |
March 16 March 20 |
Free Software and Open Source Foundation for Africa |
Dakar, Senegal |
March 17 March 20 |
Eclipse Community Conference |
Santa Clara, CA, USA |
March 17 March 20 |
Spring VON.x Conference |
San Jose, CA, USA |
March 19 March 20 |
LinuxWorld Expo 2008 Brussels |
Brussels, Belgium |
| March 24 |
SDForum Global Open Source Conference |
San Francisco, CA, USA |
March 26 March 28 |
CanSecWest 2008 |
Vancouver, BC, Canada |
| March 26 |
Document Freedom Day |
Everywhere, Worldwide |
March 29 March 30 |
PostgreSQL Conference East 2008 |
College Park, MD, USA |
March 31 April 2 |
UKUUG Spring 2008 Conference - Dynamic Languages |
Birmingham, England |
| March 31 |
2008 European Workshop on System Security |
Glasgow, Scotland |
March 31 April 2 |
UKUUG Spring 2008 Conference |
Birmingham, England |
March 31 April 2 |
Sharkfest Wireshark Network Analysis Summit |
Los Altos Hills, CA, USA |
| April 2 |
First meeting UKUUG PostgreSQL SIG |
Birmingham, England |
April 3 April 4 |
E-Mail Systems Conference 2008 (Exim and other mail systems) |
Birmingham, England |
April 4 April 5 |
openSUSE Packaging Days II |
IRC, Everywhere |
April 7 April 9 |
IT360 Conference & Expo |
Toronto, Canada |
April 7 April 11 |
Django Bootcamp with Juan Pablo Claude |
Atlanta, Georgia, USA |
April 8 April 10 |
Linux Foundation Collaboration Summit |
Austin, TX, USA |
April 10 April 13 |
Go-OO Conference 2008 |
Prague, Czech Republic |
April 12 April 13 |
Open Source Developers Conference Taiwan, 2008 |
Taipei, Taiwan |
April 12 April 13 |
LugRadio Live USA 2008 |
San Francisco, CA, USA |
April 12 April 18 |
KDevelop Developer Meeting 2008 |
Munich, Germany |
April 14 April 18 |
Embedded Systems Conference - Silicon Valley |
San Jose, CA, USA |
April 14 April 17 |
MySQL Conference and Expo |
Santa Clara, CA, USA |
April 14 April 18 |
Samba eXPerience 2008 |
Göttingen, Germany |
April 15 April 17 |
Embedded Linux Conference 2008 |
Mountain View, CA, USA |
April 15 April 17 |
SOA in Health Care |
Chicago, IL, USA |
April 16 April 18 |
X Developers' Conference 2008 |
Mountain View, CA, USA |
April 16 April 18 |
X Developers' Conference for 2008 |
Mountain View, USA |
April 16 April 18 |
Croatian Linux User Conference |
Zagreb, Croatia |
April 17 April 19 |
9th International Free Software Forum |
Porto Alegre, Brazil |
April 18 April 19 |
Third Annual Silicon Valley Ruby Conference |
San Jose, CA, USA |
April 18 April 20 |
National Collegiate Cyber Defense Competition |
San Antonio, TX, USA |
April 18 April 20 |
Penguicon 2008 |
Troy, Michigan, USA |
If your event does not appear here, please
tell us about it.
Page editor: Forrest Cook
|
|
|