LWN.net Logo

LWN.net Weekly Edition for May 29, 2003

MySQL and SAP

Corporate code releases are always an uncertain prospect. The contribution of a large body of code is always welcomed, but only time will tell what sort of development and user community will eventually develop around that code. SAP released its relational database management system (SAP-DB) to great fanfare in October, 2000. Compared to some of that month's other events (Atipa acquires OpenNMS, VA Linux hires the Debian project leader, the PostgreSQL hackers to go work for Great Bridge, EBIZ and the Linux Mall merge, Turbolinux gets $30 million in venture funding, LynuxWorks files for its IPO, Progeny Linux ships its first beta distribution, Linus claims "no show-stopper bugs" in 2.4.0-test10), SAP-DB has been a raging success. Still, relative to the other free database systems (PostgreSQL, MySQL, and perhaps even Interbase/Firebird), SAP-DB has not pulled in a particularly large community.

Nobody can say the same thing about MySQL. This free relational database manager, despite a lingering reputation for lacking the features that "real" database systems have, claims some four million installed systems. MySQL's user community is large and strong, and MySQL AB, the copyright holder for MySQL, is apparently thriving. But MySQL's "fast, reliable, but still a toy" reputation (at least in some circles) is probably not helping MySQL AB win those really big contracts.

So the announcement of a partnership between MySQL AB and SAP makes a fair amount of sense for both sides. Under this deal, MySQL AB gets the right to sell commercial versions of SAP-DB, which will be relicensed entirely under the GPL and renamed. SAP-DB will thus become a product much like the current MySQL offerings, but one aimed at "enterprise" deployments.

MySQL AB gets a new product to sell which has a lengthy large-deployment track record and which should prove easier to market to large companies. SAP's sales force and existing large company customer base should also prove most helpful in that regard. And, of course, MySQL gets to mix together the best of both systems to create "the next-generation MySQL open source enterprise database."

SAP, meanwhile, gets access to a brand with great respect in the free software community. MySQL AB has a proven ability to create an active developer and user community around a free database system; this skill will come to great use in reviving interest in the database formerly known as SAP-DB. More significantly, however, is the fact that MySQL AB has figured out how to sell proprietary licenses to a free software product, pleasing its customers while simultaneously avoiding alienating the developer community. The company's ability to walk that fine line bodes well for SAP-DB's future.

If there is a down side to this deal, it is that the SAP-DB client libraries, which were formerly licensed under the LGPL, will, in the future, only be available under the GPL. That change is crucial to the entire strategy, of course; it is the lever that will force proprietary software vendors to buy a commercial license. But it is a change which will upset users who were making use of the previous LGPL licensing; a look at the sapdb-general mailing list shows a handful of messages from users who are unhappy with the new state of affairs.

Of course, those users have not really lost anything; the current SAP-DB release cannot and will not be taken away from them. They simply will not have the same access to future releases. SAP-DB users have the right to fork the code base and maintain the code independently, and they might just do so. But it is hard to see a forked SAP-DB attracting a larger community than SAP-DB has now, especially when the folks over at MySQL appear to be having all the fun.

Comments (6 posted)

The SCO case gets weirder

We were planning to keep SCO off the front page this week. Really. But no such luck.

This week's fun centers around a press release issued by Novell. But first some background: SCO, recall, has been trumpeting its ownership rights in the Unix source and patents for some time. The main "SCOsource" page states:

SCO is the owner of the UNIX Operating System Intellectual Property that dates all the way back 1969, when the UNIX System was created at Bell Laboratories. Through a series of mergers and acquisitions, SCO has acquired ownership of the patents, copyrights and core technology associated with the UNIX System.

The patent claim was effectively debunked by Don Marti back in March, but the ownership claim has gotten an easier ride. Until now. Novell, the company which obtained Unix from ATT, has issued a press release taking issue with SCO's claims. In particular, Novell is asserting that it still owns the copyrights on the Unix code base:

Importantly, and contrary to SCO's assertions, SCO is not the owner of the UNIX copyrights. Not only would a quick check of U.S. Copyright Office records reveal this fact, but a review of the asset transfer agreement between Novell and SCO confirms it. To Novell's knowledge, the 1995 agreement governing SCO's purchase of UNIX from Novell does not convey to SCO the associated copyrights. We believe it unlikely that SCO can demonstrate that it has any ownership interest whatsoever in those copyrights. Apparently, you [SCO] share this view, since over the last few months you have repeatedly asked Novell to transfer the copyrights to SCO, requests that Novell has rejected.

Novell's claim notwithstanding, SCO has been quoted reiterating its claim to the Unix copyright (and threatening to sue Linus Torvalds for patent infringement as well). But SCO's annual report, as filed with the U.S. Securities and Exchange Commission, includes an interesting disclosure:

The Company has an arrangement with Novell, Inc. ("Novell") in which it acts as an administrative agent in the collection of royalties for customers who deploy SVRx technology. Under the agency agreement, the Company collects all customer payments and remits 95 percent of the collected funds to Novell and retains 5 percent as an administrative fee.

SCO, it would seem, is not the copyright owner; it is simply the paperwork shuffler, working for a 5% cut. That is not quite the picture that the company has been trying to present.

Whether this turn of events weakens SCO's case against IBM remains to be seen. SCO rushed out a response stating that it doesn't matter:

SCO's lawsuit against IBM does not involve patents or copyrights. SCO's complaint specifically alleges breach of contract, and SCO intends to protect and enforce all of the contracts that the company has with more than 6,000 licensees.

In fact, the original complaint does talk mostly about trade secrets and breach of contract. It does also, however, assert (once again) ownership of Unix and claim that IBM's actions have caused a reduction in the value of its Unix assets. Novell's claim challenges SCO's standing in the case; it may also be used by IBM's lawyers to question SCO's truthfulness and good faith in general.

Regardless of how the IBM suit goes, however, it now seems clearer than ever that the 1500 or so recipients of SCO's "Letter to Linux customers" can simply file that letter next to their AOL disks. SCO's case is not about patents or copyrights; the company has no standing to go after random Linux users. This letter was pure FUD and possibly libelous.

Novell does not stop with its copyright assertion. The company's press release challenges SCO to produce its evidence, and hints at legal moves to come:

SCO's actions are disrupting business relations that might otherwise form at a critical time among partners around Linux technologies, and are depriving these partners of important economic opportunities. We hope you understand the potential significant legal liability SCO faces for the possible harm it is causing to countless customers, developers, and other Linux community members.

It is also interesting to note that LinuxTag's lawyers have given notice to SCO Group GmbH that SCO must cease its "unfair competitive practices" as embodied in its attacks against Linux. If SCO can't produce some convincing evidence for its claims soon, it may well find itself dealing with lawsuits from the other side of the courtroom.

Comments (24 posted)

Open source content management systems roundup

[This article was contributed by Joe 'Zonker' Brockmeier]

The third Open Source Content Management (OSCOM) Conference this week has all eyes on Open Source Content Management Systems (CMS). Well, maybe not all eyes, but Open Source CMS are certainly getting quite a bit of attention this week.

There are far, far too many Open Source CMS projects under development to touch on all of them here, so consider this an overview of some of the more popular, interesting and/or capable CMS projects being used today. Note that this includes actual CMS systems, not Content Management Framework (CMF) projects like Midgard, Mason or Zope, which typically require significant assembly work before they can be deployed for any particular application.

Almost all Open Source CMS projects support features like RSS feeds, threaded comments, user authentication, templates, integrated search engines or support for external engines, version control, in-browser editing, scheduled publishing, support for multiple languages and so on. Perhaps the most important feature for most developers is which language the project is written in, and how easily extensible it is.

Slashcode, more frequently referred to as just Slash, is arguably the best-known CMS out there. Slash is pretty much aimed at news/Weblog-type sites, so it may not be best for general purpose sites. Slashcode is written in Perl, uses a MySQL backend and is available under the GNU General Public License (GPL). Slashcode is owned by OSDN.

In a similar vein, there's Scoop, the code that powers kuro5hin and a slew of other news sites and weblogs. Like Slashcode, Scoop is written in Perl with a MySQL backend and is available under the GPL. If you're looking to run a news site or Weblog, but prefer PHP to Perl, there's PHP-Nuke, PostNuke and PHPSlash.

For more of a "professional" approach to running a news site, there's Cofax. Cofax ("Content Object Factory") was mostly developed by staff at KnightRidder.com and Philly.com with participation from other Knight Ridder newspapers. Cofax is designed to help simplify the presentation of newspaper content on a Website, and to speed up real-time Web publication. One example of Cofax in action is the Silicon Valley site; it is also used to power more than 30 Knight Ridder newspaper sites. The Cofax CMS is written in Java, uses MySQL or Microsoft SQL Server for data storage, and is licensed under the GNU Lesser General Public License. The instructions on the Cofax site are Windows-specific, but it has also been tested under Sun OS 5.8, and could probably be coaxed to work on a Linux server as well.

There are a number of CMS projects for more general sites. Though Red Hat is best known for its Linux distribution, it also offers an Enterprise Content Management System. Red Hat's CMS is written in Java, requires PostgreSQL or Oracle and a J2EE servlet container and is supported on Red Hat, Solaris, Windows, AIX or HP-UX. Unlike most of Red Hat's offerings, the Red Hat CMS is available under the IBM Public License rather than the GPL.

Another all-purpose CMS is OpenACS. OpenACS is a little different, in that it is written in Tcl rather than Perl, Java or PHP. OpenACS has a number of applications such as bug trackers, chat, e-commerce features and much more. The OpenACS code is distributed under the terms of the GPL, and requires AOLserver and an Oracle or PostgreSQL backend. The Creative Commons site is just one example of a site powered by OpenACS.

Where would we be without Wiki-type sites? There are a number of Wiki-inspired packages out there, but tikiwiki may be the most full-featured. Tiki is PHP-based and offers LDAP authentication, webmail, tasks and notepad features, image galleries, games and a slew of other features not normally found in Wiki implementations. If you'd like to get a feel for Tiki, check out the demo site.

Bricolage is another general purpose content management and publishing system. Bricolage is written in Perl and uses PostgreSQL to store content. Macworld recently announced that it is using Bricolage to power its site. If you'd like to run Bricolage you'll need Apache with mod_perl and Mason. Bricolage is published under a BSD-style license.

The WebGUI folks call their solution a "application framework" rather than a CMS, but it does the job just as well. WebGUI is written in Perl and can use MySQL or PostgreSQL as a data store. It will run on Linux, Solaris, FreeBSD, and Windows with Apache or IIS. The Law Society of Western Australia is using WebGUI for their site. WebGUI is available under the GPL and is developed by Plain Black Software.

OpenCms, is pretty flexible in that it will run on LAMP platforms with Tomcat or on Windows platforms with Oracle and BEA Weblogic. OpenCms is used on a number of sites, including the Tribeca Film Festival site. OpenCms offers a WYSIWYG editor through a Web browser, but only for folks using Internet Explorer. Development for OpenCms is coordinated by Alkacon Software.

This is, of course, just the tip of the iceberg. There are quite a few other Open Source CMS projects out there, curious readers can start with the OSCOM Matrix of CMS projects.

Finally, OpensourceCMS is another site worth visiting if you're shopping for an Open Source CMS. Especially if you're looking to test-drive Open Souce CMS packages before actually messing with installation. The nice thing about Open Source is that you can always "try before you buy" but the installation process for many CMS packages can be a bit painful, or at least very time-consuming. OpensourceCMS does not have every CMS project available, but they have a pretty good list of demos you can try out.

Comments (11 posted)

Page editor: Jonathan Corbet

Security

Security news

Where are the kernel updates?

On April 5, Florian Weimer sent a note to the linux-kernel mailing list describing a hashing vulnerability in the 2.4 kernel. His assessment:

It is possible to freeze machines with 1 GB of RAM and more with a stream of 400 packets per second with carefully chosen source addresses. Not good.

This problem was also described on this page last week.

We are, in other words, going on two months since this vulnerability was publicly disclosed. A quick look at the LWN Vulnerability Database entry for this problem, however, shows that only two distributors (EnGarde and Red Hat) have updated their kernels to close this hole. So all of the other distributors, many of which have a very good history of quick response to security problems, are leaving their users exposed on this one.

This vulnerability may seem less urgent because it cannot be used to gain root access to a target machine. It can, however, be used to take a system off the net. It allows a remote attacker to obtain the results of a distributed denial of service attack without that attacker having to arrange the "distributed" part. It is a serious problem which will certainly be exploited, with unpleasant results. The distributors owe their users a fix.

Comments (5 posted)

New vulnerabilities

Apache 2 - denial of service

Package(s):apache CVE #(s):CAN-2003-0189 CAN-2003-0245
Created:May 28, 2003 Updated:June 16, 2003
Description: A new set of denial of service vulnerabilities has been found in Apache versions 2.0 through 2.0.45. The potential for a remote code exploit apparently exists as well. See the Apache 2.0.46 announcement for more information.
Alerts:
Red Hat RHSA-2003:186-01 2003-05-28
Mandrake MDKSA-2003:063 2003-05-30
Gentoo 200305-13 2003-06-01
Mandrake MDKSA-2003:063-1 2003-06-02
Yellow Dog YDU-20030603-1 2003-06-03
Conectiva CLA-2003:661 2003-06-16

Comments (none posted)

CUPS: vulnerability in the CUPS IPP implementation

Package(s):cups CVE #(s):CAN-2003-0195
Created:May 27, 2003 Updated:July 22, 2003
Description: Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP (Internet Printing Protocol) implementation. The IPP implementation is single-threaded, which means only one request can be serviced at a time. An attacker could make a partial request that does not time out and therefore creates a denial of service. In order to exploit this bug, an attacker must have the ability to make a TCP connection to the IPP port (by default 631).
Alerts:
Red Hat RHSA-2003:171-01 2003-05-27
Slackware ssa:2003-149-01 2003-05-29
Mandrake MDKSA-2003:062 2003-05-29
Yellow Dog YDU-20030602-3 2003-06-02
SuSE SuSE-SA:2003:028 2003-06-06
Debian DSA-317-1 2003-06-11
Gentoo 200306-09 2003-06-14
Conectiva CLA-2003:702 2003-07-22

Comments (none posted)

Nessus NASL scripting engine security issues

Package(s):nessus CVE #(s):
Created:May 27, 2003 Updated:August 12, 2004
Description: Some some vulnerabilities exsist in the Nessus NASL scripting engine. To exploit these flaws, an attacker would need to have a valid Nessus account as well as the ability to upload arbitrary Nessus plugins in the Nessus server (this option is disabled by default) or he/she would need to trick a user somehow into running a specially crafted nasl script. Read the full advisory for additional information.
Alerts:
Gentoo 200305-10 2003-05-27

Comments (none posted)

Updated vulnerabilities

BitchX - denial of service

Package(s):BitchX CVE #(s):
Created:February 20, 2003 Updated:May 26, 2003
Description: From this Bugtraq posting:

A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault. This problem was reported to panasync@efnet#bitchx on Jan 30 2003, as of this writing we are unaware of any patches or workarounds provided by panasync and or any members of #bitchx

Alerts:
Gentoo 200302-11 2003-02-20
Debian DSA-306-1 2003-05-19
Slackware ssa:2003-141-02 2003-05-22
Conectiva CLA-2003:655 2003-05-26

Comments (none posted)

LPRng: insecure temporary file

Package(s):LPRng CVE #(s):CAN-2003-0136
Created:April 14, 2003 Updated:June 16, 2003
Description: Karol Lewandowski discovered that psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another place writes its current environment and called arguments to the file unconditionally with the user id daemon.
Alerts:
Debian DSA-285-1 2003-04-14
Red Hat RHSA-2003:142-01 2003-04-24
Mandrake MDKSA-2003:060 2003-05-21
Yellow Dog YDU-20030602-5 2003-06-02
Immunix IMNX-2003-7+-013-01 2003-06-04
Gentoo 200306-04 2003-06-14

Comments (none posted)

perl-MailTools: remote command execution

Package(s):MailTools CVE #(s):CAN-2002-1271
Created:November 5, 2002 Updated:September 19, 2003
Description: The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body.

Note that mail processing programs which use this package can be affected by this vulnerability; in particular, SpamAssassin is vulnerable if you use the -r or -w flags.

Alerts:
SuSE SuSE-SA:2002:041 2002-11-05
Gentoo 200211-001 2002-11-06
Mandrake MDKSA-2002:076 2002-11-07
Gentoo 200302-01 2003-02-02
Debian DSA-386-1 2003-09-18

Comments (none posted)

NetPBM: math overflow errors

Package(s):NetPBM CVE #(s):CAN-2003-0146
Created:March 17, 2003 Updated:May 27, 2003
Description: Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
Alerts:
Debian DSA-263-1 2003-03-17
Mandrake MDKSA-2003:036 2003-03-25
Red Hat RHSA-2003:060-01 2003-04-03
Conectiva CLA-2003:656 2003-05-27

Comments (none posted)

Multiple-use vulnerability in Safe.pm

Package(s):Safe.pm CVE #(s):CAN-2002-1323
Created:October 9, 2002 Updated:February 20, 2004
Description: usePerl has a description of a vulnerability in the Safe.pm Perl module. It seems that if a Safe compartment is used more than once, it ceases to be safe. The problem is fixed in Safe 2.08.
Alerts:
Debian DSA-208-1 2002-12-12
OpenPKG OpenPKG-SA-2002.014 2002-12-16
Trustix 2002-0087 2002-12-19
Gentoo 200212-6 2002-12-20
SCO Group CSSA-2004-007.0 2004-02-20

Comments (none posted)

TCP/IP: inconsistent flag handling

Package(s):TCP/IP CVE #(s):
Created:May 5, 2003 Updated:May 20, 2003
Description: Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies.

See CERT VU#464113 and this BugTraq post for more information.

Alerts:
SCO Group CSSA-2003-019.0 2003-05-05

Comments (none posted)

bind buffer overflow vulnerability in DNS resolver libraries

Package(s):bind glibc CVE #(s):CAN-2002-0651 CAN-2002-0684
Created:July 8, 2002 Updated:October 1, 2003
Description: The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1) include fixes for a libc related vulnerability which does not affect Linux. Updates from the Internet Software Consortium (ISC) are available from here.

No release or branch of Openwall GNU/*/Linux (Owl) is known to be affected, due to Olaf Kirch's fixes for this problem getting into the GNU C library more than two years ago.

Unfortunatly that does not mean that Linux systems are not vulnerable. Similar code, without Olaf Firch's fixes, is in the glibc getnetbyXXX functions. These functions are described in the SuSE alert as " used by very few applications only, such as ifconfig and ifuser, which makes exploits less likely."

CERT Advisory: CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

CAN-2002-0651
CAN-2002-0684

Alerts:
OpenPKG OpenPKG-SA-2002.006 2002-07-04
SuSE SuSE-SA:2002:026 2002-07-09
Conectiva CLA-2002:507 2002-07-11
Gentoo glibc-20020713 2002-07-13
Trustix 2002-0061 2002-07-15
Mandrake MDKSA-2002:043 2002-07-16
EnGarde ESA-20020724-018 2002-07-24
Red Hat RHSA-2002:139-10 2002-07-22
Eridani ERISA-2002:028 2002-07-25
Yellow Dog YDU-20020801-2 2002-08-01
SCO Group CSSA-2002-034.0 2002-08-05
Red Hat RHSA-2002:133-13 2002-08-08
Eridani ERISA-2002:035 2002-08-09
Yellow Dog YDU-20020810-3 2002-08-10
Mandrake MDKSA-2002:050 2002-08-13

Comments (1 posted)

Bugzilla: several vulnerabilities.

Package(s):bugzilla CVE #(s):
Created:April 30, 2003 Updated:May 21, 2003
Description: The Bugzilla bug tracking system has a new set of vulnerabilities which can lead to cross-site scripting and symlink attacks. Versions 2.16.3 and 2.17.4 contain the necessary fixes; see this advisory for the details.
Alerts:
Conectiva CLA-2003:653 2003-05-21

Comments (none posted)

Canna server: exploitable buffer overrun

Package(s):canna CVE #(s):CAN-2002-1158 CAN-2002-1159
Created:December 10, 2002 Updated:October 1, 2003
Description: Canna is a kana-kanji conversion server which is necessary for Japanese language character input.

A buffer overflow bug in the Canna server up to and including version 3.5b2 allows a local user to gain the privileges of the user 'bin' which could lead to further exploits. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1158 to this issue.

A lack of validation of requests has been found that affects Canna version 3.6 and earlier. A malicious remote user could exploit this vulnerability to leak information, or cause a denial of service attack. (CAN-2002-1159)

See also http://canna.sourceforge.jp/sec/Canna-2002-01.txt

CAN-2002-1158
CAN-2002-1159

Alerts:
Red Hat RHSA-2002:246-18 2002-12-04
Gentoo 200212-8 2002-12-20
Debian DSA-224-1 2002-01-08
SCO Group CSSA-2003-005.0 2003-01-21

Comments (none posted)

cdrecord: format string vulnerability

Package(s):cdrecord CVE #(s):CAN-2003-0289
Created:May 15, 2003 Updated:May 21, 2003
Description: A format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the "dev" parameter.
Alerts:
Mandrake MDKSA-2003:058 2003-05-15
Gentoo 200305-06 2003-05-18
Mandrake MDKSA-2003:058-1 2003-05-21

Comments (none posted)

dvips: command execution vulnerability

Package(s):dvips CVE #(s):CAN-2002-0836
Created:October 16, 2002 Updated:June 10, 2003
Description: The dvips utility uses the system() function improperly when managing fonts. An attacker who can craft the right sort of print job can use this vulnerability to execute commands under the UID used by the print system.
Alerts:
Red Hat RHSA-2002:194-18 2002-10-08
Gentoo tetex-20021018 2002-10-18
Mandrake MDKSA-2002:070 2002-10-23
Mandrake MDKSA-2002:071 2002-10-24
Conectiva CLA-2002:537 2002-10-29
Debian DSA-207-1 2002-12-11
OpenPKG OpenPKG-SA-2002.015 2002-12-16
Immunix IMNX-2003-7+-016-01 2003-06-09

Comments (none posted)

epic4: buffer overflows and arbitrary code execution

Package(s):epic4 CVE #(s):
Created:May 2, 2003 Updated:May 22, 2003
Description: Timo Sirainen discovered several problems in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Alerts:
Debian DSA-298-1 2002-03-05
Slackware SSA:2003-141-01 2003-05-22

Comments (none posted)

ethereal - format string vulnerability

Package(s):ethereal CVE #(s):CAN-2003-0081
Created:March 10, 2003 Updated:June 12, 2003
Description: The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow. This vulnerability has been present in Ethereal since the SOCKS dissector was introduced in version 0.8.7. It was discovered by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a heap overflow. All users of Ethereal 0.9.9 and below are encouraged to upgrade. See the full advisory for additional information.
Alerts:
Gentoo 200303-10 2003-03-09
Debian DSA-258-1 2003-03-10
SuSE SuSE-SA:2003:019 2003-03-21
Conectiva CLA-2003:627 2003-04-16
Red Hat RHSA-2003:076-01 2003-04-23
Mandrake MDKSA-2003:051 2003-03-24

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Debian DSA-154-1 2002-08-15
Red Hat RHSA-2005:005-01 2005-01-05

Comments (none posted)

fetchmail: buffer overflow

Package(s):fetchmail CVE #(s):CAN-2002-1365
Created:December 17, 2002 Updated:October 20, 2003
Description: Versions of fetchmail prior to 6.2.0 have (yet another) buffer overflow vulnerability which can be exploited remotely via a suitably crafted message. See this advisory for details.
Alerts:
Conectiva CLA-2002:554 2002-12-16
Red Hat RHSA-2002:293-09 2002-12-17
Debian DSA-216-1 2002-12-24
SuSE SuSE-SA:2003:001 2003-01-02
SCO Group CSSA-2003-001.0 2003-01-09
EnGarde ESA-20030127-002 2003-01-27
Mandrake MDKSA-2003:011 2003-01-27
Immunix IMNX-2003-7+-023-01 2003-10-17

Comments (3 posted)

file - memory allocation problem, stack overflow

Package(s):file CVE #(s):CAN-2003-0102
Created:March 4, 2003 Updated:June 4, 2003
Description: Jeff Johnson found a memory allocation problem and David Endler found a stack overflow corruption problem in the file "Automatic File Content Type Recognition Tool" version 3.41. Nalin Dahyabhai improved ELF section and program header handling in file version 3.40. The folks at OpenPKG believe that file versions without those modifications are vulnerable to memory allocation and stack overflow problems which put security at risk.
Alerts:
OpenPKG OpenPKG-SA-2003.017 2003-03-04
Mandrake MDKSA-2003:030 2003-03-06
Red Hat RHSA-2003:086-07 2003-03-07
EnGarde ESA-20030307-008 2003-03-07
Gentoo 200303-8 2003-03-08
Debian DSA-260-1 2003-03-13
SuSE SuSE-SA:2003:017 2003-03-21
Conectiva CLA-2003:617 2003-04-04
Mandrake MDKSA-2003:030-1 2003-04-17
SCO Group CSSA-2003-018.0 2003-04-28
Immunix IMNX-2003-7+-012-01 2003-06-03

Comments (none posted)

Potential remote root exploit in glibc

Package(s):glibc CVE #(s):CAN-2002-0391
Created:August 14, 2002 Updated:June 29, 2003
Description: Felix von Leitner, discovered a potential division by zero bug in code derived from the SunRPC library which is used in glibc.This bug could be exploited to gain unauthorized root access to software linking to glibc.

Updating as soon as practical is a good idea.

Because SunRPC-derived XDR libraries are used by a variety of vendors in a variety of applications, this defect may lead to a number of differing security problems. Exploiting this vulnerability will lead to denial of service, execution of arbitrary code, or the disclosure of sensitive information.

CERT/CC Vulnerability Note VU#192995 Integer overflow in xdr_array() function when deserializing the XDR stream

Alerts:
Debian DSA-149-1 2002-08-13
Red Hat RHSA-2002:166-07 2002-08-12
Eridani ERISA-2002:036 2002-08-13
Trustix 2002-0067 2002-08-13
SuSE SuSE-SA:2002:031 2002-08-30
Gentoo glibc-20020905 2002-09-05
Mandrake MDKSA-2002:061 2002-09-23
Debian DSA-149-2 2002-09-26
Gentoo dietlibc-20020927 2002-09-27
Gentoo glibc-20020927 2002-09-27
EnGarde ESA-20021003-021 2002-10-03
Trustix 2002-0070 2002-10-17
Conectiva CLA-2002:535 2002-10-29
Debian DSA-333-1 2003-06-27

Comments (none posted)

glibc: DNS stub resolvers contain buffer overflow vulnerability

Package(s):glibc CVE #(s):CAN-2002-1146
Created:November 7, 2002 Updated:February 5, 2004
Description: DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. (See CERT Vulnerability Note VU#738331)

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, uses the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Alerts:
Red Hat RHSA-2002:197-06 2002-10-03
Red Hat RHSA-2002:197-09 2002-11-06
Mandrake MDKSA-2004:009 2004-02-04

Comments (none posted)

glibc: integer overflow in the xdrmem_getbytes() function

Package(s):glibc krb5 dietlibc CVE #(s):CAN-2003-0028
Created:March 21, 2003 Updated:May 27, 2003
Description: An integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, and glibc, allows remote attackers to execute arbitrary code via certain integer values in length fields See CAN-2003-0028 and CERT advisory CA-2003-10 for more information.
Alerts:
SCO Group CSSA-2003-013.0 2003-03-19
EnGarde ESA-20030321-010 2003-03-21
Sorcerer SORCERER2003-03-20-1 2003-03-20
Sorcerer SORCERER2003-03-20-2 2003-03-20
Red Hat RHSA-2003:089-00 2003-03-19
Debian DSA-266-1 2003-03-17
Gentoo 200303-22 2003-03-25
Mandrake MDKSA-2003:037 2003-03-25
Trustix 2003-0014 2003-03-26
Debian DSA-272-1 2003-03-28
Gentoo 200303-29 2003-03-31
Debian DSA-282-1 2003-04-09
Immunix IMNX-2003-7+-009-01 2003-04-14
Conectiva CLA-2003:633 2003-04-30
Conectiva CLA-2003:639 2003-05-05
Slackware ssa:2003-141-03 2003-05-22
SuSE SuSE-SA:2003:027 2003-05-26

Comments (3 posted)

gnupg: key validation

Package(s):gnupg CVE #(s):CAN-2003-0255
Created:May 15, 2003 Updated:November 17, 2003
Description: A key validation bug was discovered in the GNU Privacy Guard (GPG) which would cause keys with more then one user ID to trust all user ID's with the amount of trust given to the most-valid user ID.
Alerts:
EnGarde ESA-20030515-016 2003-05-15
OpenPKG OpenPKG-SA-2003.029 2003-05-16
Gentoo 200305-04 2003-05-16
Red Hat RHSA-2003:175-01 2003-05-20
Slackware ssa:2003-141-04 2003-05-22
Mandrake MDKSA-2003:061 2003-05-22
Yellow Dog YDU-20030602-4 2003-06-02
Conectiva CLA-2003:694 2003-07-11
SCO Group CSSA-2003-034.0 2003-11-17

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Red Hat RHSA-2003:126-01 2003-04-14
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:264-01 2003-09-09
Conectiva CLA-2003:737 2003-09-12
Mandrake MDKSA-2003:093 2003-09-18
Debian DSA-710-1 2005-04-18

Comments (none posted)

IMP - SQL injection vulnerability

Package(s):imp CVE #(s):CAN-2003-0025
Created:January 15, 2003 Updated:July 8, 2003
Description: The IMP IMAP server, versions 2.2.8 and prior, is vulnerable to SQL injection; see this advisory for details. Version 3.x is not vulnerable to this problem.
Alerts:
Debian DSA-229-2 2003-01-15
SuSE SuSE-SA:2003:0008 2003-02-18
Conectiva CLA-2003:690 2003-07-08

Comments (1 posted)

kde: arbitrary code execution

Package(s):kde CVE #(s):CAN-2003-0204
Created:April 10, 2003 Updated:June 30, 2003
Description: The KDE Security team has issued an advisory on a vulnerability present in all versions of KDE that allow a remote attacker to execute arbitrary commands under your account. KDE 3.0.5b and KDE 3.1.1a have been released to address this problem. For KDE 2.2.2 patches to the KDE 2.2.2 sources have been made available.

KDE uses Ghostscript software for processing of PostScript (PS) and PDF files in a way that allows for the execution of arbitrary commands that can be contained in such files.

An attacker can prepare a malicious PostScript or PDF file which will provide the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled.

An attacker can provide malicious files remotely to a victim in an e-mail, as part of a webpage, via an ftp server and possible other means.

Alerts:
Gentoo 200304-04 2003-04-10
Gentoo 200304-05 2003-04-11
Debian DSA-284-1 2003-04-12
Sorcerer SORCERER2003-04-12 2003-04-12
Mandrake MDKSA-2003:049 2003-04-17
Slackware sl-1050682024 2003-04-18
Debian DSA-293-1 2003-04-23
SuSE SuSE-SA:2003:0026 2003-04-24
Mandrake MDKSA-2003:049-1 2003-04-24
Debian DSA-296-1 2003-04-30
Red Hat RHSA-2003:002-01 2003-05-12
Conectiva CLA-2003:668 2003-06-30

Comments (none posted)

kerberos - cryptographic weakness

Package(s):kerberos, heimdal, openafs CVE #(s):CAN-2003-0138 CAN-2003-0139
Created:March 26, 2003 Updated:May 27, 2003
Description: Version 4 of the Kerberos protocol contains a cryptographic weakness which enables a chosen-plaintext attack. A suitably equipped attacker can impersonate any principal in the realm. Another weakness allows the creation of false Kerberos tickets. Given the weaknesses in the cryptography, cross-realm authentication cannot be performed in a secure way.

OpenAFS kaserver implements version 4 of the Kerberos protocol, and therefore is also vulnerable.

Alerts:
Debian DSA-269-1 2003-03-26
Red Hat RHSA-2003:051-01 2003-03-26
Debian DSA-273-1 2003-03-28
Gentoo 200303-26 2003-03-30
Gentoo 200303-28 2003-03-31
Mandrake MDKSA-2003:043 2003-04-01
Red Hat RHSA-2003:091-01 2003-04-02
Immunix IMNX-2003-7+-007-01 2003-04-07
Debian DSA-269-2 2003-04-09
Gentoo 200305-09 2003-05-27

Comments (none posted)

kernel - ptrace-related vulnerability

Package(s):kernel CVE #(s):CAN-2003-0127
Created:March 17, 2003 Updated:June 30, 2003
Description: Versions 2.2.x and 2.4.x of the Linux kernel contain a vulnerability in ptrace() which may be exploited by a local user to obtain root access. This announcement contains the details and a patch for 2.4.20. For 2.2 users, 2.2.25 has been released which contains the fix.
Alerts:
Red Hat RHSA-2003:098-00 2003-03-17
Trustix 2003-0007 2003-03-18
EnGarde ESA-20030318-009 2003-03-18
Red Hat RHSA-2003:088-01 2003-03-20
Sorcerer SORCERER2003-03-19 2003-03-20
Gentoo 200303-17 2003-03-21
SuSE SuSE-SA:2003:021 2003-03-25
Debian DSA-270-1 2003-03-27
Mandrake MDKSA-2003:038 2003-03-27
Mandrake MDKSA-2003:039 2003-03-27
Debian DSA-276-1 2003-04-03
Conectiva CLA-2003:618 2003-04-07
Red Hat RHSA-2003:135-00 2003-04-08
Mandrake MDKSA-2003:038-1 2003-04-09
SCO Group CSSA-2003-020.0 2003-05-09
Red Hat RHSA-2003:098-03 2003-06-02
Debian DSA-332-1 2003-06-27
Debian DSA-336-1 2003-06-29
Debian DSA-336-2 2003-06-29

Comments (none posted)

kernel 2.4 - two new vulnerabilities

Package(s):kernel CVE #(s):CAN-2003-0244 CAN-2003-0246
Created:May 14, 2003 Updated:July 25, 2003
Description: The 2.4.20 (and prior) kernel contains a couple of vulnerabilities that are worth fixing.
  • The ioperm() system call doesn't perform proper checking, allowing a local user to manipulate arbitrary I/O ports.

  • The networking code contains a remotely exploitable denial of service condition; see the May 24 Security Page for details.

Alerts:
Red Hat RHSA-2003:172-00 2003-05-14
EnGarde ESA-20030515-017 2003-05-15
Red Hat RHSA-2003:145-01 2003-05-27
Red Hat RHSA-2003:187-01 2003-06-03
Debian DSA-311-1 2003-06-08
Debian DSA-312-1 2003-06-09
Mandrake MDKSA-2003:066 2003-06-11
Slackware SSA:2003-168-01 2003-06-17
Mandrake MDKSA-2003:074 2003-07-15
Mandrake MDKSA-2003:066-1 2003-07-21
Conectiva CLA-2003:701 2003-07-22
Mandrake MDKSA-2003:066-2 2003-07-25

Comments (2 posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

kopete: vulnerabiliy in GnuPG plugin

Package(s):kopete CVE #(s):CAN-2003-0256
Created:May 8, 2003 Updated:June 27, 2003
Description: A vulnerability was discovered in versions of kopete prior to 0.6.2. Kopete is a KDE instant messenger client. This vulnerabiliy is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.
Alerts:
Mandrake MDKSA-2003:055 2003-05-08
Gentoo 200305-03 2003-05-14
Conectiva CLA-2003:665 2003-06-27

Comments (none posted)

libpng, libpng3: buffer overflow

Package(s):libpng, libpng3 CVE #(s):CAN-2002-1363
Created:December 19, 2002 Updated:July 14, 2004
Description: Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer.
Alerts:
Debian DSA-213-1 2002-12-19
Red Hat RHSA-2003:006-06 2003-01-09
SuSE SuSE-SA:2003:0004 2003-01-14
Yellow Dog YDU-20030114-2 2002-01-14
OpenPKG OpenPKG-SA-2003.001 2003-01-15
Mandrake MDKSA-2003:008 2003-01-20
Conectiva CLA-2003:564 2003-01-23
Red Hat RHSA-2004:249-01 2004-06-18
Fedora FEDORA-2004-173 2004-06-18
Fedora FEDORA-2004-175 2004-06-18
Fedora FEDORA-2004-174 2004-06-18
Fedora FEDORA-2004-176 2004-06-18
Whitebox WBSA-2004:249-01 2004-06-21
Mandrake MDKSA-2004:063 2004-06-29
OpenPKG OpenPKG-SA-2004.030 2004-07-06
Gentoo 200407-06 2004-07-08

Comments (none posted)

lprold - buffer overflow in lprm

Package(s):lprold lpd CVE #(s):CAN-2003-0144
Created:March 13, 2003 Updated:May 28, 2003
Description: The lprm command of the printing package lprold contains a buffer overflow. This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root privileges.
Alerts:
SuSE SuSE-SA:2003:0014 2003-03-13
Debian DSA-267-1 2003-03-24
Debian DSA-275-1 2003-04-02
Debian DSA-267-2 2003-04-15
Mandrake MDKSA-2003:059 2003-05-21

Comments (none posted)

lv: privilege escalation

Package(s):lv CVE #(s):CAN-2003-0188
Created:May 15, 2003 Updated:June 4, 2003
Description: Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability. An attacker could gain the privileges of the user invoking lv, including root.
Alerts:
Debian DSA-304-1 2003-05-15
Red Hat RHSA-2003:169-01 2003-05-16
Gentoo 200305-07 2003-05-19
Yellow Dog YDU-20030602-6 2003-06-02

Comments (none posted)

lynx: CRLF injection vulnerability

Package(s):lynx CVE #(s):CAN-2002-1405
Created:November 19, 2002 Updated:October 1, 2003
Description: If lynx is given a url with some special characters on the command line, it will include faked headers in the HTTP query. This feature can be used to force scripts (that use Lynx for downloading files) to access the wrong site on a web server with multiple virtual hosts.

CAN-2002-1405

Alerts:
SCO Group CSSA-2002-049.0 2002-11-18
Debian DSA-210-1 2002-12-13
Trustix 2002-0085 2002-12-19
Red Hat RHSA-2003:029-06 2003-02-12
OpenPKG OpenPKG-SA-2003.011 2003-02-18
Mandrake MDKSA-2003:023 2003-02-24
Conectiva CLA-2003:720 2003-08-11

Comments (none posted)

net-snmp: denial of service vulnerability

Package(s):net-snmp CVE #(s):CAN-2002-1170
Created:December 17, 2002 Updated:November 7, 2003
Description: The SNMP daemon included in the Net-SNMP package versions 5.0.1 through 5.0.4 can be caused to crash if it is sent a specially crafted packet.
Alerts:
Red Hat RHSA-2002:228-11 2002-12-17
Conectiva CLA-2003:778 2003-11-07

Comments (none posted)

nethack: buffer overflow

Package(s):nethack, slashem, falconseye CVE #(s):CAN-2003-0358 CAN-2003-0359
Created:February 18, 2003 Updated:July 15, 2003
Description: Overflowing a buffer in nethack may lead to privilege escalation to games uid.

Read the the full advisory for the details.

Note that falconseye does not contain the file permission error CAN-2003-0359 which affected some other nethack packages.

Alerts:
Gentoo 200302-08 2003-02-18
Debian DSA-316-1 2003-06-11
Debian DSA-316-2 2003-06-11
Debian DSA-316-3 2003-06-17
Debian DSA-350-1 2003-07-15

Comments (none posted)

netscape-flash: buffer overflow

Package(s):netscape-flash CVE #(s):
Created:March 10, 2003 Updated:June 20, 2003
Description: Potentially exploitable buffer overflows exist in the Macromedia Flash Player. The full advisory is here. "The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer. The possibility of running native code on a users machine is a theoretical exploit, and extremely difficult to execute in practice. There are no known examples of running such native code from Macromedia Flash movies; however, even though this issue is difficult and theoretical in nature only, we are encouraging users to upgrade."
Alerts:
Gentoo 200303-9 2003-03-09
Red Hat RHSA-2003:026-01 2003-06-20

Comments (none posted)

openssh: timing attack leads to information disclosure

Package(s):openssh CVE #(s):CAN-2003-0190
Created:May 2, 2003 Updated:November 30, 2004
Description: From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation."
Alerts:
Gentoo 200305-01 2002-03-05
Gentoo 200305-02 2003-05-13
Red Hat RHSA-2003:222-01 2003-07-29
OpenPKG OpenPKG-SA-2003.035 2003-08-06
Ubuntu USN-34-1 2004-11-30

Comments (1 posted)

openssl: local and remote extraction of RSA private key

Package(s):openssl, apache, mod_ssl CVE #(s):CAN-2003-0147
Created:March 18, 2003 Updated:May 22, 2003
Description: David Brumley and Dan Boneh of Stanford University have researched and documented a timing attack on OpenSSL which allows local and remote attackers to extract the RSA private key of a server. The OpenSSL RSA implementation is generally vulnerable to these type of attacks unless RSA blinding has been turned on. See this paper (pdf format) for additional details.

Typically, RSA blinding is not enabled by OpenSSL based applications, mainly because it is not obvious how to do so when using OpenSSL to provide SSL/TLS. This problem affects mostly all applications using OpenSSL and have to be rebuilded against the fixed OpenSSL version (where RSA blinding is now enabled by default) or have to enable RSA blinding explicitly their own.

The performance impact of RSA blinding appears to be small (a few percent only) and the RSA functionality is still fully compatible. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0147 to the problem.

Alerts:
OpenPKG OpenPKG-SA-2003.019 2003-03-18
OpenPKG OpenPKG-SA-2003.020 2003-03-18
Trustix 2003-0010 2003-03-18
Gentoo 200303-15 2003-03-20
EnGarde ESA-20030320-010 2003-03-20
OpenPKG OpenPKG-SA-2003.026 2003-03-20
Sorcerer SORCERER2003-03-21-0 2003-03-21
SCO Group CSSA-2003-014.0 2003-03-21
Gentoo 200303-20 2003-03-24
Gentoo 200303-23 2003-03-25
Gentoo 200303-24 2003-03-25
Mandrake MDKSA-2003:035 2003-03-25
Trustix 2003-0013 2003-03-26
Immunix IMNX-2003-7+-001-01 2003-03-26
Red Hat RHSA-2003:101-01 2003-04-01
SuSE SuSE-SA:2003:024 2003-04-04
Conectiva CLA-2003:625 2003-04-10
Debian DSA-288-1 2003-04-17
Slackware ssa:2003-141-05 2003-05-22

Comments (none posted)

pam_xauth: root exploit

Package(s):pam_xauth CVE #(s):CAN-2002-1160
Created:February 13, 2003 Updated:July 10, 2003
Description: The pam_xauth module is used to forward xauth information from user to user in applications such as 'su'.

Andreas Beck discovered that versions of pam_xauth supplied with Red Hat Linux since version 7.1 would forward authorization information from the root account to unprivileged users. This could be used by a local attacker to gain access to an administrator's X session. In order to exploit this vulnerability, the attacker would have to get the administrator, as root, to use su to the account belonging to the attacker.

Alerts:
Red Hat RHSA-2003:035-10 2003-02-12
Mandrake MDKSA-2003:017-1 2003-04-28
Conectiva CLA-2003:693 2003-07-10

Comments (none posted)

PHP: vulnerability in mail function

Package(s):php CVE #(s):CAN-2002-0985 CAN-2002-0986
Created:November 13, 2002 Updated:October 1, 2003
Description: Two vulnerabilities exists in the mail() PHP function. The first one allows the execution of any program/script bypassing safe_mode restriction, the second one may give an open-relay script if the mail() function is not carefully used in PHP scripts. See this Bugtraq report for more details. Note that this is a different vulnerability than the previous PHP mail() problem, which affected versions through 4.1.0.

CAN-2002-0985
CAN-2002-0986

Alerts:
Red Hat RHSA-2002:213-06 2002-11-11
Conectiva CLA-2002:545 2002-11-13
EnGarde ESA-20021122-031 2002-11-22
Gentoo 200211-005 2002-11-20
SCO Group CSSA-2003-008.0 2003-03-04

Comments (none posted)

PostgreSQL - more buffer overflows

Package(s):postgresql CVE #(s):
Created:February 12, 2003 Updated:November 7, 2003
Description: A new set of buffer overflows has been discovered in PostgreSQL 7.2.2; they affect the circle_poly(), path_encode(), and path_addr() functions. Exploiting these overflows requires that the attacker first obtain a connection to the PostgreSQL server.
Alerts:
Mandrake MDKSA-2002:062-1 2003-02-11
Trustix 2003-0004 2003-02-20
Immunix IMNX-2003-7+-005-01 2003-04-08
Debian DSA-397-1 2003-11-07

Comments (1 posted)

PoPTop: remotely exploitable buffer overflow

Package(s):pptpd CVE #(s):CAN-2003-0213
Created:April 28, 2003 Updated:June 6, 2003
Description: The PoPToP PPTP server contains a remotely exploitable buffer overflow; read the full advisory for more information.
Alerts:
Gentoo