A quick look at Conglomerate 0.70
The
DocBook format is often promoted
as the format of choice for free (and non-free) documentation. DocBook, as
an SGML and XML standard, is compliant with as many buzzwords as anybody
could wish for. The standard is well developed and highly expressive.
And DocBook, of course, is all about structure. More, perhaps, than any
other markup language, DocBook forces the author to concentrate on the
structure of the language without thinking about how a document will be
rendered in any particular medium.
Anybody who has had to create a serious work in full frontal DocBook knows
the rest of the story, however. DocBook is complex and verbose. Like
PostScript, DocBook requires that the author maintain a deep stack in mind
to track the current state of the document. And, like PostScript, DocBook
is best used as the output of a higher-level tool, rather than created
directly by the author.
Unfortunately, given the current state of the tools available, manipulating
DocBook directly with a text editor is often the only option available. So
your editor, who is currently in the process of updating a substantial book
which is, of course, in DocBook format, was more than usually interested in
the recent announcement
that Conglomerate 0.70 had been
released. As stated in the announcement:
Congomerate is a free, user-friendly XML editor. It is
particularly aimed at DocBook editing, but should be able to handle
arbitrary XML document types.
For authors working in DocBook, a nice editor would be worth a great deal.
So Conglomerate seemed worth checking out.
The first challenge with bleeding-edge software, of course, is getting it
installed and running. For Conglomerate, an attempted install on Debian
sid proved doomed to failure; the maze of dependencies proved too twisted,
and the packaged version in experimental had not been updated. On the
other hand, version 0.70 configured, built, and installed on a Red Hat
Linux 9 system without trouble. There are advantages to having a
variety of distributions sitting around.
What resulted was a tool that shows some serious promise, but which is not
yet ready for production use. The sample text used (Chapter Two of
Linux Device Drivers, Third Edition) required significant editing
(with a text editor) before Conglomerate would accept it. Conglomerate
does not recognize common entities (e.g. –), and there
are differences of opinion on how certain types of tag (such as
<indexterm>) should be terminated in some situations. The
tool spews out an unending series of Gtk warnings, crashes occasionally,
![[Screenshot]](/images/ns/conglomerate/current-sm.gif)
and is generally slow. It is missing fundamental features, such as an
"undo" operation. It does, however, work well enough to give a good
idea of where the developers are going.
True to the basic premise of DocBook, Conglomerate is all about structure.
Looking at a document in DocBook will not tell you much about how it will
appear in printed (or web) form, but it is full of information on how the
document goes together. To that end, the window (see the screen shot on
the right) is divided into two panes. The left side shows the overall
structure of the document, in the usual tree presentation. The main
window, on the right, shows the text. But this is no WYSIWYG presentation;
instead, the document is presented as a set of nested boxes showing, once
again, how things are structured. Subtrees of the document can be expanded
or hidden at will, providing a sort of zoom feature.
![[menu entry]](/images/ns/conglomerate/menu-entry.gif)
At the structural element level, the right mouse button yields an
impressive array of new elements (86 of them) which can be added as
subelement or sibling elements. Once you get below the paragraph level,
however, a whole new menu with various types of low-level markup
(e.g. <emphasis>) appears instead. Conglomerate does not, of
course, change the presentation of the text to reflect this sort of
![[literal]](/images/ns/conglomerate/literal.gif)
markup. So, for example, rather than italicizing text marked
<literal>, it simply indicates that the tag is present.
The tool displays internal comments in a highlighted form, but does not
appear to provide a way to add or edit comments.
There is no shortage of features that this tool still needs: undo, an easy
way to join paragraphs, the ability to read and fix not-quite-perfect
files, entity definitions, and some sort of way to quickly see what
formatted output would look like. The performance and stability issues
need some work. But none of this should detract from the fact that the
Conglomerate developers have made substantial progress toward the creation
of a desperately needed tool. Conglomerate is headed in the right
direction; we're looking forward to the next release.
Comments (31 posted)
European software patent vote delayed
Last week we reported on the impending
software patent vote in the European Parliament. That vote, set for
September 1, did not happen as scheduled. Thanks, at least in part,
to protests in various forms, the vote has been pushed back to the
September 22 Strasbourg session.
What remains unclear is what will be voted on at that time. By some
reports, the entire software patent proposal has been pushed back for a
rewrite before the vote. By others, it is a simple delay, and the same
proposal will be voted upon in Strasbourg. Real information, however,
seems hard to come by.
Either way, now is not the time to let up the
pressure on software patents. The next few weeks should be used, by
Europeans, to make sure their MEPs understand how they feel about software
patents and the threats patents pose to European businesses. The "software patent factsheet" being distributed by
MEP Arlene McCarthy should be challenged.
It is also
necessary to provide a counter to the pro-patent forces, which are
evidently pressing for a removal of the interoperability exemption in the
proposed law.
This battle,
perhaps, can be won - but it is not over yet.
Comments (7 posted)
Software Customer Bill of Rights
[This article was contributed by Joe 'Zonker' Brockmeier]
In the last week or so, Cem Kaner's Software
Customer Bill of Rights has been making the rounds of the "blogosphere"
and getting quite a bit of attention. Essentially, Kaner proposes ten basic
rights that should be enjoyed by any user of commericial software. As End
User License Agreements (EULAs) have become increasingly onerous over the
last few years, Kaner's bill of rights has struck a chord with users.
For the most part, the rights proposed by Kaner are already enjoyed by
users of open source software. They
already have the right to transfer free software to other users. They don't
need to reverse engineer the software to check for security holes or to
fix bugs and security glitches -- they already have the source code.
(Nothing in any open source license would prevent a user from choosing
to do it the hard way, however.) Kaner proposes that users should have
the "right to see and approve all transfers of information from her
computer." While "spyware" is a constant danger posed by proprietary
software, with access to source code, users can make sure that a program
isn't secretly sending data off of their computer to another machine.
However, there are a few rights that would benefit users of open source
software. Firstly, the unfettered right to reverse-engineer proprietary
software
would be a major boon to the open source software community. As Kaner
points out, courts
have been willing to enforce clauses against reverse-engineering in
software licenses. This poses a problem for open source developers looking
to achieve interoperability with commercial software, operate embedded
devices with open source software or simply a way to access data saved in a
proprietary format.
Another right that Kaner proposes is "mass-market software should be
transferrable." As mentioned previously, users already enjoy the right
to transfer software that is licensed under a FOSS license. However,
most users of open source software still end up dealing with proprietary
software. How many open source users have purchased a laptop or desktop
computer with software preinstalled that will never be use by the
purchaser? The cost of a Windows XP license is built into the price of a
brand-new machine. The user should have the right to transfer that
software to another user who will make use of the software, if we so
choose.
The first item on Kaner's list, however, is "let the customer see the
contract before the
sale." This is particularly timely in light of Dell's hidden license
policy. Even some of the Linux vendors have started using the
"clickthrough" mechanism, with some of the Linux installers requiring
the user to agree to the terms of the open source licenses, without
allowing the user to read them first. This is probably done because of
the number of licenses involved -- most distributions include software
under the GNU General Public License (GPL), Lesser GPL, Artistic
License, Apache License, Mozilla License, BSD License and so on.
One potentially dangerous clause in Kaner's bill of rights is number
ten, "When software is embedded in a product, the law governing the
product should govern the software." Generally, this would be a good
thing. A hardware manufacturer should not be able to use licensing terms
to forbid the transfer of a router or network appliance by forbidding
the transfer of embedded software. Car manufacturers shouldn't be able
to exclude embedded software from warranties.
However, one wonders if this might make open source developers liable in
some way if their software is "embedded" in a product. Most, if not all,
FOSS licenses disclaim any warranty because the software is being given
away. What happens, however, if a court decides that embedded software
qualifies as "goods" and that developers can be held liable for defects
-- even if they have not charged for the software in the first place?
This may seem like a stretch, but we do live in a very litigious
society.
Kaner's proposed rights would be a dramatic improvement for users of
proprietary software, but they leave out many rights that FOSS users
take for granted. For example, users of FOSS software expect to have
access to source code. They also expect to be able to modify the
software, to add or remove features that they deem necessary or
desirable, and to be able to distribute the changes.
Despite the fact that the Software Customer Bill of Rights doesn't quite
match the average FOSS license in terms of customer rights, it would be
good to see it become reality. It's time to start reversing the current
legislative trends that have given far too much power, and too little
accountability, to vendors of proprietary software.
Comments (5 posted)
Page editor: Jonathan Corbet
Security
Security news
Advisories and relative security
A
recent CNN article asks why the Linux community hasn't used the Blaster
and SoBig worms for marketing purposes. The author concludes:
Etiquette and naiveté aside, however, perhaps the
biggest reason Linux companies haven't touted their products'
security advantages is that it's unclear right now how much of an
advantage they really possess. Consider this: The Computer
Emergency Response Team (CERT) released data showing that 16 of the
29 security advisories it released last year involved Linux or
open-source products.
This seems like a good time to go and look at what these advisories really
covered. CERT's 2002 advisories were:
Interestingly, we count 37 advisories for last year, not 29.
There is no contesting the fact that the Linux-related column is
significantly longer than the others. One could quibble a bit: the mod_ssl
worm advisory covers the same vulnerability as the OpenSSL advisory, and
the three trojan advisories are individual site compromises rather than
widespread vulnerabilities. But that sort of quibbling wouldn't really
change the situation.
On the other hand, it is a legimate question to ask why the mod_ssl worm
(which affected very few systems) merits a CERT advisory, when worms like
Klez, Bugbear, Badtrans, Nimda, and Sircam do not. The costs imposed by
any one of those worms is likely to exceed that of all the Linux
vulnerabilities put together.
The real point is that anybody who tries to make a security point by
counting advisories is building a weak argument. A more honest look at the
situation would ask how many vulnerabilities have been actively exploited,
and how quickly they have been fixed.
That said, we couldn't resist putting together a 2003 table while we were
at it:
This table suggests that the record for Linux-related software is nothing
to be all that proud of, but certain other operating systems are currently
in the lead in the "advisory count" race. On the other hand, in the
fast-changing free software world, it is somehow comforting to see that
sendmail continues to give advisory writers something to do - as long as
you're running a different MTA...
Comments (15 posted)
New vulnerabilities
gkrellm: buffer overflow
| Package(s): | gkrellm |
CVE #(s): | |
| Created: | August 29, 2003 |
Updated: | September 3, 2003 |
| Description: |
A buffer overflow was discovered in gkrellmd, the server component of the
gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14.
This buffer overflow occurs while reading data from connected gkrellm
clients and can lead to possible arbitrary code execution as the user
running the gkrellmd server. |
| Alerts: |
|
Comments (none posted)
horde: session hijacking
| Package(s): | horde |
CVE #(s): | |
| Created: | September 1, 2003 |
Updated: | September 3, 2003 |
| Description: |
According to this
advisory an attacker could send an email to a victim who used HORDE
MTA, to get the victim to visit a website, which then logs all available
information about the victim's system. |
| Alerts: |
|
Comments (none posted)
mindi: insecure file creations
| Package(s): | mindi |
CVE #(s): | CAN-2003-0617
|
| Created: | September 2, 2003 |
Updated: | September 30, 2003 |
| Description: |
Mindi versions prior to 0.86 creates files in /tmp which could allow local
user to overwrite arbitrary files.
CAN-2003-0617 |
| Alerts: |
|
Comments (none posted)
node: buffer overflow, format string
| Package(s): | node |
CVE #(s): | |
| Created: | September 1, 2003 |
Updated: | September 3, 2003 |
| Description: |
Morgan alias SM6TKY discovered and fixed several security related
problems in LinuxNode, an Amateur Packet Radio Node program. The
buffer overflow he discovered can be used to gain unauthorised root
access and can be remotely triggered. |
| Alerts: |
|
Comments (none posted)
pam_ldap: non-functioning host restrictions
| Package(s): | pam_ldap |
CVE #(s): | |
| Created: | September 3, 2003 |
Updated: | September 3, 2003 |
| Description: |
pam_ldap 161 contains a bug in the pam_filter module which prevents host-based restrictions from working as advertised; version 1.62 fixes the problem. |
| Alerts: |
|
Comments (none posted)
phpwebsite: SQL Injection, DoS and XSS Vulnerabilities
| Package(s): | phpwebsite |
CVE #(s): | |
| Created: | September 2, 2003 |
Updated: | September 3, 2003 |
| Description: |
phpwebsite contains an sql injection vulnerability in the calendar
module which allows the attacker to execute sql queries. In addition
phpwebsite is also vulnerable to XSS. More information can be found in the
full
advisory. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
2.4 kernel - several vulnerabilities
| Package(s): | 2.4 kernel |
CVE #(s): | CAN-2003-0461
CAN-2003-0462
CAN-2003-0464
CAN-2003-0476
CAN-2003-0501
CAN-2003-0550
CAN-2003-0551
CAN-2003-0552
|
| Created: | July 21, 2003 |
Updated: | December 23, 2003 |
| Description: |
Several security issues have been discovered affecting the Linux kernel:
-
CAN-2003-0461: /proc/tty/driver/serial reveals the exact character
counts for serial links. This could be used by a local attacker to infer
password lengths and inter-keystroke timings during password entry.
-
CAN-2003-0462: Paul Starzetz discovered a file read race condition
existing in the execve() system call, which could cause a local crash.
-
CAN-2003-0464: A recent change in the RPC code set the reuse flag on
newly-created sockets. Olaf Kirch noticed that his could allow normal
users to bind to UDP ports used for services such as nfsd.
-
CAN-2003-0476: The execve system call in Linux 2.4.x records the file
descriptor of the executable process in the file table of the calling
process, allowing local users to gain read access to restricted file
descriptors.
-
CAN-2003-0501: The /proc filesystem in Linux allows local users to
obtain sensitive information by opening various entries in /proc/self
before executing a setuid program. This causes the program to fail to
change the ownership and permissions of already opened entries.
-
CAN-2003-0550: The STP protocol is known to have no security, which
could allow attackers to alter the bridge topology. STP is now turned
off by default.
-
CAN-2003-0551: STP input processing was lax in its length checking,
which could lead to a denial of service.
-
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source addresses
the same as the local host.
|
| Alerts: |
|
Comments (none posted)
apache: multiple vulnerabilities in Apache HTTP server
| Package(s): | apache |
CVE #(s): | CAN-2003-0192
CAN-2003-0253
CAN-2003-0254
|
| Created: | July 11, 2003 |
Updated: | September 22, 2003 |
| Description: |
The Apache Software Foundation and
the Apache HTTP Server Project have announced
the release of the Apache HTTP Server 2.0.47. This release fixes four
security vulnerabilities:
- Certain sequences of per-directory renegotiations and the
SSLCipherSuite directive being used to upgrade from a weak ciphersuite to
a strong one could result in the weak ciphersuite being used in place of
the strong one. [CAN-2003-0192]
- Certain errors returned by accept() on rarely accessed ports could
cause temporal denial of service, due to a bug in the prefork MPM. [CAN-2003-0253]
- Denial of service was caused when target host is IPv6 but ftp proxy
server can't create IPv6 socket. [CAN-2003-0254]
- The server would crash when going into an infinite loop due to too
many subsequent internal redirects and nested subrequests. [VU#379828]
|
| Alerts: |
|
Comments (none posted)
atari800: buffer overflows
| Package(s): | atari800 |
CVE #(s): | CAN-2003-0630
|
| Created: | August 1, 2003 |
Updated: | September 2, 2003 |
| Description: |
Steve Kemp discovered multiple buffer overflows in atari800, an Atari
emulator. In order to directly access graphics hardware, one of the
affected programs is setuid root. A local attacker could exploit this
vulnerability to gain root privileges. |
| Alerts: |
|
Comments (none posted)
autorespond: buffer overflow
| Package(s): | autorespond |
CVE #(s): | CAN-2003-0654
|
| Created: | August 18, 2003 |
Updated: | September 30, 2003 |
| Description: |
Christian Jaeger discovered a buffer overflow in autorespond, an email
autoresponder used with qmail. This vulnerability could potentially
be exploited by a remote attacker to gain the privileges of a user who
has configured qmail to forward messages to autorespond. This
vulnerability is currently not believed to be exploitable due to
incidental limits on the length of the problematic input, but there
may be situations in which these limits do not apply.
CAN-2003-0654 |
| Alerts: |
|
Comments (none posted)
bind buffer overflow vulnerability in DNS resolver libraries
| Package(s): | bind glibc |
CVE #(s): | CAN-2002-0651
CAN-2002-0684
|
| Created: | July 8, 2002 |
Updated: | September 30, 2003 |
| Description: |
The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1)
include fixes for a libc related vulnerability which does not
affect Linux. Updates from
the Internet Software Consortium (ISC)
are available from here.
No release or branch of Openwall GNU/*/Linux (Owl) is known to be
affected, due to Olaf Kirch's fixes for this problem getting into the
GNU C library more than two years ago.
Unfortunatly that does not mean that Linux systems are not vulnerable.
Similar code, without Olaf Firch's fixes,
is in the glibc getnetbyXXX functions.
These functions are described in the SuSE alert as
"
used by very few applications only, such as ifconfig and ifuser,
which makes exploits less likely."
CERT Advisory: CA-2002-19
Buffer Overflow in Multiple DNS Resolver Libraries
CAN-2002-0651
CAN-2002-0684 |
| Alerts: |
|
Comments (1 posted)
Canna server: exploitable buffer overrun
| Package(s): | canna |
CVE #(s): | CAN-2002-1158
CAN-2002-1159
|
| Created: | December 10, 2002 |
Updated: | September 30, 2003 |
| Description: |
Canna is a kana-kanji conversion server which is necessary for Japanese
language character input.
A buffer overflow bug in the Canna server up to and including version 3.5b2
allows a local user to gain the privileges of the user 'bin' which could
lead to further exploits. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-1158 to this issue.
A lack of validation of requests has been found that affects Canna version
3.6 and earlier. A malicious remote user could exploit this vulnerability
to leak information, or cause a denial of service attack. (CAN-2002-1159)
See also
http://canna.sourceforge.jp/sec/Canna-2002-01.txt
CAN-2002-1158
CAN-2002-1159 |
| Alerts: |
|
Comments (none posted)
eroaster: insecure temporary file
| Package(s): | eroaster |
CVE #(s): | CAN-2003-0656
|
| Created: | August 19, 2003 |
Updated: | September 30, 2003 |
| Description: |
A vulnerability was discovered in eroaster where it does not take any
security precautions when creating a temporary file for the lockfile. This
vulnerability could be exploited to overwrite arbitrary files with the
privileges of the user running eroaster.
CAN-2003-0656 |
| Alerts: |
|
Comments (none posted)
ethereal: security problems in Ethereal 0.9.12
| Package(s): | ethereal |
CVE #(s): | CAN-2003-0428
CAN-2003-0429
CAN-2003-0431
CAN-2003-0432
|
| Created: | June 23, 2003 |
Updated: | November 10, 2003 |
| Description: |
Several security problems have been found in Ethereal
0.9.12. "It may be possible to make Ethereal crash or run
arbitrary code by injecting a purposefully malformed packet onto the wire,
or by convincing someone to read a malformed packet trace file." |
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
fdclone: insecure temporary directory
| Package(s): | fdclone |
CVE #(s): | CAN-2003-0596
|
| Created: | July 23, 2003 |
Updated: | September 30, 2003 |
| Description: |
fdclone creates a temporary directory in /tmp as a workspace.
However, if this directory already exists, the existing directory is
used instead, regardless of its ownership or permissions. This would
allow an attacker to gain access to fdclone's temporary files and
their contents, or replace them with other files under the attacker's
control.
CAN-2003-0596 |
| Alerts: |
|
Comments (none posted)
fetchmail: buffer overflow
| Package(s): | fetchmail |
CVE #(s): | CAN-2002-1365
|
| Created: | December 17, 2002 |
Updated: | October 20, 2003 |
| Description: |
Versions of fetchmail prior to 6.2.0 have (yet another) buffer overflow vulnerability which can be exploited remotely via a suitably crafted message. See this advisory for details. |
| Alerts: |
|
Comments (3 posted)
gallery: cross-site scripting
| Package(s): | gallery |
CVE #(s): | CAN-2003-0614
|
| Created: | July 31, 2003 |
Updated: | September 2, 2003 |
| Description: |
Larry Nguyen discovered a cross site scripting vulnerability in gallery,
a web-based photo album written in php. This security flaw can allow a
malicious user to craft a URL that executes Javascript code on your
website. |
| Alerts: |
|
Comments (none posted)
GDM allows local user to read any file
| Package(s): | GDM, XDMCP |
CVE #(s): | CAN-2003-0547
CAN-2003-0548
CAN-2003-0549
|
| Created: | August 21, 2003 |
Updated: | August 29, 2003 |
| Description: |
GDM is the GNOME Display Manager for X.
Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root
when examining the ~/.xsession-errors file when using the "examine session
errors" feature, allowing local users the ability to read any text file
on the system by creating a symlink. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0547 to this issue.
Additional problems may be found in the X Display Manager Control Protocol
(XDMCP) which allow a denial of service attack (DoS) by crashing the gdm
daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names
CAN-2003-0548 and
CAN-2003-0549 to these issues. |
| Alerts: |
|
Comments (none posted)
glibc: DNS stub resolvers contain buffer overflow vulnerability
| Package(s): | glibc |
CVE #(s): | CAN-2002-1146
|
| Created: | November 7, 2002 |
Updated: | February 5, 2004 |
| Description: |
DNS stub resolvers from multiple vendors contain a buffer overflow
vulnerability. The impact of this vulnerability appears to be limited to
denial of service. (See CERT Vulnerability Note
VU#738331)
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such
as glibc 2.2.5 and earlier, libc, and libresolv, uses the maximum buffer
size instead of the actual size when processing a DNS response, which
causes the stub resolvers to read past the actual boundary ("read buffer
overflow"), allowing remote attackers to cause a denial of service
(crash).
|
| Alerts: |
|
Comments (none posted)
gnupg: key validation
| Package(s): | gnupg |
CVE #(s): | CAN-2003-0255
|
| Created: | May 15, 2003 |
Updated: | November 17, 2003 |
| Description: |
A key validation bug was discovered in the GNU Privacy Guard (GPG) which
would cause keys with more then one user ID to trust all user ID's with the
amount of trust given to the most-valid user ID. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
libpam-smb: exploitable buffer overflow
| Package(s): | libpam-smb, pam-smb |
CVE #(s): | CAN-2003-0686
|
| Created: | August 26, 2003 |
Updated: | September 30, 2003 |
| Description: |
libpam-smb is a PAM authentication module which makes it possible to
authenticate users against a password database managed by Samba or a
Microsoft Windows server. If a long password is supplied, this can cause a
buffer overflow which could be exploited to execute arbitrary code with the
privileges of the process which invokes PAM services. See this advisory for more information.
CAN-2003-0686 |
| Alerts: |
|
Comments (1 posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
lynx: CRLF injection vulnerability
| Package(s): | lynx |
CVE #(s): | CAN-2002-1405
|
| Created: | November 19, 2002 |
Updated: | September 30, 2003 |
| Description: |
If lynx is given a url with some special characters on the command line, it
will include faked headers in the HTTP query. This feature can be used to
force scripts (that use Lynx for downloading files) to access the wrong
site on a web server with multiple virtual hosts.
CAN-2002-1405 |
| Alerts: |
|
Comments (none posted)
perl-MailTools: remote command execution
| Package(s): | MailTools |
CVE #(s): | CAN-2002-1271
|
| Created: | November 5, 2002 |
Updated: | September 19, 2003 |
| Description: |
The SuSE Security Team reviewed critical Perl modules, including the
Mail::Mailer package. This package contains a security hole which allows
remote attackers to execute arbitrary commands in certain circumstances.
This is due to the usage of mailx as default mailer which allows commands
to be embedded in the mail body.
Note that mail processing programs which use this package can be affected by this vulnerability; in particular, SpamAssassin is vulnerable if you use the -r or -w flags.
|
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mpg123 - buffer overflow
| Package(s): | mpg123 |
CVE #(s): | CAN-2003-0577
|
| Created: | July 16, 2003 |
Updated: | September 30, 2003 |
| Description: |
The mpg123 utility contains a buffer overflow vulnerability which can allow an attacker to execute arbitrary code by way of a malicious MP3 file. |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netris: buffer overflow
| Package(s): | netris |
CVE #(s): | CAN-2003-0685
|
| Created: | August 18, 2003 |
Updated: | September 30, 2003 |
| Description: |
Shaun Colley discovered a buffer overflow vulnerability in netris, a
network version of a popular puzzle game. A netris client connecting
to an untrusted netris server could be sent an unusually long data
packet, which would be copied into a fixed-length buffer without
bounds checking. This vulnerability could be exploited to gain the
priviliges of the user running netris in client mode, if they connect
to a hostile netris server.
CAN-2003-0685 |
| Alerts: |
|
Comments (none posted)
net-snmp: denial of service vulnerability
| Package(s): | net-snmp |
CVE #(s): | CAN-2002-1170
|
| Created: | December 17, 2002 |
Updated: | November 7, 2003 |
| Description: |
The SNMP daemon included in the Net-SNMP package versions 5.0.1 through
5.0.4 can be caused to crash if it is sent a specially crafted packet. |
| Alerts: |
|
Comments (none posted)
nfs-utils xlog() off-by-one bug
| Package(s): | nfs-utils |
CVE #(s): | CAN-2003-0252
|
| Created: | July 14, 2003 |
Updated: | March 8, 2004 |
| Description: |
Linux NFS utils package contains remotely exploitable off-by-one bug.
A local or remote attacker could exploit this vulnerability by sending
specially crafted request to rpc.mountd daemon. See this BugTraq post for more details. |
| Alerts: |
|
Comments (none posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
pam-pgsql: format string vulnerability
| Package(s): | pam-pgsql |
CVE #(s): | CAN-2003-0672
|
| Created: | August 11, 2003 |
Updated: | September 30, 2003 |
| Description: |
Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the
username to be used for authentication is used as a format string when
writing a log message. This vulnerability may allow an attacker to
execute arbitrary code with the privileges of the program requesting
PAM authentication.
CAN-2003-0672 |
| Alerts: |
|
Comments (none posted)
perl: cross site scripting vulnerability in CGI.pm module
| Package(s): | perl |
CVE #(s): | CAN-2003-0615
|
| Created: | July 29, 2003 |
Updated: | September 30, 2003 |
| Description: |
obscure@eyeonsecurity.org reported a
cross site scripting vulnerability in the CGI.pm perl module. This module
is used to facilitate the creation of web forms and is part of the
perl-modules RPM package.
CAN-2003-0615 |
| Alerts: |
|
Comments (none posted)
PHP: vulnerability in mail function
| Package(s): | php |
CVE #(s): | CAN-2002-0985
CAN-2002-0986
|
| Created: | November 13, 2002 |
Updated: | September 30, 2003 |
| Description: |
Two vulnerabilities exists in the mail() PHP function. The first one allows
the execution of any program/script bypassing safe_mode restriction, the
second one may give an open-relay script if the mail() function is not
carefully used in PHP scripts. See this Bugtraq
report for more details. Note that this is a different vulnerability than the previous PHP mail() problem, which affected versions through 4.1.0.
CAN-2002-0985
CAN-2002-0986 |
| Alerts: |
|
Comments (none posted)
phpgroupware - cross-site scripting and other exploits
| Package(s): | phpgroupware |
CVE #(s): | CAN-2003-0504
CAN-2003-0582
|
| Created: | July 16, 2003 |
Updated: | September 30, 2003 |
| Description: |
Several vulnerabilities were discovered in all versions of phpgroupware
prior to 0.9.14.006. This latest version fixes an exploitable condition in
all versions that can be exploited remotely without authentication and can
lead to arbitrary code execution on the web server. This vulnerability is
being actively exploited.
Version 0.9.14.005 fixed several other vulnerabilities including cross-site
scripting issues that can be exploited to obtain sensitive information such
as authentication cookies.
See this
Security Corportation report for more information.
CAN-2003-0504
CAN-2003-0582 |
| Alerts: |
|
Comments (none posted)
postfix: denial of service vulnerabilities
| Package(s): | postfix |
CVE #(s): | CAN-2003-0468
CAN-2003-0540
|
| Created: | August 5, 2003 |
Updated: | May 27, 2004 |
| Description: |
The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details. |
| Alerts: |
|
Comments (none posted)
PostgreSQL - more buffer overflows
| Package(s): | postgresql |
CVE #(s): | |
| Created: | February 12, 2003 |
Updated: | November 7, 2003 |
| Description: |
A new set of buffer overflows has been discovered in PostgreSQL 7.2.2; they affect the circle_poly(), path_encode(), and path_addr() functions. Exploiting these overflows requires that the attacker first obtain a connection to the PostgreSQL server. |
| Alerts: |
|
Comments (1 posted)
Local arbitrary code execution vulnerability in Python
| Package(s): | python |
CVE #(s): | CAN-2002-1119
|
| Created: | August 28, 2002 |
Updated: | September 30, 2003 |
| Description: |
Zack Weinberg discovered that
os._execvpe from os.py uses a predictable name which could lead
to execution of arbitrary code. According to the Debian
advisory, the problem
was present in Python versions 1.5, 2.1 and 2.2.
CAN-2002-1119 |
| Alerts: |
|
Comments (none posted)
Multiple-use vulnerability in Safe.pm
| Package(s): | Safe.pm |
CVE #(s): | CAN-2002-1323
|
| Created: | October 9, 2002 |
Updated: | February 20, 2004 |
| Description: |
usePerl has a
description of a vulnerability in the Safe.pm Perl module. It seems
that if a Safe compartment is used more than once, it ceases to be safe.
The problem is fixed in Safe 2.08. |
| Alerts: |
|
Comments (none posted)
semi: insecure temporary file
| Package(s): | semi, wemi |
CVE #(s): | CAN-2003-0440
|
| Created: | July 7, 2003 |
Updated: | September 30, 2003 |
| Description: |
semi, a MIME library for GNU Emacs, does not take appropriate
security precautions when creating temporary files. This bug could
potentially be exploited to overwrite arbitrary files with the
privileges of the user running Emacs and semi, potentially with
contents supplied by the attacker.
wemi is a fork of semi, and contains the same bug.
CAN-2003-0440 |
| Alerts: |
|
Comments (none posted)
sendmail: bad DNS reply causes crash
| Package(s): | sendmail |
CVE #(s): | CAN-2003-0688
|
| Created: | August 26, 2003 |
Updated: | September 30, 2003 |
| Description: |
There is a potential problem in sendmail 8.12.8 and earlier sendmail 8.12.x
versions with respect to DNS maps. The bug did not exist in versions before
8.12 as the DNS map type is new to 8.12. The bug was fixed in 8.12.9,
released March 29, 2003. See this advisory for more
information.
CAN-2003-0688 |
| Alerts: |
|
Comments (none posted)
stunnel: signal handler reentrancy DoS
| Package(s): | stunnel |
CVE #(s): | CAN-2002-1563
|
| Created: | July 25, 2003 |
Updated: | November 25, 2003 |
| Description: |
Stunnel is a wrapper for network connections. It can be used to tunnel an
unencrypted network connection over a secure connection (encrypted using
SSL or TLS) or to provide a secure means of connecting to services that do
not natively support encryption.
When configured to listen for incoming connections (instead of being
invoked by xinetd), stunnel can be configured to either start a thread or a
child process to handle each new connection. If Stunnel is configured to
start a new child process to handle each connection, it will receive a
SIGCHLD signal when that child exits.
Stunnel versions prior to 4.04 would perform tasks in the SIGCHLD signal
handler which, if interrupted by another SIGCHLD signal, could be unsafe.
This could lead to a denial of service. |
| Alerts: |
|
Comments (none posted)
sup: insecure temporary file
| Package(s): | sup |
CVE #(s): | CAN-2003-0606
|
| Created: | July 29, 2003 |
Updated: | September 30, 2003 |
| Description: |
sup, a package used to maintain collections of files in identical
versions across machines, fails to take appropriate security
precautions when creating temporary files. A local attacker could
exploit this vulnerability to overwrite arbitrary files with the
privileges of the user running sup.
CAN-2003-0606 |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 9, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
teapop: SQL injection
| Package(s): | teapop |
CVE #(s): | CAN-2003-0515
|
| Created: | July 9, 2003 |
Updated: | September 30, 2003 |
| Description: |
teapop, a POP-3 server, includes modules for authenticating users
against a PostgreSQL or MySQL database. These modules do not properly
escape user-supplied strings before using them in SQL queries. This
vulnerability could be exploited to execute arbitrary SQL under the
privileges of the database user as which teapop has authenticated.
CAN-2003-0515 |
| Alerts: |
|
Comments (none posted)
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | October 5, 2004 |
| Description: |
This vulnerability,
originally thought to be confined to BSD-derived systems, was first covered
in the July 26th Security
Summary. It is now known that Linux telnet daemons are vulnerable as
well.
|
| Alerts: |
|
