Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
LWN.net Weekly Edition for March 11, 2004
A grumpy editor's calendar search
Your editor is, at times, a creature of habit. Many, many years ago, back when Tcl and Tk were new and exciting, he discovered a simple calendar called "ical" and he has been using it ever since. ical may be old and![[ical]](/images/ns/calss/ical-sm.png)
unmaintained, but it works. It provides a basic calendar,
appointment book, and task list without taking up too much screen space or
system resources. Its interface is quick and does not require lots of
clicking and form filling. It does exactly what it needs to do.
Creatures of habit, perhaps, should not run Debian unstable on their desktops. Your editor has learned to scrutinize every dist-upgrade carefully before turning it loose, but he missed the one that deleted ical from his system. Some investigation turned up that, in fact, ical has not been part of Debian for some time; it had been removed as being obsolete, unmaintained, and superseded by better alternatives. ical was able to continue to exist for years, however, until some recent change in unstable forced its removal.
After scrambling to copy his calendar file to another system, your editor decided it was time to investigate some of these newer, better alternatives. The results, it must be said, were somewhat disappointing. The new crop of desktop calendars may be impressive to look at, but few of them have achieved the straightforward ease of use and unobtrusiveness that ical had almost fifteen years ago. Fortunately, the news is not all bad.
The first stop in such a search almost has to be Evolution. Ximian's high-profile groupware system is, doubtless, highly useful for busy people who must juggle meetings and share their schedules with others. One of the big advantages of working for a small operation like LWN, however, is that scheduling a meeting is a simple matter of finding a table at a local brewpub, and Evolution can't help with that. For one whose goal is a simple calendar manager, and who has no desire to switch to a new email client, Evolution brings a great deal of heavyweight baggage for little gain. The calendar interface is difficult to navigate around in; your editor never did succeed in reproducing the calendar view found on the Evolution screen shots page. Evolution 1.4 also crashed several times while being tested. Evolution may be an impressive piece of software, but it is not appropriate to consider as a replacement for ical.
The word is that Evolution 2.0 will feature a much-improved calendar manager, and the underlying infrastructure will make it easier to create independent, standalone calendar applications.
The next logical place to look is KOrganizer, the KDE calendar
application. KOrganizer it must be said, is a nice calendar manager. The
![[KOrganizer]](/images/ns/calss/korganizer-sm.png)
default layout wastes a lot of space, but a bit of edge dragging fixes
that. KOrganizer allows for relatively painless entry of events, and it
understands the concept of events which are attached to a day, but which
have no particular time (e.g. "wedding anniversary: have a present or sleep
on the couch"). Alarms are nicely configurable, though your editor noted
that the alarm windows had a tendency to pop up underneath the KOrganizer
window on his (non-KDE) desktop.
There is one nice ical feature that KOrganizer lacks: the ability to add events without dealing with dialog windows. With ical, it's simply a matter of dragging an entry over the relevant time period and typing in the info. With KOrganizer (and a number of other calendar managers), you have to set the times in special dialog fields. KOrganizer 3.2 has improved things somewhat by allowing the time range to be set with the mouse, but it requires an explicit configuration option and still puts up a dialog for the event description. In the modern, graphical, direct manipulation world, the dialog window should be unnecessary if the more complex features (custom alarms, recurrence) are not being used.
Another possibility is a package called plan, which is a calendar manager
based on Motif. Plan has the basic necessary features; it can handle
![[Plan]](/images/ns/calss/plan-sm.png)
appointments (but appears to lack a task list). It requires a separate
daemon to handle
alarms, and complains if that daemon is not running when it starts up. It
has two basic views, being full-month and one week; there is no way to get
the "this month calendar and today's events" view that many other calendar
managers offer. Event entry is relatively unfriendly, requiring dates and
times to be typed into form blanks. Plan works as a basic calendar, but
fails to inspire enthusiasm.
A simple, but cute entry is gDeskCal. This
calendar is meant to sit on (and blend into) the desktop; it uses alpha
![[GDeskcal]](/images/ns/calss/gdeskcal-sm.png)
blending to make itself inconspicuous, and comes with several different
"skins" which can be used to change its appearance. gDeskCal has a simple
appointment manager, and it can read Evolution appointments as well.
Hovering the mouse over a given day will yield a transient window listing
that day's appointments. There is no alarm capability, however.
Your editor was also pointed at "xcal", which is available as a Debian package but which appears to lack a web page. Anybody who wonders what life was like when the Athena Widget Set was new should give xcal a try. Anybody wanting a modern calendar application should look elsewhere, however.
The final stop on this tour is GNOME-PIM.
This calendar manager, like KOrganizer, handles all of the basic tasks and
![[GNOME-PIM]](/images/ns/calss/gnome-pim-sm.png)
provides a number of useful views. Unlike KOrganizer, GNOME-PIM allows
entry and management of calendar entries directly in the main window,
without dialogs. Also unlike KOrganizer, it lacks "no specific time"
events. Unlike ical, GNOME-PIM does not have a flag on events saying
whether that event should cause the day to be highlighted on the one-month
calendar view. There are certain types of events ("it's trash day") that
are nice to get
reminders for, but which don't really qualify as special events. GNOME-PIM
has a lot of potential, but it suffers from a big problem: development
activity appears to have come to a stop, and there has not been a GNOME-PIM
release since the end of 2002. The last thing a grumpy editor needs is to
commit himself to another unmaintained calendar application.
The winner is fairly clear: the only application which is competitive as an ical replacement appears to be KOrganizer. The KDE developers have done a top-quality job of creating a focused, highly-configurable calendar manager which brings in a (relative) minimum of unneeded baggage. Your editor will miss the quickness and simplicity of ical, but KOrganizer will get the job done. Let us hope, however, that the developers of graphical applications will not forget the users who are not interested in massive, do-everything applications. It should always be possible to find, say, a reasonably functional calendar without dragging in email clients, web servers, and other unrelated stuff. The old Unix guideline - a tool should do one job, and do it well - is best not forgotten.
Linux a la Carte
Progeny is proposing a different way to look at Linux distributions. According to Progeny's Ian Murdock, the traditional Linux distribution follows a "top-down" "one-size-fits-all" model that doesn't meet the needs of many Linux users.
The new approach, then, is to "componentize" Linux by allowing the user to choose only the bits that they need. We spoke with Murdock about Progeny's plans for componentized Linux to see where the company is headed. Is componentized Linux yet another Linux distribution? Emphatically not, according to Murdock:
Besides, Progeny has already been there and done that with regards to the distribution business. The company started with Progeny Linux, a "commercialized" version of Debian, and eventually moved on to a business model of helping other companies customize Linux to fit their needs. Customization, according to Murdock, often involved a lot of time removing components from "monolithic" distributions that their customers had started with -- which in turn led to the concept of componentized Linux.
For users who are interested in seeing componentized Linux in action, Progeny has released "Componentized Linux Core" ISOs based on Debian Sarge. There are two ISO images available, only the first is necessary to perform an install -- the second contains the remainder of source code for the distribution that didn't fit on the first ISO. They provide an early glimpse of the concept, though the release is a bit short on actual components. The Componentized Linux Core uses Progeny's Anaconda for Debian installer and allows the user to install a short list of components: XFree86 4.2, GNOME 2.4, a 2.4 or 2.6 kernel, and an LSB runtime and devel component.
Why is Progeny making Componentized Linux public now? For one thing, the company is looking to highlight Progeny's approach to customizing Linux. Murdock also said that he's noticed a number of people developing custom distributions, and that they'd like to give something back to the community -- and to prevent others in the community from having to re-do the same work that Progeny has already done. He also said that he hopes that Progeny will be able to build a community around Componentized Linux that will help the project evolve to everyone's benefit. Murdock noted that the response thus far has been positive:
Though Progeny's first release is based on Debian, Murdock said that the company also hopes to have a Fedora-based Componentized Linux and "possibly more than that."
It will be interesting to see if the à la Carte approach gains widespread appeal. No doubt, part of the distribution proliferation problem stems from the difficulty of customizing "major" distributions to specific tasks. Instead of seeing hundreds of different Linux distributions -- each with their own installer, administration tools and assorted quirks -- perhaps we could look forward to a day when most distributions utilize a single common core and distinguish themselves through package repositories. For users who have had to master multiple distributions, package formats and admin tools, it's an attractive prospect indeed.
SCO and Public Perception
The word from CA would appear to be clear: the company did not go out looking for "Linux licenses" from the SCO Group. Instead, the Canopy Group, SCO's largest stockholder, decided to toss the licenses in as part of an apparently unrelated settlement some months ago. It must have seemed like a good idea at the time; it was an easy way to claim that a large company had obtained licenses from SCO.
Given the subsequent revelations, one would expect the press to be looking into false statements of "Linux license" sales. There is also the interesting question of just why the Canopy Group felt the need to push Linux licenses in this way. Canopy claims to not be a part of SCO's crusade, but events like this suggest otherwise. Instead, however, we got headlines like:
- CA signed Linux license from SCO Group (Forbes)
- CA named as SCO licensee (InfoWorld)
- Computer Associates Signs Licenses from SCO to Use Linux (Dow Jones)
- CA-SCO deal a blow to Linux (ITWeb)
- Computer Associates pays off SCO (Slashdot)
For quite some time now, the SCO Group has been very well treated by the media. Many of its claims have gone unchallenged, and even the company's goofiest statements get wide coverage. Thus we hear that Darl McBride's enemies are out to kill him, but important little details, like the fact that SCO dropped the trade secret claims that were at the core of its initial suit against IBM, somehow don't get covered. One can only guess that SCO v. IBM as a "David v. Goliath" story makes for better headlines.
Even so, the world beyond the free software community is clearly beginning to figure things out. Consider the latest from the Motley Fool:
The questions asked by reporters at the March 3 conference call are also telling: they aren't buying it anymore. To really see how the SCO PR battle is going, however, one should take a look at the company's stock price.
Anybody who was paying attention during the dotcom bubble knows better than to attribute too much rationality to stock prices. That notwithstanding, a stock market is an efficient machine for integrating the opinions of a large number of unrelated people. SCO's stock price peaked briefly at $22.29 in October, when the BayStar deal was announced. At that time, the company's market capitalization was a little over $300 million. Given that SCO has no business left other than its Linux-related litigation, its stock can be seen as a sort of call option on SCO's lawsuits. Even at its peak, SCO's stock price represented a perceived chance of collection of less than 10%. If the company were truly set to collect billions, it would not be valued in the millions.
As this article was being written, SCO's stock has fallen below $10/share
![[Mini chart]](/images/ns/sco-chart2-sm.png)
for the first time since July. The value of the call option is clearly
declining.
Since stock prices are interesting as an indicator of public perception, we have prepared an annotated chart correlating the company's stock price against various events from the last year. It shows how the public view of SCO has gone up and down and the correlation with the actions of SCO and others. SCO may yet manage to engineer another increase in its stock price, but it seems unlikely to get anywhere near the highs of last October. If SCO's actions are truly part of a stock scam, it would appear to have failed.
Most readers will be familiar with the Halloween X memo leaked to Eric Raymond. The memo is for real, but SCO claims that its author, outside consultant Mike Anderer, misunderstood the situation. It has, regardless, caused the wider world to look again at Microsoft's relationship to SCO, and may have played a part in the recent stock decline.
Meanwhile, SCO has filed its memo in opposition of Novell's motion to dismiss the "slander of title" suit. SCO maintains that the asset purchase agreement was sufficient to transfer the Unix copyrights, and that it has, indeed, suffered damages from Novell's actions. SCO is also trying to get the case moved back to Utah state court after Novell moved it to the Federal court. The Federal court is the same one which is hearing the IBM case; perhaps SCO has decided it no longer wishes to try its luck there.
EU Intellectual Property Rights Directive passed
On March 9 the European Parliament passed, without amendment, the "Intellectual Property Rights Enforcement" directive under fast-track procedures. This directive, which worries free software advocates and others (see this FFII page for the details), is expected to be passed by the European Commission shortly. At that point, the battle shifts to the individual EU member states, each of which must pass its own implementation legislation. Concerned Europeans will certainly want to pay attention to what is happening in their countries as this process goes forward.
Page editor: Jonathan Corbet
Security
Security news
Fighting spam in the courts
Reading legal filings has never been your editor's idea of a good time, and many of the filings which have gone his way over the last year have been less fun than usual. So it has been a bit of a relief to read complaints with titles like "Microsoft Corporation v. John Does 1-50 d/b/a Super Viagra Group." The big ISPs are figuring out that spam is costing them money; as a result, Microsoft, AOL, Earthlink, and Yahoo have filed a set of lawsuits aimed at those who, they say, have sent spam into their systems.These suits have been trumpeted as the first application of the much-maligned U.S. "CAN-SPAM" act. The complaints (most of which can be found on FindLaw) do, indeed, cite this act, but they also bring many other counts and could easily have been filed before that act was passed. Microsoft's complaint, for example, alleges "trespass to chattels," "conversion," violation of the Washington electronic mail act, violation of the federal computer fraud and abuse act, Lanham act violations, and more. AOL's complaint brings in violations of the Virginia computer crimes act, dealing in falsified bulk email software (Virginia law, again), conspiracy to commit trespass of chattels, and more. The CAN-SPAM act, clearly, is only part of the picture.
The filings are good for publicity and as a way to look like something is being done, but it remains to be seen whether they will accomplish anything against spam. The fact that the complaints are filed against over 100 "John Does" makes one problem clear: these ISPs still do not have a clear idea of who they are fighting. They claim that, armed with subpoenas, they can follow the money trails starting with the manufacturers of the products being pitched and track down the spammers from there. Perhaps, but it would be a mistake to assume that the people involved will be easily found, or that it will be easy to prove that they, in particular, sent the messages in question.
That said, legal action is likely to be an important part of the fight against spam in the future. With luck, a squad of expensive corporate lawyers can help to push spammers further underground and make it harder to actually earn money by sending junk email. There are reasons to worry too, however; anti-spam laws are, to a great extent, being used to squelch a certain type of unpleasant speech. It is not that hard to imagine those laws being used to shut down other types of speech which powerful groups find distasteful, much like domain name laws and procedures have been used to pull the plug on consumer and satire sites. Making spammers uncomfortable is a good thing; let's just hope this effort stops there.
New vulnerabilities
gdk-pixbuf: buffer overflow
| Package(s): | gdk-pixbuf | CVE #(s): | CAN-2004-0111 | |||||||||||||||
| Created: | March 10, 2004 | Updated: | March 16, 2004 | |||||||||||||||
| Description: | Versions of gdk-pixbuf prior to 0.20 contain a vulnerability which can be exploited, via a malicious BMP file, to crash Evolution. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
kdelibs: cookie disclosure
| Package(s): | kdelibs | CVE #(s): | CAN-2003-0592 | |||||||||||||||
| Created: | March 10, 2004 | Updated: | August 24, 2004 | |||||||||||||||
| Description: | kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
mozilla: multiple vulnerabilties
| Package(s): | mozilla | CVE #(s): | CAN-2003-0594 CAN-2003-0564 | ||||||||||||
| Created: | March 10, 2004 | Updated: | August 19, 2004 | ||||||||||||
| Description: | Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. | ||||||||||||||
| Alerts: |
| ||||||||||||||
python: buffer overflow
| Package(s): | python | CVE #(s): | CAN-2004-0150 | |||||||||||||||
| Created: | March 10, 2004 | Updated: | October 11, 2004 | |||||||||||||||
| Description: | Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
sysstat: temporary file vulnerability
| Package(s): | sysstat | CVE #(s): | CAN-2004-0107 CAN-2004-0108 | ||||||||||||||||||||||||
| Created: | March 10, 2004 | Updated: | October 4, 2004 | ||||||||||||||||||||||||
| Description: | The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
wu-ftpd: two vulnerabilities
| Package(s): | wu-ftpd | CVE #(s): | CAN-2004-0148 CAN-2004-0185 | ||||||
| Created: | March 9, 2004 | Updated: | March 10, 2004 | ||||||
| Description: | CAN-2004-0148 - Glenn Stewart discovered that users could bypass the
directory access restrictions imposed by the restricted-gid option by
changing the permissions on their home directory. On a subsequent login,
when access to the user's home directory was denied, wu-ftpd would fall
back to the root directory.
CAN-2004-0185 - A buffer overflow existed in wu-ftpd's code which deals with S/key authentication. | ||||||||
| Alerts: |
| ||||||||
Updated vulnerabilities
CUPS: denial of service
| Package(s): | CUPS | CVE #(s): | CAN-2003-0788 | ||||||||||||
| Created: | November 3, 2003 | Updated: | March 4, 2004 | ||||||||||||
| Description: | Paul Mitcheson reported a situation where the CUPS Internet Printing Protocol (IPP) implementation in CUPS versions prior to 1.1.19 would get into a busy loop. This could result in a denial of service. In order to exploit this bug an attacker would need to have the ability to make a TCP connection to the IPP port (by default 631). | ||||||||||||||
| Alerts: |
| ||||||||||||||
PWLib: possible Denial of Service
| Package(s): | PWLib | CVE #(s): | CAN-2004-0097 | |||||||||||||||||||||
| Created: | February 13, 2004 | Updated: | April 9, 2004 | |||||||||||||||||||||
| Description: | PWLib is a cross-platform class library designed to support the OpenH323
project. OpenH323 provides an implementation of the ITU H.323
teleconferencing protocol, used by packages such as Gnome Meeting.
A test suite for the H.225 protocol (part of the H.323 family) provided by the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker could trigger these bugs by sending carefully crafted messages to an application. The effects of such an attack can vary depending on the application, but would usually result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0097 to this issue. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
apache2: Denial of Service vulnerability
| Package(s): | apache2 | CVE #(s): | |||||||||||||
| Created: | September 29, 2003 | Updated: | March 25, 2004 | ||||||||||||
| Description: | A problem was discovered in Apache2 where CGI scripts that write more than 4k to the standard error stream will hang the script's execution. This problem can lead to a denial of service situation. See this bug report for additional details. | ||||||||||||||
| Alerts: |
| ||||||||||||||
Filename disclosure vulnerability in fam
| Package(s): | fam | CVE #(s): | CAN-2002-0875 | ||||||
| Created: | August 19, 2002 | Updated: | January 5, 2005 | ||||||
| Description: | "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. | ||||||||
| Alerts: |
| ||||||||
fetchmail may crash on specially crafted message
| Package(s): | fetchmail | CVE #(s): | CAN-2003-0792 | ||||||||||||||||||
| Created: | October 16, 2003 | Updated: | April 8, 2004 | ||||||||||||||||||
| Description: | A bug was discovered in fetchmail 6.2.4 where a specially crafted email message can cause fetchmail to crash. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
GnuPG: ElGamal signing keys compromised
| Package(s): | gnupg | CVE #(s): | CAN-2003-0971 | ||||||||||||||||||||||||||||||
| Created: | November 28, 2003 | Updated: | March 3, 2004 | ||||||||||||||||||||||||||||||
| Description: | A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to ElGamal sign+encrypt keys. This email message from Werner Koch contains more information. "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds." | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml | CVE #(s): | CAN-2003-0133 CAN-2003-0541 | ||||||||||||||||||
| Created: | April 14, 2003 | Updated: | April 18, 2005 | ||||||||||||||||||
| Description: | GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
iproute: local denial of service
| Package(s): | iproute net-tools | CVE #(s): | CAN-2003-0856 | ||||||||||||||||||
| Created: | November 25, 2003 | Updated: | December 14, 2004 | ||||||||||||||||||
| Description: | The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
kdepim: VCF file information reader vulnerability
| Package(s): | kdepim | CVE #(s): | CAN-2003-0988 | |||||||||||||||||||||
| Created: | January 15, 2004 | Updated: | May 26, 2004 | |||||||||||||||||||||
| Description: | KDE has issued a security advisory for all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4 inclusive. A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to this issue. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
kernel: local root exploit
| Package(s): | kernel | CVE #(s): | CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | February 18, 2004 | Updated: | March 8, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Another vulnerability has been found in the 2.4.24 and 2.6.2 mremap() system call; once again, this hole can be exploited by a local user to obtain root access. See this advisory from Paul Starzetz for details. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: local root exploit in 2.4.22
| Package(s): | kernel | CVE #(s): | CAN-2003-0961 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 1, 2003 | Updated: | April 5, 2004 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | A vulnerability was discovered in the Linux kernel versions 2.4.22 and
previous. A flaw in bounds checking in the do_brk() function can allow a
local attacker to gain root privileges. This vulnerability is known to be
exploitable.
The 2.4.23 kernel contains the fix. For more details on how this vulnerability works, see this LWN article. | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils | CVE #(s): | CAN-2003-0019 | |||
| Created: | February 7, 2003 | Updated: | January 21, 2005 | |||
| Description: | The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode. All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root. Alternatively, as a work-around to this vulnerability issue the following command as root: chmod -s /usr/bin/uml_net | |||||
| Alerts: |
| |||||
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 | CVE #(s): | CAN-2002-1363 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 19, 2002 | Updated: | July 14, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
libtool - Insecure handling of temporary files
| Package(s): | libtool | CVE #(s): | |||||||
| Created: | February 5, 2004 | Updated: | March 8, 2004 | ||||||
| Description: | GNU libtool consists of a set of shell scripts used to build shared
libraries.
Joseph S. Myers and Stefan Nordhausen independently found a vulnerability in the way the ltmain.sh script (which is part of the libtool package) creates temporary directories for its use. A local attacker could exploit this vulnerability to change/delete arbitrary files in the system on behalf of the user who is calling the script. The vulnerability has been fixed in the 1.5.2 version of libtool. | ||||||||
| Alerts: |
| ||||||||
libxml2 - arbitrary code execution
| Package(s): | libxml2 | CVE #(s): | CAN-2004-0110 | |||||||||||||||||||||||||||||||||||||||
| Created: | February 26, 2004 | Updated: | July 21, 2004 | |||||||||||||||||||||||||||||||||||||||
| Description: | Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. | |||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||
mailman: cross-site scripting vulnerabilities
| Package(s): | mailman | CVE #(s): | CAN-2003-0965 CAN-2003-0992 | ||||||||||||
| Created: | February 6, 2004 | Updated: | March 5, 2004 | ||||||||||||
| Description: | Dirk Mueller discovered a cross-site scripting bug in the admin interface
in versions of Mailman 2.1 before 2.1.4. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0965 to
this issue.
A cross-site scripting bug in the 'create' CGI script affects versions of Mailman 2.1 before 2.1.3. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0992 to this issue. | ||||||||||||||
| Alerts: |
| ||||||||||||||
mailman denial of service
| Package(s): | mailman | CVE #(s): | CAN-2003-0991 | ||||||||||||
| Created: | February 9, 2004 | Updated: | May 25, 2004 | ||||||||||||
| Description: | Matthew Galgoci of Red Hat discovered a Denial of Service (DoS) vulnerability in versions of Mailman prior to 2.1. An attacker could send a carefully-crafted message causing mailman to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0991 to this issue. | ||||||||||||||
| Alerts: |
| ||||||||||||||
mc: arbitrary code execution
| Package(s): | mc | CVE #(s): | CAN-2003-1023 | ||||||||||||||||||||||||||||||
| Created: | January 16, 2004 | Updated: | April 5, 2004 | ||||||||||||||||||||||||||||||
| Description: | A vulnerability was discovered in Midnight Commander, a file manager, whereby a malicious archive (such as a .tar file) could cause arbitrary code to be executed if opened by Midnight Commander. | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
metamail: integer and buffer overflows
| Package(s): | metamail | CVE #(s): | CAN-2004-0104 CAN-2004-0105 | |||||||||||||||
| Created: | February 18, 2004 | Updated: | May 21, 2004 | |||||||||||||||
| Description: | Versions of metamail through 2.7 contain a set of integer and buffer overflows which are remotely exploitable via a properly crafted message. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
mikmod: buffer overflow
| Package(s): | mikmod | CVE #(s): | CAN-2003-0427 | |||||||||||||||
| Created: | June 16, 2003 | Updated: | June 16, 2005 | |||||||||||||||
| Description: | Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
mod_python: denial of service vulnerability
| Package(s): | mod_python | CVE #(s): | CAN-2003-0973 | |||||||||||||||||||||
| Created: | January 27, 2004 | Updated: | October 4, 2004 | |||||||||||||||||||||
| Description: | Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to Denial of Service attacks when handling a malformed query. Mod_python 2.7.9 was released to fix the vulnerability, however, because the vulnerability has not been fully fixed, version 2.7.10 has been released. Users of mod_python 3.0.4 are not affected by this vulnerability. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
mpg321: format string vulnerability
| Package(s): | mpg321 | CVE #(s): | CAN-2003-0969 | ||||||
| Created: | January 6, 2004 | Updated: | March 28, 2005 | ||||||
| Description: | A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming). | ||||||||
| Alerts: |
| ||||||||
mplayer: remotely exploitable buffer overflow vulnerability
| Package(s): | mplayer | CVE #(s): | CAN-2003-0835 | |||||||||||||||
| Created: | September 29, 2003 | Updated: | April 6, 2004 | |||||||||||||||
| Description: | A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. Read the full advisory for details. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
mutt: buffer overflow
| Package(s): | mutt | CVE #(s): | CAN-2004-0078 | ||||||||||||||||||||||||||||||
| Created: | February 11, 2004 | Updated: | March 26, 2004 | ||||||||||||||||||||||||||||||
| Description: | mutt suffers from a buffer overflow in its "index menu" code. This overflow can be exploited via a hostile message to crash mutt and, perhaps, execute arbitrary code. Version 1.4.2 fixes the problem; see this advisory for details. | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
Nessus NASL scripting engine security issues
| Package(s): | nessus | CVE #(s): | ||||
| Created: | May 27, 2003 | Updated: | August 12, 2004 | |||
| Description: | Some some vulnerabilities exsist in the Nessus NASL scripting engine. To exploit these flaws, an attacker would need to have a valid Nessus account as well as the ability to upload arbitrary Nessus plugins in the Nessus server (this option is disabled by default) or he/she would need to trick a user somehow into running a specially crafted nasl script. Read the full advisory for additional information. | |||||
| Alerts: |
| |||||
netpbm: insecure temporary files
| Package(s): | netpbm | CVE #(s): | CAN-2003-0924 | |||||||||||||||||||||||||||
| Created: | January 19, 2004 | Updated: | December 29, 2004 | |||||||||||||||||||||||||||
| Description: | netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
nfs-utils xlog() off-by-one bug
| Package(s): | nfs-utils | CVE #(s): | CAN-2003-0252 | ||||||||||||||||||||||||||||||||||||
| Created: | July 14, 2003 | Updated: | March 8, 2004 | ||||||||||||||||||||||||||||||||||||
| Description: | Linux NFS utils package contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability by sending specially crafted request to rpc.mountd daemon. See this BugTraq post for more details. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
openssh: timing attack leads to information disclosure
| Package(s): | openssh | CVE #(s): | CAN-2003-0190 | |||||||||||||||
| Created: | May 2, 2003 | Updated: | November 30, 2004 | |||||||||||||||
| Description: | From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation." | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
perl information leak
| Package(s): | perl | CVE #(s): | CAN-2003-0618 | ||||||
| Created: | February 2, 2004 | Updated: | April 21, 2004 | ||||||
| Description: | Paul Szabo discovered a number of bugs in suidperl, a helper program to run perl scripts with setuid privileges. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users. | ||||||||
| Alerts: |
| ||||||||
postfix: denial of service vulnerabilities
| Package(s): | postfix | CVE #(s): | CAN-2003-0468 CAN-2003-0540 | ||||||||||||||||||||||||
| Created: | August 5, 2003 | Updated: | May 27, 2004 | ||||||||||||||||||||||||
| Description: | The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
rsync - remotely exploitable heap overflow
| Package(s): | rsync | CVE #(s): | CAN-2003-0962 | ||||||||||||||||||||||||||||||||||||||||||
| Created: | December 4, 2003 | Updated: | March 3, 2004 | ||||||||||||||||||||||||||||||||||||||||||
| Description: | An advisory has gone out warning of a remotely exploitable heap overflow vulnerability in rsync versions 2.5.6 and prior. If you are running an rsync server, you will want to apply a distributor patch or upgrade to 2.5.7 in the near future. | ||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||
screen: privilege escalation
| Package(s): | screen | CVE #(s): | CAN-2003-0972 | ||||||||||||||||||
| Created: | November 28, 2003 | Updated: | March 3, 2004 | ||||||||||||||||||
| Description: | According to
this advisory a buffer overflow in GNU screen allows privilege
escalation for local users. Usually screen is installed either setgid-utmp
or setuid-root.
It also has some potential for remote attacks or getting control of another user's screen. The problem is that you have to transfer around 2-3 gigabytes of data to user's screen to exploit this vulnerability. 4.0.1, 3.9.15 and older versions are vulnerable. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip | CVE #(s): | CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399 | |||||||||||||||||||||||||||
| Created: | October 1, 2002 | Updated: | April 9, 2006 | |||||||||||||||||||||||||||
| Description: | The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
tcpdump: flaws in the ISAKMP decoding routines
| Package(s): | tcpdump | CVE #(s): | CAN-2003-0989 CAN-2004-0057 CAN-2004-0055 | ||||||||||||||||||||||||||||||||||||||||||
| Created: | January 15, 2004 | Updated: | April 6, 2004 | ||||||||||||||||||||||||||||||||||||||||||
| Description: | George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump
versions prior to 3.8.1. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.
Jonathan Heusser discovered two additional flaws in the ISAKMP decoding routines of tcpdump versions up to and including 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these packets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. | ||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 | CVE #(s): | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | May 21, 2002 | Updated: | October 5, 2004 | |||||||||||||||||||||||||||||||||||||||||||
| Description: | This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well. | |||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||