|
|
| |
|
| |
Security
March 31, 2004
By Pamela Jones, Editor of Groklaw
There oughta be a law, as they say, and now there is one in Utah. Yes,
Utah is first state in the US to pass
legislation banning certain kinds of spyware, the Spyware Control
Act, and they took a heap of criticism from the likes of
Microsoft and
even cuddlier companies like Google, Novell and Amazon, who tried
to block it from being passed, but failed. The governor just signed it last
week. Why? What is in this bill that such a broad coalition of
companies took a look at it and didn't like what they saw?
The best place to go to understand the new law is Ben Edelman's page,
A Close Reading
of Utah's Spyware Control Act (H.B.323). He has a clear chart
showing in a creative way what the law says, with all its subclauses
visually laid out. He consulted with the Utah legislators who
prepared the bill, and his take on it is worth reading.
He was mightily surprised to see companies like Yahoo and AOL and
Amazon and all the rest united against this bill. He concludes they
have misunderstood the bill, and after researching it, I think that is
indeed part of the problem. Novell's Vice President and Deputy General
Counsel Ryan Richards wrote an Op Ed piece for the local paper about the
bill in mid-March, "'Spyware' Bill Would Hurt Net Use", where he lays out the objections
that he had to the bill and what he felt would be its unintended
consequences. Here's a bit of what he wrote: ". . . the bill in its
current form could potentially criminalize some of the most popular
consumer software on the market, including popular media players,
anti-virus programs, internet services, e-mail programs, and networking
software."
After reading the bill itself, however, I believe he misunderstood the
law, and I have concluded that the consequences are not unintended but
rather precisely what the legislators meant to achieve. They intended
that hidden spyware that transmits information about users without
their consent, be outlawed. It's a bit like the definition of spam.
"Legitimate" advertisers would like us to exempt their mailings from that
definition. Now they want us to exempt them from the definition
of spyware. The Utah legislators passed a bill that doesn't make that
distinction. They are telling all companies to just quit it.
Because Ed Felton's analysis
of the bill included the statement, "I have not seen specific
examples of legitimate software that would be affected," I asked
Novell's Bruce Lowry what products of theirs might be impacted by this
bill, if any. He replied that while the bill is written in a vague
enough way that he wasn't quite sure, one product might be ZENworks,
used to configure machines and update software, including security
patches, remotely. You can see a demonstration of ZENworks in a video
on Novell's coverage of its recent Brainshare conference. I
thought it looked like a wonderful product, but it does have to monitor
computer usage to work and it sends reports back to a remote server,
"both actions that would appear to make ZENworks 'spyware' under the
terms of the legislation," Lowry worries. "The language doesn't
distinguish between this type of high value, legitimate monitoring of
computer activity from those actions that the legislation is ostensibly
targeting - i.e. unsolicited advertising."
That would be an understandable worry, if he were correct that the law
outlawed that product and others like it. But my reading of the
statute convinces me that the bill only requires companies to let users
know how products like ZENworks do what they do, get user consent,
which presumably they already do, and make it possible to uninstall
ZENworks, if users want to later. How burdensome is that? Further,
Section 5 specifically excludes
"software designed and installed solely to diagnose or resolve
technical difficulties."
The strong reaction to this modest bill -- and you can read
a PDF letter written by the companies and organizations that united
to oppose it -- makes me heart-sinkingly sure that companies currently do
quite a bit of monitoring and that the bill is designed to solve a
runaway problem. Obviously, currently there is no law against
spyware, except in Utah, although there is a bill being prepared on the
federal level, and the FTC is holding hearings in April. Europe is
considerably
ahead of the US on privacy issues, maybe because
Madison Avenue is an American phenomenon.
Might Mr. Richards be referring to that popular media player of the
same name that the EU Commission just ordered Microsoft to unbundle,
for example? Considering Microsoft Media Player's
calling-home features, I'd say "probably." And while
everyone
has been talking about "benign" and
"important and beneficial Internet communication software", that
perennial favorite "stifling innovation", and the bill burdening users
with
notices, as if anybody cared about us anyhow, the truth is more likely to
be elsewhere. Might it be
that advertisers are worried about their income stream, and that at
least some of the objecting parties - who are also entertainment
purveyors - want to know exactly what everybody is up to with their music
and DVDs and intend to spy to the extent they think they can get
away with?
There is also a chilling statement in the letter
listing reasons the signatories oppose the bill: "The bill also would
create serious barriers to collection of data that Internet companies
and security companies use to analyze and prevent hacker attacks on the
Internet. This security problem is exacerbated by the fact that
computer hackers, and other criminals could refuse to consent to use
the software that law enforcement officials need to be able to conduct
investigations." What are they saying? That instead of getting court
orders to track criminals, which doesn't require their
permission,
law enforcement officials currently track everybody with
commercial spyware? That's the kind of revelation, if that's what
they meant, that
gives privacy lovers hives.
So, what does the bill outlaw?
First, what it doesn't outlaw. It doesn't say they can't spy on us
customers. They just have to tell us, in plain language, what they
intend to do and get our consent, and make it possible for us to
uninstall whatever we let them put on our computers,
if we later change our minds. Before you say no one would ever give
consent, think about Google's toolbar. A lot of folks trust Google,
and they say yes when Google asks if they can track them. And no,
Google's toolbar is not outlawed by this bill, because they comply
with the
notice and uninstall requirements already. Maybe that's why many trust
them.
Excluded from the definition of spyware, are programs that diagnose or
resolve technical problems, cookies, HTML code, and JavaScript used
to report info stored on the user's computer, and operating systems.
Plenty of wiggle room there. Anti-virus software and firewalls
typically come with licenses that tell you what they do and thus get
the necessary consent. The bill also outlaws intrusive ads that block
the user's view of "legitimate" paid ads and website content. The
liability for those who do it anyway is $10,000 per ad displayed, and
that is tripled if the jury thinks they did it on purpose.
There is a catch. The victim can't bring a lawsuit. Only website
owners, advertisers, and copyright and trademark owners (that elite
bunch that legislators adore to write laws for) can sue. The rest of
Utah's citizens must report violations to the Division of Consumer
Protection, and the agency follows through, hopefully. The Utah
legislators need to vote some funding if they are serious about
stamping out spyware in Utah.
Ben Edelman tells me it wouldn't surprise him to see exactly that
happen in coming years. "I think the bill reflects a good initial
attempt to protect consumers and web sites from the many negative
effects of spyware programs," he says, "and I think it offers a
sensible and
workable framework for doing so."
Comments (22 posted)
New vulnerabilities
courier - Remote buffer overflow vulnerabilities
| Package(s): | Courier |
CVE #(s): | CAN-2004-0224
|
| Created: | March 29, 2004 |
Updated: | April 1, 2004 |
| Description: |
Remote buffer overflow vulnerabilities have been found in Courier-IMAP
and Courier MTA. These exploits may allow the execution of arbitrary
code, allowing unauthorized access to a vulnerable system. |
| Alerts: |
|
Comments (2 posted)
emil: Buffer overflow and format string vulnerabilities
| Package(s): | emil |
CVE #(s): | CAN-2004-0152
CAN-2004-0153
|
| Created: | March 25, 2004 |
Updated: | March 31, 2004 |
| Description: |
The emil mail filter utility has buffer overflow and format string
vulnerabilities that can be exploited locally and remotely,
It may be possible to craft an email that exploits the vulnerability
and executes arbitrary code.
|
| Alerts: |
|
Comments (none posted)
ethereal - multiple vulnerabilities
Comments (none posted)
monit: buffer overflow and DOS
| Package(s): | monit |
CVE #(s): | |
| Created: | March 31, 2004 |
Updated: | April 19, 2004 |
| Description: |
The monit system administration program through version 4.1 suffers from remotely exploitable buffer overflow and denial of service vulnerabilities.
Two additional vulnerabilities have been found in the HTTP interface of monit, possibly leading to denial of service or execution of arbitrary code.
|
| Alerts: |
|
Comments (none posted)
oftpd - denial of service
| Package(s): | oftpd |
CVE #(s): | |
| Created: | March 29, 2004 |
Updated: | April 5, 2004 |
| Description: |
A remotely-exploitable overflow exists in versions of oftpd 0.3.6 and
earlier, allowing an attacker to crash the oftpd daemon. Issuing a port
command with a number higher than 255 causes the server to crash. The port
command may be issued before any authentication takes place, meaning the
attacker does not need to know a valid username and password in order to
exploit this vulnerability. |
| Alerts: |
|
Comments (1 posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | |
| Created: | March 31, 2004 |
Updated: | March 31, 2004 |
| Description: |
Versions of the OpenLDAP server through 2.1.12 suffer from a remotely exploitable denial of service vulnerability; some more information can be found in the OpenLDAP bug tracker. |
| Alerts: |
|
Comments (none posted)
pam-pgsql - missing input sanitizing
| Package(s): | pam-pgsql |
CVE #(s): | CAN-2004-0366
|
| Created: | March 29, 2004 |
Updated: | March 31, 2004 |
| Description: |
Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to
authenticate using a PostgreSQL database. The library does not escape all
user-supplied data that are sent to the database. An attacker could
exploit this bug to insert SQL statements. |
| Alerts: |
|
Comments (none posted)
squid - vulnerability in URL decoding
| Package(s): | squid |
CVE #(s): | CAN-2004-0189
|
| Created: | March 29, 2004 |
Updated: | April 20, 2004 |
| Description: |
A bug was found in the processing of %-encoded characters in a URL in
versions of Squid 2.5.STABLE4 and earlier. If a Squid configuration uses
Access Control Lists (ACLs), a remote attacker could create URLs that would
not be correctly tested against Squid's ACLs, potentially allowing clients
to access prohibited URLs. |
| Alerts: |
|
Comments (none posted)
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
| Package(s): | tcpdump |
CVE #(s): | CAN-2004-0183
CAN-2004-0184
|
| Created: | March 30, 2004 |
Updated: | September 30, 2004 |
| Description: |
TCPDUMP v3.8.1 and earlier versions contain multiple flaws in the packet
display functions for the ISAKMP protocol. Upon receiving specially
crafted ISAKMP packets, TCPDUMP will try to read beyond the end of the
packet capture buffer and crash. More information is available in this Rapid7 advisory. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
apache2: Denial of Service vulnerability
| Package(s): | apache2 |
CVE #(s): | |
| Created: | September 29, 2003 |
Updated: | March 25, 2004 |
| Description: |
A problem was discovered in Apache2 where CGI scripts that write more than
4k to the standard error stream will hang the script's execution. This problem can lead to a
denial of service situation. See this bug
report for additional details. |
| Alerts: |
|
Comments (none posted)
ecartis: several vulnerabilities
| Package(s): | ecartis |
CVE #(s): | CAN-2003-0781
CAN-2003-0782
|
| Created: | March 24, 2004 |
Updated: | March 24, 2004 |
| Description: |
The ecartis mailing list manager (version 1.0) suffers from an input validation vulnerability which can result in the disclosure of list passwords. Ecartis also has several buffer overflow vulnerabilities. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
fetchmail may crash on specially crafted message
| Package(s): | fetchmail |
CVE #(s): | CAN-2003-0792
|
| Created: | October 17, 2003 |
Updated: | April 8, 2004 |
| Description: |
A bug was discovered in fetchmail 6.2.4 where a specially crafted email
message can cause fetchmail to crash.
|
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
httpd - vulnerabilities fixed in Apache HTTP Server v2.0.49
| Package(s): | httpd |
CVE #(s): | CAN-2004-0174
CAN-2003-0020
CAN-2004-0113
|
| Created: | March 23, 2004 |
Updated: | March 30, 2004 |
| Description: |
The Apache Software Foundation and the Apache HTTP Server Project have
announced the release of version 2.0.49 of the Apache HTTP Server
("Apache"). More on the vulnerabilities fixed in this release can be found
in this announcement. |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
kdelibs: cookie disclosure
| Package(s): | kdelibs |
CVE #(s): | CAN-2003-0592
|
| Created: | March 10, 2004 |
Updated: | August 24, 2004 |
| Description: |
kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. |
| Alerts: |
|
Comments (none posted)
kdepim: VCF file information reader vulnerability
| Package(s): | kdepim |
CVE #(s): | CAN-2003-0988
|
| Created: | January 15, 2004 |
Updated: | May 26, 2004 |
| Description: |
KDE has issued a security advisory for all
versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4
inclusive. A carefully crafted .VCF file potentially enables local
attackers to compromise the privacy of a victim's data or execute arbitrary
commands with the victim's privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to
this issue. |
| Alerts: |
|
Comments (none posted)
kernel: local root exploit in 2.4.22
| Package(s): | kernel |
CVE #(s): | CAN-2003-0961
|
| Created: | December 1, 2003 |
Updated: | April 5, 2004 |
| Description: |
A vulnerability was discovered in the Linux kernel versions 2.4.22 and
previous. A flaw in bounds checking in the do_brk() function can allow a
local attacker to gain root privileges. This vulnerability is known to be
exploitable.
The 2.4.23 kernel contains the fix. For more details on how this vulnerability works, see this LWN article. |
| Alerts: |
|
Comments (1 posted)
Linux kernel 2.2.10 failing function and TLB flush vulnerability
| Package(s): | kernel-source-2.2.10 |
CVE #(s): | CAN-2004-0077
|
| Created: | March 18, 2004 |
Updated: | June 4, 2004 |
| Description: |
A local root exploit is possible due to early flushing of the
TLB. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mailman denial of service
| Package(s): | mailman |
CVE #(s): | CAN-2003-0991
|
| Created: | February 9, 2004 |
Updated: | May 25, 2004 |
| Description: |
Matthew Galgoci of Red Hat discovered a Denial of Service (DoS)
vulnerability in versions of Mailman prior to 2.1. An attacker could send
a carefully-crafted message causing mailman to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0991 to this issue. |
| Alerts: |
|
Comments (1 posted)
mc: arbitrary code execution
| Package(s): | mc |
CVE #(s): | CAN-2003-1023
|
| Created: | January 16, 2004 |
Updated: | April 5, 2004 |
| Description: |
A vulnerability was discovered in Midnight Commander, a file manager,
whereby a malicious archive (such as a .tar file) could cause arbitrary
code to be executed if opened by Midnight Commander. |
| Alerts: |
|
Comments (none posted)
metamail: integer and buffer overflows
| Package(s): | metamail |
CVE #(s): | CAN-2004-0104
CAN-2004-0105
|
| Created: | February 18, 2004 |
Updated: | May 21, 2004 |
| Description: |
Versions of metamail through 2.7 contain a set of integer and buffer overflows which are remotely exploitable via a properly crafted message. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: denial of service vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2003-0973
|
| Created: | January 27, 2004 |
Updated: | October 4, 2004 |
| Description: |
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilties
| Package(s): | mozilla |
CVE #(s): | CAN-2003-0594
CAN-2003-0564
|
| Created: | March 10, 2004 |
Updated: | August 19, 2004 |
| Description: |
Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
mplayer: remotely exploitable buffer overflow vulnerability
| Package(s): | mplayer |
CVE #(s): | CAN-2003-0835
|
| Created: | September 29, 2003 |
Updated: | April 6, 2004 |
| Description: |
A remotely exploitable buffer overflow vulnerability was found in
MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer
into executing arbitrary code upon parsing that header. Read the full advisory
for details. |
| Alerts: |
|
Comments (none posted)
mutt: buffer overflow
| Package(s): | mutt |
CVE #(s): | CAN-2004-0078
|
| Created: | February 12, 2004 |
Updated: | March 26, 2004 |
| Description: |
mutt suffers from a buffer overflow in its "index menu" code. This overflow can be exploited via a hostile message to crash mutt and, perhaps, execute arbitrary code. Version 1.4.2 fixes the problem; see this advisory for details. |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
perl information leak
| Package(s): | perl |
CVE #(s): | CAN-2003-0618
|
| Created: | February 2, 2004 |
Updated: | April 21, 2004 |
| Description: |
Paul Szabo discovered a number of bugs in suidperl, a helper
program to run perl scripts with setuid privileges. By exploiting
these bugs, an attacker could abuse suidperl to discover information
about files (such as testing for their existence and some of their
permissions) that should not be accessible to unprivileged users. |
| Alerts: |
|
Comments (none posted)
postfix: denial of service vulnerabilities
| Package(s): | postfix |
CVE #(s): | CAN-2003-0468
CAN-2003-0540
|
| Created: | August 5, 2003 |
Updated: | May 27, 2004 |
| Description: |
The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details. |
| Alerts: |
|
Comments (none posted)
PWLib: possible Denial of Service
| Package(s): | PWLib |
CVE #(s): | CAN-2004-0097
|
| Created: | February 13, 2004 |
Updated: | April 9, 2004 |
| Description: |
PWLib is a cross-platform class library designed to support the OpenH323
project. OpenH323 provides an implementation of the ITU H.323
teleconferencing protocol, used by packages such as Gnome Meeting.
A test suite for the H.225 protocol (part of the H.323 family) provided by
the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker
could trigger these bugs by sending carefully crafted messages to an
application. The effects of such an attack can vary depending on the
application, but would usually result in a Denial of Service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0097 to this issue. |
| Alerts: |
|
Comments (none posted)
python: buffer overflow
| Package(s): | python |
CVE #(s): | CAN-2004-0150
|
| Created: | March 10, 2004 |
Updated: | October 11, 2004 |
| Description: |
Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. |
| Alerts: |
|
Comments (none posted)
samba privilege escalation
| Package(s): | samba |
CVE #(s): | CAN-2004-0186
|
| Created: | March 15, 2004 |
Updated: | April 20, 2004 |
| Description: |
Samba, a LanManager-like file and printer server for Unix, was found
to contain a vulnerability whereby a local user could use the "smbmnt"
utility, which is setuid root, to mount a file share from a remote
server which contained setuid programs under the control of the user.
These programs could then be executed to gain privileges on the local
system. |
| Alerts: |
|
Comments (none posted)
sysstat: temporary file vulnerability
| Package(s): | sysstat |
CVE #(s): | CAN-2004-0107
CAN-2004-0108
|
| Created: | March 10, 2004 |
Updated: | October 4, 2004 |
| Description: |
The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 10, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tcpdump: flaws in the ISAKMP decoding routines
| Package(s): | tcpdump |
CVE #(s): | CAN-2003-0989
CAN-2004-0057
CAN-2004-0055
|
| Created: | January 15, 2004 |
Updated: | April 6, 2004 |
| Description: |
George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump
versions prior to 3.8.1. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.
Jonathan Heusser discovered two additional flaws in the ISAKMP decoding
routines of tcpdump versions up to and including 3.8.1. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0057 to this issue.
Jonathan Heusser discovered a flaw in the print_attr_string function in the
RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0055 to this issue.
Remote attackers could potentially exploit these issues by sending
carefully-crafted packets to a victim. If the victim uses tcpdump, these
packets could result in a denial of service, or possibly execute arbitrary
code as the 'pcap' user. |
| Alerts: |
|
Comments (none posted)
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | October 5, 2004 |
| Description: |
This vulnerability,
originally thought to be confined to BSD-derived systems, was first covered
in the July 26th Security
Summary. It is now known that Linux telnet daemons are vulnerable as
well.
|
| Alerts: |
|
Comments (none posted)
util-linux: information leak in the login program
| Package(s): | util-linux |
CVE #(s): | CAN-2004-0080
|
| Created: | February 3, 2004 |
Updated: | April 8, 2004 |
| Description: |
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.
In some situations, the login program could use a pointer that had been
freed and reallocated. This could cause unintentional data leakage. |
| Alerts: |
|
Comments (1 posted)
uudeview temp file problem
| Package(s): | uudeview |
CVE #(s): | |
| Created: | March 13, 2004 |
Updated: | March 29, 2004 |
| Description: |
uudeview 0.5.19 and later has problem with insecure temp file
handling that can lead to failure retrieving the filename during
decode. |
| Alerts: |
|
Comments (none posted)
Resources
After some two years in the development process, the Open Source Vulnerability Database has
opened its virtual doors. " The Open Source Vulnerability Database (OSVDB) is an open project to collect and
distribute vulnerability information freely to everyone. The project team
contains skilled volunteers working together to document every security
vulnerability that arises."
Full Story (comments: none)
Page editor: Jonathan Corbet
Next page: Kernel development>>
|
|
|