The Grumpy Editor's guide to diagram editors
Let it be said up front: your editor is not an artist. He is, however,
given to the creation of simple diagrams for the explanation of data
structures, algorithms, etc.
![[Diagram example]](http://lwn.net/images/ns/grumpy/diagram-example.png)
See, for example, the diagram to the right, which comes from the
kobject introduction in the
Driver Porting Series. These images
can be a useful form of hand waving when complex subjects are being
discussed.
Back in the Golden Age of Proprietary Unix (around SunOS 3 or 4,
say), there weren't a whole lot of tools available for image editing. If
you youngsters out there want to get a feel for how desperate those times
could be, consider this: we often had to resort to tools like the LaTeX
picture mode to create drawings in digital form. Happily, things have
gotten better since then.
Things aren't enough better, however, that your editor has stopped keeping
an eye out for a better tool. This article is an attempt at summarizing
the current state of the art in free drawing editors. The emphasis here is
very much on the creation of diagrams and technical drawings; we'll not be
looking for the best tool for the creation of birthday party invitations,
pneumatic science fiction art, obnoxious animated banner ads, or beautiful
but incomprehensible icons. Your editor is trying to get some work done
and needs a diagram editor which doesn't drive him nuts.
idraw
For the first stop, we might as well complete the history lesson. Back in
the early days of X11, there were many efforts to produce The One Toolkit
which would unify the desktop. Actually, that situation hasn't changed a
whole lot in 15 years. One of the early efforts was a C++ framework called
InterViews. InterViews failed to change the world directly, though many of
its ideas and lessons have lived on in the design patterns community and in
projects like Fresco.
InterViews did, however, produce a drawing tool named idraw, which, for
years, was the definitive free drawing package. It combined full
functionality (for the time) with a well-thought-out interface and a nice
set of keyboard shortcuts. Creating drawings with idraw was a quick and
painless process. idraw stored its output as PostScript files, making the
drawings easy to print and the quality relatively good.
One might think that idraw's day has passed, given that
the InterViews team has not produced a release in over ten years. As it
turns out, however, there is a project (called ivtools) which is dedicated to
the maintenance and improvement of the InterViews toolkit and associated
tools. Releases are rare, but ivtools-1.0.4 came out last February.
That said, the simple fact is that idraw's time has passed. This program
has had little in the way of development for over a decade, it can't export
to interesting image file formats, it has no concept of layers, it depends
on a large toolkit that nobody uses, and it is a major unpleasant pain to
install. InterViews was an important step toward where we are today, but
even a grumpy editor sees the need to move beyond the 1980's and look at
what is being hacked on now.
XFig
![[XFig]](/images/ns/grumpy/xfig-sm.png)
Another tool with a long history is XFig. It shows many of the distinguishing
characteristics of an early X11 program (though it actually had its start
with SunView): home-brewed widgets, unique keyboard and mouse conventions,
etc. It is, however, a highly capable tool. XFig supports most of the
features one would expect from this sort of utility, though they can
sometimes be hard to find. It has a sort of layer support (it works by
assigning a numeric "depth" to every object), can export to any format one
could imagine, allows the creation of libraries of customized objects, etc.
XFig understands attachment points: when told to, it will stretch lines
which connect objects to each other to keep those connections when an
object is moved.
On the down side, XFig can only undo the most recent operation. Its
keyboard shortcuts are like those of no other application, and will take
some getting used to. The interface is highly modal; XFig's window
includes an area saying what the three mouse buttons will do at any given
time for a reason. Grouping objects, for example, requires selecting the
group "tool," selecting individual objects with the left button or
picking the corners of rectangles with middle button, then completing the
operation with the right button. Your editor's biggest problem with XFig,
however, is the quality of its image output. He might not be an artist,
but he would still rather see his work rendered with nice fonts and
antialiased lines. XFig's output prints nicely, but does not work as well
on the web; given that XFig is oriented toward tasks like the production of
complicated circuit diagrams, that is not entirely surprising.
Tgif
Tgif boasts a release
history going back to 1990; recent releases appear to be coming about once
![[Tgif]](/images/ns/grumpy/tgif-sm.png)
per year. This tool resembles XFig in a number of ways; it, too, features
home-brew widgets and a unique interface. Tgif does have a more
conventional set of keyboard bindings, at least; Control-S will save the
current file, for example. Tgif's interface includes a sort of control panel where one
can spend a long time cycling through the various options (font sizes,
colors, fill patterns, etc.); fortunately, the menus provide a quicker way
of setting these attributes. Attachments are supported, making the
rearranging of diagrams easy.
Tgif does not support layers, which is a major disadvantage. Actually,
that is not quite true: it does have a "color layers" mode where each color
is rendered into a separate layer. This mode may be useful for certain
types of printed output, or for certain types of drawings (schematic
diagrams, perhaps) where objects in different colors really should be
separated. Tgif also allows drawings to have multiple pages; among other
things, these can be used to create animated GIF images. Your editor would
gladly trade both capabilities for a decent layering mechanism.
Tgif has a set of image editing functions that might have been better left
to the Gimp. What it does not have, alas, is antialiased image output.
Actually, exporting to images is strange in general; one must set the
"print format" to the desired image format, then "print" the diagram. The
image will be created without prompting for a name, and without regard to
any file which may have already existed with the chosen name.
Documentation for Tgif is sparse as well.
OpenOffice.org
OpenOffice.org comes with a drawing
tool which has been getting more capable over time.
![[OpenOffice]](/images/ns/grumpy/ooffice-sm.png)
As one might expect, it has almost every function imaginable, including 3D
effects, a library of tiled background images, attachments, etc.
OpenOffice may well be the only free drawing editor which performs
spell-checking. It supports layers, though the interface to layers is
clunky at best. Your editor must confess that OpenOffice tends to drive
him nuts. It can reset drawing attributes at unexpected times, it never
remembers what image format you exported to, and it is generally not the
fastest application on the processor. OpenOffice is a sort of Swiss Army
Knife; it can perform almost any function, but, for any given function, it
tends not to perform as well as a more focused tool.
OpenOffice will export to an unbelievable number of formats, including
(perhaps uniquely) PDF. When your editor exported to PNG, however, he got
the same old jagged lines. OpenOffice also exports a full page image,
while most other drawing editors will create an image which fits the
drawing.
All of the above notwithstanding, OpenOffice.org's editor is a worthwhile
addition to the Linux desktop.
Karbon14
Once upon a time, KDE had a program called Killustrator. The name ran into
trademark problems, which were circumvented by renaming the tool "Kontour."
![[Karbon14]](/images/ns/grumpy/karbon2-sm.png)
But then the developers stopped working on Kontour, and that problem proved
harder to get around. So now, instead, the KDE project is pushing a tool
called Karbon14; it can be
found in KDE 3.2.
Karbon14 appears to be aimed at more artistic uses; it thus lacks some of
the features (snap to grid, attachments, arrow drawing) which are useful for diagram
creation. On the other hand, it has tools for drawing gradients and drop
shadows, as well as more dubious features like the "star" and "spiral"
tools. Karbon supports layers, but seems to want to put every object into
its own layer. It has a multi-level undo feature. There is also a plugin
mechanism for the addition of special effects.
Unfortunately, what Karbon14 also has is lots of bugs. Your editor, who
tried both the Fedora Core 2 Test 3 and Debian unstable
builds, found the tool easy to crash. The "zoom tool" can put it
into an infinite loop. Drawing polylines can produce hallucinogenic
results. Text drawing was never seen to work on either system. An attempt
to export to PNG yielded a solid black image - that is one way to get rid
of aliasing problems, but the results are not very helpful for web publication.
In all fairness, one should note that Karbon14 is currently at version
0.1. This tool has the potential to evolve into a capable, highly-featured
drawing editor. But it's not yet ready for a grumpy editor's desktop.
Dia
![[Dia]](/images/ns/grumpy/dia-sm.png)
GNOME's entry in the diagram editor category is dia.
This tool, currently at version 0.93 (released without fanfare on
May 1), has been no stranger to obnoxious
bugs in the past, but it has stabilized nicely over the last year or so.
It is, at the moment, your editor's diagram editor of choice.
Dia is clearly oriented toward the creation of diagrams. It has
snap-to-grid, layers, attachments, and several libraries of objects for
schematics, flowcharts, UML diagrams, etc. On the other hand, it lacks
gradient editors, 3D swirl generators, shadows, and fancy background
clip-art. Dia does beautiful antialiasing, both on-screen and in image
exports. On the other hand, control of object attributes is inconsistent
and sometimes hard to find. Rectangle filling is controlled by
double-clicking on the rectangle tool icon; control of arrowhead dimensions
is, instead, obtained by selecting "details" at the end of a long list of
possible arrow types. Alignment and grouping operations require navigating
through a series of cascading menus; some keyboard shortcuts would be nice
here.
Dia also has a reasonably comprehensive set of configuration options, which
is always a nice surprise in a GNOME application. For example, it is
possible to turn off the "switch back to the select tool after every
operation" mode that seems to be so popular in modern interfaces, but which
your editor finds obnoxious. Dia features a Gimp-style right-button menu
which provides access to everything, but that menu can be replaced with a
toolbar by tweaking the appropriate preference.
In conclusion...
A few other packages are worth a quick mention:
- Xdraft looks like an
attempt to make a serious free drafting application. Unfortunately,
it also looks like it has gone idle over the last year.
- Sodipodi
is a well-advanced vector drawing package. It is aimed more at
artists than creators of cheap diagrams, however, so it has not been
reviewed in detail here.
- If you wander deeply enough into the
Gimp's menus, you'll find GFig,
which appears to be an attempt to graft some vector drawing operations
into that utility. GFig may work for adding certain effects to
images, but it still doesn't turn the Gimp into a drawing editor; the
Gimp has many strengths, but this is not one of them.
As this survey shows, the free software community offers a wealth of
diagram editing tools. Many of them have reached a reasonable level of
maturity though, like people, they are aging in different ways. These
applications are seeing substantial development and are evolving quickly.
Before long, the community should have some of the best tools available
anywhere. Grumpy creators of hand-waving diagrams everywhere should
rejoice.
Comments (58 posted)
Fighting software patents: a report from Brussels
May 5, 2004
This article was contributed by Tom Chance.
"Power to the Parliament" is not a typical slogan for any demonstration, but
when the demonstrators are predominantly young businessmen and programmers,
you can be sure something new is happening. In response to legislation
concerning software patents, hackers and entrepreneurs across the EU, and in
nations just joining the EU, have come together first to convince Parliament
of their cause, and now to defend Parliament against the European Commission
and Council. Last week saw a demonstration and a series of conferences that
mark a watershed in the political organization and awareness among the
members of this new
movement; GNU/Linux user groups, hackers from MPlayer, consultants from
MySQL, activists from the FFII, UKCDR, APRIL, FSF Europe and more hackers,
journalists and bemused bystanders met to talk not about code but about
politics, and without any trolls in sight.
First, a little background for context. Last year saw the Foundation for a
Free Information Infrastructure's (FFII) campaign against software patents
take center stage in the hacker world as the European Parliament began to debate
the issue. After frenzied lobbying in late August and September, an amended
piece of legislation was passed, explicitly banning software patents.
But the victory was short-lived, as the European Council and Commission took
the bill and published their interpretation, removing all of the amendments
the anti-software patent activists fought so hard for. A lot of EU
legislation goes through this sort of complex procedure, known as
"co-decision", where
the legislative and executive branches both develop the legislation.
On the morning of Wednesday, April 14, a demonstration launched two days of
protests and discussion to counter the Council and Commission's position.
The demonstration itself was a visual but low-key event, with between 500 and
800 people marching around Brussels with yellow balloons, banners and a few
sandwich boards. The march culminated with a pantomime outside the European
Commission, satirizing the Commission's tendency to listen to big business
(principally Nokia) rather than Small and Medium Enterprises and
individuals; there was also a human chain and an en-mass balloon release.
Almost as soon as it had finished, we entered the European Parliament for the
conference on software patents, organized by the FFII and the
International Institute of Infonomics.
The purpose of the conference was to bring key activists, MEPs and experts
together to continue the discussion of software patents in Europe, and to try
to measure the effects of the two competing legislations (Parliament's and
the Council's).
The first panel, discussing "Recent Developments in Granting and Use of ICT
Patents", gave software patent experts, business owners and activists a
chance to clarify the extent of patent granting and the effects it has
already had on business in Europe. The presentations were informative, though
not controversial for the majority of the participants; they indicated that
approximately 20,000 software patents have been granted in Europe, and that,
though unenforceable, they have already done considerable damage to many
small businesses. Most of the problems seemed to be caused by companies
needing to file software patents as a means of defense against litigation,
and to counter other companies' patent portfolios.
The second panel, discussing "EU Legislation Benchmarking: Parliament's vs
Council's version of Software Patent Directive" was perhaps more interesting.
Sitting next to anti-software patent law scholars and activists were
representatives from the European Commission and the European Patent Office
(EPO). The law scholars and activists described, from an academic rather than
a pragmatic point of view, why software is un-patentable, and why the software
industry doesn't even need them. Then we listened to the EPO claim that they
didn't file any software patents, and that they saw the legislation as a
clarifying exercise, and the Commission claim, with little substantial
argument or empirical evidence, that their legislation would help the
industry. Commission representatives also implied, amazingly, that the
legislative process in this
case ought to aim to settle the issue soon rather than take the time to
approach the problem more carefully.
The third and final panel discussed "Competitivity of Knowledge Economies",
and gave MEPs and economists the chance to present their views on where
software patents lie in the broader picture of Europe's "ICT economy". Moving
away from arguments about software patents per se, they presented various
analyses of how European industry might lose out in the future
if software patents were introduced.
The next day, we attended a second conference, organized by the FFII and the
Green-EFA Alliance, focusing on the place of
free software in Europe in general. The day opened at 9am with a series of
presentations from GNU/Linux User Groups (G/LUGs) from around Europe,
explaining to the many MEPs, Parliamentary assistants and other outsiders
what G/LUGs are, what they do, what free software is, and how the free
software community works. In contrast to the previous day's conference, there
was a good opportunity for discussion, and many activists got the opportunity
to discuss how G/LUGs can improve their relationships with each other, and
with the EU.
Following this, there was a rather anarchic installfest. Various MEPs had
Mandrake Linux installed on their PCs, while the rest of the conference's
participants milled around talking to each other, and in my case, phoning
more MEPs for meetings.
The conference reconvened after lunch, for three more panels. The first was on
"Fair Use / Copie Privée, and proved, for the geeks in the room, far more
familiar. A lawyer from the EFF, Jon Lech Johansen (DeCSS) and a lawyer from
Test-Achat, a Belgian civil rights group, discussed with the floor the state
of "fair use" law within the EU, touching on DVDs, audio CDs and DRM in
general. Aside from general discussion, we were treated to a brief exchange
between the EFF and a person defending
Blizzard's case against
bnetd.
The second and third panels continued in much the same vein, discussing free
and open source software in Europe. The afternoon produced a growing
consensus that we ought to be pushing for Free Software in the public sector
across Europe far harder, and seemed to bolster the support from MEPs. By the
end of the conference, most seemed considerably more excited by the future
than before.
But aside from the many discussions, it is important to ask: what did the two
days achieve? We cannot defeat the European Commission and Council over
software patents, and place Free Software at the heart of Europe's ICT
economy, with words alone. Fortunately, though no major tangible
breakthroughs were made, the community came away with a lot of substantial
work done, and some good plans for the future.
G/LUGs across Europe, through Eurolinux and the FFII's mailing lists, will be
drafting strategies to work together to promote Free Software more
effectively, drawing on each others' successes. A first draft of such a
document was written during the conference, and translated into two or three
languages by willing hackers. The FFII is now leading a project tentatively
called the MEP Toolbox, to develop a comprehensive database of MEP's
positions on important digital rights issues, and an accompanying lobbying
guide for inexperienced hackers. And, as a personal measure of its success,
during the recent Linux User & Developer Expo in London, the FFII-UK, the
UKCDR and the AFFS got their heads together (one of which being mine) to work
out a more effective strategy of cooperation and campaigning.
So long as the enthusiasm can be maintained, and promises and ideas developed
in Brussels can be turned into concrete deeds, the future in Europe certainly
looks a lot brighter than it did a few weeks ago. We may have the beginnings of
a Europe-wide movement that can effectively tackle digital rights issues, and
push Free Software. We just need to ensure we don't renege on our promises.
Comments (12 posted)
Page editor: Jonathan Corbet
Security
82% of email is spam
According to
this
eSecurity Planet article, 82% of all email which was sent in April was
spam. That is the highest level ever measured - so far. Informal
measurements here at LWN suggest that the 82% figure could even be a little
low; some of our accounts here are receiving well over 1200 spams per day.
The cost of this endless stream of garbage is eventually going to push some
part of the system to the breaking point. And the results may not be
good. As the spam problem gets worse, most email users will be willing to
accept almost anything from their ISPs or legislators which promises to
improve things. It would not be surprising to see power grabs
coming from several directions as the usual cynical forces try to take
advantage of the situation. Are we ready for a world of centralized email
systems, proprietary protocols which limit bulk mailing to "authorized"
merchants, and new laws giving governments power to monitor and restrict
email content?
If we're not ready for those things, we're going to have to think again
about how to fight this problem. Filtering can be highly effective, but it
does little for many of the costs of spam, including bandwidth usage and
compromised servers. Filtering also does not work for all users. Somehow,
a way must be found to keep spammers and their output off the net. If we
can't come up with a way to do that which preserves the freedoms that have
made the net what it is, we're likely to see rather less palatable
attempted solutions imposed by others.
Comments (54 posted)
New vulnerabilities
eterm: command execution
| Package(s): | eterm |
CVE #(s): | CAN-2003-0068
|
| Created: | April 29, 2004 |
Updated: | May 5, 2004 |
| Description: |
eterm has a vulnerability in which
escape codes can be inserted by an attacker to cause the
user to execute malicious commands. |
| Alerts: |
|
Comments (none posted)
flim: insecure file creation
| Package(s): | flim |
CVE #(s): | CAN-2004-0422
|
| Created: | May 5, 2004 |
Updated: | December 16, 2004 |
| Description: |
The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files. |
| Alerts: |
|
Comments (none posted)
kolab: password disclosure
| Package(s): | kolab |
CVE #(s): | |
| Created: | May 5, 2004 |
Updated: | May 27, 2004 |
| Description: |
Kolab stores passwords in plain text format, and these passwords can read from the underlying LDAP database. See this advisory for more information. |
| Alerts: |
|
Comments (3 posted)
LHA: stack buffer overflows and directory traversal flaws
| Package(s): | LHA |
CVE #(s): | CAN-2004-0234
CAN-2004-0235
|
| Created: | April 30, 2004 |
Updated: | June 11, 2004 |
| Description: |
LHA is an archiving and compression utility for LHarc format archives. Ulf
Harnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. See this advisory+patch for more details.
CAN-2004-0234: An attacker could exploit the buffer overflows by creating a
carefully crafted LHA archive in such a way that arbitrary code would be
executed when the archive is tested or extracted by a victim.
CAN-2004-0235: An attacker could exploit the directory traversal issues to
create files as the victim outside of the expected directory. |
| Alerts: |
|
Comments (2 posted)
libpng: denial of service vulnerability.
| Package(s): | libpng |
CVE #(s): | CAN-2004-0421
|
| Created: | April 29, 2004 |
Updated: | June 11, 2004 |
| Description: |
The PNG library can accesses memory that is out of bounds when
creating an error message, this can be exploited by a malformed
PNG image file. |
| Alerts: |
|
Comments (none posted)
mc: multiple vulnerabilities
| Package(s): | mc |
CVE #(s): | CAN-2004-0226
CAN-2004-0231
CAN-2004-0232
|
| Created: | April 29, 2004 |
Updated: | May 26, 2004 |
| Description: |
Midnight Commander
has multiple vulnerabilities including buffer overflows,
insecure temp files, and format string problems. |
| Alerts: |
|
Comments (none posted)
proftpd privilege escalation
| Package(s): | proftpd |
CVE #(s): | |
| Created: | April 30, 2004 |
Updated: | May 19, 2004 |
| Description: |
A portability workaround was applied in version 1.2.9 of the FTP server ProFTPD. As a side-effect, CIDR based
(aaa.bbb.ccc.ddd/NN) ACL entries in "Allow" and "Deny" directives act like
an "AllowAll" directive and so FTP clients are granted access to files and
directories although the server configuration might explicitly deny this.
See this bug
report. |
| Alerts: |
|
Comments (none posted)
rsync remote file write attack
| Package(s): | rsync |
CVE #(s): | CAN-2004-0426
|
| Created: | April 30, 2004 |
Updated: | July 12, 2004 |
| Description: |
See the rsync homepage for the
April 2004
advisory: "There is a security problem in all versions prior to
2.6.1 that affects only people running a read/write daemon WITHOUT using
chroot. If the user privs that such an rsync daemon is using is anything
above "nobody", you are at risk of someone crafting an attack that could
write a file outside of the module's "path" setting (where all its files
should be stored). Please either enable chroot or upgrade to 2.6.1. People
not running a daemon, running a read-only daemon, or running a chrooted
daemon are totally unaffected." |
| Alerts: |
|
Comments (none posted)
samba: local root and symlink vulnerabilities
| Package(s): | samba |
CVE #(s): | |
| Created: | April 29, 2004 |
Updated: | May 5, 2004 |
| Description: |
Two vulnerabilities in Samba have been found.
Smbfs has a setuid root exploit problem, and smbprint has a
tempfile symlink vulnerability. |
| Alerts: |
|
Comments (none posted)
sysklogd: heap overflow
| Package(s): | sysklogd |
CVE #(s): | |
| Created: | April 29, 2004 |
Updated: | May 5, 2004 |
| Description: |
Sysklogd has a memory allocation vulnerability that can allow
a malicious attacker to write to unallocated memory and crash
sysklogd. |
| Alerts: |
|
Comments (none posted)
xine-lib: malicious code execution
| Package(s): | xine-lib |
CVE #(s): | CAN-2004-0433
|
| Created: | May 3, 2004 |
Updated: | May 28, 2004 |
| Description: |
A vulnerability exists in xine-lib where playing a specially crafted Real
RTSP stream could run malicious code as the user playing the stream. More
details can be found in this
advisory. The problem has been fixed in xine-lib 1-rc4. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
apache - denial of service in mod_ssl
| Package(s): | apache |
CVE #(s): | CAN-2004-0113
|
| Created: | April 13, 2004 |
Updated: | May 25, 2004 |
| Description: |
A memory leak has been discovered in mod_ssl that may be triggered by
sending normal HTTP requests to the Apache HTTPS port. An attacker can
exploit this vulnerability to consume all memory available in the server,
thus causing a denial of service condition. This problem has been fixed in
Apache 2.0.49. |
| Alerts: |
|
Comments (none posted)
cvs: client-side file overwrite vulnerability
| Package(s): | cvs |
CVE #(s): | CAN-2004-0180
|
| Created: | April 14, 2004 |
Updated: | May 18, 2004 |
| Description: |
The cvs client is vulnerable to a pathname vulnerability which can allow a hostile server to overwrite files on the local system. The cvs server is subject to a similar vulnerability which allows the checkout of RCS archives anywhere on the server system. Versions 1.11.15 and 1.12.7 fix the problem. |
| Alerts: |
|
Comments (none posted)
ethereal - multiple vulnerabilities
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
ident2 buffer overflow
| Package(s): | ident2 |
CVE #(s): | CAN-2004-0408
|
| Created: | April 22, 2004 |
Updated: | April 28, 2004 |
| Description: |
Jack <jack -AT- rapturesecurity.org> discovered a buffer overflow in
ident2, an implementation of the ident protocol (RFC1413), where a
buffer in the child_service function was slightly too small to hold
all of the data which could be written into it. This vulnerability
could be exploited by a remote attacker to execute arbitrary code with
the privileges of the ident2 daemon (by default, the "identd" user). |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
racoon: failure to verify signatures
| Package(s): | ipsec-tools racoon |
CVE #(s): | CAN-2004-0155
|
| Created: | April 7, 2004 |
Updated: | August 19, 2004 |
| Description: |
Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
racoon: denial of service vulnerability
| Package(s): | ipsec-tools racoon iputils |
CVE #(s): | CAN-2004-0403
|
| Created: | April 26, 2004 |
Updated: | July 29, 2004 |
| Description: |
racoon does not check the length of ISAKMP headers. Attackers may be able
to craft an ISAKMP header of sufficient length to consume all available
system resources, causing a Denial of Service. This advisory contains additional
details. |
| Alerts: |
|
Comments (none posted)
kdelibs: cookie disclosure
| Package(s): | kdelibs |
CVE #(s): | CAN-2003-0592
|
| Created: | March 10, 2004 |
Updated: | August 24, 2004 |
| Description: |
kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. |
| Alerts: |
|
Comments (none posted)
kdepim: VCF file information reader vulnerability
| Package(s): | kdepim |
CVE #(s): | CAN-2003-0988
|
| Created: | January 15, 2004 |
Updated: | May 26, 2004 |
| Description: |
KDE has issued a security advisory for all
versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4
inclusive. A carefully crafted .VCF file potentially enables local
attackers to compromise the privacy of a victim's data or execute arbitrary
commands with the victim's privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to
this issue. |
| Alerts: |
|
Comments (none posted)
kernel: symlink overflow in the iso9660 filessytem
| Package(s): | kernel |
CVE #(s): | CAN-2004-0109
|
| Created: | April 14, 2004 |
Updated: | July 15, 2004 |
| Description: |
The 2.4 and 2.6 kernels contain a
vulnerability in the iso9660 (CDROM) filesystem which can be used by a
local attacker to obtain root privileges. The exploit requires creating a
specially-crafted filesystem and getting the kernel to mount it. Many
systems are configured to automatically mount CDs on insertion, however, so
the possibility of this vulnerability being exploited by users with
physical access to the system is real. The 2.4.26 kernel contains the fix,
which will also be merged into the upcoming 2.6.6 release. |
| Alerts: |
|
Comments (none posted)
kernel - root exploit in MCAST_MSFILTER
| Package(s): | kernel |
CVE #(s): | CAN-2004-0424
|
| Created: | April 22, 2004 |
Updated: | June 11, 2004 |
| Description: |
A locally exploitable integer overflow has been found the multicast code
of the Linux kernel versions 2.4.22 to 2.4.25 and 2.6.1 - 2.6.3. A
successful exploit could lead to full superuser privileges. |
| Alerts: |
|
Comments (1 posted)
Linux kernel 2.2.10 failing function and TLB flush vulnerability
| Package(s): | kernel-source-2.2.10 |
CVE #(s): | CAN-2004-0077
|
| Created: | March 18, 2004 |
Updated: | June 4, 2004 |
| Description: |
A local root exploit is possible due to early flushing of the
TLB. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
LCDproc: Buffer overflows and format string vulnerabilities
| Package(s): | LCDproc |
CVE #(s): | |
| Created: | April 27, 2004 |
Updated: | April 28, 2004 |
| Description: |
Due to insufficient checking of client-supplied data, the LCDd server
is susceptible to two buffer overflows and one string buffer
vulnerability. If the server is configured to listen on all network
interfaces (see the Bind parameter in LCDproc configuration), these
vulnerabilities can be triggered remotely. |
| Alerts: |
|
Comments (none posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | July 21, 2004 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
logcheck: symlink vulnerability
| Package(s): | logcheck |
CVE #(s): | CAN-2004-0404
|
| Created: | April 21, 2004 |
Updated: | December 22, 2004 |
| Description: |
The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files. |
| Alerts: |
|
Comments (none posted)
mailman denial of service
| Package(s): | mailman |
CVE #(s): | CAN-2003-0991
|
| Created: | February 9, 2004 |
Updated: | May 25, 2004 |
| Description: |
Matthew Galgoci of Red Hat discovered a Denial of Service (DoS)
vulnerability in versions of Mailman prior to 2.1. An attacker could send
a carefully-crafted message causing mailman to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0991 to this issue. |
| Alerts: |
|
Comments (1 posted)
metamail: integer and buffer overflows
| Package(s): | metamail |
CVE #(s): | CAN-2004-0104
CAN-2004-0105
|
| Created: | February 18, 2004 |
Updated: | May 21, 2004 |
| Description: |
Versions of metamail through 2.7 contain a set of integer and buffer overflows which are remotely exploitable via a properly crafted message. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: denial of service vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2003-0973
|
| Created: | January 27, 2004 |
Updated: | October 4, 2004 |
| Description: |
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilties
| Package(s): | mozilla |
CVE #(s): | CAN-2003-0594
CAN-2003-0564
|
| Created: | March 10, 2004 |
Updated: | August 19, 2004 |
| Description: |
Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
MySQL: temporary file vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2004-0381
CAN-2004-0388
|
| Created: | April 14, 2004 |
Updated: | August 18, 2004 |
| Description: |
The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system. |
| Alerts: |
|
Comments (none posted)
neon: format string vulnerabilities
| Package(s): | neon |
CVE #(s): | CAN-2004-0179
|
| Created: | April 14, 2004 |
Updated: | May 18, 2004 |
| Description: |
The neon WebDAV library contains format string vulnerabilities which may be exploited by a hostile DAV server. This vulnerability exists in utilities which use neon, including cadaver and OpenOffice.org. |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
postfix: denial of service vulnerabilities
| Package(s): | postfix |
CVE #(s): | CAN-2003-0468
CAN-2003-0540
|
| Created: | August 5, 2003 |
Updated: | May 27, 2004 |
| Description: |
The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details. |
| Alerts: |
|
Comments (none posted)
python: buffer overflow
| Package(s): | python |
CVE #(s): | CAN-2004-0150
|
| Created: | March 10, 2004 |
Updated: | October 11, 2004 |
| Description: |
Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. |
| Alerts: |
|
Comments (none posted)
ssmtp format string vulnerability
| Package(s): | ssmtp |
CVE #(s): | CAN-2004-0156
|
| Created: | April 15, 2004 |
Updated: | May 7, 2004 |
| Description: |
Max Vozeler discovered two format string vulnerabilities in ssmtp, a
simple mail transport agent. Untrusted values in the functions die()
and log_event() were passed to printf-like functions as format
strings. These vulnerabilities could potentially be exploited by a
remote mail relay to gain the privileges of the ssmtp process
(including potentially root). |
| Alerts: |
|
Comments (none posted)
sysstat: temporary file vulnerability
| Package(s): | sysstat |
CVE #(s): | CAN-2004-0107
CAN-2004-0108
|
| Created: | March 10, 2004 |
Updated: | October 4, 2004 |
| Description: |
The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 9, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vu |
