LWN.net Logo

LWN.net Weekly Edition for May 13, 2004

The Grumpy Editor's diagram editor followup

Last week's review of several diagram editors attempted to be comprehensive, but, inevitably, a few were missed. Here, your editor will attempt to do penance by looking at a few tools which were passed over last time. [Kivio]

Kivio had actually been considered for the previous article. Your editor, however, had seen a tool which, apparently, could only draw lines and text. Thinking that kivio must be a little too young for a real review, your editor set it aside and moved on. Kivio users will understand the problem at this point: your editor missed the little icon [Kivio icon] (shown at left) in the toolbar which loads stencils into the system. Kivio, the main purpose of which is the creation of flowcharts, is all about stencils. A large set of stencils is provided with the program; they include the full library of shapes from Dia, national flags, a map of Belgium, UML symbols, and "people shapes" including a woman in a bikini. Working with kivio is really a matter of finding the stencils you like, dragging them onto the screen, and drawing lines between them.

Strangely, there seems to be no mechanism built into kivio for the creation and editing of stencils; they all would appear to come from the outside. Nothing in the menus or online documentation says anything about how to get stencils into the system. Unless, of course, you want to buy the proprietary stencil builder or get some stencils on a per-seat license from theKompany.com.

Kivio has a number of the features your editor was looking for, including layers, attachment points, etc. But the simple fact is that kivio is an awkward and difficult tool to work with. Attributes (colors, line widths, arrowheads, etc.) must be set individually for every object; there appears to be no way to get kivio to apply user-specified attributes to new objects. There is no way to adjust the dimensions of arrowheads (and, interestingly, the "start arrowhead" appears at the second point of the connector). Connectors can only be straight lines. Alignment operations are done via a separate, popup dialog. The "docker" feature, which puts tools like the layer manager on the edge of the diagram, looks cute, but the tools are forever popping in and out when the diagram is being edited. Kivio cannot export to an image file; it is limited to KOffice format or (via the print operation) PostScript or PDF.

Kivio is a reasonable tool for some simple tasks now, and may well develop into a capable, general-purpose diagram editor eventually. But it is not up to your editor's needs at this time.

[Skencil] Skencil (formerly "sketch") was highly recommended by some LWN commenters. Skencil, in its stable version, is a Tk-based vector drawing package. This tool is currently being reworked to use GTK instead, but that version is not yet ready for release. Skencil has many of the typical drawing functions, and it supports layers. It does not support attachment points, and it cannot export to image formats.

Once again, your editor found this tool to be awkward and frustrating to work with. The interface is highly modal and confusing at times. Changing the default attributes of objects is hard. The arc-drawing tool is very confusing to use at the outset (though, once you get the hang of it, it turns out to be a powerful tool). The alignment operations require dealing with a separate dialog.

On the other hand, skencil has some slick features, such as the ability to draw text along an arbitrary path. There is a plugin mechanism allowing the addition of new features programmed in Python. Skencil also can import images in a number of formats. It may well be a useful tool for those engaged in more artistic pursuits; it is not, however, the best diagramming tool out there.

[Inkscape] Finally, your editor took a look at inkscape. As a drawing tool, inkscape has a nice feature set; it has a reasonable set of drawing options, a full set of path operations, etc. Perhaps the biggest omission is the lack of support for layers. For the creation of diagrams, however, inkscape is not the right tool. There are no attachment points, no arrowheads, and no image export. Inkscape's priorities are simply elsewhere.

Worth a quick mention: if your main interest is the creation of UML diagrams, Umbrello may be worth checking out. It is, however, very much a special-purpose tool, with UML assumptions wired deeply into it; as such, it's not suitable for more general purpose diagramming.

To conclude: your editor will stick with dia for now for his cheesy diagram creation needs. Of all the tools reviewed, dia stands out for its focus on this particular task, the quality of its output, and its ease of use. There is a lot of development happening in this area, however; the situation could well be different next year.

Comments (17 posted)

What's in store for GCC

May 12, 2004

This article was contributed by Joe 'Zonker' Brockmeier.

The 2004 GCC & GNU Toolchain Developers' Summit will take place June 2nd through June 4th in Ottawa, Canada. GCC developers from around the world will get together to discuss the "state of the art," and the long term roadmap for GCC.

The conference presentations give some insight into the focus of the developers who are working on GCC, and technical direction for the project. For example, last year's GCC Developers' Summit included three talks on support for 64-bit systems, including the IBM's S/390 and x86-64 architecture. If last year's Summit is any example, you can expect GCC to include many of the features that are being talked about this year at the Summit.

One heavy focus that's carried over from last year is testing and benchmarking code produced by GCC. Árpád Beszédes of the University of Szeged will be speaking about the Code-Size Benchmark Environment (CSiBE) for GCC, which is used to measure the size of code produced by GCC. (Beszédes's paper from last year is available for those who are interested.) Paolo Carlini of SUSE is also focusing on performance in his presentation, on approaches being used to improve performance in the GNU Standard C++ Library v3 (libstdc++-v3).

David Edelsohn will present a paper on loop optimizations for GCC using high-level loop transformations. The loop optimizations described by Edelsohn are implemented on top of Tree SSA, which was an up-and-coming project for GCC when described at last year's GCC Developers' Summit. (Slides in PDF are available.) Now it's headed for inclusion in GCC 3.5. (See this week's Development Page for more information on Tree-SSA).

Diego Novillo will be speaking about the design and implementation of Tree SSA this year. According to Novillo, several other GCC optimizations are being implemented on top of Tree SSA as well. Dorit Naishlos will be speaking about another optimization technique, automatic vectorization, that is implemented on top of Tree SSA.

Users of the GNU Compiler for the Java Programming Language (GCJ) may be interested in Andrew Haley and Tom Tromey's paper on the new GCJ binary-compatibility ABI which will "let us upgrade the compiler and runtime library in many useful ways without requiring any application-level recompilation," instead of breaking binary compatibility with each new release. Nathan Sidwell's presentation will make the case for implementing statically typed trees in GCC, with an outline for a full conversion from dynamically typed trees.

In all, there are fifteen scheduled presentations, and two Birds of a Feather session, for the Summit. Abstracts for all of the paper presentations are available on the GCC Developers' Summit website. For those with a little extra time on their hands, registration for the event is open and it promises to be a fun three days for anyone interested in GCC and compiler development.

Comments (none posted)

Quick SCO notes

SCO's suit against Novell had a day in court on May 11, when two motions were heard. SCO is trying to get this case moved back to state court, where it expects a more friendly hearing and where certain awkward issues, such as whether copyrights were actually transferred from Novell, cannot be considered. Novell, meanwhile, is opposing the move and is, instead, trying to get the whole case dismissed. Judge Kimball - the same judge presiding over the IBM case - has not yet ruled on either motion as of this writing. Groklaw has an informal transcript of the proceedings.

The $50 million in capital which was pumped into SCO last October is usually termed the "BayStar investment," but, in fact, $30 million of that total came from the Royal Bank of Canada (RBC). RBC made a couple of interesting moves last week:

  • $10 million of that investment has been converted into ordinary SCO shares at $13.50 per share. The value of SCO's stock on the market was less than half that figure at the time, and has declined since; RBC, in other words, is taking a big loss on part of its investment.

  • The rest of RBC's investment has been sold to BayStar at an undisclosed price.

From RBC's point of view, the moves are perhaps understandable. The chances of ever getting the original investment back from SCO were small and shrinking; RBC (or whatever investor is hiding behind RBC) decided to cut its losses and get out while it still could.

BayStar's motivation is a little harder to comprehend. After all, BayStar stated last month that it wanted to redeem its investment in SCO and get out; now it has, instead, doubled the number of preferred shares it holds. One assumes that BayStar got the shares for less than their original price, but, given BayStar's public lack of confidence in SCO and its management, why is it increasing its stake in the company?

One possibility which has been raised is that BayStar wants to increase its leverage over the board of directors and thereby improve its chances of forcing management changes on SCO. The RBC shares, if converted, would give BayStar an approximately 20% stake in SCO; enough to be heard, but still nowhere near enough to dictate changes. Alternatively, BayStar may think that, by way of court, it can extract the full $40 million represented by those preferred shares from SCO.

The most ominous possibility, perhaps, is that BayStar may be maneuvering to take possession (or, at least, control) of the IBM suit after SCO collapses. That suit is, after all, the one SCO asset that BayStar sees as being worthwhile. In this scenario, the case could continue long after SCO collapses. BayStar could, conceivably, apply more financial resources to pursuing this case. But no amount of money can make SCO's claims any more legitimate.

Finally, SCO's second fiscal quarter ended on April 30; an earnings report is due within the next few weeks. One assumes that its results will be something other than spectacular. Expect the usual theatrics as SCO's management attempts to distract attention from the fact that the company is losing its traditional customers, is not selling "Linux licenses," and continues to bleed cash.

Comments (8 posted)

Page editor: Jonathan Corbet

Security

Compromised systems: $0.10 each

Much attention has been given to the arrest of the Sasser worm author, but, as this Register article notes, the arrest of the author of Phatbot may be more significant. Phatbot, as described by CERT, propagates from one Windows system to the next via a whole set of vulnerabilities. Once established, it connects to an IRC server and awaits orders on what to do next. Systems compromised by Phatbot can be used for spamming, DOS attacks, and more.

The interesting thing, perhaps, is the note that there is a market for access to Phatbot zombie systems; the going price for "non-exclusive" use of a compromised box is estimated to be about 10 cents.

The emergence of a market for compromised systems has the potential to change the dynamics of the security landscape somewhat. Many compromises are carried out by "script kiddies" who are breaking into systems for the fun of it. Others are attacked by crackers with specific goals: access to supercomputers or confidential information, for example. People who "have nothing worth stealing" on their systems have often taken a relaxed approach to security; even if they get broken into, they claim, there is very little that can actually happen.

In a world where zombie systems can be sold, everybody has something worth stealing. As this market develops, expect an increase in attacks as crackers race each other to control vulnerable systems and the money-making potential they represent. Sooner or later, a niche market for compromised Linux systems is almost certain to come into being as well. That will not be a welcome development for system administrators who were not looking for additional motivation for attacks on their systems.

Comments (4 posted)

New vulnerabilities

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CAN-2003-0993 CAN-2003-0020 CAN-2003-0987 CAN-2004-0174
Created:May 12, 2004 Updated:May 26, 2004
Description: Versions of apache 1 through 1.3.30 include several minor vulnerabilities, including the writing of unescaped data to the error log file, a denial of service vulnerability, and a parsing failure in Allow/Deny rules on big-endian, 64-bit platforms. See the apache 1.3.31 announcement for details.
Alerts:
OpenPKG OpenPKG-SA-2004.021 2004-05-12
Slackware SSA:2004-133-01 2004-05-12
Trustix TSLSA-2004-0027 2004-05-13
Mandrake MDKSA-2004:046 2004-05-17
Mandrake MDKSA-2004:046-1 2004-05-20
Gentoo 200405-22 2004-05-26

Comments (none posted)

clamav: improper string checking

Package(s):clamav CVE #(s):
Created:May 12, 2004 Updated:May 12, 2004
Description: Versions of clamav prior to 0.70 fail to check filenames when responding to viruses; with certain configurations, this failure can allow an attacker to execute arbitrary commands.
Alerts:
Gentoo 200405-03 2004-05-11

Comments (none posted)

exim: stack-based buffer overflows

Package(s):exim exim-tls CVE #(s):CAN-2004-0399 CAN-2004-0400
Created:May 7, 2004 Updated:May 14, 2004
Description: Georgi Guninski discovered two stack-based buffer overflows.

CAN-2004-0399: When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4.

CAN-2004-0400: When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4.

Alerts:
Debian DSA-501-1 2004-05-07
Debian DSA-502-1 2004-05-11
Gentoo 200405-07 2004-05-14

Comments (none posted)

SUSE Live CD: no-password root access

Package(s):SUSE Live CD CVE #(s):
Created:May 12, 2004 Updated:May 12, 2004
Description: The SUSE 9.1 live CD boots with ssh connections enabled and no root password; as a result, a remote attacker can gain privileged access simply by logging in as root.
Alerts:
SuSE SuSE-SA:2004:011 2004-05-06

Comments (none posted)

Updated vulnerabilities

LHA: stack buffer overflows and directory traversal flaws

Package(s):LHA CVE #(s):CAN-2004-0234 CAN-2004-0235
Created:April 30, 2004 Updated:June 11, 2004
Description: LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. See this advisory+patch for more details.

CAN-2004-0234: An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim.

CAN-2004-0235: An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory.

Alerts:
Red Hat RHSA-2004:179-01 2004-04-30
Slackware SSA:2004-125-01 2004-05-04
Conectiva CLA-2004:840 2004-05-06
Gentoo 200405-02 2004-05-09
Fedora FEDORA-2004-119 2004-05-11
Red Hat RHSA-2004:178-01 2004-05-26
Debian DSA-515-1 2004-06-05
Whitebox WBSA-2004:178-01 2004-06-10

Comments (2 posted)

OpenSSL: denial of service vulnerabilities

Package(s):OpenSSL CVE #(s):CAN-2004-0081 CAN-2003-0851
Created:March 17, 2004 Updated:November 2, 2005
Description: Versions 0.9.7a-c of the OpenSSL library suffer from two denial of service vulnerabilities; see the version 0.9.7d release announcement for details.
Alerts:
EnGarde ESA-20040317-003 2004-03-17
Red Hat RHSA-2004:119-01 2004-03-17
Red Hat RHSA-2004:120-01 2004-03-17
SuSE SuSE-SA:2004:007 2004-03-17
Mandrake MDKSA-2004:023 2004-03-17
Netwosix NW-2004-0005 2004-03-17
Debian DSA-465-1 2004-03-17
Gentoo 200403-03 2004-03-17
OpenPKG OpenPKG-SA-2004.007 2004-03-18
Red Hat RHSA-2004:121-01 2004-03-17
Slackware SSA:2004-077-01 2004-03-17
Trustix TSLSA-2004-0012 2004-03-17
Whitebox WBSA-2004:120-01 2004-03-22
Fedora FEDORA-2004-095 2004-03-19
Red Hat RHSA-2004:084-01 2004-03-23
Whitebox WBSA-2004:084-01 2004-03-23
Conectiva CLA-2004:834 2004-03-31
Fedora-Legacy FLSA:1395 2004-05-08
Fedora FEDORA-2005-1042 2005-10-31
Red Hat RHSA-2005:829-00 2005-11-02
Red Hat RHSA-2005:830-00 2005-11-02

Comments (1 posted)

apache - denial of service in mod_ssl

Package(s):apache CVE #(s):CAN-2004-0113
Created:April 13, 2004 Updated:May 25, 2004
Description: A memory leak has been discovered in mod_ssl that may be triggered by sending normal HTTP requests to the Apache HTTPS port. An attacker can exploit this vulnerability to consume all memory available in the server, thus causing a denial of service condition. This problem has been fixed in Apache 2.0.49.
Alerts:
Conectiva CLA-2004:839 2004-04-13
Red Hat RHSA-2004:182-01 2004-04-30
Mandrake MDKSA-2004:043 2004-05-10
Fedora FEDORA-2004-117 2004-05-25

Comments (none posted)

cvs: client-side file overwrite vulnerability

Package(s):cvs CVE #(s):CAN-2004-0180
Created:April 14, 2004 Updated:May 18, 2004
Description: The cvs client is vulnerable to a pathname vulnerability which can allow a hostile server to overwrite files on the local system. The cvs server is subject to a similar vulnerability which allows the checkout of RCS archives anywhere on the server system. Versions 1.11.15 and 1.12.7 fix the problem.
Alerts:
Mandrake MDKSA-2004:028 2004-04-14
SuSE SuSE-SA:2004:008 2004-04-14
Red Hat RHSA-2004:154-01 2004-04-14
Red Hat RHSA-2004:153-01 2004-04-14
OpenPKG OpenPKG-SA-2004.013 2004-04-14
Gentoo 200404-13 2004-04-14
Debian DSA-486-1 2004-04-16
Netwosix NW-2004-0011 2004-04-18
Slackware SSA:2004-108-02 2004-04-17
Whitebox WBSA-2004:153-01 2004-04-19
Fedora FEDORA-2004-110 2004-04-22

Comments (none posted)

eterm: command execution

Package(s):eterm CVE #(s):CAN-2003-0068
Created:April 29, 2004 Updated:May 5, 2004
Description: eterm has a vulnerability in which escape codes can be inserted by an attacker to cause the user to execute malicious commands.
Alerts:
Debian DSA-496-1 2004-04-29

Comments (none posted)

ethereal - multiple vulnerabilities

Package(s):ethereal CVE #(s):CAN-2004-0176 CAN-2004-0365 CAN-2004-0367
Created:March 29, 2004 Updated:June 2, 2004
Description: There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3. More information can be found in this advisory from ethereal.com and in this Eye on Security advisory.
Alerts:
Gentoo 200403-07 2004-03-28
Netwosix NW-2004-0007 2004-03-29
Red Hat RHSA-2004:136-01 2004-03-30
Conectiva CLA-2004:835 2004-03-31
Mandrake MDKSA-2004:024 2004-03-30
Red Hat RHSA-2004:137-01 2004-03-31
OpenPKG OpenPKG-SA-2004.015 2004-04-16
Debian DSA-511-1 2004-05-30

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Debian DSA-154-1 2002-08-15
Red Hat RHSA-2005:005-01 2005-01-05

Comments (none posted)

flim: insecure file creation

Package(s):flim CVE #(s):CAN-2004-0422
Created:May 5, 2004 Updated:December 16, 2004
Description: The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files.
Alerts:
Debian DSA-500-1 2004-05-01
Red Hat RHSA-2004:344-01 2004-08-18
Fedora FEDORA-2004-546 2004-12-15

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Red Hat RHSA-2003:126-01 2003-04-14
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:264-01 2003-09-09
Conectiva CLA-2003:737 2003-09-12
Mandrake MDKSA-2003:093 2003-09-18
Debian DSA-710-1 2005-04-18

Comments (none posted)

iproute: local denial of service

Package(s):iproute net-tools CVE #(s):CAN-2003-0856
Created:November 25, 2003 Updated:December 14, 2004
Description: The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible.
Alerts:
Red Hat RHSA-2003:316-01 2003-11-24
Gentoo 200404-10 2004-04-09
Debian DSA-492-1 2004-04-18
Fedora FEDORA-2004-115 2004-05-11
Fedora FEDORA-2004-154 2004-06-03
Mandrake MDKSA-2004:148 2004-12-13

Comments (none posted)

racoon: failure to verify signatures

Package(s):ipsec-tools racoon CVE #(s):CAN-2004-0155
Created:April 7, 2004 Updated:August 19, 2004
Description: Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details.
Alerts:
Gentoo 200404-05 2004-04-07
Mandrake MDKSA-2004:027 2004-04-08
Whitebox WBSA-2004:308-01 2004-08-19

Comments (none posted)

racoon: denial of service vulnerability

Package(s):ipsec-tools racoon iputils CVE #(s):CAN-2004-0403
Created:April 26, 2004 Updated:July 29, 2004
Description: racoon does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resources, causing a Denial of Service. This advisory contains additional details.
Alerts:
Gentoo 200404-17 2004-04-24
Red Hat RHSA-2004:165-01 2004-05-11
Fedora FEDORA-2004-132 2004-05-19
Whitebox WBSA-2004:165-01 2004-06-10
Fedora FEDORA-2004-197 2004-06-28
Mandrake MDKSA-2004:069 2004-07-14
Red Hat RHSA-2004:308-01 2004-07-29

Comments (none posted)

kdelibs: cookie disclosure

Package(s):kdelibs CVE #(s):CAN-2003-0592
Created:March 10, 2004 Updated:August 24, 2004
Description: kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix.
Alerts:
Debian DSA-459-1 2004-03-10
Mandrake MDKSA-2004:022 2004-03-10
Red Hat RHSA-2004:075-01 2004-03-10
Red Hat RHSA-2004:074-01 2004-03-10
Gentoo 200408-23 2004-08-24

Comments (none posted)

kdepim: VCF file information reader vulnerability

Package(s):kdepim CVE #(s):CAN-2003-0988
Created:January 15, 2004 Updated:May 26, 2004
Description: KDE has issued a security advisory for all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4 inclusive. A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to this issue.
Alerts:
Red Hat RHSA-2004:006-01 2004-01-07
Mandrake MDKSA-2004:003 2004-01-14
Slackware SSA:2004-014-01 2004-01-14
Conectiva CLA-2004:810 2004-01-20
Whitebox WBSA-2004:005-01 2004-02-12
Gentoo 200404-02 2004-04-06
Fedora FEDORA-2004-133 2004-05-19

Comments (none posted)

kernel: symlink overflow in the iso9660 filessytem

Package(s):kernel CVE #(s):CAN-2004-0109
Created:April 14, 2004 Updated:July 15, 2004
Description: The 2.4 and 2.6 kernels contain a vulnerability in the iso9660 (CDROM) filesystem which can be used by a local attacker to obtain root privileges. The exploit requires creating a specially-crafted filesystem and getting the kernel to mount it. Many systems are configured to automatically mount CDs on insertion, however, so the possibility of this vulnerability being exploited by users with physical access to the system is real. The 2.4.26 kernel contains the fix, which will also be merged into the upcoming 2.6.6 release.
Alerts:
Debian DSA-479-1 2004-04-14
Debian DSA-480-1 2004-04-14
Debian DSA-481-1 2004-04-14
Debian DSA-482-1 2004-04-14
Fedora FEDORA-2004-101 2004-04-14
Mandrake MDKSA-2004:029 2004-04-14
SuSE SuSE-SA:2004:009 2004-04-14
Debian DSA-479-2 2004-04-14
Debian DSA-491-1 2004-04-17
Debian DSA-489-1 2004-04-17
Red Hat RHSA-2004:105-01 2004-04-21
Red Hat RHSA-2004:106-01 2004-04-21
Conectiva CLA-2004:846 2004-07-15

Comments (none posted)

kernel - root exploit in MCAST_MSFILTER

Package(s):kernel CVE #(s):CAN-2004-0424
Created:April 22, 2004 Updated:June 11, 2004
Description: A locally exploitable integer overflow has been found the multicast code of the Linux kernel versions 2.4.22 to 2.4.25 and 2.6.1 - 2.6.3. A successful exploit could lead to full superuser privileges.
Alerts:
Trustix TSLSA-2004-0022 2004-04-21
Fedora FEDORA-2004-111 2004-04-22
Red Hat RHSA-2004:183-01 2004-04-22
Mandrake MDKSA-2004:037 2004-04-27
Slackware SSA:2004-119-01 2004-04-28
SuSE SuSE-SA:2004:010 2004-05-05
Whitebox WBSA-2004:183-01 2004-06-10

Comments (1 posted)

Linux kernel 2.2.10 failing function and TLB flush vulnerability

Package(s):kernel-source-2.2.10 CVE #(s):CAN-2004-0077
Created:March 18, 2004 Updated:June 4, 2004
Description: A local root exploit is possible due to early flushing of the TLB.
Alerts:
Debian DSA-466-1 2004-03-18
Debian DSA-514-1 2004-06-04

Comments (none posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

kolab: password disclosure

Package(s):kolab CVE #(s):
Created:May 5, 2004 Updated:May 27, 2004
Description: Kolab stores passwords in plain text format, and these passwords can read from the underlying LDAP database. See this advisory for more information.
Alerts:
OpenPKG OpenPKG-SA-2004.019 2004-05-05
Mandrake MDKSA-2004:052 2004-05-26

Comments (3 posted)

libpng: denial of service vulnerability.

Package(s):libpng CVE #(s):CAN-2004-0421
Created:April 29, 2004 Updated:June 11, 2004
Description: The PNG library can accesses memory that is out of bounds when creating an error message, this can be exploited by a malformed PNG image file.
Alerts:
OpenPKG OpenPKG-SA-2004.017 2004-04-29
Mandrake MDKSA-2004:040 2004-04-29
Debian DSA-498-1 2004-04-30
Trustix TSLSA-2004-0025 2004-04-30
Red Hat RHSA-2004:181-01 2004-04-30
Slackware SSA:2004-124-04 2004-05-02
Fedora FEDORA-2004-105 2004-05-05
Fedora FEDORA-2004-106 2004-05-05
Gentoo 200405-06 2004-05-14
Red Hat RHSA-2004:180-01 2004-05-19
Whitebox WBSA-2004:180-01 2004-06-10

Comments (none posted)

libpng, libpng3: buffer overflow

Package(s):libpng, libpng3 CVE #(s):CAN-2002-1363
Created:December 19, 2002 Updated:July 14, 2004
Description: Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer.
Alerts:
Debian DSA-213-1 2002-12-19
Red Hat RHSA-2003:006-06 2003-01-09
SuSE SuSE-SA:2003:0004 2003-01-14
Yellow Dog YDU-20030114-2 2002-01-14
OpenPKG OpenPKG-SA-2003.001 2003-01-15
Mandrake MDKSA-2003:008 2003-01-20
Conectiva CLA-2003:564 2003-01-23
Red Hat RHSA-2004:249-01 2004-06-18
Fedora FEDORA-2004-173 2004-06-18
Fedora FEDORA-2004-175 2004-06-18
Fedora FEDORA-2004-174 2004-06-18
Fedora FEDORA-2004-176 2004-06-18
Whitebox WBSA-2004:249-01 2004-06-21
Mandrake MDKSA-2004:063 2004-06-29
OpenPKG OpenPKG-SA-2004.030 2004-07-06
Gentoo 200407-06 2004-07-08

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:July 21, 2004
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Red Hat RHSA-2004:091-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:090-01 2004-02-26
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:091-02 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Debian DSA-455-1 2004-03-03
Netwosix NW-2004-0004 2004-03-04
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Trustix TSLSA-2004-0010 2004-03-05
Gentoo 200403-01 2004-03-06
Conectiva CLA-2004:836 2004-03-31
Fedora-Legacy FLSA:1324 2004-07-19

Comments (none posted)

logcheck: symlink vulnerability

Package(s):logcheck CVE #(s):CAN-2004-0404
Created:April 21, 2004 Updated:December 22, 2004
Description: The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files.
Alerts:
Debian DSA-488-1 2004-04-16
Mandrake MDKSA-2004:155 2004-12-22

Comments (none posted)

mailman denial of service

Package(s):mailman CVE #(s):CAN-2003-0991
Created:February 9, 2004 Updated:May 25, 2004
Description: Matthew Galgoci of Red Hat discovered a Denial of Service (DoS) vulnerability in versions of Mailman prior to 2.1. An attacker could send a carefully-crafted message causing mailman to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0991 to this issue.
Alerts:
Red Hat RHSA-2004:019-01 2004-02-09
Mandrake MDKSA-2004:013 2004-02-13
Red Hat RHSA-2004:156-01 2004-04-14
Conectiva CLA-2004:842 2004-05-25

Comments (1 posted)

mc: multiple vulnerabilities

Package(s):mc CVE #(s):CAN-2004-0226 CAN-2004-0231 CAN-2004-0232
Created:April 29, 2004 Updated:May 26, 2004
Description: Midnight Commander has multiple vulnerabilities including buffer overflows, insecure temp files, and format string problems.
Alerts:
Debian DSA-497-1 2004-04-29
Mandrake MDKSA-2004:039 2004-04-29
Red Hat RHSA-2004:173-01 2004-04-30
SuSE SuSE-SA:2004:012 2004-05-14
Slackware SSA:2004-136-01 2004-05-14
Red Hat RHSA-2004:172-01 2004-05-19
Gentoo 200405-21 2004-05-26

Comments (none posted)

metamail: integer and buffer overflows

Package(s):metamail CVE #(s):CAN-2004-0104 CAN-2004-0105
Created:February 18, 2004 Updated:May 21, 2004
Description: Versions of metamail through 2.7 contain a set of integer and buffer overflows which are remotely exploitable via a properly crafted message.
Alerts:
Red Hat RHSA-2004:073-01 2004-02-18
Slackware SSA:2004-049-02 2004-02-18
Mandrake MDKSA-2004:014 2004-02-18
Debian DSA-449-1 2004-02-24
Gentoo 200405-17 2004-05-21

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Debian DSA-320-1 2003-06-13
Gentoo 200307-01 2003-07-02
Fedora FEDORA-2005-404 2005-06-09
Red Hat RHSA-2005:506-01 2005-06-13
Fedora FEDORA-2005-405 2005-06-16

Comments (none posted)

mod_python: denial of service vulnerability

Package(s):mod_python CVE #(s):CAN-2003-0973
Created:January 27, 2004 Updated:October 4, 2004
Description: Apache's mod_python module could crash the httpd process if a specific, malformed query string was sent.

The Apache Foundation has reported that mod_python may be prone to Denial of Service attacks when handling a malformed query. Mod_python 2.7.9 was released to fix the vulnerability, however, because the vulnerability has not been fully fixed, version 2.7.10 has been released.

Users of mod_python 3.0.4 are not affected by this vulnerability.

Alerts:
Gentoo 200401-03 2004-01-27
Red Hat RHSA-2004:063-01 2004-02-26
Red Hat RHSA-2004:058-01 2004-02-26
Debian DSA-452-1 2004-02-29
Whitebox WBSA-2004:058-01 2004-03-01
Conectiva CLA-2004:837 2004-04-12
Fedora-Legacy FLSA:1325 2004-10-03

Comments (none posted)

mozilla: multiple vulnerabilties

Package(s):mozilla CVE #(s):CAN-2003-0594 CAN-2003-0564
Created:March 10, 2004 Updated:August 19, 2004
Description: Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks.
Alerts:
Mandrake MDKSA-2004:021 2004-03-10
Red Hat RHSA-2004:112-01 2004-03-17
Whitebox WBSA-2004:110-01 2004-03-29
Whitebox WBSA-2004:421-01 2004-08-19

Comments (none posted)

mpg321: format string vulnerability

Package(s):mpg321 CVE #(s):CAN-2003-0969
Created:January 6, 2004 Updated:March 28, 2005
Description: A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming).
Alerts:
Debian DSA-411-1 2004-01-05
Gentoo 200503-34 2005-03-28

Comments (none posted)

MySQL: temporary file vulnerabilities

Package(s):mysql CVE #(s):CAN-2004-0381 CAN-2004-0388
Created:April 14, 2004 Updated:August 18, 2004
Description: The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system.
Alerts:
Debian DSA-483-1 2004-04-14
OpenPKG OpenPKG-SA-2004.014 2004-04-14
Mandrake MDKSA-2004:034 2004-04-19
Gentoo 200405-20 2004-05-25

Comments (none posted)

neon: format string vulnerabilities

Package(s):neon CVE #(s):CAN-2004-0179
Created:April 14, 2004 Updated:May 18, 2004
Description: The neon WebDAV library contains format string vulnerabilities which may be exploited by a hostile DAV server. This vulnerability exists in utilities which use neon, including cadaver and OpenOffice.org.
Alerts:
Red Hat RHSA-2004:158-01 2004-04-14
Red Hat RHSA-2004:157-01 2004-04-14
Red Hat RHSA-2004:160-01 2004-04-14
Red Hat RHSA-2004:159-01 2004-04-15
Debian DSA-487-1 2004-04-16
Netwosix NW-2004-0012 2004-04-18
OpenPKG OpenPKG-SA-2004.016 2004-04-16
Gentoo 200404-14 2004-04-19
Mandrake MDKSA-2004:032 2004-04-19
Whitebox WBSA-2004:160-01 2004-04-19
Red Hat RHSA-2004:163-01 2004-04-30
Gentoo 200405-01 2004-05-09
Gentoo 200405-04 2004-05-11
Fedora FEDORA-2004-103 2004-04-14

Comments (none posted)

Nessus NASL scripting engine security issues

Package(s):nessus CVE #(s):
Created:May 27, 2003 Updated:August 12, 2004
Description: Some some vulnerabilities exsist in the Nessus NASL scripting engine. To exploit these flaws, an attacker would need to have a valid Nessus account as well as the ability to upload arbitrary Nessus plugins in the Nessus server (this option is disabled by default) or he/she would need to trick a user somehow into running a specially crafted nasl script. Read the full advisory for additional information.
Alerts:
Gentoo 200305-10 2003-05-27

Comments (none posted)

netpbm: insecure temporary files

Package(s):netpbm CVE #(s):CAN-2003-0924
Created:January 19, 2004 Updated:December 29, 2004
Description: netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.
Alerts:
Debian DSA-426-1 2004-01-18
Red Hat RHSA-2004:031-01 2004-01-22
Fedora FEDORA-2004-068 2004-02-06
Red Hat RHSA-2004:030-01 2004-02-05
Mandrake MDKSA-2004:011 2004-02-11
Whitebox WBSA-2004:031-01 2004-02-12
Mandrake MDKSA-2004:011-1 2004-09-27
Gentoo 200410-02 2004-10-04
Conectiva CLA-2004:909 2004-12-29

Comments (1 posted)

openssh: timing attack leads to information disclosure

Package(s):openssh CVE #(s):CAN-2003-0190
Created:May 2, 2003 Updated:November 30, 2004
Description: From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation."
Alerts:
Gentoo 200305-01 2002-03-05
Gentoo 200305-02 2003-05-13
Red Hat RHSA-2003:222-01 2003-07-29
OpenPKG OpenPKG-SA-2003.035 2003-08-06
Ubuntu USN-34-1 2004-11-30

Comments (1 posted)

postfix: denial of service vulnerabilities

Package(s):postfix CVE #(s):CAN-2003-0468 CAN-2003-0540
Created:August 5, 2003 Updated:May 27, 2004
Description: The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details.
Alerts:
Debian DSA-363-1 2003-08-03
Red Hat RHSA-2003:251-01 2003-08-04
SuSE SuSE-SA:2003:033 2003-08-04
Conectiva CLA-2003:717 2003-08-04
EnGarde ESA-20030804-019 2003-08-04
Mandrake MDKSA-2003:081 2003-08-04
Trustix 2003-0029 2003-08-04
Mandrake MDKA-2004:028 2004-05-26

Comments (none posted)

proftpd privilege escalation

Package(s):proftpd CVE #(s):
Created:April 30, 2004 Updated:May 19, 2004
Description: A portability workaround was applied in version 1.2.9 of the FTP server ProFTPD. As a side-effect, CIDR based (aaa.bbb.ccc.ddd/NN) ACL entries in "Allow" and "Deny" directives act like an "AllowAll" directive and so FTP clients are granted access to files and directories although the server configuration might explicitly deny this. See this bug report.
Alerts:
OpenPKG OpenPKG-SA-2004.018 2004-04-30
Mandrake MDKSA-2004:041 2004-04-30
Gentoo 200405-09 2004-05-19

Comments (none posted)

python: buffer overflow

Package(s):python CVE #(s):CAN-2004-0150
Created:March 10, 2004 Updated:October 11, 2004
Description: Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address.
Alerts:
Debian DSA-458-1 2004-03-09
Mandrake MDKSA-2004:019 2004-03-09
Debian DSA-458-2 2004-08-31
Gentoo 200409-03 2004-09-02
Debian DSA-458-3 2004-10-10

Comments (none posted)

rsync remote file write attack

Package(s):rsync CVE #(s):CAN-2004-0426
Created:April 30, 2004 Updated:July 12, 2004
Description: See the rsync homepage for the April 2004 advisory: "There is a security problem in all versions prior to 2.6.1 that affects only people running a read/write daemon WITHOUT using chroot. If the user privs that such an rsync daemon is using is anything above "nobody", you are at risk of someone crafting an attack that could write a file outside of the module's "path" setting (where all its files should be stored). Please either enable chroot or upgrade to 2.6.1. People not running a daemon, running a read-only daemon, or running a chrooted daemon are totally unaffected."
Alerts:
Trustix TSLSA-2004-0024 2004-04-29
Debian DSA-499-1 2004-05-01
Slackware SSA:2004-124-01 2004-05-02
Mandrake MDKSA-2004:042 2004-05-10
Red Hat RHSA-2004:192-01 2004-05-19
OpenPKG OpenPKG-SA-2004.025 2004-05-21
Debian DSA-499-2 2004-06-02
Whitebox WBSA-2004:192-01 2004-06-10
Fedora FEDORA-2004-116 2004-07-01
Gentoo 200407-10 2004-07-12

Comments (none posted)

samba: local root and symlink vulnerabilities

Package(s):samba CVE #(s):
Created:April 29, 2004 Updated:May 5, 2004
Description: Two vulnerabilities in Samba have been found. Smbfs has a setuid root exploit problem, and smbprint has a tempfile symlink vulnerability.
Alerts:
Gentoo 200404-21 2004-04-29
Netwosix NW-2004-0013 2004-05-01

Comments (none posted)

ssmtp format string vulnerability

Package(s):ssmtp CVE #(s):CAN-2004-0156
Created:April 15, 2004 Updated:May 7, 2004
Description: Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).
Alerts:
Debian DSA-485-1 2004-04-14
Gentoo 200404-18 2004-04-26
OpenPKG OpenPKG-SA-2004.020 2004-05-07

Comments (none posted)

sysklogd: heap overflow

Package(s):sysklogd CVE #(s):
Created:April 29, 2004 Updated:May 5, 2004
Description: Sysklogd has a memory allocation vulnerability that can allow a malicious attacker to write to unallocated memory and crash sysklogd.
Alerts:
Mandrake MDKSA-2004:038 2004-04-28
Slackware SSA:2004-124-02 2004-05-02

Comments (none posted)

sysstat: temporary file vulnerability

Package(s):sysstat CVE #(s):CAN-2004-0107 CAN-2004-0108
Created:March 10, 2004 Updated:October 4, 2004
Description: The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files.
Alerts:
Debian DSA-460-1 2004-03-10
Red Hat RHSA-2004:093-01 2004-03-10
Red Hat RHSA-2004:053-01 2004-03-10
Whitebox WBSA-2004:053-01 2004-03-10
Trustix TSLSA-2004-0011 2004-03-16
Debian DSA-460-2 2004-04-03
Gentoo 200404-04 2004-04-06
Fedora-Legacy FLSA:1372 2004-10-03

Comments (none posted)

File overwrite vulnerability in tar and unzip

Package(s):tar unzip CVE #(s):CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399
Created:October 1, 2002 Updated:April 9, 2006
Description: The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability.
Alerts:
Red Hat RHSA-2002:096-24 2002-09-18
Gentoo tar-20021001 2002-10-01
Gentoo unzip-20021001 2002-10-01
EnGarde ESA-20021003-022 2002-10-03
Mandrake MDKSA-2002:065 2002-10-10
Mandrake MDKSA-2002:066 2002-10-10
Conectiva CLA-2002:538 2002-10-29
Red Hat RHSA-2006:0195-01 2006-02-21
Fedora-Legacy FLSA:183571-1 2006-04-04

Comments (1 posted)

tcpdump: ISAKMP payload handling denial-of-service vulnerabilities

Package(s):tcpdump CVE #(s):CAN-2004-0183 CAN-2004-0184
Created:March 30, 2004 Updated:September 30, 2004
Description: TCPDUMP v3.8.1 and earlier versions contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, TCPDUMP will try to read beyond the end of the packet capture buffer and crash. More information is available in this Rapid7 advisory.
Alerts:
Trustix TSLSA-2004-0015 2004-03-30
Debian DSA-478-1 2004-04-06
OpenPKG OpenPKG-SA-2004.010 2004-04-07
Mandrake MDKSA-2004:030 2004-04-14
Slackware SSA:2004-108-01 2004-04-17
Fedora FEDORA-2004-120 2004-05-13
Red Hat RHSA-2004:219-01 2004-05-26
Whitebox WBSA-2004:219-01 2004-06-10
Fedora-Legacy FLSA:1468 2004-09-29

Comments (none posted)

Multiple vendor telnetd vulnerability

Package(s):telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 CVE #(s):
Created:May 21, 2002 Updated:October 5, 2004
Description: This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
Alerts:
SCO Group CSSA-2001-030.0 2001-08-10
Conectiva CLA-2001:413 2001-08-24
Debian DSA-075-1 2001-08-14
Debian DSA-075-2 2001-08-14