The Grumpy Editor's guide to terminal emulators
The conventional wisdom is that, once Linux reaches a true, user-friendly
paradise state, there will be no need for any command line work at all.
Your editor, however, is a heavy command line user, and has been since,
well, since he was able to get away from punch cards. Some sorts of tasks
are best done in a graphical, pointer-oriented mode. But others are,
truly, best done with the command line. The pure expressive power of a
command-oriented interface has yet to be matched in the graphical world -
at least, for a wide variety of tasks.
Once upon a time, an ADM-3A
terminal looked like a very nice interface. Those days have passed,
however;
![[xterm]](/images/ns/grumpy/xterm-sm.png)
for many of the years
since, the definitive terminal emulator has been xterm, which was
packaged with the original X11R1 release. xterm was, for its time, a
marvel of configurability, with a nice set of menus for controlling its
behavior, setting fonts, and providing that all-important access to the
"reset" function for when it gets stuck in the VT100 graphics mode.
There is one other xterm feature which has never been matched anywhere: no
other terminal emulator comes with its own Tektronix 4014 storage tube
emulator mode built in. Your editor who, along with many co-workers, had
sunburned his face working with real storage-tube terminals appreciated this
mode at the time. It has been a while, however, since your editor (or just
about anybody else) has had to run software which expects to talk to such a
terminal; even so, every xterm still has a Tektronix terminal lurking
within it.
In general, little has happened with xterm over the years, with the
exception of the addition of color support. For the most part, development
in terminal emulators has happened elsewhere. Your editor has finally
decided that it is time to take a look around, and, perhaps, move beyond
the venerable xterm.
But first: a word on color in terminal emulators; this is a subject on
which your editor can get truly grumpy. Many developers have jumped into
adding color support to terminal-oriented applications with little regard
for basic human factors and usability. A usable terminal should not look
like the Las Vegas strip at night. Color usage, to be effective, must be
subtle and carefully thought out. In particular:
- Users must be given obvious and easy control over color usage.
Different people have very different combinations of monitors, background
colors, limitations in color perception, and general preferences.
There is no single choice of colors that will work for any substantial
portion of the user community.
- The basic nature of the human visual system is that it separates
objects based on intensity differences, not color differences.
If you are designing colors for a white-background display, every
color you use must be, with few exceptions, a low-intensity color.
Hot pink on white may look snazzy, but people will have to work hard
to read it.
- Dark blue should never be used for anything somebody is expected to
read. Short wavelength colors tend to focus just in front of the
retina, and will thus always be a little bit blurry.
Color xterm thus fails on all counts. The colors can be configured via the
X resource database, but it is not straightforward. The default colors are
on the garish side, and they are too bright.
![[rxvt screenshot]](/images/ns/grumpy/rxvt-sm.png)
For years, the default replacement for xterm was rxvt. This terminal
emulator is, for all practical purposes, a version of xterm with a lot of
the extra stuff (such as the Tektronix mode) stripped out. It does live up
to its promise of being smaller, taking just over half the virtual memory
required by xterm. rxvt, however, suffers from a lack of maintenance (last
release was November, 2001, with a development version showing a release in
March, 2003), poor default colors, and no
menus for run-time configuration. This terminal emulator has been dropped
from a number of modern distributions.
(As an aside, rxvt, like most other terminal emulators, dropped the
xterm/Xaw scrollbar. This is a big loss; no other scrollbar is as useful
as the old Xaw implementation, which gives very precise control over just how much the
window is scrolled. Wheel mice have made good scrollbars less important,
but your editor wishes that developers interested in usability wouldn't so
casually drop interaction modes which are clearly better).
If you want to know the current state of the art in terminal emulation, of
course, you have to look at what the desktop projects are doing. Your
editor is happy to report that neither GNOME nor KDE has neglected the
lowly terminal emulator.
![[gnome-terminal]](/images/ns/grumpy/gnome-terminal-sm.png)
GNOME's entry is gnome-terminal. This terminal emulator does all of the
stuff that one would expect of an xterm replacement, with a number of
useful new goodies:
- Tabs. A tabbed terminal emulator turns out to be just as useful as
a tabbed web browser. If you tend to have a lot of things going on at
once and limited desk space, tabs make life much easier.
- Nice configurability. It is easy to eliminate gnome-terminal's most
obnoxious features (blinking cursor, space-wasting menu bar), tweak
fonts and colors, etc. The default colors are also relatively
good, at least for people who work in a white-background mode.
- Multiple profiles. Each tabbed session can have its own fonts,
colors, titles, etc. If you tend to keep tabs around for specific
purposes (one could, for example, keep a root shell in one tab), you
can tweak the presentation to make the current task immediately
obvious.
gnome-terminal also has a nice feature in that it makes the pointer fade
away as soon as the user starts typing. No more moving the mouse around to
get the pointer out of your way. An invisible pointer might seem like a
human factors problem in its own right, but the simple fact is that you
generally have to move the pointer to find it anyway.
Your editor's biggest complaint about gnome-terminal might be that
scrolling with the mouse wheel is a relatively coarse operation; xterm
scrolls in smaller steps unless the shift key is held. The number of lines
to scroll on a mouse wheel event would be a nice addition to the
configuration screen.
![[Konsole]](/images/ns/grumpy/konsole-sm.png)
Konsole, KDE's
terminal emulator, has most of the features described above.
In addition, Konsole offers:
- Bookmarks. In the Konsole world, a bookmark is just a saved directory
path; selecting a bookmark causes Konsole to feed a cd
command to the underlying shell.
- History browsing. Konsole can search for a string in the past
history, making it easy to go back and see what happened earlier.
- Notifications. When asked, Konsole will monitor a session for
activity (or, optionally, the lack thereof) and notify the user when
it happens. If you want to know right away when that long
make finishes, Konsole can tell you. It also can notify you
when something rings a bell in one of your sessions; such sessions are
also annotated with a little bell icon in the tab bar.
Konsole, too, will hide the pointer. Unlike gnome-terminal, however, it
does not wait until you start typing, but hides it regardless after a few
seconds.
Konsole comes with a reasonable set of default colors, and provides user
control as well. The color editor works by way of "schemas," and is rather
awkward to work with. The gnome-terminal profile-based mechanism seems
more straightforward.
Both gnome-terminal and Konsole will let you do crazy things, like putting
a background image into the terminal window. Such features make for
nice
screenshot eye candy, but they are not good for usability.
Fortunately, nobody seems to set up either emulator with background images by
default.
Both Konsole and gnome-terminal make it easy to change fonts - if you like
the options provided. Your editor, who long since found a monospace X font
which optimizes both readability and screen space, very much misses the
ability to chose an arbitrary X font. It is probably possible by digging
under the hood somewhere, but the configuration screens are not helpful in
this regard. One should also note that both terminal emulators are memory
hogs, requiring vastly more virtual and physical memory than xterm to run.
That notwithstanding, it is clear that both desktop projects have managed
to improve the state of the art in terminal emulation. Even better, they
have both managed to (1) avoid the temptation to ruin usability with
flashy eye candy, and (2) retain a full set of configuration options
so that this crucial tool can be tweaked to each user's needs.
Congratulations would seem to be in order.
[For completeness: other terminal emulators out there include
![[Eterm]](/images/ns/grumpy/eterm-sm.png)
9term, the Plan 9
entry; aterm, an rxvt-derived
emulator with background image support; and Eterm, an emulator which prioritizes fancy
backgrounds well above readability or usability (see image at left). There are also several
emulators designed around non-western character sets, which your editor is
in no position to review usefully.]
Comments (151 posted)
An activism update from Europe
June 8, 2004
This article was contributed by Tom Chance.
Since my last article for LWN
on software patents, a lot has happened. Weeks of speculation and frenzied
lobbying culminated in the EU Council passing a version of the software
patent directive that permits software patents; the FFII has continued to lobby on and discuss
the Council's position, whilst preparing for the EU elections and the new
MEPs; and the Union for the Public
Domain has begun to lobby the BBC to release its archives under a Creative Commons license. And as
usual, there's plenty for European hackers to do!
Software patent news
To begin with software patents, on the 18th May the EU Council of Ministers
voted on the controversial software patent directive, passing with a narrow
majority a version that, according to the FFII, ensures that "software and
business methods ... are ... to be treated as patentable inventions" (source).
This version of the directive removed all of the important amendments made
by Parliament in September 2003 that explicitly stated that software and
business methods cannot be patented. But despite this, many ministers
continued to reassure the public, and those considering rejecting the
directive, that it would not allow these things to be patented, describing
it as a "compromise". The key to understanding this dispute is that without
all of the amendments passed by Parliament in September 2003, the
directive could still allow software patents. But the Council's compromise
scrapped the first four amendments present in the Parliament's version, and
instead made a weak version of the fifth amendment that stated that a
technical contribution must be "new".
One member of the Committee of Permanent Representatives explicitly
described it as a
"compromise between Microsoft and Linux." When I talked to
Dr Caroline Lucas MEP (Green, UK), she commented that:
Software
patenting represents a serious threat to creativity and the right of
computer programmers to make a living practising their art. For the Council
of Ministers to completely disregard the views of the Parliament, the EU's
only directly-elected institution, makes a mockery of the EU's democratic
credentials.
It is worth noting that the Irish Presidency of the EU, due to expire next
year, is sponsored by none other than Microsoft, amongst other
companies. Furthermore, "almost 35% of Ireland's registered companies
totaling 150,000 are non-resident" (source) due to tax
exemption laws. "Over 40% of all PC package software and 60% of business
applications software sold in Europe is produced in Ireland. US companies
such as
Microsoft, Lotus, Claris, Digital, Oracle, IBM and Novell contribute
significantly to this growth" (source). It is
clear where the interests of the Irish government lie.
So where do we go from here? The Parliament has already voted against
software patents, and the Council has voted for software patents. In June,
the Council must formally adopt their position, which is likely (but not
certain) to happen (it may get delayed, or not happen at all). Assuming it
does, the Parliament must then vote again on the directive, and pass their
version with an absolute majority to overrule the decision of the
Council. So the next step for activists - by which I mean any EU citizen
with a pen, phone and/or e-mail client - is to get back to lobbying MEPs.
It is, or was, the EU elections on June 10th. If you're an EU citizen
reading this in time, make sure you go to the polling booth, and bear in
mind the MEPs' positions on software patents when you cross the boxes. You
can find out how they voted in September with this handy
page.
Once the election results come in, we'll need to start lobbying our new
representatives, and continue with those that held their seats, to ensure
Parliament votes against software patents again. When the directive comes
up for a vote (perhaps by the end of this year), it will need an absolute
majority to pass, whereas in the previous vote it only needed a majority
from those actually voting. This means that we need to persuade more MEPs
to actually vote, and more to vote against software patents. The most
important thing is to send off that first letter, and to then follow it
up. When writing your letter, you might find it useful to look at this guide to the
key arguments, and also this page to find
your MEPs' contact details. If they disagree, try to respond and show
why they are wrong; if they agree with you, ask them to sign the FFII's Call
for Action II.
If you've got a little more spare time (i.e. half an hour), and you'd like
to do more than just write a letter, there's a nice project that you can
get involved in that will introduce you to the world of lobbying proper. It
involves phoning MEPs and asking them some questions, then sending the
results back to the FFII, so they can build up a database both of MEPs'
voting records and their stated positions. To join in this project, first
read this handy
guide, and then find the questionnaire itself here. Though the
project started only as an elections tool, it will still be useful leading
up to the vote, and it gives you a good chance to really make a big
difference with a small amount of your time.
You should also try to contact your national government
representatives. They will often have a lot of influence over the minsters
who sit in the Council, and over their party's MEPs. Again, contact them by
letter, and follow up appropriately. If they're supportive, ask them to
sign the FFII's Call for
National Governments.
We defeated software patents in Parliament last year. If we fail this time,
we will not only see large corporations using patents against free software
projects increasingly aggressively, but we will also miss an opportunity to
affect the outcome of the debate in the US. A vote against software patents
in Europe would send a strong message to legislators in the US, and provide
a huge boon to the EFF's Patent
Busting Project.
BBC Archives
In other news, there has been some development surrounding the BBC's
promise to give the public full access to its archives online. When originally
announced, then-director general Greg Dyke suggested that they
would open up the full archives, but so far the only concrete plans have
been to make available thousands
of three minute clips from documentaries. After a launch reception in
London, which Lawrence Lessig and the BBC Archive's project leader
attended, the Friends of Creative Archive have launched a campaign
to have the full archives released under a Creative Commons license.
The argument behind this position is a familiar one to anyone who follows
Lessig's work, but at the risk of boring you, I'll run over them
briefly. Innovation, particularly amongst more creative types like
musicians, artists and filmmakers, depends upon being able to draw on
culture and past creations. Culture is not just about passively consuming
and creating entirely new works, but about remixing and building upon past
creations. The more culture there is in the public domain, the more
potential there is for new and interesting work to be made. So, the
activists argue, as the BBC is funded by license payers for the benefit of
the British public, it ought to release its archives for the benefit of the
British public.
Having an open archive of this kind would provide two special benefits to
the free software community. First, it would provide a large source of
DRM-free, standards-compliant media so that whatever the rest of the
industry does, we will always have a decent media resource
available. Secondly, it will send out a strong signal throughout the
industry and to governments that the principles of the free culture and
free software movements should be taken seriously. It would be much harder
for the media, hardware and software monopolists to impose proprietary
standards on us if organisations as large as the BBC were publicly doing
the opposite. Combined with the recent work on the Dirac codec, it could be
the start of a healthy alliance between the BBC and the free software
community.
The creation of a free creative archive seems like an obviously good idea,
and one would hope that it would strike the BBC that way, but at the moment
they've not had any input from the public on
this issue. So if you'd like to encourage the BBC to adopt a Creative
Commons license, rather than restricting access through DRM and nasty
licenses, consider signing the Friends' letter here.
Comments (17 posted)
A look at Firefox 0.9
The Mozilla Organization released not one, but two testing releases
on June 9. Mozilla 1.7RC3 and Firefox 0.9 RC were released for widespread
testing. Since Firefox is the future of the Mozilla line, we decided to
take a look at the latest Firefox release to see how it is shaping up on
its way to 1.0. As it turns out, a lot has changed since 0.8 and Firefox
seems to be turning into an excellent browser. Naturally, we were only
interested in testing the Linux version of the 0.9 release, but there are
packages available for Windows and Mac OS X as well.
The first noteworthy change since 0.8, or at least the change that is first
notable, is the addition of an installer for Linux users. Past releases of
Firefox for Linux came as tarballs without any kind of installer. For this
author, the difference between using an installer or simply uncompressing a
tarball of the latest build into a convenient directory is
negligible. Still, many users will probably find the installer much more
friendly.
At install time, the new release copies over the profile from previous
versions of Firefox from the ~/.phoenix directory that was used to store
user data. If the ~/.phoenix directory does not exist, then Firefox will
import user data from Mozilla. This author tested both methods, and Firefox
imported the data from Firefox 0.8 and Mozilla 1.7 without any
problems. User profiles on Linux are now stored under ~/.mozilla/firefox/.
A few items have shifted around in the new release. Specifically, the
"Options" dialog is now "Preferences" and found under the "Edit" menu,
rather than the "Tools" menu. Themes and Extensions now have their own
managers, rather than being part of the Options/Preferences dialog. The
Extensions manager is a bit slicker now, and apparently will enable the
user to update their installed Extensions through Mozilla Update. At the moment,
however, this feature does not seem to be operational. Presumably, one will
also be able to use Mozilla Update to install and update themes in the
future as well.
One minor quibble with the Download manager: in 0.9, the default download
folder is "Desktop," which hardly seems like a suitable choice even for
Linux users who run a desktop environment that supports saving files to the
desktop. It's fixed easily enough, but one hopes that the Mozilla team will
switch the default to prompt the user for a download location.
Though this author did not conduct any scientific testing, the latest
Firefox release does seem faster than the previous release. The interface,
menus and so forth, seem a bit more responsive than previous releases, and
rendering also seems a bit snappier. Firefox 0.9 RC also seems a bit more
stable, though it has crashed once during testing. The 0.9 RC is certainly
more stable than the 0.9 nightly snapshot releases that this author had
been trying out.
![[Firefox screenshot]](/images/ns/firefox-0.9-sm.jpg)
The most obvious change, and one that has generated a great deal of
discussion, is the replacement of the current Firefox "Qute" theme with
a new theme called "Winstripe." For this author, it seems like far too much
fuss over a simple change. The browsing experience itself is not hampered
by the new theme, and one expects that new themes for Firefox will become
available for those who do not enjoy the default. The fact that users are
able to focus so much attention on Firefox's theme may be a good sign,
however. This may indicate that Firefox already meets their needs in terms
of speed, stability and feature completeness -- allowing users to focus
their attention on more superficial areas. If this is the case, the Mozilla
developers should regard the theme complaints as something of a compliment.
In all, the latest Firefox is an impressive browser. It lacks polish in a
few areas, but it is a solid browser with an impressive array of
features. We'll be quite interested to see what the final 1.0 release of
Firefox will look like when all is said and done.
Comments (11 posted)
Page editor: Jonathan Corbet
Security
cvs vulnerabilities - again
Let us start with a correction: last week's
cvs
vulnerability timeline stated that no update had been issued for
CentOS. In fact,
this
update was posted to the CentOS-devel mailing list on May 19. One
could argue that such updates should be posted to a more prominent place,
such as the
CentOS web site or the
(seemingly dormant) security lists mentioned on the
mailing lists page; one
should not have to follow a development list to get security updates. Nonetheless,
we were wrong to say that an update had not been released, and apologize
accordingly.
Now, however, the time has come to deal with a new set of cvs security
problems, as detailed in this advisory. A
whole list of issues has been found; many of those are remotely
exploitable. The time has come to apply a new set of updates, quickly.
(And, yes, CentOS has released
an update already).
Vulnerabilities in cvs are particularly scary. It is possible to run cvs
in a chroot mode, which is somewhat helpful in keeping an exploit from
leading to a full root compromise of the host system. But cvs servers must
have access to the code repositories they serve. It is not all that hard
to imagine a cvs exploit being the first step in the insertion of evil code
into a free software project's repository. A carefully executed malware
insertion could escape detection for a long time.
That sort of episode, beyond the immediate damage it would enable, would
not reflect well on the security of the free software development process
in general. We cannot afford to let it happen. With enough eyeballs, most
of the obvious security problems in cvs can probably be found and fixed.
That would help substantially.
The simple fact, however, is that cvs is not equipped to detect direct
tampering with its repositories. This shortcoming is sure to bite somebody
someday; the sooner it is fixed (or avoided by a mass shift to a more
contemporary version control system which performs integrity checks on its
repositories) the safer we all will be.
Comments (5 posted)
New vulnerabilities
cvs: new vulnerabilities
| Package(s): | cvs |
CVE #(s): | CAN-2004-0414
CAN-2004-0416
CAN-2004-0417
CAN-2004-0418
|
| Created: | June 9, 2004 |
Updated: | June 15, 2004 |
| Description: |
Several new vulnerabilities have been found in CVS; these include a null-termination error, a double-free vulnerability, a format-string vulnerability, and a few others; see this advisory for the details. Some of these vulnerabilities are remotely exploitable; updating soon would be a good idea. |
| Alerts: |
|
Comments (none posted)
ethereal: more protocol dissector issues
| Package(s): | ethereal |
CVE #(s): | |
| Created: | June 3, 2004 |
Updated: | June 11, 2004 |
| Description: |
The 0.10.3 version may crash when you select a SIP packet. See this
post to the ethereal-users mailing list for details. |
| Alerts: |
|
Comments (1 posted)
krb5: unauthorized root privileges
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0523
|
| Created: | June 3, 2004 |
Updated: | June 29, 2004 |
| Description: |
Multiple buffer overflows exist in the krb5_aname_to_localname() library
function that if exploited could lead to unauthorized root privileges. In
order to exploit this flaw, an attacker must first successfully
authenticate to a vulnerable service, which must be configured to enable
the explicit mapping or rules-based mapping functionality of
krb5_aname_to_localname, which is not a default configuration. See the
this MIT krb5 Security Advisory for more information. |
| Alerts: |
|
Comments (none posted)
log2mail: format string vulnerability
| Package(s): | log2mail |
CVE #(s): | CAN-2004-0450
|
| Created: | June 3, 2004 |
Updated: | June 9, 2004 |
| Description: |
jaguar -at- felinemenace.org discovered a format string vulnerability in
log2mail, whereby a user able to log a specially crafted message to a
logfile monitored by log2mail (for example, via syslog) could cause
arbitrary code to be executed with the privileges of the log2mail process.
By default, this process runs as user 'log2mail', which is a member of
group 'adm' (which has access to read system logfiles). |
| Alerts: |
|
Comments (none posted)
postgresql buffer overflow in ODBC driver
| Package(s): | postgresql |
CVE #(s): | |
| Created: | June 7, 2004 |
Updated: | July 28, 2004 |
| Description: |
A buffer overflow has been discovered in the ODBC driver of PostgreSQL,
an object-relational SQL database, descended from POSTGRES. It possible
to exploit this problem and crash the surrounding application. Hence, a
PHP script using php4-odbc can be utilized to crash the surrounding
Apache webserver. Other parts of postgresql are not affected. |
| Alerts: |
|
Comments (none posted)
squid: buffer overflow
| Package(s): | squid |
CVE #(s): | CAN-2004-0541
|
| Created: | June 9, 2004 |
Updated: | September 30, 2004 |
| Description: |
The NTLM authentication helper used by the squid proxy contains a buffer overflow vulnerability; an overly-long password may be used to run arbitrary code. Sites not using NTLM authentication are not vulnerable. |
| Alerts: |
|
Comments (none posted)
tripwire format string vulnerability
| Package(s): | tripwire |
CVE #(s): | CAN-2004-0536
|
| Created: | June 4, 2004 |
Updated: | July 7, 2004 |
| Description: |
The code that generates email reports contains a format string
vulnerability in pipedmailmessage.cpp. With a carefully crafted filename
on a local filesystem an attacker could cause execution of arbitrary code
with permissions of the user running tripwire, which could be the root
user. See this advisory on SecurityFocus for more details. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
apache2: stack-based buffer overflow in ssl_util.c
| Package(s): | apache2 |
CVE #(s): | CAN-2004-0488
|
| Created: | June 1, 2004 |
Updated: | October 14, 2004 |
| Description: |
A stack-based buffer overflow exists in the ssl_util_uuencode_binary
function in ssl_util.c in Apache. When mod_ssl is configured to trust the
issuing CA, a remote attacker may be able to execute arbitrary code via a
client certificate with a long subject DN. |
| Alerts: |
|
Comments (none posted)
cvs: heap overflow
| Package(s): | cvs |
CVE #(s): | CAN-2004-0396
|
| Created: | May 19, 2004 |
Updated: | June 11, 2004 |
| Description: |
CVS (through version 1.11.15 or 1.12.7) contains a remotely exploitable heap overflow vulnerability; see this advisory from Stefan Esser for details. If you are running cvs with the "pserver" protocol, a quick upgrade is recommended (dropping pserver is also a very good idea for security-conscious sites). |
| Alerts: |
|
Comments (none posted)
ethereal - multiple vulnerabilities
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
flim: insecure file creation
| Package(s): | flim |
CVE #(s): | CAN-2004-0422
|
| Created: | May 5, 2004 |
Updated: | December 16, 2004 |
| Description: |
The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files. |
| Alerts: |
|
Comments (none posted)
gallery: unauthenticated access
| Package(s): | gallery |
CVE #(s): | |
| Created: | June 2, 2004 |
Updated: | June 15, 2004 |
| Description: |
The "gallery" photo album has a vulnerability which can allow access to the administrative account without authentication. |
| Alerts: |
|
Comments (none posted)
gatos: privilege escalation
| Package(s): | gatos |
CVE #(s): | CAN-2004-0395
|
| Created: | June 2, 2004 |
Updated: | June 2, 2004 |
| Description: |
The xatitv program, part of the gatos package, fails to drop root privileges after an initialization failure. For added fun, it then calls system() with unsanitized environment variables. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
racoon: failure to verify signatures
| Package(s): | ipsec-tools racoon |
CVE #(s): | CAN-2004-0155
|
| Created: | April 7, 2004 |
Updated: | August 19, 2004 |
| Description: |
Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
racoon: denial of service vulnerability
| Package(s): | ipsec-tools racoon iputils |
CVE #(s): | CAN-2004-0403
|
| Created: | April 26, 2004 |
Updated: | July 29, 2004 |
| Description: |
racoon does not check the length of ISAKMP headers. Attackers may be able
to craft an ISAKMP header of sufficient length to consume all available
system resources, causing a Denial of Service. This advisory contains additional
details. |
| Alerts: |
|
Comments (none posted)
jftpgw: format string vulnerability
| Package(s): | jftpgw |
CVE #(s): | CAN-2004-0448
|
| Created: | June 2, 2004 |
Updated: | June 2, 2004 |
| Description: |
jftpgw (an FTP proxy) contains a format string vulnerability which could allow the execution of arbitrary commands with the privileges of the server process. |
| Alerts: |
|
Comments (none posted)
kdelibs: cookie disclosure
| Package(s): | kdelibs |
CVE #(s): | CAN-2003-0592
|
| Created: | March 10, 2004 |
Updated: | August 24, 2004 |
| Description: |
kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. |
| Alerts: |
|
Comments (none posted)
kde: URI Handler Vulnerabilities
| Package(s): | kde Opera |
CVE #(s): | CAN-2004-0411
|
| Created: | May 17, 2004 |
Updated: | June 15, 2004 |
| Description: |
iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that similar vulnerabilities exists in all version of KDE, up to
KDE 3.2.2 inclusive. See this advisory for
more information. |
| Alerts: |
|
Comments (none posted)
kerberos: buffer overflows
| Package(s): | kerberos5 |
CVE #(s): | |
| Created: | June 2, 2004 |
Updated: | June 2, 2004 |
| Description: |
MIT Kerberos 5 suffers from multiple buffer overflows which could lead to a remote root exploit, though the exploit looks difficult. Versions through krb5-1.3.3 are affected; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: symlink overflow in the iso9660 filessytem
| Package(s): | kernel |
CVE #(s): | CAN-2004-0109
|
| Created: | April 14, 2004 |
Updated: | July 15, 2004 |
| Description: |
The 2.4 and 2.6 kernels contain a
vulnerability in the iso9660 (CDROM) filesystem which can be used by a
local attacker to obtain root privileges. The exploit requires creating a
specially-crafted filesystem and getting the kernel to mount it. Many
systems are configured to automatically mount CDs on insertion, however, so
the possibility of this vulnerability being exploited by users with
physical access to the system is real. The 2.4.26 kernel contains the fix,
which will also be merged into the upcoming 2.6.6 release. |
| Alerts: |
|
Comments (none posted)
kernel - root exploit in MCAST_MSFILTER
| Package(s): | kernel |
CVE #(s): | CAN-2004-0424
|
| Created: | April 22, 2004 |
Updated: | June 11, 2004 |
| Description: |
A locally exploitable integer overflow has been found the multicast code
of the Linux kernel versions 2.4.22 to 2.4.25 and 2.6.1 - 2.6.3. A
successful exploit could lead to full superuser privileges. |
| Alerts: |
|
Comments (1 posted)
Linux kernel 2.2.10 failing function and TLB flush vulnerability
| Package(s): | kernel-source-2.2.10 |
CVE #(s): | CAN-2004-0077
|
| Created: | March 18, 2004 |
Updated: | June 4, 2004 |
| Description: |
A local root exploit is possible due to early flushing of the
TLB. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
LHA: stack buffer overflows and directory traversal flaws
| Package(s): | LHA |
CVE #(s): | CAN-2004-0234
CAN-2004-0235
|
| Created: | April 30, 2004 |
Updated: | June 11, 2004 |
| Description: |
LHA is an archiving and compression utility for LHarc format archives. Ulf
Harnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. See this advisory+patch for more details.
CAN-2004-0234: An attacker could exploit the buffer overflows by creating a
carefully crafted LHA archive in such a way that arbitrary code would be
executed when the archive is tested or extracted by a victim.
CAN-2004-0235: An attacker could exploit the directory traversal issues to
create files as the victim outside of the expected directory. |
| Alerts: |
|
Comments (2 posted)
libpng: denial of service vulnerability.
| Package(s): | libpng |
CVE #(s): | CAN-2004-0421
|
| Created: | April 29, 2004 |
Updated: | June 11, 2004 |
| Description: |
The PNG library can accesses memory that is out of bounds when
creating an error message, this can be exploited by a malformed
PNG image file. |
| Alerts: |
|
Comments (none posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | July 21, 2004 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
logcheck: symlink vulnerability
| Package(s): | logcheck |
CVE #(s): | CAN-2004-0404
|
| Created: | April 21, 2004 |
Updated: | December 22, 2004 |
| Description: |
The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files. |
| Alerts: |
|
Comments (none posted)
mailman: password disclosure
| Package(s): | mailman |
CVE #(s): | CAN-2004-0412
|
| Created: | May 27, 2004 |
Updated: | July 20, 2004 |
| Description: |
In mailman versions above 2.1, third parties can retrieve
member passwords from the server. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: denial of service vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2003-0973
|
| Created: | January 27, 2004 |
Updated: | October 4, 2004 |
| Description: |
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilties
| Package(s): | mozilla |
CVE #(s): | CAN-2003-0594
CAN-2003-0564
|
| Created: | March 10, 2004 |
Updated: | August 19, 2004 |
| Description: |
Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
MySQL: temporary file vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2004-0381
CAN-2004-0388
|
| Created: | April 14, 2004 |
Updated: | August 18, 2004 |
| Description: |
The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system. |
| Alerts: |
|
Comments (none posted)
neon: buffer overflow
| Package(s): | neon |
CVE #(s): | CAN-2004-0398
|
| Created: | May 19, 2004 |
Updated: | September 30, 2004 |
| Description: |
The neon library (through version 0.24.5) contains a buffer overflow in its date parsing code, allowing arbitrary code execution when connecting to a hostile server. See this advisory for details. This vulnerability also affects related applications (such as cadaver). |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
passwd: various problems
| Package(s): | passwd |
CVE #(s): | |
| Created: | May 17, 2004 |
Updated: | June 2, 2004 |
| Description: |
Steve Grubb found some problems in the passwd program. Passwords given to
passwd via stdin are one character shorter than they are supposed to be.
He also discovered that pam may not have been sufficiently initialized to
ensure safe and proper operation. A few small memory leaks have been fixed
as well. |
| Alerts: |
|
Comments (none posted)
python: buffer overflow
| Package(s): | python |
CVE #(s): | CAN-2004-0150
|
| Created: | March 10, 2004 |
Updated: | October 11, 2004 |
| Description: |
Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. |
| Alerts: |
|
