LWN.net Logo

LWN.net Weekly Edition for July 1, 2004

The Grumpy Editor's guide to graphical mail clients

This article is part of the LWN Grumpy Editor series.
This is the second article in a series dedicated to the discovery of the perfect mail client. Those who have not read the introduction to the series may want to do so; it explains much of the motivation behind this search. This article, in particular, looks at the current crop of graphical mail clients. Future articles will look at terminal-oriented and emacs-based clients and other aspects of the mail system.

Your editor, remember, is looking for a mail client which enables the processing of vast amounts of mail in a flexible manner. An LWN editor can spend hours each day dealing with email from various sources; actually getting an LWN Weekly Edition out every week very much depends on the use of an efficient, reliable client. In particular, your editor is looking for:

  • A powerful and flexible command set which does not require constant use of the mouse.

  • A high degree of configurability. When a complex tool is being used as a key part of the daily workflow, it is worth spending some time to tweak it to optimal performance. That tweaking should be possible.

  • The ability to interface with external programs for the disposition of email.

  • Support for common tasks, such as sending patches.

For this article, your editor spent a significant amount of time working with Balsa, Evolution, KMail, Sylpheed, and Thunderbird. These programs all have a great deal in common; they would appear to have all been built from the same basic template. A tall pane on the left contains the folder hierarchy, usually split between local folders and those found on some remote server. The top right pane gives a folder view, while the bulk of the space, in the bottom right, contains the text of a message itself. Separate windows are used for composition of new messages.

Each client has its own keyboard shortcuts (we will get to that later), but the mouse-oriented interaction is quite similar between all of them. A user familiar with one of these clients could make use of another with little trouble. Could it really be that the optimal model for graphical email clients has already been found, and that no further experimentation is called for at this point? Or could it be that all of these clients are imitating a popular proprietary email offering?

All of the clients have most of the expected features: built-in address books; support for multiple accounts; disconnected operation; secure POP, IMAP, and SMTP access; threading of folders; hierarchical folders; filtering of messages based on various criteria; etc. Most of the common features will not be discussed here.

Balsa

[Balsa] Balsa is a longstanding GNOME client. In recent years it has been somewhat upstaged by Evolution, but development on Balsa continues. The 2.1.3 development release came out in May, 2004, but your editor was unable to make it work on his system; this review, thus, looks at the stable 2.0.17 release.

Balsa lacks the polish of some of the other mail clients we'll look at here, but it has many of the same capabilities. It can deal with remote mailboxes via POP or IMAP, and local mailboxes in mbox, maildir, and MH format. It can only use SMTP for outgoing mail; there is no option for passing a message to a local command.

Balsa has one failing which it shares with a few other clients: it makes the user wait while it talks with the remote SMTP server. It would be nice if this conversation could happen in the background; there is little joy in staring at a "connecting to server" dialog for an indefinite period of time. Yes, one can always set up a local MTA to handle this task, but that should not be necessary.

Balsa can render HTML mail reasonably well, though it cannot create such mail (the lack of this feature does not strike your editor as a problem). Its display of multipart MIME messages is somewhat awkward; it can only show one part at a time, forcing the user to bounce between tabs to see the whole message.

There is a reasonable set of keyboard shortcuts which, happily, do not require extensive use of modifier keys. There is no provision for changing the shortcuts, however.

Balsa's interface can be somewhat annoying; it can, at times (such as when getting a large message from a remote server), become unresponsive to the user, who is left wondering what is really going on. The address book interface looks powerful, but it would be nicer if it started with a default, local book and didn't require the user to dig through the preferences dialog before allowing addresses to be saved.

Balsa has a basic set of filter operations, though less advanced than most other mail clients. One unique filter operation, however, allows matching messages to be automatically sent to the printer. The potential for paper waste and embarrassment is impressive.

All told, Balsa is a reasonably capable mail client. One gets the impression, however, that its time in the limelight has passed. Most of the other clients reviewed here are more capable and smoother to operate.

Evolution

[Evolution] Evolution has the broadest focus of any of the clients reviewed; it merges the email functionality with contact management, task list, and calendaring functions. Your editor, who is looking for an email client rather than a calendar manager (he addressed that problem a few months back), did not look at these other capabilities in any great detail. One can certainly imagine uses where an integrated calendar manager would be useful, but, if one is seeking a focused mail client, calendars and such can be a distraction.

Version 1.5.9.2 (a pre-1.6 development release) was looked at for this review.

Evolution can handle a wider range of email account types than any of the other clients reviewed. Along with the usual forms (IMAP, POP, local mailbox), Evolution can work with Novell GroupWise accounts and folders in maildir or MH format. An attempt to set up an MH directory, however, crashed Evolution and rendered it incapable of launching; such is life when one plays with development releases. Use of Evolution to read netnews groups is also supported. Outgoing mail can be sent via SMTP to a server, or passed to a local application. Evolution has a nice feature where it can query the remote mail server to determine what sorts of authentication and encryption features it supports.

Some basic spam filtering is built into Evolution; users can mark messages as being "junk" and, once the internal filter is properly trained, apply filters to clear the spam out of the way. The filtering appears to be based on SpamAssassin. The documentation mentions an option to have Evolution pass mail to spamd for evaluation, but that option does not yet actually exist in the configuration dialogs.

Evolution provides a set of keyboard shortcuts which allows some actions to be performed without the mouse. There is no evident way of configuring shortcuts, however; if you don't like the defaults, there's little to be done.

Evolution provides full support for HTML mail. Incoming HTML is rendered by default. It can compose mail in HTML format, and a full set of operations is provided enabling the composition of truly gaudy messages. Happily, Evolution defaults to sending plain text mail only; users must explicitly say they want to create HTML messages.

There are some nice features for finding messages within folders. A search bar in the main menu can quickly narrow the view to messages meeting the search criteria. The "vFolder" mechanism is a more advanced feature which enables the creation of custom views which can include messages from multiple folders which meet the search criteria.

KMail

[KMail] KMail is the KDE mail client, part of the "kdepim" package. In many ways, KMail is the most configurable and flexible of the graphical email clients out there.

KMail can handle incoming mail via POP, IMAP, and local mailboxes in mbox or maildir format. Outgoing mail is transferred via SMTP or handed to a local program. KMail's account setup is, however, a little more confusing than that found in the other mailers. Mail identities, mail sources, and "transports" (ways of sending mail) are all configured separately; they can then be mixed and matched in arbitrary ways. Those who are so inclined can select a different outgoing transport for each message. The system is flexible, but not necessarily straightforward to set up at the outset.

Like Evolution, KMail can query remote mail servers to determine their encryption and authentication capabilities. This is such an obviously good feature that one wonders why all mail clients do not work that way.

KMail has extensive configuration options. Uniquely among the clients reviewed (but standard for KDE applications), KMail provides an easy mechanism for configuring keyboard shortcuts. The defaults also make some sense: "R" for reply, for example. Given that regular, unmodified keystrokes have no intrinsic meaning in the context of a mail client window, why make users lean on the control key to get anything done? One should be able to simply hit "N" to see the next message, and KMail's designers understand that.

The usual filtering operations are available. KMail does not, however, have any sort of internal spam filtering built into it (though some of the available, undocumented options, like "mark as spam," suggest that this capability is coming). Filters can, among other things, change the default identity or outgoing transport which applies to a given message, or rewrite header fields. Like Evolution, KMail supports virtual folders created by searching; there is no search bar in the main window, however.

KMail can render HTML mail quite nicely, but it refuses to do so until the user explicitly requests HMTL rendering for a specific message. It also will not load external images until you get past a configuration screen with dire warnings on it. KMail does not appear to be able to create HTML messages.

As a whole, KMail has a pleasant, responsive interface. It is visually pleasing, and makes relatively good use of the screen space. More than some other clients, it provides feedback on what it is doing at any given time, and does not make the user wait unnecessarily. On the other hand, it has an obnoxious habit of popping up "tool tips" with the message [Kmail icons] subject when the pointer moves over the subject in the folder view pane; this behavior creates a great deal of distracting flashing while not really giving the user any useful information. Some of the toolbar icons are less than instructive; try to guess what the three shown on the left mean. (They are "get new mail", "reply", and "forward").

In summary: KMail is a capable client; its developers have clearly given some thought to how to make life easier for their users. It is arguably one of the best mail clients available.

Sylpheed

[Sylpheed] Sylpheed is a GTK+ mail client which advertises itself as fast and lightweight. Like Balsa, Sylpheed feels a little rough in the modern world. This client, however, has some capabilities that the others lack.

At the top of the list of those capabilities might be "actions." Sylpheed includes a mechanism for running external programs on messages; the output of that program can, optionally, replace the original message. Actions can be created with a dialog box (canned actions can also be obtained from the net and added directly to the configuration file); thereafter they show up under the "Tools/Actions" menu. It would be nice if an action could be bound to a keystroke, but...

...Sylpheed does not allow the configuration of keyboard shortcuts. Shortcuts do exist for most operations, but they all require the use of the control key. The font selection available in Sylpheed is also somewhat restrictive; it cannot use the nice anti-aliased fonts the way some of the other mail clients can. If you spend a lot of time staring at a mail client every day, this makes a difference.

Sylpheed tends to hang up at times; when an action is being run, for example. It also makes the user wait for SMTP conversations to complete when sending a message.

This client cannot render HTML mail; it wings it by stripping out the markup and simply displaying the remaining text. This technique works surprisingly well; if you don't get much HTML mail, you may never even notice the lack of proper support.

Sylpheed can work with POP and IMAP mailboxes, or with local mailboxes in the mbox format. It creates local mailboxes using the MH format; it can also be configured to use the MH inc command to incorporate new mail. It has no support for mailboxes in maildir format.

The Sylpheed address book is minimal but functional; there is no LDAP support, however.

For those who find Sylpheed inadequate, but who like the basic platform, the Sylpheed-Claws project may be worth a look. Sylpheed-Claws is an ongoing effort to add vast numbers of features to Sylpheed. Some of these include a plugin mechanism, spell checking (a feature available on most other mail clients), the ability to assign actions to icons on the toolbar, a search bar for narrowing folder views, themes, message scoring, HTML viewing (using an external viewer), better GPG support, LDAP support, and more. The biggest problem with Sylpheed-claws, however, is that it is very much a development release; you editor was able to make it crash in several different ways. Crashing is not a desirable feature in a vital work tool.

Sylpheed is a powerful client which is clearly aimed at serious users. In your editor's not entirely humble opinion, what it could best use at this point is (1) a bit more attention to polish, human factors, and visual appeal, and (2) a concerted effort to move the best, most stable features from Sylpheed-Claws into the mainline client. With some work in that direction, Sylpheed could be a powerful contender for the title as the best graphical client for advanced users.

Thunderbird

[Thunderbird] Thunderbird is the standalone mail client from the Mozilla project; its most recent release is version 0.7.1. Thunderbird is a slick product; it is visually appealing and, for the most part, easy to use.

Unlike other mail clients, Thunderbird has no provision for local maildrops at all; it can only obtain mail via POP or IMAP. It does maintain local folders, however; they are buried deeply under the user's .thunderbird directory, and appear to be in mbox format. Thunderbird can be used to read netnews from NNTP servers. On the outgoing side, Thunderbird expects to talk to an SMTP server, and it makes you wait while the conversation takes place.

Thunderbird handles HTML mail without trouble; one would expect a Mozilla project to get that part down reasonably well. The client will, by default, execute Javascript contained within HTML mail; your editor is hard put to come up with a reason why one would ever want to leave that option enabled. Thunderbird also sends mail in HTML format and, discouragingly, comes configured to send HTML by default.

Thunderbird is a highly configurable client. The actual configuration can be a bit confusing, however; quite a few options (such as sending HTML mail) are part of the account configuration. A user will look for such options under the "options" menu in vain. Thunderbird also has a powerful extension mechanism, with numerous extensions available on the net.

The default keyboard shortcuts are heavily reliant on the control key, and there is no provision for changing them. The "keyconfig" extension mitigates that problem somewhat, though it is not trivial to use and cannot create shortcuts for all that many operations.

Thunderbird has some strange behavioral glitches. Clicking on a URL in a message, for example, causes Thunderbird to copy the web page to a local file and run a browser on that file; this strange behavior breaks all the images and links, among other things. If, instead, the user drags the URL to a browser window, the right thing happens. Thunderbird is also reluctant to use folders on the remote IMAP server that it didn't create itself; folders created by a different mail client tend to be completely inaccessible.

On the other hand, Thunderbird's composition window is relatively nice and easy to use. The interaction with the address book is easy and transparent, and Thunderbird makes it easy to set various types of headers ("Bcc:", "Reply-To:") without having to dig through menus.

Thunderbird has its own bayesian spam filter built in. Messages which look like spam are prominently marked as such; the user then has the option of correcting things. The toolbar icon toggles between "Junk" and "Not junk," depending on the current marking of the message; the user thus has to actually look at it to see what it will do at any given time. This sort of modal interface is an encouragement to the user to make mistakes. The keyboard shortcuts for marking and unmarking spam, at least, are distinct.

There is a search bar in the main window for quickly narrowing folders. There are no virtual folders for holding search results, however.

Thunderbird is an impressive client; for version 0.7 it is in very good shape. Your editor would like to see some attention paid to the needs of users who want to do nonstandard things, such as adding custom operations to the toolbars. Given that most of the details and polish are already in place, a bit of careful feature work could turn Thunderbird into a truly powerful and useful program.

Other important points

A grumpy editor who posts to lists like linux-kernel lives in fear of two things: (1) sending text in very long lines, and (2) sending patches which have been word-wrapped by the mail client. Committing either faux pas can cause a budding kernel hacker to contemplate a switch to Visual Basic programming. Your editor attempted to get each mailer to send an unmolested patch while performing word wrapping on the accompanying text. Note that some people really want to see patches inline, rather than as attachments, which complicates the situation - any of the mail clients reviewed here can send an attachment without trouble.

Only Sylpheed passed this test in a clear way. If the "wrap on input" option is selected, typed text will be wrapped, but an inserted file will be left alone. KMail sort of works, in that word wrap can be disabled for specific messages. If you use the "external editor" option (which works in a bit of a confusing way; you must type a keystroke in the text area of the composition window to get your editor), whatever the editor produces will not be messed with. Balsa wraps everything, as does Evolution. Thunderbird, interestingly, has no option for inserting a file into an outgoing message; you must cut-and-paste it in (and deal with wrapping problems), or send it as an attachment.

Another important feature, as far as your editor is concerned, is the ability to feed a message to an external program. After all, it just might be possible that users may think of things to do with their mail which, inexplicably, just didn't occur to the implementers of the mail client. Such operations might include feeding a message to sa-learn to better train SpamAssassin's filter, or, in your editor's case, inserting a software announcement into the LWN site.

Support for external programs is poor in most of the clients reviewed. Some of them can invoke an external program while filtering messages (thus, for example, allowing SpamAssassin to be used to clean out junk), but only Sylpheed has a separate mechanism for running programs on specific messages. Even then, only Sylpheed-Claws brings that mechanism to the toolbar, and there is still no way to assign an action to a keystroke. Thunderbird has an "external application" extension, but it is really just an application launcher; it can't be used to process messages. There should be no reason why the right kind of extension couldn't be written; it's just that, as far as your editor can tell, nobody has done it yet.

In general, extensibility is an important feature for a complex application. The original developers will never think of everything, and really should not even try. If the application provides an easy way for others to add capabilities, the result will often be a rich ecosystem of features far beyond the imagination of the application's designers. Among the clients reviewed above, only Thunderbird provides support for first-class extensions - though Sylpheed-Claws is getting there. In the long term, the email client which best supports extensions may well be the one which gathers the largest, happiest user base.

Conclusions

A few other free graphical clients exist, but didn't make it into this review:

  • Althea looks like a fairly basic GTK-based client. "The design goal was a stable e-mail client with the richness of usability of Microsoft's Outlook, Qualcomm's Eudora, and Cyrusoft's Mulberry."

  • [Mahogany] Mahogany is a feature-rich, highly configurable client; its 0.66 release came out in January, 2004. Mahogany does indeed offer a dizzying variety of configuration options; should those options not suffice, there is also a built-in Python interpreter for extensions. That notwithstanding, Mahogany is said to be a low-bloat application.

  • Aethera is a client produced by theKompany.com; it claims to do task lists and appointment management; it also comes up with news and weather reports on the side. Unfortunately, source for current releases does not appear to be available from theKompany's download site.

So, with all these options, which would your editor choose? The answer, for the moment, is "none of the above." Your editor is not yet sold on the advantages of a graphical client for this sort of work; these clients do have a number of nice features, but an email client must, above all else, enable quick and efficient processing of mail. Anybody who has tried to exchange email with your editor knows that he can easily get far behind; if the email client adds friction to the process, that problem will get worse.

Some of the clients reviewed look like they could eventually be a part of a workable email system. With luck, future development will take at least one of them in a direction where it is, on the one hand, polished, feature-rich, and usable, while being, on the other hand, easy to integrate into a wider way of doing things. Meanwhile, your editor will proceed to look at some of the current non-graphical offerings (this includes emacs-based clients, which are becoming increasingly graphical in their own right). Stay tuned.

Comments (95 posted)

The Global File System goes full circle

June 30, 2004

This article was contributed by Joe 'Zonker' Brockmeier.

In 2003, Red Hat announced that it was acquiring Sistina, and that it would work to release Sistina's current technologies as open source in 2004. Red Hat made good on that promise on June 24 by re-releasing the Global File System under the GPL. The Global File System (GFS) has a fairly long and interesting history. According to the OpenGFS website, the GFS project started at the University of Minnesota and was sponsored from 1995-2000 by the University. Then Matthew O'Keefe, a professor at the university, founded Sistina around GFS.

Sistina stopped making new versions of GFS available under the GPL in 2001. It's important to note that it's inaccurate to say (as many have) that GFS has been "re-released" under the GPL -- the original code that was available under the GPL remained available under the GPL. Sistina simply quit putting out new releases under the GPL, but users still had the option of using and working with releases prior to Sistina's license change, as did the OpenGFS project.

The release put out by Red Hat last week actually consists of more than just GFS the file system; it totals nine components in all. In addition to GFS itself, Red Hat has released the clustering extensions to the Logical Volume Manager 2 (LVM2). Also, Red Hat has released clustering infrastructure tools and cluster block devices that work with GFS; The Cluster Configuration System (CCS), Cluster Manager (CMAN), Distributed Lock Manager (DLM), GFS Unified Lock Manager (GULM), the Fence I/O fencing system, the Global Network Block Device (GNBD) and the Cluster Snapshot Block Device (CSBD).

Linux has no shortage of filesystems to choose from, but GFS is quite a bit different from Ext3, ReiserFS and other popular file systems being used with Linux today. The GFS release probably isn't that interesting for users with a single Linux workstation or for small installations of Linux systems that don't require a great deal of filesystem sharing or redundancy. For Linux shops that have deployed or plan to deploy Linux in a clustering capacity or using a Storage Area Network (SAN) to share filesystems among servers, instead, GFS is a very interesting technology.

GFS allows Linux servers to share a single file system on a block device via fiber channel, iSCSI, NDB or other technology, and allows those servers to simultaneously read from that file system and coordinates writes to the filesystem to avoid data being overwritten. Changes to the filesystem made by one server are immediately available to other servers. GFS is different from the Network File System (NFS) in that it removes the requirement for clients to access storage devices through an NFS server. It removes some of the overhead from working with data, making GFS more robust. One can use the two technologies in conjunction with one another, using GFS to give a set of servers access to a filesystem stored on a set of fiber channel drives (for example) and then exporting the filesystem to clients via NFS.

GFS is highly scalable, which means that hundreds of systems can share a filesystem on a SAN. In addition, as one might expect, file system and volume resizes can be performed while the system is running -- which means that enterprise systems don't need to be brought down for filesystem maintenance when a deployment starts to require more space. The file servers themselves can be clustered to provide high availability, redundancy and increased performance. Just what the doctor ordered for a database cluster, enterprise file servers, large e-mail installations and many other applications.

For those interested in trying out GFS, source RPMs are available for Red Hat Enterprise Linux 3, CVS snapshots are available, and enterprising Fedora user Lennert Buytenhek has already whipped up FC2 RPMs of GFS and the necessary tools. Packages are no doubt being prepared for other popular Linux distributions as well. Instructions on using GFS can be found here.

Of course, RHEL users still have the option of buying GFS for a mere $2200.

The GFS team is now working to put GFS into the mainline Linux kernel. It shouldn't be terribly difficult for a project this useful to find a healthy community of users to apply whatever elbow grease is necessary to make that happen.

Comments (9 posted)

A look at Slackware 10.0

June 28, 2004

This article was contributed by Joe 'Zonker' Brockmeier.

The long-awaited Slackware 10 release has hit the streets, so to speak. Though Patrick Volkerding's Slackware wasn't the very first Linux distribution (it was originally based on the SLS distribution) it has outlived all of its predecessors. First released on July 16, 1993, Slackware has come a long way since its floppy-based origins -- though in some ways, it has also remained very much the same.

The Slackware installer, for example, has changed very little over the years. Though the lack of a graphical installer may intimidate new users, the text-based menu installer still serves well and is quite simple to use if one will only take the time to read the text. This writer installed Slackware 10, using the "install everything" option, on a Toshiba Satellite 1415-S105 notebook in about twenty minutes. That includes disk partitioning, network setup and reboot. Slackware's installer may lack bells and whistles, but it serves just fine on almost any hardware.

Slackware also continues to use the BSD-style init scripts, though slightly streamlined in this release, as opposed to the SYSV style init scripts that are used by most other Linux distributions. Whether this is an annoyance or feature largely depends on the personal preference of the user.

The latest Slackware release is based on the stock 2.4.26 Linux kernel, with an optional 2.6.7 kernel for users who wish to run the 2.6 series. Apparently, the 2.6 kernel series hasn't quite yet lived up to Volkerding's standards for a default kernel. Nor has Slackware jumped to the Apache 2.0.x series yet; it still ships with Apache 1.3.31. Slackware also still includes lprng and LILO, which have been replaced by CUPS and GRUB in most distributions -- though Slackware also now includes CUPS alongside lprng.

Slackware still includes a wide array of window managers and desktop environments, and tends to stay on or close to the cutting edge there. KDE 3.2.3 is included, as is GNOME 2.6.1, XFce 4.0.5, Blackbox, Fluxbox, and many others. While most popular distributions tend to brand the window managers and desktop environments -- Red Hat's "Bluecurve" and Mandrake's "Galaxy" themes come to mind -- Slackware ships them more or less as-is. In fact, all packages shipped with Slackware "follows the setup and installation instructions from its author(s) as closely as possible." This writer tends to prefer the "generic" version of packages, so Slackware is his favored choice in this area.

Though not part of the default install, there are a few new package tools for Slackware 10. There's now a "slackpkg" tool to help with upgrading an older release of Slackware, and "slacktrack" to help building Slackware packages. Users who wish to try these new tools will find them in /extras, on the third Slackware disk.

Speaking of disks, it's also worth noting that Slackware is still fairly lightweight in terms of disks required for installation. Only the first disk is necessary for a basic install with KDE, while the second disk will be necessary for users wishing to use GNOME. Users who wish to use the ZipSlack distribution will need to grab disk four. Users interested in trying Slackware before it's available in stores or to subscribers can find ISOs through BitTorrent or through one of the unofficial mirrors.

The only complaint this writer has about Slackware 10 is the lack of a simple sound configuration utility. Configuring sound on the Toshiba laptop with Slackware was a bit more challenging than with other distributions, which usually find and enable the sound card without any user intervention. Other than that, however, installing and configuring Slackware was a pleasure.

In all, Slackware is a solid distribution that's easy to set up and run. For users who are already running Slackware-based systems, the upgrade is well worth it. Users who have never tried Slackware might find that it's well worth the time to test out.

Comments (40 posted)

Page editor: Jonathan Corbet

Security

The netfilter packet of death

Adam Osuchowski and Tomasz Dubinski have sent out an advisory regarding a new vulnerability in the 2.6 netfilter subsystem. Netfilter, being the Linux firewalling code, inspects network packets and makes decisions on which ones to pass on. Use of netfilter is supposed to increase security, so it is always discouraging when the opposite happens. Fortunately, the number of sites vulnerable to this particular bug should be fairly small.

TCP packets can contain an "options" field within the header. This field allows TCP implementations to change how the protocol works; options can be used to turn on features like selective acknowledgments, change how checksumming is done, and so on. Each option has a simple format:

NumberLength 'Length' bytes of data

Multiple options can be packed into the field; an option number of zero terminates the list. If netfilter is asked to filter packets based on the contents of the TCP options field, it goes into a loop stepping through each option present in a packet. Unfortunately, it treats the length byte as a signed quantity; the result is that, with an option number greater than 128, netfilter's index into the options field can be pushed backward, and the code can end up in an infinite loop. That tends to slow packet delivery somewhat.

The fix is straightforward: declare the options array as unsigned.

The good news is that, in all likelihood, very few firewalls filter on the TCP options field, and, of those, most have probably not yet been upgraded to 2.6. The bad news is that there are almost certainly many other bugs in the kernel (and elsewhere) caused by confusion between signed and unsigned types. These vulnerabilities can be hard to find without detailed, tedious auditing. And some of them, certainly, will have a larger impact than this one.

Comments (10 posted)

The U.S. Constitution locked up

As seen in Lawrence Lessig's weblog: Amazon.com is offering an electronic version of the U.S. Constitution aimed at Microsoft's reader. It's all nicely equipped with the usual digital rights management stuff; according to Amazon, permission to print the Constitution has been denied.

The irony of the situation is self-evident. We at LWN would certainly never want to INDUCE anybody to commit a crime, but... if somebody were to get around the DRM and dump a copy of this electronic book onto their printer, it would be a clear violation of the DMCA. For somebody looking for a day in court, it would be harder to find a more desirable case to defend than being charged with printing the U.S. Constitution. Explaining the problems of U.S. copyright law to otherwise uninterested parties has always been a challenge; given enough products like this one, that task is likely to get easier.

Comments (8 posted)

New vulnerabilities

Apache: denial of service

Package(s):apache2 CVE #(s):CAN-2004-0493
Created:June 30, 2004 Updated:July 19, 2004
Description: Versions of apache 2.0 through 2.0.49 fail to defend against arbitrarily long header lines; this bug can be exploited to cause the server to use arbitrarily large amounts of memory. See this advisory from Georgi Guninski for details.
Alerts:
Fedora FEDORA-2004-204 2004-07-19
Fedora FEDORA-2004-203 2004-07-19
Red Hat RHSA-2004:342-01 2004-07-06
Gentoo 200407-03 2004-07-04
tinysofa TSSA-2004-012 2004-06-29
Mandrake MDKSA-2004:064 2004-06-29

Comments (none posted)

FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling

Package(s):freeswan CVE #(s):
Created:June 25, 2004 Updated:July 15, 2004
Description: FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when authenticating PKCS#7 certificates. This could allow an attacker to authenticate with a fake certificate. All these IPsec implementations have several bugs in the verify_x509cert() function, which performs certificate validation, that make them vulnerable to malicious PKCS#7 wrapped objects. With a carefully crafted certificate payload an attacker can successfully authenticate against FreeS/WAN, Openswan, strongSwan or Super-FreeS/WAN, or make the daemon go into an endless loop.
Alerts:
Mandrake MDKSA-2004:070 2004-07-14
Gentoo 200406-20 2004-06-25

Comments (none posted)

giFT-FastTrack: remote denial of service attack

Package(s):gift-fasttrack CVE #(s):
Created:June 24, 2004 Updated:June 30, 2004
Description: giFT-FastTrack is a plugin for the giFT file-sharing application. If a maliciously crafted signal is sent to giFT-FastTrack, remote attackers can crash the giFT daemon.
Alerts:
Gentoo 200406-19 2004-06-24

Comments (none posted)

gzip: temporary file execution problem

Package(s):gzip CVE #(s):
Created:June 24, 2004 Updated:June 30, 2004
Description: The gzip compression program has a problem that can cause code to be executed from the command if the creation of a temporary file fails.
Alerts:
Gentoo 200406-18 2004-06-24

Comments (none posted)

kernel: netfilter denial of service

Package(s):kernel CVE #(s):
Created:June 30, 2004 Updated:July 28, 2004
Description: The netfilter code in 2.6 kernels through 2.6.7 is vulnerable to a remote denial of service attack - but only if filtering on the TCP options field has been enabled. See this advisory for details.
Alerts:
Conectiva CLA-2004:852 2004-07-28
Gentoo 200407-12 2004-07-14
Fedora FEDORA-2004-202 2004-06-30

Comments (none posted)

pavuk: buffer overflow

Package(s):pavuk CVE #(s):CAN-2004-0456
Created:June 30, 2004 Updated:November 11, 2004
Description: Versions of the pavuk web spider through 0.9.28-r1 contain a buffer overflow which could be exploited by a hostile server.
Alerts:
Gentoo 200411-19 2004-11-10
Debian DSA-527-1 2004-07-03
Gentoo 200406-22 2004-06-30

Comments (none posted)

Updated vulnerabilities

Apache mod_proxy: denial of service

Package(s):apache CVE #(s):CAN-2004-0492
Created:June 11, 2004 Updated:October 14, 2004
Description: A buffer overflow vulnerability in the apache mod_proxy module can be exploited to create a denial of service.
Alerts:
Fedora-Legacy FLSA:1737 2004-10-13
Mandrake MDKSA-2004:065 2004-06-29
Debian DSA-525-1 2004-06-24
Gentoo 200406-16 2004-06-21
OpenPKG OpenPKG-SA-2004.029 2004-06-11

Comments (none posted)

apache2: stack-based buffer overflow in ssl_util.c

Package(s):apache2 CVE #(s):CAN-2004-0488
Created:June 1, 2004 Updated:October 14, 2004
Description: A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN.
Alerts:
Fedora-Legacy FLSA:1888 2004-10-13
Debian DSA-532-2 2004-07-27
Debian DSA-532-1 2004-07-22
Red Hat RHSA-2004:245-01 2004-06-14
Gentoo 200406-05 2004-06-09
Slackware SSA:2004-154-01 2004-06-02
OpenPKG OpenPKG-SA-2004.026 2004-05-27
Trustix TSLSA-2004-0031 2004-06-02
Mandrake MDKSA-2004:054 2004-06-01
Mandrake MDKSA-2004:055 2004-06-01

Comments (none posted)

aspell: bounds checking problem

Package(s):aspell CVE #(s):CAN-2004-0548
Created:June 17, 2004 Updated:December 20, 2004
Description: Aspell's word-list-compress utility fails to properly check bounds when dealing with words that are more than 256 bytes long. This can lead to arbitrary code execution by an attacker.
Alerts:
Mandrake MDKSA-2004:153 2004-12-20
OpenPKG OpenPKG-SA-2004.042 2004-09-15
Gentoo 200406-14 2004-06-17

Comments (none posted)

dhcp: buffer overflows

Package(s):dhcp CVE #(s):CAN-2004-0460 CAN-2004-0461
Created:June 23, 2004 Updated:July 14, 2004
Description: Two separate buffer overflows have been found in versions 3.0.1rc12 and 3.0.1rc13 of the ISC DHCP server. These overflows can be exploited by a remote attacker to cause a denial of service, or, potentially, to execute arbitrary code. DHCP servers should not be exposed to the Internet, but this problem is worth fixing regardless. See this CERT advisory for more information.
Alerts:
OpenPKG OpenPKG-SA-2004.031 2004-07-08
Fedora FEDORA-2004-190 2004-06-23
SuSE SuSE-SA:2004:019 2004-06-22
Mandrake MDKSA-2004:061 2004-06-22

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Red Hat RHSA-2005:005-01 2005-01-05
Debian DSA-154-1 2002-08-15

Comments (none posted)

flim: insecure file creation

Package(s):flim CVE #(s):CAN-2004-0422
Created:May 5, 2004 Updated:December 16, 2004
Description: The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files.
Alerts:
Fedora FEDORA-2004-546 2004-12-15
Red Hat RHSA-2004:344-01 2004-08-18
Debian DSA-500-1 2004-05-01

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Debian DSA-710-1 2005-04-18
Mandrake MDKSA-2003:093 2003-09-18
Conectiva CLA-2003:737 2003-09-12
Red Hat RHSA-2003:264-01 2003-09-09
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:126-01 2003-04-14

Comments (none posted)

Horde-IMP: improper input validation

Package(s):Horde-IMP CVE #(s):
Created:June 16, 2004 Updated:August 10, 2004
Description: An input validation error exists in Horde-IMP through version 3.2.4; a specially crafted message could be used to run scripts in the context of the target's browser.
Alerts:
Gentoo 200408-07 2004-08-10
Gentoo 200406-11 2004-06-16

Comments (none posted)

iproute: local denial of service

Package(s):iproute net-tools CVE #(s):CAN-2003-0856
Created:November 25, 2003 Updated:December 14, 2004
Description: The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible.
Alerts:
Mandrake MDKSA-2004:148 2004-12-13
Fedora FEDORA-2004-154 2004-06-03
Fedora FEDORA-2004-115 2004-05-11
Debian DSA-492-1 2004-04-18
Gentoo 200404-10 2004-04-09
Red Hat RHSA-2003:316-01 2003-11-24

Comments (none posted)

racoon: failure to verify signatures

Package(s):ipsec-tools racoon CVE #(s):CAN-2004-0155
Created:April 7, 2004 Updated:August 19, 2004
Description: Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details.
Alerts:
Whitebox WBSA-2004:308-01 2004-08-19
Mandrake MDKSA-2004:027 2004-04-08
Gentoo 200404-05 2004-04-07

Comments (none posted)

racoon: denial of service vulnerability

Package(s):ipsec-tools racoon iputils CVE #(s):CAN-2004-0403
Created:April 26, 2004 Updated:July 29, 2004
Description: racoon does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resources, causing a Denial of Service. This advisory contains additional details.
Alerts:
Red Hat RHSA-2004:308-01 2004-07-29
Mandrake MDKSA-2004:069 2004-07-14
Fedora FEDORA-2004-197 2004-06-28
Whitebox WBSA-2004:165-01 2004-06-10
Fedora FEDORA-2004-132 2004-05-19
Red Hat RHSA-2004:165-01 2004-05-11
Gentoo 200404-17 2004-04-24

Comments (none posted)

kdelibs: cookie disclosure

Package(s):kdelibs CVE #(s):CAN-2003-0592
Created:March 10, 2004 Updated:August 24, 2004
Description: kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix.
Alerts:
Gentoo 200408-23 2004-08-24
Red Hat RHSA-2004:074-01 2004-03-10
Red Hat RHSA-2004:075-01 2004-03-10
Mandrake MDKSA-2004:022 2004-03-10
Debian DSA-459-1 2004-03-10

Comments (none posted)

kernel: symlink overflow in the iso9660 filessytem

Package(s):kernel CVE #(s):CAN-2004-0109
Created:April 14, 2004 Updated:July 15, 2004
Description: The 2.4 and 2.6 kernels contain a vulnerability in the iso9660 (CDROM) filesystem which can be used by a local attacker to obtain root privileges. The exploit requires creating a specially-crafted filesystem and getting the kernel to mount it. Many systems are configured to automatically mount CDs on insertion, however, so the possibility of this vulnerability being exploited by users with physical access to the system is real. The 2.4.26 kernel contains the fix, which will also be merged into the upcoming 2.6.6 release.
Alerts:
Conectiva CLA-2004:846 2004-07-15
Red Hat RHSA-2004:106-01 2004-04-21
Red Hat RHSA-2004:105-01 2004-04-21
Debian DSA-489-1 2004-04-17
Debian DSA-491-1 2004-04-17
Debian DSA-479-2 2004-04-14
SuSE SuSE-SA:2004:009 2004-04-14
Mandrake MDKSA-2004:029 2004-04-14
Fedora FEDORA-2004-101 2004-04-14
Debian DSA-482-1 2004-04-14
Debian DSA-481-1 2004-04-14
Debian DSA-480-1 2004-04-14
Debian DSA-479-1 2004-04-14

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CAN-2004-0554
Created:June 15, 2004 Updated:July 5, 2004
Description: 2.4 and 2.6 kernels running on the i386 and x86_64 kernels have a vulnerability which can allow a local attacker to lock up the system. See this LWN article for a description of the problem.

Many of the updates for this problem also fix various potential driver vulnerabilities found while instrumenting the code for automated auditing.

Alerts:
Gentoo 200407-02 2004-07-03
Fedora FEDORA-2004-186 2004-06-23
Mandrake MDKSA-2004:062 2004-06-23
Whitebox WBSA-2004:255-01 2004-06-21
tinysofa TSSA-2004-011 2004-06-18
Conectiva CLA-2004:845 2004-06-22
EnGarde ESA-20040621-005 2004-06-21
Red Hat RHSA-2004:260-01 2004-06-18
Trustix TSLSA-2004-0035 2004-06-18
Red Hat RHSA-2004:255-01 2004-06-17
Trustix TSLSA-2004-0034 2004-06-16
SuSE SuSE-SA:2004:017 2004-06-16
Slackware SSA:2004-167-01 2004-06-15
Fedora FEDORA-2004-171 2004-06-14

Comments (none posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

krb5: unauthorized root privileges

Package(s):krb5 CVE #(s):CAN-2004-0523
Created:June 3, 2004 Updated:June 29, 2004
Description: Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges. In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration. See the this MIT krb5 Security Advisory for more information.
Alerts:
Gentoo 200406-21 2004-06-29
Debian DSA-520-1 2004-06-16
Whitebox WBSA-2004:236-01 2004-06-10
Mandrake MDKSA-2004:056-1 2004-06-09
Red Hat RHSA-2004:236-01 2004-06-09
Fedora FEDORA-2004-150 2004-06-04
Fedora FEDORA-2004-149 2004-06-04
Mandrake MDKSA-2004:056 2004-06-03

Comments (none posted)

libpng, libpng3: buffer overflow

Package(s):libpng, libpng3 CVE #(s):CAN-2002-1363
Created:December 19, 2002 Updated:July 14, 2004
Description: Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer.
Alerts:
Gentoo 200407-06 2004-07-08
OpenPKG OpenPKG-SA-2004.030 2004-07-06
Mandrake MDKSA-2004:063 2004-06-29
Whitebox WBSA-2004:249-01 2004-06-21
Fedora FEDORA-2004-176 2004-06-18
Fedora FEDORA-2004-174 2004-06-18
Fedora FEDORA-2004-175 2004-06-18
Fedora FEDORA-2004-173 2004-06-18
Red Hat RHSA-2004:249-01 2004-06-18
Conectiva CLA-2003:564 2003-01-23
Mandrake MDKSA-2003:008 2003-01-20
OpenPKG OpenPKG-SA-2003.001 2003-01-15
Yellow Dog YDU-20030114-2 2002-01-14
SuSE SuSE-SA:2003:0004 2003-01-14
Red Hat RHSA-2003:006-06 2003-01-09
Debian DSA-213-1 2002-12-19

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:July 21, 2004
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

logcheck: symlink vulnerability

Package(s):logcheck CVE #(s):CAN-2004-0404
Created:April 21, 2004 Updated:December 22, 2004
Description: The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files.
Alerts:
Mandrake MDKSA-2004:155 2004-12-22
Debian DSA-488-1 2004-04-16

Comments (none posted)

mailman: password disclosure

Package(s):mailman CVE #(s):CAN-2004-0412
Created:May 27, 2004 Updated:July 20, 2004
Description: In mailman versions above 2.1, third parties can retrieve member passwords from the server.
Alerts:
Fedora-Legacy FLSA:1734 2004-07-19
Fedora FEDORA-2004-168 2004-07-01
Fedora FEDORA-2004-167 2004-07-01
Gentoo 200406-04 2004-06-09
Mandrake MDKSA-2004:051 2004-05-26

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Fedora FEDORA-2005-405 2005-06-16
Red Hat RHSA-2005:506-01 2005-06-13
Fedora FEDORA-2005-404 2005-06-09
Gentoo 200307-01 2003-07-02
Debian DSA-320-1 2003-06-13

Comments (none posted)

mod_python: denial of service vulnerability

Package(s):mod_python CVE #(s):CAN-2003-0973
Created:January 27, 2004 Updated:October 4, 2004
Description: Apache's mod_python module could crash the httpd process if a specific, malformed query string was sent.

The Apache Foundation has reported that mod_python may be prone to Denial of Service attacks when handling a malformed query. Mod_python 2.7.9 was released to fix the vulnerability, however, because the vulnerability has not been fully fixed, version 2.7.10 has been released.

Users of mod_python 3.0.4 are not affected by this vulnerability.

Alerts:
Fedora-Legacy FLSA:1325 2004-10-03
Conectiva CLA-2004:837 2004-04-12
Whitebox WBSA-2004:058-01 2004-03-01
Debian DSA-452-1 2004-02-29
Red Hat RHSA-2004:058-01 2004-02-26
Red Hat RHSA-2004:063-01 2004-02-26
Gentoo 200401-03 2004-01-27

Comments (none posted)

mozilla: multiple vulnerabilties

Package(s):mozilla CVE #(s):CAN-2003-0594 CAN-2003-0564
Created:March 10, 2004 Updated:August 19, 2004
Description: Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks.
Alerts:
Whitebox WBSA-2004:421-01 2004-08-19
Whitebox WBSA-2004:110-01 2004-03-29
Red Hat RHSA-2004:112-01 2004-03-17
Mandrake MDKSA-2004:021 2004-03-10

Comments (none posted)

mpg321: format string vulnerability

Package(s):mpg321 CVE #(s):CAN-2003-0969
Created:January 6, 2004 Updated:March 28, 2005
Description: A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming).
Alerts:
Gentoo 200503-34 2005-03-28
Debian DSA-411-1 2004-01-05

Comments (none posted)

MySQL: temporary file vulnerabilities

Package(s):mysql CVE #(s):CAN-2004-0381 CAN-2004-0388
Created:April 14, 2004 Updated:August 18, 2004
Description: The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system.
Alerts:
Gentoo 200405-20 2004-05-25
Mandrake MDKSA-2004:034 2004-04-19
OpenPKG OpenPKG-SA-2004.014 2004-04-14
Debian DSA-483-1 2004-04-14

Comments (none posted)

neon: buffer overflow

Package(s):neon CVE #(s):CAN-2004-0398
Created:May 19, 2004 Updated:September 30, 2004
Description: The neon library (through version 0.24.5) contains a buffer overflow in its date parsing code, allowing arbitrary code execution when connecting to a hostile server. See this advisory for details. This vulnerability also affects related applications (such as cadaver).
Alerts:
Fedora-Legacy FLSA:1552 2004-09-29
Mandrake MDKSA-2004:078 2004-07-29
Gentoo 200406-03 2004-06-05
Gentoo 200405-25b 2004-06-02
Gentoo 200405-25 2004-05-30
Conectiva CLA-2004:841 2004-05-25
Gentoo 200405-15 2004-05-20
Gentoo 200405-13 2004-05-20
OpenPKG OpenPKG-SA-2004.024 2004-05-19
Mandrake MDKSA-2004:049 2004-05-19
Fedora FEDORA-2004-130 2004-05-19
Fedora FEDORA-2004-129 2004-05-19
Red Hat RHSA-2004:191-01 2004-05-19
Debian DSA-507-1 2004-05-19
Debian DSA-506-1 2004-05-19

Comments (none posted)

Nessus NASL scripting engine security issues

Package(s):nessus CVE #(s):
Created:May 27, 2003 Updated:August 12, 2004
Description: Some some vulnerabilities exsist in the Nessus NASL scripting engine. To exploit these flaws, an attacker would need to have a valid Nessus account as well as the ability to upload arbitrary Nessus plugins in the Nessus server (this option is disabled by default) or he/she would need to trick a user somehow into running a specially crafted nasl script. Read the full advisory for additional information.
Alerts:
Gentoo 200305-10 2003-05-27

Comments (none posted)

netpbm: insecure temporary files

Package(s):netpbm CVE #(s):CAN-2003-0924
Created:January 19, 2004 Updated:December 29, 2004
Description: netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.
Alerts:
Conectiva CLA-2004:909 2004-12-29
Gentoo 200410-02 2004-10-04
Mandrake MDKSA-2004:011-1 2004-09-27
Whitebox WBSA-2004:031-01 2004-02-12
Mandrake MDKSA-2004:011 2004-02-11
Red Hat RHSA-2004:030-01 2004-02-05
Fedora FEDORA-2004-068 2004-02-06
Red Hat RHSA-2004:031-01 2004-01-22
Debian DSA-426-1 2004-01-18

Comments (1 posted)

openssh: timing attack leads to information disclosure

Package(s):openssh CVE #(s):CAN-2003-0190
Created:May 2, 2003 Updated:November 30, 2004
Description: From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation."
Alerts:
Ubuntu USN-34-1 2004-11-30
OpenPKG OpenPKG-SA-2003.035 2003-08-06
Red Hat RHSA-2003:222-01 2003-07-29
Gentoo 200305-02 2003-05-13
Gentoo 200305-01 2002-03-05

Comments (1 posted)

OpenSSL: denial of service vulnerabilities

Package(s):OpenSSL CVE #(s):CAN-2004-0081 CAN-2003-0851
Created:March 17, 2004 Updated:November 2, 2005
Description: Versions 0.9.7a-c of the OpenSSL library suffer from two denial of service vulnerabilities; see the version 0.9.7d release announcement for details.
Alerts:
Red Hat RHSA-2005:830-00 2005-11-02
Red Hat RHSA-2005:829-00 2005-11-02
Fedora FEDORA-2005-1042 2005-10-31
Fedora-Legacy FLSA:1395 2004-05-08
Conectiva CLA-2004:834 2004-03-31
Whitebox WBSA-2004:084-01 2004-03-23
Red Hat RHSA-2004:084-01 2004-03-23
Fedora FEDORA-2004-095 2004-03-19
Whitebox WBSA-2004:120-01 2004-03-22
Trustix TSLSA-2004-0012 2004-03-17
Slackware SSA:2004-077-01 2004-03-17
Red Hat RHSA-2004:121-01 2004-03-17
OpenPKG OpenPKG-SA-2004.007 2004-03-18
Gentoo 200403-03 2004-03-17
Debian DSA-465-1 2004-03-17
Netwosix NW-2004-0005 2004-03-17
Mandrake MDKSA-2004:023 2004-03-17
SuSE SuSE-SA:2004:007 2004-03-17
Red Hat RHSA-2004:120-01 2004-03-17
Red Hat RHSA-2004:119-01 2004-03-17
EnGarde ESA-20040317-003 2004-03-17

Comments (1 posted)

postgresql buffer overflow in ODBC driver

Package(s):postgresql CVE #(s):
Created:June 7, 2004 Updated:July 28, 2004
Description: A buffer overflow has been discovered in the ODBC driver of PostgreSQL, an object-relational SQL database, descended from POSTGRES. It possible to exploit this problem and crash the surrounding application. Hence, a PHP script using php4-odbc can be utilized to crash the surrounding Apache webserver. Other parts of postgresql are not affected.
Alerts:
Mandrake MDKSA-2004:072 2004-07-27
Debian DSA-516-1 2004-06-07

Comments (none posted)

python: buffer overflow

Package(s):python CVE #(s):CAN-2004-0150
Created:March 10, 2004 Updated:October 11, 2004
Description: Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address.
Alerts:
Debian DSA-458-3 2004-10-10
Gentoo 200409-03 2004-09-02
Debian DSA-458-2 2004-08-31
Mandrake MDKSA-2004:019 2004-03-09
Debian DSA-458-1 2004-03-09

Comments (none posted)

racoon: improper certificate validation

Package(s):racoon ipsec-utils CVE #(s):
Created:June 23, 2004 Updated:June 23, 2004
Description: The racoon tool found in ipsec-tools (through version 0.3.3) fails to perform proper authentication, enabling a potential man-in-the-middle attack.
Alerts:
Gentoo 200406-17 2004-06-22

Comments (none posted)

rsync remote file write attack

Package(s):rsync CVE #(s):CAN-2004-0426
Created:April 30, 2004 Updated:July 12, 2004
Description: See the rsync homepage for the April 2004 advisory: "There is a security problem in all versions prior to 2.6.1 that affects only people running a read/write daemon WITHOUT using chroot. If the user privs that such an rsync daemon is using is anything above "nobody", you are at risk of someone crafting an attack that could write a file outside of the module's "path" setting (where all its files should be stored). Please either enable chroot or upgrade to 2.6.1. People not running a daemon, running a read-only daemon, or running a chrooted daemon are totally unaffected."
Alerts:
Gentoo 200407-10 2004-07-12
Fedora FEDORA-2004-116 2004-07-01
Whitebox WBSA-2004:192-01 2004-06-10
Debian DSA-499-2 2004-06-02
OpenPKG OpenPKG-SA-2004.025 2004-05-21
Red Hat RHSA-2004:192-01 2004-05-19
Mandrake MDKSA-2004:042 2004-05-10
Slackware SSA:2004-124-01 2004-05-02
Debian DSA-499-1 2004-05-01
Trustix TSLSA-2004-0024 2004-04-29

Comments (none posted)

squid: buffer overflow

Package(s):squid CVE #(s):CAN-2004-0541
Created:June 9, 2004 Updated:September 30, 2004
Description: The NTLM authentication helper used by the squid proxy contains a buffer overflow vulnerability; an overly-long password may be used to run arbitrary code. Sites not using NTLM authentication are not vulnerable.
Alerts:
Red Hat