A look at PostgreSQL
With the 7.5 release of PostgreSQL not too far away, and news of
new
features sponsored by Fujitsu and Software Research Associates (SRA),
we decided to take a look at the PostgreSQL project and what users might be
able to expect in the coming months. We spoke to PostgreSQL steering
committee member Bruce Momjian about the upcoming 7.5 release, and the
"state" of PostgreSQL. According to Momjian, "
the project is doing
very well."
We're very organized and thorough in the way we do stuff. That's kind of
paid off [in that] every three or four months it seems like we're making
another kind of milestone in what we can do with Postgres in terms of
adoption and features. It's kind of hard to put it into words, I've stopped
getting surprised at how successful it's been.
Though each new release is a milestone, Momjian said that the 7.5 release
would have an unusual number of new features. In part, that's thanks to
Fujitsu and SRA underwriting the development of tablespaces, nested transactions development and support for Java server-side programming. Momjian is employed by SRA to work with PostgreSQL and the community, and says the
company approached him to broker arrangements with developers already
working on those features:
Big missing functionality typically takes weeks to develop, very hard for
developers to spend weeks volunteering, they've got to put food on the
table. Fujitsu would supply X amount of money for the amount of time
they're spending working on these features, [which were] very slow going
because they were only spending a few hours a week... the infusion of cash
allowed them to commit weeks.
The tablespace feature will allow a database to be spread across multiple
storage devices. Currently, PostgreSQL requires all of a database to exist
on a single filesystem. This can be a problem for performance and space
reasons. In 7.5, by default, PostgreSQL will continue to store everything
on the same filesystem, but Momjian said that an administrator will be able
to use tablespaces to move a table or entire database to another
filesystem. Even better, Momjian says that this will not impact an
application using the database -- so existing applications will not need to
be rewritten to use a database that takes advantage of tablespaces.
Oracle users and developers will know nested transactions by the name
"savepoints." This feature in 7.5 will give developers "better
control over failure cases with multi-statement locks" and allow
developers a better option than simply causing an entire transaction to
fail if one statement fails. Momjian noted that PostgreSQL already had
"a robust system" but that developers porting applications
from Oracle needed finer control than the current PostgreSQL system
allows. "Some applications needed logic that would say 'I want to try
inserting, but if that fails, I want to do something else.'"
Another feature in 7.5 of interest to many users will be point-in-time
recovery. With point-in-time recovery, PostgreSQL will allow users to
recover information "up to the instant of hardware failure."
Of course, not all PostgreSQL users are defectors from the Oracle camp. The
focus of late for many open source projects seems to be on the "enterprise"
features, which might lead hobbyist and small business users to wonder
whether those projects will continue to be suitable for their use. We asked
whether focus on enterprise features might detract from the "little guy,"
and he said that while PostgreSQL 7.5 will have many features that are
aimed directly at the enterprise users, the PostgreSQL project isn't losing
sight of the small-scale users. In fact, there are several features that
are directly aimed at the little guy rather than enterprise users.
One of those features is direct import of comma-separated value (CSV)
files. Momjian said that many users have asked for the ability to directly
import a CSV file produced by a spreadsheet program or other utility. Prior
to 7.5, users would have to convert those files into a suitable format for
PostgreSQL to import using a Perl script or other utility -- but with 7.5
users will be able to "load CSV natively right into Postgres."
Another "little guy" feature of interest in 7.5 is the ability to change
the data type of a column. In prior versions of PostgreSQL, it would be
necessary to add a new column, import data from the existing column into
the new column, drop the old column and then rename the new column to
change the data type. In 7.5, users will be able to simply alter the
data type of a column in one easy step.
Momjian also said that the Postgres developers do worry about "bloat," and
that "we've managed to come very far with adding features, without
impacting performance or readability [of the PostgreSQL code.]" On
average, he said that PostgreSQL adds "maybe 50,000 lines every year
to the code...no feature goes in unless it fits like a glove."
Though not part of the 7.5 release, the recently announced Slony-I
replication system bears mentioning as well. The Slony-I replication
system, sponsored by Afilias, does
asynchronous master-to-slave replication, slave promotion and failover.
In addition to the obvious new features, there's also a little work
underneath the hood that will benefit PostgreSQL users as well. Momjian
told LWN that the PostgreSQL team had done a "major redesign"
in the way that PostgreSQL buffers disk writes, which will result in a
"serious performance improvement" in the next release.
Though perhaps of little interest to the LWN readership, Momjian also
pointed out that 7.5 will be the first version of PostgreSQL to have a
native port to Win32:
We feel that the Windows port is important to highlight the accomplishments
of open source to the people running on the Windows platform. You can't
show how good open source is if it's not running on their platform.
There is no set date for the 7.5 release yet, but he said that it should be
out be out by the end of the year, once the project has been able to
conduct extensive testing of all the new features. After the release, he
predicts "increased migration from proprietary databases," and
notes that the PostgreSQL project is already seeing 1,000 to 2,000
downloads per week of the unofficial, unadvertised testing release of
PostgreSQL for Windows.
In all, the next release of PostgreSQL should be quite impressive, and
allow a number of organizations to dump expensive proprietary databases for
an open source alternative.
Comments (13 posted)
Looking forward to OLS
The 2004
Ottawa Linux Symposium
starts on July 21. The content this year looks as good as ever: the
list
of presentations includes well-known Linux developers from all over the
world. As usual, the talks place OLS at the forefront of kernel-oriented
Linux conferences, with some don't-miss desktop topics thrown in as well.
It will be a great gathering for anybody interested in where Linux is
going, or who just wants to hang out with a lot of developers and drink too
much beer. At least, for anybody who has registered; OLS is sold out and
is no longer accepting registrations.
Once again, OLS will be preceded by the invitation-only Kernel Summit. At
the same time, the Desktop
Developer's Conference will be happening upstairs; registration for
that event is still open.
The 2004 event will be the sixth annual Ottawa Linux Symposium. We talked
briefly with OLS founder and organizer Andrew Hutton about the event.
LWN: The sixth Ottawa Linux Symposium will be happening next month. Can you
tell us how this event got its start? What inspired you to create OLS?
After attending Linux Expo in North Carolina in 1998 and 1999 and the Atlanta
Linux Showcase I noticed that the technical events were in danger of being
overshadowed by the Dot.Com inspired multi-million dollar marketing events
that were beginning to happen at that time. Nobody I knew would voluntarily
go to one of these new marketing events. At about 4am one morning while
thinking about this problem I asked Alan Cox if he'd consider coming to
Ottawa and doing the keynote for a new event on the other end of the
spectrum, a pure technical event. He said something like 'sure haven't been
to Canada yet, why not' and 3 months later we had the first Linux Symposium.
LWN:
OLS has become one of the definitive gatherings of free software
developers, especially in the kernel area. How is it that OLS is able
to attract such an impressive list of participants - many of whom have
to travel a long way to get there - every year?
Content, content, content. Above all else we try to attract the best leading
edge content we can. The goal is to create an environment in which nobody
goes to a presentation without learning something new about the subject.
LWN:
This year, the Desktop Developers Conference will be happening
immediately prior to OLS. Can you tell us a little about this event and
your expectations for it?
The goal is to bring together the various parties involved in a functional
free desktop from kernel people, to X developers, distribution builders,
desktop infrastructure people (GNOME/KDE/etc) and application developers to
share experiences and discuss the areas in which future cooperation is
possible.
LWN: The 2004 Kernel Summit will also be happening just before OLS. Do you
expect to host more such events in the future, along the lines of the
successful "miniconfs" which accompany Linux.Conf.Au?
For smaller groups we've encouraged this for years. The Desktop Developers'
Conference will be the first of the more public ones though. It may or may
not remain adjacent to the Linux Symposium in the future. The main reason it
is this year is that despite all the buzz you've heard about the future of
the desktop, there isn't a lot of support for it yet and this makes it easier
for people to justify attending both at this time.
LWN: Another Linux.Conf.Au idea that seems to work well is moving the
conference to a different city every year. Might we ever be able to
look forward to the Jasper or Victoria Linux Symposium?
Probably not. We discuss this every year and people just enjoy coming to
Ottawa ever year. Ottawa is a nice tourist town these days, and has the
facilities we require all within walking distance. One of the great things
about OLS is never needing a car.
LWN:
The Symposium is currently limited to about 500 attendees. Do you think
you may ever allow OLS to become larger? Why?
There are two main reasons. Space and communications overhead. It is nice to
have time to find and sit and chat with all the people you're looking for
during the event. We do end up a bit larger than 500 some years, but for now
the space we have isn't suitable either. To keep things productive keeping
it small is key.
As usual, LWN editor Jonathan Corbet will be present at OLS and the Kernel
Summit this year.
Comments (none posted)
Europatent preview: Godado patents search engines
Anybody who is curious about what benefits software patents might bring to
Europe need look no further than
UK
patent GB2362971, entitled "A method of searching the internet and an
internet search engine." This patent, held by the Italian company Godado
Italia Srl, was first filed in May, 2000; it was assigned last February.
What does this patent cover?
Upon receipt of a search signification, a search is conducted for
web sites having a textual match with the search signification. In
addition, the thesaurus database is searched to determined the
category of meaning to which the search signification belongs and
the meaning of the search signification thus determined is used to
identify related significations having a correlation with the
meaning of the search signification. The enquirer is then provided
with a list of web sites having a textual match with the search
signification and with a list of related significations as a
suggestion for supplementary research.
In other words, a search engine with the advanced capability of looking up
additional search terms in a thesaurus and telling the user about those terms.
Godado is not content to sit on this patent. The company has applied with
the EPO for a
Europe-wide patent, and has also filed a claim in Italy. With those in
hand, Godado has selected its first target: the financial portal Portalino. For the curious, Portalino has
posted Godado's
demand letter (in Italian); your editor has created an English translation to go along with it.
Essentially, the letter accuses Portalino of the heinous crime of running a
search engine, claims that said search engine is an infringement of
Godado's patent, and demands that the search engine be shut down
immediately.
One might assume that Godado does not intend to content itself with
harassing Portalino; according to this Punto Informatico
article, the patent has already been filed in Spain, Portugal, Germany,
and France (along with the UK and Italy). A new litigation company, it
would seem, has been turned loose in Europe.
This patent was not filed until 2000; chances are that, with a bit of (yes)
searching, sufficient prior art can be found to invalidate it. This will
not be the last shakedown attempt by a company wielding a suspect patent,
however, especially if the European Union blesses software patents in their
full glory. Godado shows that U.S.-style software patent hassles
can become part of the European landscape. Unless, of course, the
EU manages to avoid the imposition of union-wide software patents.
Comments (8 posted)
Page editor: Jonathan Corbet
Security
A new set of OIS vulnerability guidelines
The Organization for Internet Safety has
announced the availability, in draft form, of
its "Security Vulnerability Reporting and Response Guidelines." These
guidelines offer suggestions for how security researchers and software
vendors should work together to deal with security problems in the most
effective way. Comments are being solicited for this version; they will be
accepted until July 16.
The guidelines, for the most part, make sense. Essentially, they say that
things go as follows:
- A researcher finds a problem.
- That problem is communicated in a clear way to the relevant vendor.
- The vendor responds, and the two agree on a timeline for investigating
the problem and, if warranted, developing a fix.
- The two talk to each other while this is going on.
- When the fix is complete, the vendor makes it available, and both
parties can release advisories.
- Detailed information on the vulnerability is to be withheld for
30 days.
Of course, it takes the OIS 23 pages, many dozen sub-objectives and
contingencies, and several complicated flow charts to communicate the
above.
The OIS and its guidelines have come under significant fire recently. Many
people distrust the OIS after having seen its list of members: @stake,
BindView, Foundstone, Guardent, ISS, Microsoft, NAI, Oracle, SGI, Symantec,
and our old friends the SCO Group. There are no independent researchers:
OIS policy explicitly excludes them. There is also no representation from
the free software community. In fact, the OIS is not that impressed with
free software in general:
We believe the software author should be given a chance to create a
fix before vulnerability information is made public, but that there
should be no further distribution of that information until the fix
is complete. This priniciple [sic] can be very difficult to adhere to in
certain situations, such as dealing with the open source community
where there aren't protections to keep vulnerability information
secret.
In recent times, the community has shown itself to be quite capable of
keeping vulnerability information under wraps for the time it takes to
generate a fix. If you want to do that, though, it is imperative to create
the fix quickly. The vendor-driven OIS standards seem more oriented toward
keeping vulnerability information secret for as long as possible.
The OIS claims that it has no intention of promoting legislation which
would codify its guidelines. Given the nature of some of the companies
involved, not everybody believes that claim. Certainly any attempts in
that direction should be watched for and resisted.
Perhaps the most interesting perspective on the OIS is this, however:
there are no free software organizations or vendors represented because the
community has no need for the OIS. As a general rule, vulnerability
reporting and response works very well in the free software world.
Vulnerabilities are reported to the relevant parties, and a whole set of
independent vendors and projects gets fixes out quickly. It is hard to see
problems in this aspect of our performance which are amenable to any sort
of improvement via a set of official guidelines. Our problems, instead,
lie in the fact that we create far too many vulnerabilities in the first
place. The OIS is not going to help us with that.
Comments (none posted)
New vulnerabilities
esearch: insecure temp file handling
| Package(s): | esearch |
CVE #(s): | |
| Created: | July 1, 2004 |
Updated: | July 6, 2004 |
| Description: |
The eupdatedb utility that is part of esearch can allow a symbolic
link to be created in /tmp, making it possible for users to create
arbitrary files. |
| Alerts: |
|
Comments (none posted)
kernel allows unauthorized changes to the group ID
| Package(s): | kernel |
CVE #(s): | CAN-2004-0497
|
| Created: | July 2, 2004 |
Updated: | September 27, 2004 |
| Description: |
During an audit of the Linux kernel, SUSE discovered a flaw that allowed
a user to make unauthorized changes to the group ID of files in certain
circumstances - such as when the files are exported via NFS. |
| Alerts: |
|
Comments (none posted)
Pure-FTPd - denial of service
| Package(s): | Pure-FTPd |
CVE #(s): | |
| Created: | July 5, 2004 |
Updated: | July 6, 2004 |
| Description: |
Pure-FTPd contains a bug potentially
allowing a Denial of Service attack when the maximum number of connections
is reached. |
| Alerts: |
|
Comments (none posted)
XFree86, X.org: XDM ignores requestPort setting
| Package(s): | XFree86 X.org |
CVE #(s): | CAN-2004-0419
|
| Created: | July 5, 2004 |
Updated: | July 28, 2004 |
| Description: |
XDM will open TCP sockets for its chooser, even if the
DisplayManager.requestPort setting is set to 0. This may allow
authorized users to access a machine remotely via X, even if the
administrator has configured XDM to refuse such connections. See this XFree86 bug report. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
Horde-IMP: improper input validation
| Package(s): | Horde-IMP |
CVE #(s): | |
| Created: | June 16, 2004 |
Updated: | August 10, 2004 |
| Description: |
An input validation error exists in Horde-IMP through version 3.2.4; a specially crafted message could be used to run scripts in the context of the target's browser. |
| Alerts: |
|
Comments (none posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
Apache mod_proxy: denial of service
| Package(s): | apache |
CVE #(s): | CAN-2004-0492
|
| Created: | June 11, 2004 |
Updated: | October 14, 2004 |
| Description: |
A buffer overflow vulnerability in the apache mod_proxy module
can be exploited to create a denial of service. |
| Alerts: |
|
Comments (none posted)
apache2: stack-based buffer overflow in ssl_util.c
| Package(s): | apache2 |
CVE #(s): | CAN-2004-0488
|
| Created: | June 1, 2004 |
Updated: | October 14, 2004 |
| Description: |
A stack-based buffer overflow exists in the ssl_util_uuencode_binary
function in ssl_util.c in Apache. When mod_ssl is configured to trust the
issuing CA, a remote attacker may be able to execute arbitrary code via a
client certificate with a long subject DN. |
| Alerts: |
|
Comments (none posted)
Apache: denial of service
| Package(s): | apache2 |
CVE #(s): | CAN-2004-0493
|
| Created: | June 30, 2004 |
Updated: | July 19, 2004 |
| Description: |
Versions of apache 2.0 through 2.0.49 fail to defend against arbitrarily long header lines; this bug can be exploited to cause the server to use arbitrarily large amounts of memory. See this advisory from Georgi Guninski for details. |
| Alerts: |
|
Comments (none posted)
aspell: bounds checking problem
| Package(s): | aspell |
CVE #(s): | CAN-2004-0548
|
| Created: | June 17, 2004 |
Updated: | December 20, 2004 |
| Description: |
Aspell's word-list-compress utility fails to properly check bounds
when dealing with words that are more than 256 bytes long.
This can lead to arbitrary code execution by an attacker. |
| Alerts: |
|
Comments (none posted)
dhcp: buffer overflows
| Package(s): | dhcp |
CVE #(s): | CAN-2004-0460
CAN-2004-0461
|
| Created: | June 23, 2004 |
Updated: | July 14, 2004 |
| Description: |
Two separate buffer overflows have been found in versions 3.0.1rc12 and 3.0.1rc13 of the ISC DHCP server. These overflows can be exploited by a remote attacker to cause a denial of service, or, potentially, to execute arbitrary code. DHCP servers should not be exposed to the Internet, but this problem is worth fixing regardless. See this CERT advisory for more information. |
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
flim: insecure file creation
| Package(s): | flim |
CVE #(s): | CAN-2004-0422
|
| Created: | May 5, 2004 |
Updated: | December 16, 2004 |
| Description: |
The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files. |
| Alerts: |
|
Comments (none posted)
FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
| Package(s): | freeswan |
CVE #(s): | |
| Created: | June 25, 2004 |
Updated: | July 15, 2004 |
| Description: |
FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs
when authenticating PKCS#7 certificates. This could allow an attacker
to authenticate with a fake certificate. All these IPsec implementations
have several bugs in the verify_x509cert() function, which performs
certificate validation, that make them vulnerable to malicious PKCS#7
wrapped objects. With a carefully crafted certificate payload an attacker
can successfully authenticate against FreeS/WAN, Openswan, strongSwan or
Super-FreeS/WAN, or make the daemon go into an endless loop. |
| Alerts: |
|
Comments (none posted)
giFT-FastTrack: remote denial of service attack
| Package(s): | gift-fasttrack |
CVE #(s): | |
| Created: | June 24, 2004 |
Updated: | June 30, 2004 |
| Description: |
giFT-FastTrack is a plugin for the giFT file-sharing application.
If a maliciously crafted signal is sent to giFT-FastTrack,
remote attackers can crash the giFT daemon. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
gzip: temporary file execution problem
| Package(s): | gzip |
CVE #(s): | |
| Created: | June 24, 2004 |
Updated: | June 30, 2004 |
| Description: |
The gzip compression program has a problem that
can cause code to be executed from the command
if the creation of a temporary file fails. |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
racoon: failure to verify signatures
| Package(s): | ipsec-tools racoon |
CVE #(s): | CAN-2004-0155
|
| Created: | April 7, 2004 |
Updated: | August 19, 2004 |
| Description: |
Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
racoon: denial of service vulnerability
| Package(s): | ipsec-tools racoon iputils |
CVE #(s): | CAN-2004-0403
|
| Created: | April 26, 2004 |
Updated: | July 29, 2004 |
| Description: |
racoon does not check the length of ISAKMP headers. Attackers may be able
to craft an ISAKMP header of sufficient length to consume all available
system resources, causing a Denial of Service. This advisory contains additional
details. |
| Alerts: |
|
Comments (none posted)
kdelibs: cookie disclosure
| Package(s): | kdelibs |
CVE #(s): | CAN-2003-0592
|
| Created: | March 10, 2004 |
Updated: | August 24, 2004 |
| Description: |
kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. |
| Alerts: |
|
Comments (none posted)
kernel: symlink overflow in the iso9660 filessytem
| Package(s): | kernel |
CVE #(s): | CAN-2004-0109
|
| Created: | April 14, 2004 |
Updated: | July 15, 2004 |
| Description: |
The 2.4 and 2.6 kernels contain a
vulnerability in the iso9660 (CDROM) filesystem which can be used by a
local attacker to obtain root privileges. The exploit requires creating a
specially-crafted filesystem and getting the kernel to mount it. Many
systems are configured to automatically mount CDs on insertion, however, so
the possibility of this vulnerability being exploited by users with
physical access to the system is real. The 2.4.26 kernel contains the fix,
which will also be merged into the upcoming 2.6.6 release. |
| Alerts: |
|
Comments (none posted)
kernel: netfilter denial of service
| Package(s): | kernel |
CVE #(s): | |
| Created: | June 30, 2004 |
Updated: | July 28, 2004 |
| Description: |
The netfilter code in 2.6 kernels through 2.6.7 is vulnerable to a remote denial of service attack - but only if filtering on the TCP options field has been enabled. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CAN-2004-0554
|
| Created: | June 15, 2004 |
Updated: | July 5, 2004 |
| Description: |
2.4 and 2.6 kernels running on the i386 and x86_64 kernels have a vulnerability which can allow a local attacker to lock up the system. See this LWN article for a description of the problem.
Many of the updates for this problem also fix various potential driver vulnerabilities found while instrumenting the code for automated auditing. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
krb5: unauthorized root privileges
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0523
|
| Created: | June 3, 2004 |
Updated: | June 29, 2004 |
| Description: |
Multiple buffer overflows exist in the krb5_aname_to_localname() library
function that if exploited could lead to unauthorized root privileges. In
order to exploit this flaw, an attacker must first successfully
authenticate to a vulnerable service, which must be configured to enable
the explicit mapping or rules-based mapping functionality of
krb5_aname_to_localname, which is not a default configuration. See the
this MIT krb5 Security Advisory for more information. |
| Alerts: |
|
Comments (none posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | July 21, 2004 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
logcheck: symlink vulnerability
| Package(s): | logcheck |
CVE #(s): | CAN-2004-0404
|
| Created: | April 21, 2004 |
Updated: | December 22, 2004 |
| Description: |
The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files. |
| Alerts: |
|
Comments (none posted)
mailman: password disclosure
| Package(s): | mailman |
CVE #(s): | CAN-2004-0412
|
| Created: | May 27, 2004 |
Updated: | July 20, 2004 |
| Description: |
In mailman versions above 2.1, third parties can retrieve
member passwords from the server. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: denial of service vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2003-0973
|
| Created: | January 27, 2004 |
Updated: | October 4, 2004 |
| Description: |
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilties
| Package(s): | mozilla |
CVE #(s): | CAN-2003-0594
CAN-2003-0564
|
| Created: | March 10, 2004 |
Updated: | August 19, 2004 |
| Description: |
Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
MySQL: temporary file vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2004-0381
CAN-2004-0388
|
| Created: | April 14, 2004 |
Updated: | August 18, 2004 |
| Description: |
The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system. |
| Alerts: |
|
Comments (none posted)
neon: buffer overflow
| Package(s): | neon |
CVE #(s): | CAN-2004-0398
|
| Created: | May 19, 2004 |
Updated: | September 30, 2004 |
| Description: |
The neon library (through version 0.24.5) contains a buffer overflow in its date parsing code, allowing arbitrary code execution when connecting to a hostile server. See this advisory for details. This vulnerability also affects related applications (such as cadaver). |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
pavuk: buffer overflow
| Package(s): | pavuk |
CVE #(s): | CAN-2004-0456
|
| Created: | June 30, 2004 |
Updated: | November 11, 2004 |
| Description: |
Versions of the pavuk web spider through 0.9.28-r1 contain a buffer overflow which could be exploited by a hostile server. |
| Alerts: |
|
Comments (none posted)
postgresql buffer overflow in ODBC driver
| Package(s): | postgresql |
CVE #(s): | |
| Created: | June 7, 2004 |
Updated: | July 28, 2004 |
| Description: |
A buffer overflow has been discovered in the ODBC driver of PostgreSQL,
an object-relational SQL database, descended from POSTGRES. It possible
to exploit this problem and crash the surrounding application. Hence, a
PHP script using php4-odbc can be utilized to crash the surrounding
Apache webserver. Other parts of postgresql are not affected. |
| Alerts: |
|
Comments (none posted)
python: buffer overflow
| Package(s): | python |
CVE #(s): | CAN-2004-0150
|
| Created: | March 10, 2004 |
Updated: | October 11, 2004 |
| Description: |
Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. |
| Alerts: |
|
Comments (none posted)
rsync remote file write attack
| Package(s): | rsync |
CVE #(s): | CAN-2004-0426
|
| Created: | April 30, 2004 |
Updated: | July 12, 2004 |
| Description: |
See the rsync homepage for the
April 2004
advisory: "There is a security problem in all versions prior to
2.6.1 that affects only people running a read/write daemon WITHOUT using
chroot. If the user privs that such an rsync daemon is using is anything
above "nobody", you are at risk of someone crafting an attack that could
write a file outside of the module's "path" setting (where all its files
should be stored). Please either enable chroot or upgrade to 2.6.1. People
not running a daemon, running a read-only daemon, or running a chrooted
daemon are totally unaffected." |
| Alerts: |
|
Comments (none posted)
squid: buffer overflow
| Package(s): | squid |
CVE #(s): | CAN-2004-0541
|
| Created: | June 9, 2004 |
Updated: | September 30, 2004 |
| Description: |
The NTLM authentication helper used by the squid proxy contains a buffer overflow vulnerability; an overly-long password may be used to run arbitrary code. Sites not using NTLM authentication are not vulnerable. |
| Alerts: |
|
Comments (none posted)
SquirrelMail cross site scripting vulnerabilities
| Package(s): | squirrelmail |
CVE #(s): | CAN-2004-0519
CAN-2004-0520
CAN-2004-0521
|
| Created: | May 21, 2004 |
Updated: | October 4, 2004 |
| Description: |
Several unspecified cross-site scripting (XSS) vulnerabilities and a well
hidden SQL injection vulnerability were found in SquirrelMail versions
1.4.2 and lower. An XSS attack allows an attacker to insert malicious code
into a web-based application. SquirrelMail does not check for code when
parsing variables received via the URL query string. |
| Alerts: |
|
Comments (none posted)
Subversion: Remote heap overflow
| Package(s): | subversion |
CVE #(s): | CAN-2004-0413
|
| Created: | June 11, 2004 |
Updated: | March 7, 2005 |
| Description: |
Subversion has a remote Denial of Service vulnerability
that may allow a server that runs svnserve to execute
arbitrary code. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
sysstat: temporary file vulnerability
| Package(s): | sysstat |
CVE #(s): | CAN-2004-0107
CAN-2004-0108
|
| Created: | March 10, 2004 |
Updated: | October 4, 2004 |
| Description: |
The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 9, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
| Package(s): | tcpdump |
CVE #(s): | CAN-2004-0183
CAN-2004-0184
|
| Created: | March 30, 2004 |
Updated: | September 30, 2004 |
| Description: |
TCPDUMP v3.8.1 and earlier versions contain multiple flaws in the packet
display functions for the ISAKMP protocol. Upon receiving specially
crafted ISAKMP packets, TCPDUMP will try to read beyond the end of the
packet capture buffer and crash. More information is available in this Rapid7 advisory. |
| Alerts: |
|