| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
LWN.net Weekly Edition for July 29, 2004
The 2004 Ottawa Linux Symposium
The 2004 Ottawa Linux Symposium is now history. OLS has, once again, proved itself to be one of the leading development conferences worldwide. By many accounts, this![[Ottawa lightshow]](/images/ns/lightshow-sm.jpg)
was one of the best years yet. This view is supported by the standing
ovation given to conference organizer Andrew Hutton at the end.
This year, OLS expanded to fill a larger part of the Ottawa Conference Center, to good effect; the extra space was appreciated by all. AMD sponsored an opening reception featuring a talk by author Jim Munroe; unfortunately, in your editor's opinion, Mr. Munroe's speeches are not as interesting as his books. He characterized Linux as being a response to Microsoft, rather than something valuable in its own right, and he thought that his audience, full of IBM, SGI, AMD, Intel, Novell, etc. employees, would be interested in a lecture on the evils of corporate power. The closing reception, held at the newly-expanded Black Thorn, was as successful as ever - to the obvious regret of the crowd of hungover developers on the airport shuttle the next morning.
Kernel developer Andrew Morton was this year's keynote speaker. He called for unifying the kernels shipped by the distributions, and asked that distributors work toward getting their patches into the mainline quickly. He acknowledged that some distributors see kernel enhancements as part of the value they can add, but asked those distributors to find some other way to provide value to their customers. Fragmenting the kernel may be within the rights granted by the license, he said, but he sees it as being bad for the long-term future of Linux. He warned these distributors that he would actively work to undermine that strategy.
Andrew spent much of his time on the advantages of having a community-run platform upon which to build products, noting that "system software" is often where free software is most successful. He urged developers working on kernel code - drivers or new features - to get their code into the kernel early, so that it can benefit from the community process. He also acknowledged the community's debt to Richard Stallman.
Andrew finished by noting that, while Linux tends to enter companies from the bottom, it does not stay there. And neither do the people who brought in Linux in the first place. Some of them eventually get promoted into management, which helps the process along. "World domination," says Andrew, "is proceeding according to plan."
Along those lines, it is worth noting that the mix of attendees was a little different this year. The core of developers which defines OLS was as strong as ever, but, on the edges, one could see a fair number of management types, representatives from technical companies worldwide, and members of the press. The visibility of this conference, in other words, is growing beyond the developer community that it serves.
(LWN's coverage from a few OLS talks can be found below. The slides from LWN editor Jonathan Corbet's talk (on what to expect from kernel development in the next year) are available for the curious.)
X at OLS
Two sessions at the Ottawa Linux Symposium hosted by Keith Packard and Jim Gettys combined to give a good overview of where the X window system is going. This article is an attempt to pull together the material covered in those talks. X, which, in Jim's words, "just sat there for years with nothing interesting happening," is now the focus of a flurry of activity. Expect to see interesting things happening over the next year or two - especially if a few more developers can be brought into the fold.
![[Keith Packard]](/images/ns/people/keith-packard-sm.jpg)
Keith Packard's talk had to do with separating the X server from the
hardware. X currently does all kinds of interesting things, from direct
programming of video modes through to remapping the PCI bus (to get around
interesting BIOS behavior), scary DMA operations from user mode, direct
interpretation of mouse events, and no end of user-space busy-waiting.
There are all kinds of unfortunate side effects from this behavior;
remapping the PCI bus and attempting DMA from user mode can bring down the
whole system without much trouble. X's busy-waiting behavior leads, among
other things, to poor interaction with the scheduler, which sees X as a CPU
hog process whose priority should be lowered. Things would improve greatly
if X did not get its hands quite so dirty with the hardware.
Interestingly, Keith blames himself for much of the current situation. Very early X11 implementations dealt with the operating system for their frame buffer access. Then Sun came out with a closed video adaptor which required some user-space tweaking; Keith duly hacked this up. More closed hardware came out, making the problem worse. Things led to the current situation, where X knows all about the hardware, deals with it at a very low level, and occasionally lets things go wrong in spectacular ways.
Things are, says Keith, starting to get better. The direct rendering infrastructure (DRI) is "a glimmer of sanity"; it returns DMA and interrupt handling to the kernel. The kernel frame buffer subsystem has helped to move hardware detection and mode selection back into the kernel. And /dev/input has gotten X out of the business of directly interpreting mouse sequences and trying to figure out which protocol is in use; the input subsystem also allows marking input events with proper, accurate timestamps, which is important to many applications. The input subsystem is still not perfect, however, especially on multi-head systems: there is no easy way to associate input devices with specific displays.
The process of separating X from the hardware needs to continue, however. X is still often in the business of configuring video modes, which is a complex and unforgiving task. "Everybody just hopes that X gets it right." This task should be moved out of X, and into some appropriate combination of kernel and user-space code. Keith's vision goes beyond mode selection, though; he would eventually like to see the X server using GL to speak with the hardware. Turning X into a GL client would make proper 3D support easier, would further separate X from the hardware, and would give hardware vendors a single set of drivers to write.
A huge remaining issue with the hardware side of X is hotplug monitors. The assumption that the available screens will never change is wired very deeply into the X server, and will not be easy to root out. But this work must be done; people are increasingly wanting to, for example, plug their laptop into different projectors from one day to the next, and it would be nice if it actually worked.
Jim Gettys's talk covered just about every aspect of the window system - and most of those are currently in flux. The fork in X development, which saw almost all of the XFree86 developers moving over to X.org, has revitalized development in a number of ways. Many longstanding problems are being addressed, and lots of new ideas are being kicked around.
Jim started with a list of current issues with X:
- The X font architecture, as originally designed, was terminally
broken.
- The internal 2D graphics engine was poor; the plan from the beginning
had been to replace it quickly. Once again, we see how "temporary"
code can stay with us for decades.
- For various reasons, screen magnifiers and other accessibility aids
are very hard to implement.
- X needs better "eye candy" support: translucent graphics, drop
shadows, etc. Competing window systems (OS X, Longhorn) are
raising the bar in this area, and X needs to stay up with them - if
not ahead.
- Three-dimensional graphics are increasingly commonplace, and must be
properly supported.
- Shared use of X (shared projector walls were an example that came up repeatedly) is poorly supported currently.
Anybody who has worked with X in any depth knows that its font mechanism has not aged well. What is happening now is that fonts are, increasingly, the responsibility of the client; the centralized font engine model has failed. This is, says Jim, the biggest single architectural change happening with X. Putting font support in the clients allows quicker distribution of new technologies; Jim notes that there have been five generations of font formats so far during the lifetime of X, and there is no reason to expect things to slow down. Any change which requires X server support cannot expect to see widespread deployment for at least two years; client-side changes can propagate much more quickly.
One of the reasons for putting font support in the X server initially was to keep bandwidth usage down. As it turns out, moving font support into the clients has left bandwidth usage almost unchanged, but has eliminated about 1/4 of the round trips to the server during application startup. Anybody who has ever run an X application over a high-latency link knows that those round trips hurt; eliminating them can only be a good thing.
Jim noted some lessons which come from the font experience. One is that downward compatibility is absolutely necessary. New technologies (such as newer font schemes) only became accepted when libraries were provided to make them work with older servers. No developer is interested in adopting technologies which restrict the distribution of their applications. It is also necessary to solve the full problem; in the case of fonts, that means solving the problem for printing as well. With that in place, "even OpenOffice" is moving over to the new font code.
Next point: eye candy is important. To a great extent, "eye candy" means translucent windows in one form or another. The real use for translucence is likely to be in window managers; once the new capabilities become available, Jim expects yet another round of window manager experimentation. "Another thousand flowers will bloom; many of them will stink." But what survives will enrich the graphical experience for all of us.
Keith took the stage for one of his famous demonstrations. His desktop is looking better all the time, with menus fading in and out and extensive (some might say excessive) use of translucence everywhere. He pointed out that translucence is a pixel-by-pixel property. He runs an xterm with a translucent background, but the text is opaque, and casts solid shadows. High bandwidth applications, such as full-motion video, run in a translucent mode with no apparent performance problems - on a fast laptop, anyway.
"Eye candy" also means tools like screen magnifiers (which keep up in real time) for people who have a hard time reading the screen's contents. "Thumbnailers" (such as those often used for virtual desktops) will also benefit from this work. Animation needs better support, and X needs better integration into three-dimensional environments. "We live in a 3D world, perhaps our work environments should be 3D as well." Eliminating "flashing" (making desktop updates look nice) is also an important goal.
All of this is happening, in classic computer science manner, through the addition of another level of indirection. X applications have typically rendered their graphics directly into the frame buffer, unless they made explicit use of off-screen pixmaps. In the new world, all rendering will happen into off-screen memory. A new "compositing manager," which typically works in conjunction with the window manager, renders the off-screen windows onto the display, perhaps transforming them along the way. It is this process which, for example, causes a newly maximized window to fade, fully rendered, onto the screen, rather than just flashing up blank and being redrawn in place. The policy for when and how such effects should be used lives entirely within the compositing manager.
To accomplish all of this, four new extensions have been added to the X protocol. "XFixes" is a sort of repository for minor repairs for things that were done wrong in the original protocol. Among other things, XFixes promotes Regions to a first-class X protocol object. The "Damage" extension allows X clients to be notified when the contents of windows changes; it can be used by the compositing manager, screen magnifiers, thumbnailers, and any other process which needs to know when things happen. Interestingly, the Damage extension actually shrinks the size of the X server; a sign, according to Jim, of something that should have been done that way from the beginning. The "Composite" extension handles the off-screen rendering of windows and the interactions with the compositing manager. And "Xevie" allows the interception of input events; it is used both for compositing (where event locations may have to be transformed on their way to the client) and for accessibility functions.
The latency issue is on the X developers' minds. X client startup can be slow, especially on high-latency links. This slowness is caused by the large number of round trips required between the client and the server during initialization. Client-side fonts eliminated 25% of those, but, for a typical client, some 130 round trips still need to happen before any actual work can get done. Jim believes that 90% of those can be eliminated; some will be harder than others. One of the biggest remaining offenders, it turns out, is X extensions; apparently an "Extension extension" may be required to batch together extension information.
In the 2D world, the Cairo library, by Carl Worth and Keith Packard, is starting to come into use. This engine, says Jim, brings "world-class, two-dimensional, anti-aliased graphics" to the free software world; it is second to none. Along with top-quality graphics, Cairo turns printing into a first-class citizen; the audience reacted to this statement with loud applause. There is work left to be done with Cairo, including the addition of more backends and, inevitably, optimization.
Security is another issue. Currently, the only rational way to use X remotely is through an ssh tunnel, but that has its costs: extra processes in the loop, more latency, etc. X clients need to be able to talk directly with the server in a secure manner. Jim notes that X terminals are coming back. Maintenance of desktop clients is costly, and the deployment of simple X terminals can reduce those costs. But it has to be possible to use them in a secure manner.
The other interesting security issue is access to shared resources. It would be nice to be able to walk up to a projector wall with a laptop and start making use of it. Handling of input devices also figures into this equation; how does one connect a mouse to a wall screen? If this problem could be solved, there is the potential to "explode the PC into its component pieces" and create an interesting, dynamic world. There are no security policy options in X for this kind of shared use, however. Jim briefly mentioned some ideas involving integration with SELinux as a way of addressing this area.
A related topic is mobility. Wouldn't it be nice, asks Jim, if you could leave the office, go home, and pick up with your applications on your home system? This is a hard problem, but it is being addressed; there is prototype migration code in GTK now. There are security issues to deal with, of course, along with little things like teaching Xlib to deal gracefully with connection loss.
Other issues mentioned in passing include proper network audio support ("all of the current audio servers are lame; we need one good one"), better color management (for things like printers too), and proper support for compression in the X protocol. It seems that the bulk of X traffic, anymore, is image data, and much of that data compresses very well.
Finally, there are the packaging and development issues. Work to split the X distribution into its component pieces (server, libraries, applications, fonts) continues; there will eventually be no "tarball from hell" to deal with. Modern building tools are being adopted; imake is on its way out. Much of this work is done, but some pieces remain.
On the community side, Jim notes that X.org is a very different place from what it was a year ago. Most of the XFree86 developers have come over, and it is clearly the focal point for X development.
Perhaps the most important part of Jim's talk was repeated several times: the X developers have ambitious aims and a great deal of work that needs to be done; they are actively looking for developers to take on pieces of it. For anybody out there who is looking for a project to support, X.org represents a major opportunity. X is the core, the kernel, as it were, of the Linux graphical environment. The development effort is healthy again, and it has no end of interesting and challenging tasks to address. It is hard to imagine a better, more interesting, more visible, or more important project to work with. If you are looking to do some hacking, X would be an ideal place to do it.
OLS: Enforcing the GPL
Harald Welte, the current netfilter maintainer, ran a session on dealing with GPL violations. Harald has made a name for himself over the last year by reaching settlements with several manufacturers who were shipping products containing the netfilter code without complying with its licensing requirements. In most cases, these settlements have been relatively easy to reach, with the offending companies releasing their code and, in many cases, making a donation to the FSF or a related worthy cause. Harald is also the force behind the injunction in the Sitecom case, which just received another court ruling that the GPL is valid and enforceable in Germany.Harald's approach differs from that of the Free Software Foundation. The FSF tries to resolve GPL violations in the most quiet, friendly way possible; in most cases, the wider world never even hears that there is a problem. Harald found himself frustrated with this way of doing things; it takes far too long (perhaps longer than the lifetime of the offending product) and gives no real disincentive for companies considering ignoring the GPL. So he took matters into his own hands; by bringing in lawyers early, making violations public, and threatening immediate damage to the offenders' bottom line, he has gotten some real results.
Some interesting features of the German legal system have worked in Harald's favor in this campaign. By (his lawyers' interpretation of) German law, simple use of the netfilter/iptables internal API is a strong indication of a derivative work. Since it is not a "standard" API, there is no copyright boundary there; by this same reasoning, any binary-only kernel module is a GPL violation. This interpretation of the GPL also rules out putting GPL-licensed code onto hardware which only runs signed binaries - unless the key is distributed with the source.
German law requires that any request for injunctive relief be filed within four weeks of the discovery of the infringement. This is an inflexible, externally-imposed deadline which forces companies to move quickly to resolve the issue. When a company has received a cease-and-desist notice, it knows that it cannot drag it issue out over time; it will, instead, find itself in court in short order.
Harald was asked about the completeness of the code releases he has won so far; apparently not all vendors have released kernels which actually can be rebuilt into a working image - or which even compile. His response is that his ability to compel code releases really only extends as far as his copyrights in the netfilter code. If a vendor does not release a full kernel, copyright holders in other parts of the system will have to get involved.
The last part of the talk covered things developers can do to help make copyright enforcement easier. They include:
- Don't fix spelling errors and typos, and leave strange messages
(example: "Rusty needs more caffeine") in place. The presence of this
sort of text in a binary image is an obvious sign of copying. The
removal of this text, instead, would be a clear sign of a willful
violation, which raises the stakes considerably.
- The copyright message needs to be in the binary as well.
- It is important to track the names of all contributors to the code, so
they can be found for enforcement actions or the distribution of any
sort of damages.
- When a violation is found, it should not be made public at the time, as that can make getting injunctive relief harder. Instead, a lawyer should be brought in to prepare and send the "cease and desist" note.
Expect to hear about more resolved violations in the near future. Harald indicated that a couple of settlements have been reached, but the companies involved have been given a grace period to prepare for the fallout once the situation has been made public. Once that period has passed, the press releases will go out.
OLS: An introduction to Conary
Specifix, a company founded by a number of early Red Hat developers, recently came out of hiding. At the 2004 Ottawa Linux Symposium, Eric Troan gave a presentation on Conary, the company's system for package, repository, and distribution management. It was a technical talk from the beginning to the end; Eric would not talk about Specifix's business model even when asked (though he offered to do so in private). If nothing else, he understands what the OLS crowd is looking to hear.Package management systems have come into use in almost every distribution out there. They are a clear step up from what came before, but, as Eric pointed out, significant problems have been building for years. These include:
- Repositories are an afterthought. A typical repository is a simple
collection of files in whatever package format is being used, perhaps
with a bit of metadata.
- The version scheme used by most package managers follows a straight
line model; there is no provision for branches. That makes it hard,
for example, to determine which version of a package is appropriate
for a specific release of a given distribution.
- Packages contain scripts which handle parts of the installation and removal process which go beyond the simple management of files. These scripts tend to contain a lot of boilerplate, and are replicated in every package file. Bugs, too, are replicated, and there is no one place to go to fix them. The scripts are also not portable across distributions (even those using the same package format) and cannot be customized for an individual site's needs.
Conary was developed as a way of addressing the above limitations and to make it possible for users to create their own, customized distributions in an easy manner. In the simplest sense, one can think of Conary as a package management system with a more consistent view of objects from the repository level down to individual files, combined with a version management scheme.
Conary treats files as "first class objects," which are managed by the framework as a whole. Files have a unique ID and a version history; they also have a set of attributes. One of those attributes is the file's location in the filesystem; moving a file is a simple matter of changing that attribute.
A "trove" is a container holding one or more files and other troves. Files are contained by reference. A "component" is a collection of files, by reference. Example components listed by Eric for the bzip2 package might be bzip2:runtime (binary files to run the program), bzip2:lib, bzip2:doc, and, of course, bzip2:source. Components can be aggregated together into packages. Both components and packages are considered to be "troves," for what it's worth.
Version strings are hung onto everything; Specifix has added some complexity to the versioning system, though. Each version string includes the repository name, a namespace (think of it as a distribution name), a branch name (for the creation of trees in the version space), the upstream package version, and a two-part local revision number. Needless to say, the version strings get long, but the system hides the full string most of the time. Creating versions in this way allows the system to easily determine which version of a package is the newest, which version of which distribution is built for, and so on.
Branching is done by adding a branch name to the version string. Branching allows the tracking of versions of packages which were shipped with a specific distribution, along with updates to those packages. There is also a special type of branch called a "shadow" which tracks changes to the trunk it was branched from. Essentially, the shadow is automatically merged with each new version of the trunk it is following. This feature would be useful for somebody maintaining a derivative distribution; they want to keep up with what the source distribution is doing without losing track of their own changes. The only problem with shadows is that, like a number of other Conary features, they are not actually implemented yet.
"Flavors" are another Conary feature; they seem to be patterned after Gentoo's "USE flags." A flavor is a set of configuration options describing how all packages are to be built. This feature is used for multiple architecture support, or for building versions of distributions with different feature sets (e.g. creating a distribution without PAM support). Multiple flavors of a package can be installed on a system if they don't conflict with each other; this allows, for example, the installation of 32-bit libraries on x86-64 systems.
Then, there is the concept of "changesets." A changeset is a collection of modifications to files (including attribute changes) and the troves which contain them. A changeset is, essentially, a patch to a package or a distribution. Changesets, which track only changes, can be much smaller than the packages they describe, and can thus be an efficient way of distributing updates. Changesets describe changes to configuration files in diff format, which often allows them to be merged automatically with local changes. A system administrator can also create a changeset describing his or her local changes to the system; that changeset can then be used for merging with updates, or replicating the system elsewhere. Local changesets can also be used for version control and the tracking of system changes.
"Tags" are Conary's answer to the package script problem (and, also, to the complex set of interactions represented by the RPM "trigger" mechanism). A tag is a file attribute describing the type of the file, be it "shared library," "info file," or any of a long list of alternatives. Most files can be tagged automatically by Conary. Tags have scripts associated with them; there is, for example, a script which handles the installation of an info file and updating the relevant directory. These scripts are distributed separately; there is only one copy of them on the system. The scripts are thus easily fixed when bugs turn up, and they can be customized by the local administrator if need be. Separating out the management scripts in this way should also make it easier to install packages from other distributions.
A "fileset" is an arbitrary collection of files built from components in the repository. Filesets seem to be intended to help in the creation of small system images for embedded systems; they allow an easy picking and choosing of an exact set of desired files. "Groups" are, instead, the analog of the Debian "task" or Anaconda "component." They allow the management of several packages as a unit, but they come with their own local changesets so that local changes to the group are tracked properly.
The paper from the OLS proceedings (PDF format) is worthwhile reading for anybody wanting more details on how Conary works.
Interested parties can download an early Conary release from the Specifix web site. Be warned, however, that a few features are still missing; they include shadows, dependencies (an important issue that they "think" they know how to implement), flavors, package signatures, and more. "Release early" is an important part of the free software development process, however, and the Specifix founders understand that process well. Conary's vaporware features will, beyond doubt, be filled in soon. As that happens, expect interest in this tool to increase; it truly does have the potential to change the way we set up and manage our projects, distributions, and systems.
Page editor: Rebecca Sobol
Security
Security news
The value of privacy policies
Most serious web sites post a privacy policy describing what the site's owners will do with data collected from and about the site's users. For users who are concerned about the spread of their personal information, a strongly-written privacy policy can be a reassuring feature. A recent court ruling, however, suggests that web privacy policies may not be worth the paper they aren't printed on, at least some of the time.Northwest Airlines was recently faced with a class-action lawsuit headed by some of its customers, who were upset that the airline had provided passenger name record (PNR) data to the U.S. government after the September 11 attacks. The plaintiffs made several allegations, including the violation of various laws and, crucially, breach of contract as a result of Northwest's failure to live up to its privacy policy.
The policy reads, in part:
There is nothing here about giving PNR data (which includes hotel and car information, along with credit card numbers) to interested governmental agencies. One might well conclude that the privacy policy has been breached.
The court struck down the breach of contract claim, however. The reasoning was:
The implications are clear: weasel words in a privacy statement can be used against you. If you ever think you may want to take a site operator to court for the violation of a privacy statement, you will, at a minimum, have to be able to show that you read that statement before the violation occurred. It seems unlikely that many potential plaintiffs in privacy policy cases will be able to make that demonstration. Privacy policies, thus, may not be worth a whole lot - at least, not in countries which lack more general restrictions on the use of personal data.
(For the curious, the full ruling is available in PDF format).
Evans Data on Linux security
Evans Data has sent out a press release about a Linux security survey done by the company. "Ninety two percent of survey respondents indicated that their Linux systems have never been infected with a virus, according to Evans Data's new Summer 2004 Linux Development Survey." The PR lacks an answer for the most interesting question, however: what, exactly, happened to the other 8%?
New vulnerabilities
courier: cross-site scripting vulnerability
| Package(s): | courier | CVE #(s): | CAN-2004-0591 | ||||||
| Created: | July 23, 2004 | Updated: | August 4, 2004 | ||||||
| Description: | The sqwebmail application has a cross-site scripting vulnerability. An attacker can inject and execute a web mail script via an email message. | ||||||||
| Alerts: |
| ||||||||
mailreader: directory traversal vulnerability
| Package(s): | mailreader | CVE #(s): | CAN-2002-1581 | |||
| Created: | July 23, 2004 | Updated: | July 28, 2004 | |||
| Description: | Mailreader has a directory traversal vulnerability. A remote attacker can view arbitrary files with the privileges of the nph-mr.cgi process. | |||||
| Alerts: |
| |||||
Pavuk: Digest authentication helper buffer overflow
| Package(s): | pavuk | CVE #(s): | ||||
| Created: | July 26, 2004 | Updated: | July 28, 2004 | |||
| Description: | Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication. An attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk. These vulnerabilities have been fixed in pavuk-0.9.28-r3. | |||||
| Alerts: |
| |||||
samba: potential buffer overruns
| Package(s): | samba | CVE #(s): | CAN-2004-0600 CAN-2004-0686 | |||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 22, 2004 | Updated: | September 2, 2004 | |||||||||||||||||||||||||||||||||||||||||||||
| Description: | According to this Samba advisory, Evgeny
Demidov discovered that the Samba SMB/CIFS server has a buffer overflow bug
in the Samba Web Administration Tool (SWAT) on decoding Base64 data during
HTTP Basic Authentication. Samba versions between 3.0.2 through 3.0.4 are
affected. (CAN-2004-0600)
Another buffer overflow bug has been located in the Samba code used to support the "mangling method = hash" functionality. The default setting for this parameter is "mangling method = hash2" and therefore Samba is not vulnerable by default. Samba versions between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected. (CAN-2004-0686) | |||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||
sox: buffer overflow
| Package(s): | sox | CVE #(s): | CAN-2004-0557 | ||||||||||||||||||||||||||||||
| Created: | July 28, 2004 | Updated: | February 21, 2005 | ||||||||||||||||||||||||||||||
| Description: | Sox suffers from buffer overflows in its WAV file handling; these overflows could conceivably be exploited by way of a malicious sound file. | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
subversion: access control bypass
| Package(s): | subversion | CVE #(s): | |||||||
| Created: | July 23, 2004 | Updated: | July 28, 2004 | ||||||
| Description: | Subversion has a vulnerability in the mod_authz_svn Apache authentication module that can allow a local user to bypass read restrictions in the repository. | ||||||||
| Alerts: |
| ||||||||
Updated vulnerabilities
Horde-IMP: improper input validation
| Package(s): | Horde-IMP | CVE #(s): | |||||||
| Created: | June 16, 2004 | Updated: | August 10, 2004 | ||||||
| Description: | An input validation error exists in Horde-IMP through version 3.2.4; a specially crafted message could be used to run scripts in the context of the target's browser. | ||||||||
| Alerts: |
| ||||||||
OpenSSL: denial of service vulnerabilities
| Package(s): | OpenSSL | CVE #(s): | CAN-2004-0081 CAN-2003-0851 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | March 17, 2004 | Updated: | November 2, 2005 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Versions 0.9.7a-c of the OpenSSL library suffer from two denial of service vulnerabilities; see the version 0.9.7d release announcement for details. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
XFree86, X.org: XDM ignores requestPort setting
| Package(s): | XFree86 X.org | CVE #(s): | CAN-2004-0419 | ||||||
| Created: | July 5, 2004 | Updated: | July 28, 2004 | ||||||
| Description: | XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections. See this XFree86 bug report. | ||||||||
| Alerts: |
| ||||||||
Apache mod_proxy: denial of service
| Package(s): | apache | CVE #(s): | CAN-2004-0492 | |||||||||||||||
| Created: | June 11, 2004 | Updated: | October 14, 2004 | |||||||||||||||
| Description: | A buffer overflow vulnerability in the apache mod_proxy module can be exploited to create a denial of service. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
apache mod_ssl format string vulnerability
| Package(s): | apache mod_ssl | CVE #(s): | ||||||||||||||||
| Created: | July 16, 2004 | Updated: | August 6, 2004 | |||||||||||||||
| Description: | Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
apache2: stack-based buffer overflow in ssl_util.c
| Package(s): | apache2 | CVE #(s): | CAN-2004-0488 | ||||||||||||||||||||||||||||||
| Created: | June 1, 2004 | Updated: | October 14, 2004 | ||||||||||||||||||||||||||||||
| Description: | A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
aspell: bounds checking problem
| Package(s): | aspell | CVE #(s): | CAN-2004-0548 | |||||||||
| Created: | June 17, 2004 | Updated: | December 20, 2004 | |||||||||
| Description: | Aspell's word-list-compress utility fails to properly check bounds when dealing with words that are more than 256 bytes long. This can lead to arbitrary code execution by an attacker. | |||||||||||
| Alerts: |
| |||||||||||
Ethereal: Multiple security problems
| Package(s): | ethereal | CVE #(s): | CAN-2004-0633 CAN-2004-0634 CAN-2004-0635 | |||||||||||||||||||||||||||
| Created: | July 9, 2004 | Updated: | August 19, 2004 | |||||||||||||||||||||||||||
| Description: | There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.5, including: * In some cases the iSNS dissector could cause Ethereal to abort. * If there was no policy name for a handle for SMB SID snooping it could cause a crash. * A malformed or missing community string could cause the SNMP dissector to crash. See this advisory for more information. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
Filename disclosure vulnerability in fam
| Package(s): | fam | CVE #(s): | CAN-2002-0875 | ||||||
| Created: | August 19, 2002 | Updated: | January 5, 2005 | ||||||
| Description: | "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. | ||||||||
| Alerts: |
| ||||||||
flim: insecure file creation
| Package(s): | flim | CVE #(s): | CAN-2004-0422 | |||||||||
| Created: | May 5, 2004 | Updated: | December 16, 2004 | |||||||||
| Description: | The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files. | |||||||||||
| Alerts: |
| |||||||||||
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml | CVE #(s): | CAN-2003-0133 CAN-2003-0541 | ||||||||||||||||||
| Created: | April 14, 2003 | Updated: | April 18, 2005 | ||||||||||||||||||
| Description: | GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
iproute: local denial of service
| Package(s): | iproute net-tools | CVE #(s): | CAN-2003-0856 | ||||||||||||||||||
| Created: | November 25, 2003 | Updated: | December 14, 2004 | ||||||||||||||||||
| Description: | The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
racoon: failure to verify signatures
| Package(s): | ipsec-tools racoon | CVE #(s): | CAN-2004-0155 | |||||||||
| Created: | April 7, 2004 | Updated: | August 19, 2004 | |||||||||
| Description: | Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details. | |||||||||||
| Alerts: |
| |||||||||||
racoon: denial of service vulnerability
| Package(s): | ipsec-tools racoon iputils | CVE #(s): | CAN-2004-0403 | |||||||||||||||||||||
| Created: | April 26, 2004 | Updated: | July 29, 2004 | |||||||||||||||||||||
| Description: | racoon does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resources, causing a Denial of Service. This advisory contains additional details. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
kdelibs: cookie disclosure
| Package(s): | kdelibs | CVE #(s): | CAN-2003-0592 | |||||||||||||||
| Created: | March 10, 2004 | Updated: | August 24, 2004 | |||||||||||||||
| Description: | kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
kernel allows unauthorized changes to the group ID
| Package(s): | kernel | CVE #(s): | CAN-2004-0497 | |||||||||||||||||||||||||||
| Created: | July 2, 2004 | Updated: | September 27, 2004 | |||||||||||||||||||||||||||
| Description: | During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances - such as when the files are exported via NFS. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
kernel: netfilter denial of service
| Package(s): | kernel | CVE #(s): | ||||||||||
| Created: | June 30, 2004 | Updated: | July 28, 2004 | |||||||||
| Description: | The netfilter code in 2.6 kernels through 2.6.7 is vulnerable to a remote denial of service attack - but only if filtering on the TCP options field has been enabled. See this advisory for details. | |||||||||||
| Alerts: |
| |||||||||||
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils | CVE #(s): | CAN-2003-0019 | |||
| Created: | February 7, 2003 | Updated: | January 21, 2005 | |||
| Description: | The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode. All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root. Alternatively, as a work-around to this vulnerability issue the following command as root: chmod -s /usr/bin/uml_net | |||||
| Alerts: |
| |||||
l2tpd buffer overflow
| Package(s): | l2tpd | CVE #(s): | CAN-2004-0649 | ||||||
| Created: | July 18, 2004 | Updated: | July 22, 2004 | ||||||
| Description: | Thomas Walpuski reported a buffer overflow in l2tpd, an implementation of the layer 2 tunneling protocol, whereby a remote attacker could potentially cause arbitrary code to be executed by transmitting a specially crafted packet. The exploitability of this vulnerability has not been verified. | ||||||||
| Alerts: |
| ||||||||
libxml2 - arbitrary code execution
| Package(s): | libxml2 | CVE #(s): | CAN-2004-0110 | |||||||||||||||||||||||||||||||||||||||
| Created: | February 26, 2004 | Updated: | July 21, 2004 | |||||||||||||||||||||||||||||||||||||||
| Description: | Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. | |||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||
logcheck: symlink vulnerability
| Package(s): | logcheck | CVE #(s): | CAN-2004-0404 | ||||||
| Created: | April 21, 2004 | Updated: | December 22, 2004 | ||||||
| Description: | The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files. | ||||||||
| Alerts: |
| ||||||||
mailman: password disclosure
| Package(s): | mailman | CVE #(s): | CAN-2004-0412 | |||||||||||||||
| Created: | May 27, 2004 | Updated: | July 20, 2004 | |||||||||||||||
| Description: | In mailman versions above 2.1, third parties can retrieve member passwords from the server. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
mikmod: buffer overflow
| Package(s): | mikmod | CVE #(s): | CAN-2003-0427 | |||||||||||||||
| Created: | June 16, 2003 | Updated: | June 16, 2005 | |||||||||||||||
| Description: | Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
mod_python: denial of service vulnerability
| Package(s): | mod_python | CVE #(s): | CAN-2003-0973 | |||||||||||||||||||||
| Created: | January 27, 2004 | Updated: | October 4, 2004 | |||||||||||||||||||||
| Description: | Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to Denial of Service attacks when handling a malformed query. Mod_python 2.7.9 was released to fix the vulnerability, however, because the vulnerability has not been fully fixed, version 2.7.10 has been released. Users of mod_python 3.0.4 are not affected by this vulnerability. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
MoinMoin Group ACL Bypass
| Package(s): | moinmoin | CVE #(s): | ||||
| Created: | July 12, 2004 | Updated: | August 26, 2004 | |||
| Description: | MoinMoin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a user with the same name as an administrative group. This flaw may lead to a loss of integrity. See this osvdb entry for additional information. | |||||
| Alerts: |
| |||||
mozilla: multiple vulnerabilties
| Package(s): | mozilla | CVE #(s): | CAN-2003-0594 CAN-2003-0564 | ||||||||||||
| Created: | March 10, 2004 | Updated: | August 19, 2004 | ||||||||||||
| Description: | Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. | ||||||||||||||
| Alerts: |
| ||||||||||||||
mpg321: format string vulnerability
| Package(s): | mpg321 | CVE #(s): | CAN-2003-0969 | ||||||
| Created: | January 6, 2004 | Updated: | March 28, 2005 | ||||||
| Description: | A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming). | ||||||||
| Alerts: |
| ||||||||
MySQL: temporary file vulnerabilities
| Package(s): | mysql | CVE #(s): | CAN-2004-0381 CAN-2004-0388 | ||||||||||||
| Created: | April 14, 2004 | Updated: | August 18, 2004 | ||||||||||||
| Description: | The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system. | ||||||||||||||
| Alerts: |
| ||||||||||||||
neon: buffer overflow
| Package(s): | neon | CVE #(s): | CAN-2004-0398 | |||||||||||||||||||||||||||||||||||||||||||||
| Created: | May 19, 2004 | Updated: | September 30, 2004 | |||||||||||||||||||||||||||||||||||||||||||||
| Description: | The neon library (through version 0.24.5) contains a buffer overflow in its date parsing code, allowing arbitrary code execution when connecting to a hostile server. See this advisory for details. This vulnerability also affects related applications (such as cadaver). | |||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||
Nessus NASL scripting engine security issues
| Package(s): | nessus | CVE #(s): | ||||
| Created: | May 27, 2003 | Updated: | August 12, 2004 | |||
| Description: | Some some vulnerabilities exsist in the Nessus NASL scripting engine. To exploit these flaws, an attacker would need to have a valid Nessus account as well as the ability to upload arbitrary Nessus plugins in the Nessus server (this option is disabled by default) or he/she would need to trick a user somehow into running a specially crafted nasl script. Read the full advisory for additional information. | |||||
| Alerts: |
| |||||
netkit-telnet-ssl format string vulnerability
| Package(s): | netkit-telnet-ssl | CVE #(s): | CAN-2004-0640 | |||
| Created: | July 18, 2004 | Updated: | July 21, 2004 | |||
| Description: | b0f discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon (the 'telnetd' user by default). | |||||
| Alerts: |
| |||||
netpbm: insecure temporary files
| Package(s): | netpbm | CVE #(s): | CAN-2003-0924 | |||||||||||||||||||||||||||
| Created: | January 19, 2004 | Updated: | December 29, 2004 | |||||||||||||||||||||||||||
| Description: | netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
openssh: timing attack leads to information disclosure
| Package(s): | openssh | CVE #(s): | CAN-2003-0190 | |||||||||||||||
| Created: | May 2, 2003 | Updated: | November 30, 2004 | |||||||||||||||
| Description: | From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation." | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
Opera: Multiple spoofing vulnerabilities
| Package(s): | opera | CVE #(s): | ||||
| Created: | July 20, 2004 | Updated: | July 21, 2004 | |||
| Description: | Opera fails to remove illegal characters from an URI of a link and to check
that the target frame of a link belongs to the same website as the
link. Opera also updates the address bar before loading a page.
Additionally, Opera contains a certificate verification problem.
These vulnerabilities could allow an attacker to impersonate legitimate websites to steal sensitive information from users. This could be done by obfuscating the real URI of a link or by injecting a malicious frame into an arbitrary frame of another browser window. | |||||
| Alerts: |
| |||||
pavuk: buffer overflow
| Package(s): | pavuk | CVE #(s): | CAN-2004-0456 | |||||||||
| Created: | June 30, 2004 | Updated: | November 11, 2004 | |||||||||
| Description: | Versions of the pavuk web spider through 0.9.28-r1 contain a buffer overflow which could be exploited by a hostile server. | |||||||||||
| Alerts: |
| |||||||||||
php: remotely exploitable memory errors
| Package(s): | php | CVE #(s): | CAN-2004-0594 | ||||||||||||||||||||||||||||||||||||||||||
| Created: | July 14, 2004 | Updated: | February 7, 2005 | ||||||||||||||||||||||||||||||||||||||||||
| Description: | Stefan Esser has issued an advisory regarding a remotely exploitable hole in PHP (through version 4.3.7). If the memory_limit feature is in use (as it should be, to prevent denial of service attacks), allocation failures can be forced at highly inopportune times, and those failures can be exploited to execute arbitrary code. The exploit is described as "quite easy," and it can be done regardless of whether Apache1 or Apache2 is in use. Upgrading to PHP 4.3.8 fixes the problem; yesterday's PHP 5.0 release also contains the fix (but the final release candidate did not). | ||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||
postgresql buffer overflow in ODBC driver
| Package(s): | postgresql | CVE #(s): | |||||||
| Created: | June 7, 2004 | Updated: | July 28, 2004 | ||||||
| Description: | A buffer overflow has been discovered in the ODBC driver of PostgreSQL, an object-relational SQL database, descended from POSTGRES. It possible to exploit this problem and crash the surrounding application. Hence, a PHP script using php4-odbc can be utilized to crash the surrounding Apache webserver. Other parts of postgresql are not affected. | ||||||||
| Alerts: |
| ||||||||
python: buffer overflow
| Package(s): | python | CVE #(s): | CAN-2004-0150 | |||||||||||||||
| Created: | March 10, 2004 | Updated: | October 11, 2004 | |||||||||||||||
| Description: | Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
squid: buffer overflow
| Package(s): | squid | CVE #(s): | CAN-2004-0541 | |||||||||
| Created: | June 9, 2004 | Updated: | September 30, 2004 | |||||||||
| Description: | The NTLM authentication helper used by the squid proxy contains a buffer overflow vulnerability; an overly-long password may be used to run arbitrary code. Sites not using NTLM authentication are not vulnerable. | |||||||||||
| Alerts: |
| |||||||||||