2004 was another busy year for those concerned with the security of their
systems. The LWN security database shows that the top-tier distributors
issued 1660 updates in 2004 in response to 396 vulnerabilities. Once
again, the kernel leads the list for the sheer number of vulnerabilities:
19 of them last year. Apache comes in second with 12 vulnerabilities -
though that figure mixes versions 1 and 2 which, arguably, should be kept
separate.
For the curious, here's the beginning of our table showing vulnerabilities
and resulting alerts for 2004:
For the full table, in its bandwidth- and browser-busting glory, see this page over here.
When viewing this table, please keep in mind one fundamental limitation it
has: we have no way of marking when a given distribution is not affected by
a vulnerability. So, if no alerts show for a specific combination of
distributor and vulnerability, it means either (1) the distributor did
not bother to issue an update, or (2) that distribution was not
vulnerable. Someday we hope to get to where we can distinguish between
those two situations.
Comments (6 posted)
Brief items
The Register
reports
that Verizon has come up with a novel way of reducing spam delivered to its
customers: blocking all email from Europe. "
Verizon three million
DSL customers waiting for emails from Europe were advised to use
alternative forms of communication. 'If it's really important you might
want to make a phone call...'
"
Comments (31 posted)
New vulnerabilities
apache: temporary file vulnerability
| Package(s): | apache |
CVE #(s): | |
| Created: | January 19, 2005 |
Updated: | January 19, 2005 |
| Description: |
Javier Fernández-Sanguino Peña noticed that the Apache 1.3 "check_forensic"
script created temporary files in an insecure manner. |
| Alerts: |
|
Comments (none posted)
chbg: buffer overflow
| Package(s): | chbg |
CVE #(s): | CAN-2004-1264
|
| Created: | January 18, 2005 |
Updated: | February 2, 2005 |
| Description: |
Danny Lungstrom discovered a vulnerability in chbg, a tool to change
background pictures. A maliciously crafted configuration/scenario
file could overflow a buffer and lead to the execution of arbitrary
code on the victim's machine. |
| Alerts: |
|
Comments (none posted)
gatos: buffer overflow
| Package(s): | gatos |
CVE #(s): | CAN-2005-0016
|
| Created: | January 17, 2005 |
Updated: | January 17, 2005 |
| Description: |
Erik Sjölund discovered a buffer overflow in xatitv, one of the programs in
the gatos package, that is used to display video with certain ATI video
cards. xatitv is installed setuid root in order to gain direct access to
the video hardware. |
| Alerts: |
|
Comments (none posted)
gopher: multiple vulnerabilities
| Package(s): | gopher |
CVE #(s): | CAN-2004-0560
CAN-2004-0561
|
| Created: | January 13, 2005 |
Updated: | January 17, 2005 |
| Description: |
Gopher's gopherd has an integer overflow vulnerability and
the gopher log routine has a format string vulnerability. |
| Alerts: |
|
Comments (none posted)
kernel: i386 SMP page fault handler privilege escalation
| Package(s): | kernel |
CVE #(s): | CAN-2005-0001
|
| Created: | January 14, 2005 |
Updated: | February 25, 2005 |
| Description: |
Paul Starzetz found an exploitable hole in the x86 SMP page fault handler
which could lead to privilege escalation. See the advisory for details. |
| Alerts: |
|
Comments (none posted)
imagemagick: .psd image file decode vulnerability
| Package(s): | imagemagick |
CVE #(s): | CAN-2005-0005
|
| Created: | January 18, 2005 |
Updated: | March 23, 2005 |
| Description: |
According to this iDEFENSE advisory,
ImageMagick is vulnerable to a heap overflow when decoding .psd image
files. This could be remotely exploited allowing an attacker to execute
arbitrary code. |
| Alerts: |
|
Comments (1 posted)
mozilla: buffer overflow
| Package(s): | mozilla |
CVE #(s): | CAN-2004-1316
|
| Created: | January 14, 2005 |
Updated: | January 17, 2005 |
| Description: |
iSEC Security Research has discovered a buffer overflow bug in the way
Mozilla handles NNTP URLs. If a user visits a malicious web page or is
convinced to click on a malicious link, it may be possible for an attacker
to execute arbitrary code on the victim's machine. |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: insecure temporary files
| Package(s): | mysql-dfsg |
CVE #(s): | CAN-2005-0004
|
| Created: | January 18, 2005 |
Updated: | March 25, 2005 |
| Description: |
Javier Fernández-Sanguino Peña noticed that the "mysqlaccess" program
created temporary files in an insecure manner. This could allow a
symbolic link attack to create or overwrite arbitrary files with the
privileges of the user invoking the program. |
| Alerts: |
|
Comments (none posted)
playmidi: buffer overflow
| Package(s): | playmidi |
CVE #(s): | CAN-2005-0020
|
| Created: | January 17, 2005 |
Updated: | January 20, 2005 |
| Description: |
Erik Sjölund discovered that playmidi, a MIDI player, contains a setuid
root program with a buffer overflow that can be exploited by a local
attacker. |
| Alerts: |
|
Comments (none posted)
queue: buffer overflows
| Package(s): | queue |
CVE #(s): | CAN-2004-0555
|
| Created: | January 18, 2005 |
Updated: | January 19, 2005 |
| Description: |
"jaguar" of the Debian Security Audit Project has discovered several buffer
overflows in queue, a transparent load balancing system. |
| Alerts: |
|
Comments (none posted)
Squid: multiple vulnerabilities
| Package(s): | squid |
CVE #(s): | CAN-2005-0094
CAN-2005-0095
|
| Created: | January 17, 2005 |
Updated: | February 2, 2005 |
| Description: |
Squid contains a vulnerability in the gopherToHTML function and incorrectly
checks the 'number of caches' field when parsing WCCP_I_SEE_YOU messages.
Furthermore the NTLM code contains two errors. One is a memory leak in the
fakeauth_auth helper and the other is NULL pointer dereferencing error. |
| Alerts: |
|
Comments (none posted)
tnftp: arbitrary file overwriting
| Package(s): | tnftp |
CVE #(s): | CAN-2004-1294
|
| Created: | January 14, 2005 |
Updated: | January 17, 2005 |
| Description: |
According to this advisory, the
'mget' function in cmds.c lacks validation of the filenames that are
supplied by the server. An attacker running an FTP server could supply
clients with malicious filenames, potentially allowing the overwriting of
arbitrary files with the permission of the connected user. |
| Alerts: |
|
Comments (none posted)
twiki: arbitrary shell command execution
| Package(s): | twiki |
CVE #(s): | |
| Created: | January 14, 2005 |
Updated: | January 17, 2005 |
| Description: |
A vulnerability in twiki was found where a remote attacker could exploit it
to run arbitrary shell commands on the server. For further information, see
this announcement. |
| Alerts: |
|
Comments (none posted)
vim: symbolic link attack
| Package(s): | vim |
CVE #(s): | CAN-2005-0069
|
| Created: | January 18, 2005 |
Updated: | February 18, 2005 |
| Description: |
Javier Fernández-Sanguino Peña noticed that the auxiliary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim). |
| Alerts: |
|
Comments (none posted)
xpdf: buffer overflow
| Package(s): | xpdf |
CVE #(s): | CAN-2005-0064
|
| Created: | January 19, 2005 |
Updated: | March 15, 2007 |
| Description: |
iDEFENSE has found yet another xpdf buffer overflow; see this advisory for details. |
| Alerts: |
|
Comments (1 posted)
Events
The Central Pennsylvania Linux Users Group will be holding a security
conference near Harrisburg on March 5. Speakers include Russell
Coker, Brandon Hale, and Ed Reed; click below for the details.
Full Story (comments: none)
Page editor: Jonathan Corbet
Next page:
Kernel development>>
