Security
Brief items
Vulnerabilities and alerts in 2002
One of the advantages to having a site built on a real database is that you can use it to generate nifty tables. When we ran a list of vulnerabilities and alerts one year ago, the whole thing was generated by hand. Life is easier this time around....at least, if you're not concerned with keeping your systems secure. The following table, which covers the second half of 2002, contains 119 separate vulnerabilities, and well over 300 alerts. As much as we like to say that free software is more secure, the table below makes it clear that it is not anywhere near secure enough.
On the other hand, it's worth pointing out that almost none of the vulnerabilities listed below have, to our knowledge, been exploited on any kind of scale. Most of these problems have been found (and fixed) by developers proactively auditing the code; in general, the fixes seem to get out to most users in time to avoid widespread problems. Many of these vulnerabilities are, most likely, relatively hard to exploit.
The table reveals some of the limitations of our security database. If a vulnerability has no alerts from a particular distributor, it does not necessarily mean that said distributor never got around to fixing the problem. In many cases, the distributor did not ship a vulnerable version of the affected program, and thus did not need to put out an update.
New vulnerabilities
bladeenc - improper input verification
| Package(s): | bladeenc | CVE #(s): | |||||
| Created: | February 5, 2003 | Updated: | February 5, 2003 | ||||
| Description: | Versions 0.94.2 (and prior) of the Blade MP3 encoder contain an input validation vulnerability which can lead to arbitrary code execution; see this advisory for details. | ||||||
| Alerts: |
| ||||||
courier - missing input sanitizing
| Package(s): | courier | CVE #(s): | CAN-2003-0040 | ||||
| Created: | January 30, 2003 | Updated: | February 5, 2003 | ||||
| Description: | The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected. | ||||||
| Alerts: |
| ||||||
kernel - Multiple vulnerabilities in version 2.4.18 of the kernel
| Package(s): | kernel | CVE #(s): | CAN-2003-0001 CAN-2003-0018 | ||||
| Created: | February 4, 2003 | Updated: | February 5, 2003 | ||||
| Description: | Vulnerabilities have been found in version 2.4.18 of the kernel.
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0001 to this issue. A vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and later that can create a limited information leak where any user on the system with write privileges to a file system can read information from that file system (from previously deleted files), and can create minor file system corruption (easily repaired by fsck). Red Hat Linux in its default configuration is not affected by this bug, because the ext3 file system (the default file system in Red Hat Linux 7.2 and later) does not support the O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18 kernels have this bug. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0018 to this issue. | ||||||
| Alerts: |
| ||||||
krb5 - vulnerability in Kerberos ftp client
| Package(s): | krb5 ftp netkit | CVE #(s): | CAN-2003-0041 | ||||||||
| Created: | January 31, 2003 | Updated: | February 21, 2003 | ||||||||
| Description: | Kerberos is a network authentication system.
A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client. The Kerberos ftp client runs as the default ftp client when the Kerberos package krb5-workstation is installed on a Red Hat Linux distribution. | ||||||||||
| Alerts: |
| ||||||||||
qt-dcgui: file leaking
| Package(s): | qt-dcgui | CVE #(s): | |||||
| Created: | February 4, 2003 | Updated: | February 5, 2003 | ||||
| Description: | All versions of qt-dcqui prior to 0.2.2 have a major security vulnerability
in the directory parser. This bug allows a remote attacker to download
files outside the sharelist. It's recommended that you upgrade the
packages immediatly.
Read the full announcment at: http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html | ||||||
| Alerts: |
| ||||||
slocate - buffer overflow
| Package(s): | slocate | CVE #(s): | CAN-2003-0056 | ||||||||||||||||||||
| Created: | February 5, 2003 | Updated: | May 8, 2003 | ||||||||||||||||||||
| Description: | version 2.6 (at least) of slocate contains a buffer overflow vulnerability which could lead to a local exploit; see this advisory for the details. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Resources
LinuxSecurity.com newsletters
The latest Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.
Events
Sixth Annual Digital Money Forum
The Sixth Digital Money Forum will be held April 2 and 3 in London; click below for information on the program.SummerCon 2003
SummerCon 2003 is happening June 6 to 8 in Pittsburgh, PA. The organizers are still looking for more speakers if you would like to present at this event.
Page editor: Jonathan Corbet
Next page:
Kernel development>>