All articles

December 23, 2002 06:51 Debian: New cyrus-imapd packages fix remote command

Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server. Fixed packages are available from

December 23, 2002 04:51 freshmeat launches Mac OS X section

We've had trove nodes for the Mac OS X operating system and the Mac OS X Carbon and Cocoa frameworks for ages. We've had an OS X package download link for ages. Now we officially have a whole freshmeat section devoted to the next generation of Apple's operating system. Click the link to read the full story.

No avatar December 21, 2002 00:00 Peopleware: Productive Projects and Teams

I first read "Peopleware..." in the late 80s while working at a struggling vibration analysis company that was mightily attempting to create chaos out of order. The management was affronted by the book (I had stupidly lent a copy to the V.P. of engineering) and I only retrieved it when I proved that it was a public library book. At the time, I was excited by its approach and readability, and I greatly enjoyed reading it and sharing it with my downtrodden peers.

December 20, 2002 08:13 Debian: New kdenetwork packages fix buffer overflows

Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application. Fixed packages are available from

December 19, 2002 07:30 Debian: New libpng packages fix buffer overflow

Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. Fixed packages are available from

December 17, 2002 04:59 Debian: New MySQL packages fix multiple vulnerabilities

While performing an audit of MySQL e-matters found several problems. Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers. Since the resulting numbers where used for a memcpy() operation this could lead to memory corruption. When re-authenticating to a different user MySQL did not perform all checks that are performed on initial authentication. This allowed for single-character password brute forcing which could be used by a normal user to gain root privileges to the database and it was possible to overflow the password buffer and force the server to execute arbitrary code. Also, when processing the rows returned by a SQL server there was no check for overly large rows or terminating NUL characters. This can be used to exploit SQL clients if they connect to a compromised MySQL server. When processing a row as returned by a SQL server the returned field sizes were not verified. This can be used to exploit SQL clients if they connect to a compromised MySQL server. Fixed packages are available from

December 17, 2002 04:29 Red Hat: Updated Fetchmail packages fix security vulnerab...

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections. A bug has been found in the header parsing code in versions of Fetchmail prior to 6.2.0. This bug allows a remote attacker to crash Fetchmail and potentially execute arbitrary code by sending a carefully crafted email which is then parsed by Fetchmail. Fixed packages are available from

December 17, 2002 04:27 Red Hat: Updated Net-SNMP packages fix security and other...

The Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools. The SNMP daemon included in the Net-SNMP package versions 5.0.1 through 5.0.4 can be caused to crash if it is sent a specially crafted packet. Successful exploitation of this issue would require knowledge of a known SNMP community string. Fixed packages are available from

December 13, 2002 07:41 Debian: New mICQ packages fix denial of service

Rüdiger Kuhlmann, upstream developer of mICQ, a text based ICQ client, discovered a problem in mICQ. Receiving certain ICQ message types that do not contain the required 0xFE seperator causes all versions to crash. Fixed packages are available from

December 12, 2002 22:10 Debian: New lynx packages fix CRLF injection

lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request. Fixed packages can be obtained from

December 12, 2002 22:08 Debian: New wget packages fix buffer overflow and directo...

Two problems have been found in the wget package as distributed in Debian GNU/Linux. Stefano Zacchiroli found a buffer overrun in the url_filename function, which would make wget segfault on very long URLs. Steven M. Christey discovered that wget did not verify the FTP server response to a NLST command: it must not contain any directory information, since that can be used to make a FTP client overwrite arbitrary files. Fixed packages are available from

December 12, 2002 12:52 Red Hat: Updated apache, httpd, and mod_ssl packages avai...

The Apache HTTP Web Server is a secure, efficient, and extensible web server that provides HTTP services. Buffer overflows in the ApacheBench support program (ab.c) in Apache versions prior to 1.3.27, and Apache versions 2.x prior to 2.0.43, allow a malicious Web server to cause a denial of service (DoS) and possibly execute arbitrary code via a long response. Two cross-site scripting (XSS) vulnerabilities are present in the error pages for the default "404 Not Found" error and for the error response when a plain HTTP request is received on an SSL port. Both of these issues are only exploitable if the "UseCanonicalName" setting has been changed to "Off", and wildcard DNS is in use. The shared memory scoreboard in the HTTP daemon for Apache 1.3, prior to version 1.3.27, allows a user running as the "apache" UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or other such behavior that would not normally be allowed. Fixed packages are available from

December 11, 2002 09:31 Debian: New tetex-lib packages fix arbitrary command exec...

The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files. If dvips is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printer user (usually lp). Fixed packages are available from

December 10, 2002 22:10 Debian: New tcpdump packages fix BGP decoding error

The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution. Fixed packages are available from

December 10, 2002 22:08 Debian: New gtetrinet packages fix buffer overflows

Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server. Fixed packages are available from

December 10, 2002 08:11 Red Hat: Updated Canna packages fix vulnerabilities

Canna is a kana-kanji conversion server which is necessary for Japanese language character input. A buffer overflow bug in the Canna server up to and including version 3.5b2 allows a local user to gain the privileges of the user 'bin' which could lead to further exploits. Also, a lack of validation of requests has been found that affects Canna version 3.6 and earlier. A malicious remote user could exploit this vulnerability to leak information, or cause a denial of service attack. Fixed packages are available from

December 10, 2002 08:09 Red Hat: Updated wget packages fix directory traversal bug

Versions of wget prior to 1.8.2-4 contain a bug that permits a malicious FTP server to create or overwrite files anywhere on the local file system. FTP clients must check to see if an FTP server's response to the NLST command includes any directory information along with the list of filenames required by the FTP protocol (RFC 959, section 4.1.3). If the FTP client fails to do so, a malicious FTP server can send filenames beginning with '/' or containing '/../' which can be used to direct a vulnerable FTP client to write files (such as .forward, .rhosts, .shost, etc.) that can then be used for later attacks against the client machine. Fixed packages are available from

No avatar December 07, 2002 00:00 Absolute BSD

Some of you may know me, either by name or by my work with FreeBSD. I will bet that even more of you are familiar with Michael Lucas and his widely-read and highly-regarded articles at OnLamp. It should come as no surprise to those people that he has written a very good book on FreeBSD. "Absolute BSD" came out in July 2002 and has proven to be a great resource for people new to BSD and those who have been using it for years. Michael Lucas has a writing style which is very easy to read and absorb.

December 06, 2002 03:58 SuSE: remote command execution in OpenLDAP2

OpenLDAP is the Open Source implementation of the Lightweight Directory Access Protocol (LDAP) and is used in network environments for distributing certain information such as X.509 certificates or login information. The SuSE Security Team reviewed critical parts of that package and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers. In addition to these bugs, various local exploitable bugs within the OpenLDAP2 libraries (openldap2-devel package) have been fixed. Fixed packages are available from

December 05, 2002 07:30 Debian: New kdelibs packages fix arbitrary program execution

The KDE team has discovered a vulnerability in the support for various network protocols via the KIO The implementation of the rlogin and protocol allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using the victim's account on the vulnerable machine. Fixed packages are available from

December 04, 2002 09:53 Debian: New smb2www packages fix arbitrary command execution

Robert Luberda found a security problem in smb2www, a Windows Network client that is accessible through a web browser. This could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running. Fixed packages are available from

December 04, 2002 05:27 Red Hat: Updated KDE packages fix security issues

KDE is a graphical desktop environment for the X Window System. A number of vulnerabilities have been found in various versions of KDE, the details of which can be found in the body of this article. Fixed packages are available from

December 04, 2002 02:55 Red Hat: Updated xinetd packages fix denial of service vu...

Xinetd is a secure replacement for inetd, the Internet services daemon. Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal pipe to services that are launched by xinetd. This could allow an attacker to execute a DoS attack via the pipe. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0871 to this issue. Fixed packages are available from

December 04, 2002 02:52 Red Hat: Updated Webalizer packages fix vulnerability

The Webalizer is a Web server log file analysis program which produces detailed usage reports in HTML format. A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. Fixed packages are available from

December 03, 2002 07:10 Debian: New IM packages fix insecure temporary file creation

Tatsuya Kinoshita discovered that IM, which contains interface commands and Perl libraries for E-mail and NetNews, creates temporary files insecurely. Fixed packages are available from

December 02, 2002 07:45 Debian: New Free/SWan packages fix denial of service

Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic. Fixed packages are available from

No avatar November 30, 2002 00:00 Window Managers

The freedom of choice offered by GNU and Linux, combined with the technological design of the X Window System, gives desktop users a windowing environment with a flexibility and capability that is unrivaled. In recent times, the desktop Linux world has been enriched beyond recognition by the KDE and GNOME projects, but window managers are still at the heart of these environments, as well being used widely on their own. In this review, I'll delve into this exciting world and look at the development and the state of the art of some of the most significant and most popular window managers.

November 25, 2002 19:44 Red Hat: New kernel 2.2 packages fix local denial of serv...

The Linux kernel handles the basic functions of the operating system. A vulnerability in the Linux kernel has been discovered in which a non-root user can cause the machine to freeze. This kernel addresses the vulnerability. Please note that this bug is specific to the x86 architecture kernels only, and does not affect other architectures. Fixed packages are available from

November 25, 2002 03:10 SuSE: remote denial-of-service in pine

Pine, Program for Internet News and Email, is a well known and widely used eMail client. While parsing and escaping characters of eMail addresses pine does not allocate enough memory for storing the escaped mailbox part of an address. This results in a buffer overflow on the heap that will make pine crash. The offending eMail can just be deleted manually or by using another mail user agent. Fixed packages are available from

No avatar November 23, 2002 00:00 Ransom Software for Fun and Profit

Users have three main goals in mind when considering software: support, freedom, and quality. Users may not directly recognize these attributes, but they are relevant to every software decision. In this paper, I'll cover these three objectives and explain why releasing software under a ransom system may be a good alternative for some software projects.

Project Spotlight


A JMX remoting alternative to JSR-160 connectors.


Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.