All articles

October 08, 2002 16:01 Debian: New tkmail packages fix insecure temporary file c...

It has been discovered that tkmail creates temporary files insecurely. Exploiting this an attacker with local access can easily create and overwrite files as another user. Fixed packages are available from

October 08, 2002 13:31 SuSE: remote privilege escalation in mod_php4

PHP is a well known and widely used web programming language. If a PHP script runs in "safe mode" several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell meta-characters or sendmail(8) command line options via the 5th argument (introduced in version 4.0.5) of the mail() function to execute shell commands or control the behavior of sendmail(8). The CRLF injection vulnerabilities in fopen(), file(), header(), ... allow an attacker to bypass ACLs or trigger cross-side scripting. Fixed packages are available from

October 08, 2002 13:28 SuSE: remote privilege escalation in hylafax

HylaFAX is a client-server architecture for receiving and sending facsimiles. The logging function of faxgetty prior version 4.1.3 was vulnerable to a format string bug when handling the TSI value of a received facsimile. This bug could easily be used to trigger a denial-of-service attack or to execute arbitrary code remotely. Another bug in faxgetty, a buffer overflow, can be abused by a remote attacker by sending a large line of image data to execute arbitrary commands too. Several format string bugs in local helper applications were fixed too. These bugs can not be exploited to gain higher privileges on a system running SuSE Linux because of the absence of setuid bits. Fixed packages can be obtained from

No avatar October 05, 2002 00:00 Linux DVD Players

With DVDs quickly ousting clunky old video tapes from the realms of video rental stores, and DVD-ROMs no longer the expensive beasts they once were, software to turn your everyday Linux box into a home entertainment system is becoming increasingly popular. This review looks at the four major DVD players available to Linux users and the general state of DVD playback under Linux.

October 04, 2002 12:14 Debian: New tomcat packages fix unintended source code di...

A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraints, without the need for being properly authenticated. Fixed packages are available from

October 04, 2002 12:12 Red Hat: Updated tcpdump packages fix buffer overflow

tcpdump is a command-line tool for monitoring network traffic. Versions of tcpdump up to and including 3.6.2 have a buffer overflow that can be triggered when tracing the network by a bad NFS packet. Fixed packages are available from

October 04, 2002 12:10 Red Hat: Updated nss_ldap packages fix buffer overflow

Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix a potential buffer overflow which can occur when nss_ldap is set to configure itself using information stored in DNS, a format string bug in logging functions used in pam_ldap, and to properly handle truncated DNS responses. Fixed packages are available from

October 04, 2002 12:08 Red Hat: Updated glibc packages fix vulnerabilities in re...

The GNU C library package, glibc, contains standard libraries which are used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. Fixed packages are available from

September 30, 2002 12:02 SuSE: remote command execution in heimdal

The Heimdal package is a free Kerberos implementation offering flexible authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme. The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several possible buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on unpatched systems. Since these services run usually on authentication servers we consider these bugs to be very serious. An update is strongly recommended if you are using the Heimdal package. Fixed packages are available from

September 29, 2002 13:18 Red Hat: Updated unzip and tar packages fix vulnerabilities

The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. Fixed packages are available from

No avatar September 28, 2002 00:00 A Solution to the Problem of Configuration in Linux

What is configuration in Linux? What do experienced system administrators do when they need to, for example, modify the access rights to a Web site or change the network settings for their server? Invariably, they're going to login into the machine and edit a text file using a Unix editor such as vi or Emacs. That by itself isn't that bad, but depending on which application you want to configure and which Linux distribution you happen to be using, the location of the file you need to edit (and maybe even the format of the file) could be completely unknown.

September 26, 2002 13:36 Debian: New glibc packages fix division by zero

Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially replaced potential integer overflows in connection with malloc() with more likely divisions by zero. This called for an update. Fixed packages are available from

No avatar September 21, 2002 00:00 Instant Messaging Clients

Somehow, some way, people who are new to Linux have gotten the idea that Linux has limited IM choices. Since the Unix family was the first to have popular IM clients (with "talk" leading the way), that's more than a little silly. It is true that if you want the latest AOL Instant Messenger (AIM) features or MSN Messenger you're out of luck, but there are many other clients to choose from, and some will let you talk to your buddies whether they're on AIM, MSN, or even Yahoo!.

September 18, 2002 09:59 SuSE: local privilege escalation in xf86

The xf86 package contains various libraries and programs which are fundamental for the X server to function. The library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against Unfortunately, also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case. Fixed packages are available from

September 16, 2002 12:57 Red Hat: Updated gaim client fixes URL vulnerability

Gaim is an all-in-one instant messaging client that lets you use a number of messaging protocols such as AIM, ICQ, and Yahoo, all at once. Versions of gaim prior to 0.59.1 contain a bug in the URL handler of the manual browser option. A link can be carefully crafted to contain an arbitrary shell script which will be executed if the user clicks on the link. Updated packages are available from

September 16, 2002 09:23 Debian: New kdelibs fix cross site scripting bug

A cross site scripting problem has been discovered in Konquerer, a famous browser for KDE and other programs using KHTML. The KDE team reports that Konqueror's cross site scripting protection fails to initialize the domains on sub-(i)frames correctly. As a result, Javascript is able to access any foreign subframe which is defined in the HTML source. Users of Konqueror and other KDE software that uses the KHTML rendering engine may become victim of a cookie stealing and other cross site scripting attacks. Fixed packages are available from

No avatar September 14, 2002 00:00 Desktop *nix Users Find No Solution in OS X

Tim O'Reilly, founder of the popular books with animals on the cover, recently wrote an article on people switching to Mac OS X. He provides some anecdotal evidence -- which, to his credit, he cites as such -- about the makeup of users adopting the new OS, and attempts to make the case that Mac OS X is Unix on the desktop, achieving what Linux and numerous other Unix vendors have failed to do. But O'Reilly's claim that Apple has achieved a desktop flavor of Unix in OS X (and should focus some marketing effort on converting Unix/Linux users) dances around a number of issues, not the smallest of which is one extremely important fact: Mac OS X is not Unix.

September 13, 2002 10:22 Debian: New purity packages fix potential buffer overflows

Two buffer overflows have been discovered in purity, a game for nerds and hackers, which is installed setgid games on a Debian system. This problem could be exploited to gain unauthorized access to the group games. A malicious user could alter the highscore of several games. Fixed packages are available from

September 12, 2002 11:56 Debian: New PostgreSQL packages fix several vulnerabilities

Mordred Labs and others found several vulnerabilities in PostgreSQL, an object-relational SQL database. They are inherited from several buffer overflows and integer overflows. Specially crafted long date and time input, currency, repeat data and long timezone names could cause the PostgreSQL server to crash as well as specially crafted input data for lpad() and rpad(). More buffer/integer overflows were found in circle_poly(), path_encode() and path_addr(). Fixed packages are available from

September 10, 2002 13:12 Debian: New cacti package fixes arbitrary code execution

A problem in cacti, a PHP based frontend to rrdtool for monitoring systems and services, has been discovered. This could lead into cacti executing arbitrary program code under the user id of the web server. This problem, however, is only persistant to users who already have administrator privileges in the cacti system. Fixed packages are available from

September 10, 2002 13:09 Debian: New mhonarc packages fix cross site scripting pro...

Jason Molenda and Hiromitsu Takagi found ways to exploit cross site scripting bugs in mhonarc, a mail to HTML converter. When processing maliciously crafted mails of type text/html, mhonarc, does not deactivate all scripting parts properly. This is fixed in upstream version 2.5.3. Fixed packages are available from

September 10, 2002 13:06 Red Hat: New wordtrans packages fix remote vulnerabilities

The wordtrans-web package provides an interface to query multilingual dictionaries via a web browser. Guardent discovered vulnerabilities which affect versions of wordtrans up to and including 1.1pre8. Improper input validation allows for the execution of arbitrary code or injection of cross-site scripting code by passing in unexpected parameters to the wordtrans.php script. The wordtrans.php script then unsafely executes the wordtrans binary with the malformed parameters. Fixed packages are available from

September 10, 2002 12:00 Ad-free day on 09/11

On September 11, 2002 OSDN and all of its affiliated Web sites will host an entire day free of advertising. We will do this in remembrance of September 11, 2001 as a tribute to all of the heroes and victims of that tragic day. We will resume all advertising at 12:01 US EDT on September 12. OSDN would like to thank our customers for supporting us in this action.

Most Sincerely,

Richard French
General Manager

September 06, 2002 18:14 Debian: New ethereal packages fix buffer overflow

Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems. Fixed packages are available from

September 04, 2002 11:23 Debian: New Mantis package fixes privilege escalation

A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Another bug in Mantis caused the 'View Bugs' page to list bugs from both public and private projects when no projects are accessible to the current user. Fixed packages are available from

September 04, 2002 01:37 Red Hat: Updated scrollkeeper packages fix tempfile vulne...

ScrollKeeper is a cataloging system for documentation. All versions of ScrollKeeper between 0.3 and 0.3.11 have a tempfile vulnerability. The scrollkeeper-get-cl command generates temporary files in the /tmp directory. These files are named scrollkeeper-tempfile.[0-4], and while creating these files scrollkeeper-get-cl follows symbolic links. These files are created when a user logs in to a GNOME session and are created as the user who logged in. This means an attacker with local access can easily create and overwrite files as another user. Fixed packages are available from

September 03, 2002 09:19 Debian: New scrollkeeper packages fix insecure temporary ...

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user. Fixed packages are available from

No avatar August 31, 2002 00:00 Linux Games

The world is filled with Free Software to do all kinds of jobs. From top-to-bottom, a typical GNU/Linux system provides a kernel, basic administration tools, servers, clients, a graphical substrate, and (finally) high-level graphical environments sitting atop it all. Graphics, sound, input, output, networking... you can find Free Software for all of these. Despite this power given to hackers, Free Software games are often considered to be of lesser quality, compared to those available in the non-Free software world. In this review, I'll look at the variety of Free Software games available today and whether Free gaming software deserves its reputation.

August 30, 2002 13:16 SuSE: local/remote privilege escalation in glibc

An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker. Fixed packages are available from

August 29, 2002 15:22 Red Hat: Updated ethereal packages are available

Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux 7.2 and 7.3. A buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. Fixed packages are available from

Project Spotlight


A JMX remoting alternative to JSR-160 connectors.


Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.