All articles

May 08, 2002 06:57 SuSE: remote command execution in sysconfig

The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. Fixed packages are available from

May 07, 2002 09:16 SuSE: remote privilege escalation in imlib

The imlib library can be used by X11 applications to handle various kinds of image data. Imlib could, under certain circumstances, revert to using a netpbm library which is well known to have security problems and should not be used for handling untrusted data. Furthermore a heap corruption could occur in the imlib code. An attacker could send a maliciously formated image file to trigger a Denial-of-Service attack or even execute arbitrary code on the victim's machine. Fixed packages are available from

No avatar May 04, 2002 00:00 Those Messy TrueTypes


Recently, I downloaded about 2,000 free fonts. Most of them are of high quality, but you can easily imagine my problem: There are just too many of them for one graphics designer. I don’t have time to browse through them all to find the one optimal for my needs.

May 03, 2002 01:06 Red Hat: Updated Nautilus for symlink vulnerability writi...

The Nautilus file manager (used by default in the GNOME desktop environment) writes metadata files containing information about files and directories that have been visited in the file manager. The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target. Fixed packages are available from

May 03, 2002 01:04 Red Hat: Updated mod_python packages available

mod_python versions 2.7.6 and earlier allow a module which is indirectly imported by a published module to then be accessed by the publisher handler. This could allow a remote attacker to abuse imported modules leading to file modifications or more serious breaches. Fixed packages are available from

May 01, 2002 13:03 Red Hat: Insecure DocBook stylesheet option

The default stylesheet used when converting a DocBook document to multiple HTML files allows an untrusted document to write files outside of the current directory. This is because element identifiers (specified in the document) are used to form the names of the output files. If an untrusted document uses a full pathname as an identifier, it can cause that file to be written to -- as long as the user performing the conversion has write access. Fixed packages are available from

No avatar May 01, 2002 00:00 PalmOS Software

So, you've just gotten a PalmOS-based PDA... now what? Here are some suggestions for Open Source Software/Free Software available for the Palm, grouped into the following topics: electronic books, games, miscellaneous software, and how to locate other software. I'll close with a few comments about the future of Palms.

No avatar May 01, 2002 00:00 Welcome to the New

83 has become part of freshmeat today. I'd like to share a short history of the site and explain the reasons behind the decision to do this.

April 30, 2002 17:26 SuSE: local privilege escalation in sudo

The sudo program allows local users to execute certain configured commands with root priviledges. Sudo contains a heap overflow in its prompt assembling function. The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root. We would like to thank GlobalInterSec for finding and researching this vulnerability. Fixed packages are available from

April 29, 2002 09:05 SuSE: remote command execution in radiusd-cistron

The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. Fixed packages are available from

No avatar April 27, 2002 00:00 Network Printers and Other Peripherals -- Vulnerabilities...

Like computers on large heterogeneous environments, networked printers and other peripherals have vulnerabilities that can lead to exposure of data, denial of service, and gateways for attacks on other systems. Yet, while many organizations seek to protect their computers, they ignore printers and other peripherals. In this articles, I'll discuss general attacks against printers and other peripherals, with specifics on known vulnerabilities in several brands of printers, and propose possible solutions to keep both computers and networked peripherals from attack.

April 26, 2002 01:05 Debian: sudo buffer overflow

fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. Fixed packages are available from

April 26, 2002 01:02 Red Hat: Updated sudo packages are available

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can be exploited to allow a local attacker to gain root privileges. Fixed packages are available from

No avatar April 20, 2002 00:00 Linux Device Drivers

I'm afraid to read Linux Device Drivers. It's not that I didn't do a good first reading; of course I did. It's not that I'm not prepared. I read K and R (The C Programming Language), lovingly doing every exercise, around 1986, and have used C on-and-off since then. These days, I read man pages and info documentation on a daily basis, and am thoroughly comfortable with compiling and installing kernels. You will need these skills to read Linux Device Drivers.

April 17, 2002 05:28 Debian: buffer overflow in xpilot-server

An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running. Fixed packages are available from

April 17, 2002 05:26 Debian: Horde and IMP cross-site scripting attack

A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5 of the imp package. Fixed packages are available from

No avatar April 13, 2002 00:00 The Scalability of Ruby

There are lots of reasons to like Ruby. It's a pure object oriented language. The syntax is elegant, and the use of blocks creates a novel feel. Another reason to like Ruby is its scalability. I don't mean scalability in the performance sense, but in regards to how you can code simple Ruby macros to solve small problems and also use Ruby in its object oriented form to support very large or complex applications.

April 09, 2002 01:22 SuSE: remote denial-of-service in ucd-snmp

The Secure Programming Group of the Oulu University, Sweden released a testing suite for SNMP implementations. Several bugs could be triggered in the ucd-snmpd code by using this testing suite. These bugs lead to remote denial-of-service attacks and may possibly exploited to break system security remotely. Updated packages can be obtained from

April 06, 2002 00:28 Red Hat: Race conditions in logwatch

Versions of LogWatch 2.1.1 and earlier have a vulnerability due to a race condition during the creation of a temporary directory. This vulnerability can allow a local user to gain root privileges. An additional race condition was found in versions of LogWatch 2.5 and earlier. Fixed packages can be obtained from

No avatar April 06, 2002 00:00 Preventive Security

Each year, more money is spent on security, and each year, there are more incidents, more losses, and greater average losses. 2001 set records for security spending, security vulnerabilities, attacks, and security losses. 2002 is expected to be worse. It should be obvious that the security industry is missing something critical when it comes to reigning in the losses caused by security incidents. The potential for tens or hundreds of thousands of systems to be compromised literally overnight is a systemic failure that must be corrected. The increased reliance on the Internet and other networked systems makes developing a real and workable preventive solution for computer security an economic necessity. A security process that can keep systems secure in spite of their vulnerabilities is becoming a necessity. The current vulnerability-driven security process is just not up to the challenge.

No avatar April 01, 2002 00:00 freshmeat.NET

It's been a little over a year since the major code revision that led to freshmeat ][. The Web waits for no man, and the time has come to make sure we're in step with recent developments. Today, we're happy to announce our new name and our plans to incorporate important new technologies into the site.

No avatar March 30, 2002 00:00 Telephony Software

The telephony software category includes applications that let you communicate via voice and/or video through the Internet to other people, software that lets you set up a software-based telephony PBX based on standard hardware, tools that let you analyze data from or control legacy telephony switchgears, and small, simple pieces of software that let you set up an answering machine using an old voice modem.

March 28, 2002 10:33 Debian: New analog packages fix cross-site scripting vuln...

Yuji Takahashi discovered a bug in analog which allows a cross-site scripting type attack. It is easy for an attacker to insert arbitrary strings into any web server logfile. If these strings are then analysed by analog, they can appear in the report. By this means an attacker can introduce arbitrary Javascript code, for example, into an analog report produced by someone else and read by a third person. Analog already attempted to encode unsafe characters to avoid this type of attack, but the conversion was incomplete. Fixed packages can be obtained from

No avatar March 23, 2002 00:00 The Linux Cookbook

On my Linux Users Group's mailing list, an old question recently surfaced again: What book would you recommend for someone who is new to Unix (but not to computers)? I didn't have any suggestions at the time, but after looking at "The Linux Cookbook", I do. It's a book I wish I'd had when I started, and one I'm happy to have beside me now.

March 21, 2002 16:43 Red Hat: New imlib packages available

Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems that make it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Fixed packages are available from

March 19, 2002 15:51 Debian: buffer overflow in listar

Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow in the address_match of listar (a listserv style mailing-list manager). Fixed packages are available from

No avatar March 16, 2002 00:00 You Say You Want a Revolution (or Dude, Where's My Databa...

Remember those heady days of the mid-to-late 1990s? When Webmonkey was required daily reading, Hotdog and HoTMetaL Pro were the "cool" HTML editors (though vi and Notepad predominated), and the Browser Wars were relevant? When virtually all Web sites were collections of static pages, even if generated via some dynamic process(es) such as VB widgets or Perl scripts? When Perl CGIs and .shtml pages were the only true approximation of dynamic Web development available? When Java still meant coffee, ASP was a snake, and Linus was a character in the Peanuts cartoon? Remember? Ah, the bad old days.

March 13, 2002 02:27 Debian: New zlib & other packages fix buffer overflow

The compression library zlib has a flaw in which it attempts to free memory more than once under certain conditions. This can possibly be exploited to run arbitrary code in a program that includes zlib. If a network application running as root is linked to zlib, this could potentially lead to a remote root compromise. No exploits are known at this time. This vulnerability is assigned the CVE candidate name of CAN-2002-0059. Fixed packages are available from

March 13, 2002 02:25 SuSE: remote command execution in libz/zlib

The zlib compression library is being used by many applications to provide data compression/decompression routines. An error in a decompression routine can corrupt the internal data structures of malloc by a double call to the free() function. If the data processed by the compression library is provided from an untrusted source, it may be possible for an attacker to interfere with the process using the zlib routines. The attack scenario includes a denial of service attack and memory/data disclosure, but it may also be possible to insert arbitrary code into the running program and to execute this code. This update fixes the known problems in the libz/zlib as a permanent fix. There exists no temporary workaround that can efficiently remedy the problem. Fixed packages are available from

March 11, 2002 14:34 Debian: New xtell packages fix several vulnerabilities

Several security related problems have been found in the xtell package, a simple messaging client and server. In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains "..". These problems could lead into an attacker being able to execute arbitrary code on the server machine. The server runs with nobody privileges by default, so this would be the account to be exploited. Fixed packages are available from

Project Spotlight


A JMX remoting alternative to JSR-160 connectors.


Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.