Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Security Portal: Weekly Linux Security Roundup - 2000/05/22 to 2000/05/28

May 29, 2000, 17:11 (0 Talkback[s])
(Other stories by Kurt Seifried)

"Busy week, with many issues. Time to go upgrading again. Some more exploits for Kerberos released, it's high time to upgrade if you haven't already. Also a nasty bug on X, and in Netscape (universal applications at the desktop level as far as I know, time to update and plug those holes too). Note: having multiple layers of security will either stop or slow down the exploitation of many of these problems. Firewalling at the desktop machine incurs very little penalty for performance, and increases a system's survivability in the event of an attack. I'm playing around with the format of the bulletin a bit, comments are welcome (seifried@securityportal.com). Warning, this advisory is rather on the huge side."

"Kerberos
Yes kerberos has holes, vendors have been releasing updates but if you are in a hurry you can do it yourself... The patches previously posted for fixing the krb4 buffer overruns had some whitespace issues resulting from untabifying. ... These fixed patches have tabs repaired and also have pathnames in the diff headers fixed to include directory names so that they may be applied from the top of a source tree."

"Netscape
Netscape version prior to 4.73 have a nasty bug in certificate handling, upgrade immediately. Version 4.73 also has a bad exploit, similar to but unrelated to previous problems. Basically it gives attackers the ability to spoof legitimate sites using fake SSL certificates easily, so unless you are watching out you can easily be fooled into giving up information to a site that is not the one you think it is."

"X Nasty little denial of service attack in X, send a malformed packet to it (port 6000) and it freezes up for a while (does 4 billion iterations of a loop before unsticking). As always you should firewall X..."

Complete Story

Related Stories: