Security Linux News for Nov 11, 1999
LinuxPPC Security Advisory: bind (Nov 11, 1999, 22:26)
"A new version of bind was just released which fixes a variety
of serious problems including crashes and remote access."
Red Hat Security Advisory: Security problems in bind (Nov 11, 1999, 20:59)
"Several security vulnerabilities exist in the DNS server,
Debian Security Advisory: New version of proftpd fixes remote exploits (Nov 11, 1999, 19:17)
"The proftpd version that was distributed in Debian GNU/Linux
2.1 had several buffer overruns that could be exploited by remote
attackers. A short list of problems:
* user input was used in snprintf() without sufficient checks
* there was an overflow in the log_xfer() routine
* you could overflow a buffer by using very long pathnames."
Debian Security Advisory: New version of nfs-server fixes remote exploit (Nov 11, 1999, 18:25)
"The version of nfs-server that was distributed in Debian
GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed
that the total length of a path would never exceed
(PATH_MAX_NAME_MAX). With a read/write exported directory people
could created longes path and cause a bufferoverflow."
BW: NetNation Partners With Cobalt Networks (Nov 11, 1999, 15:46)
"NetNation's new line of Cobalt servers, called the NetRaQ,
enable customers to choose from five dedicated server hosting
options. The NetRaQ is co-branded by NetNation and Cobalt and is
aimed at businesses with high-traffic Web sites."
Red Hat Security Advisory: new NFS server pacakges available (5.2, 4.2) (Nov 11, 1999, 07:56)
"The length of a path name was not checked on the removal of a
directory. If a long enough directory name was created, the buffer
holding the pathname would overflow, and the possibility exists
that arbitrary code could be executed as the user the NFS server
runs as (root). Exploiting this buffer overflow does require
read/write access to a share on an affected server."
Yellow Dog Linux Security Advisory: bind (Nov 11, 1999, 07:46)
"The Internet Software Consortium have announced the discovery
of six bugs which result in vulnerabilities of varying levels of
severity in BIND (Berkeley Internet Name Domain)."