Security Linux News for May 24, 2000
Caldera Systems, Security Advisory: xemacs (May 24, 2000, 23:56)
"Under some circumstances, users are able to snoop on other
users' keystrokes. This is a serious problems if you use modules
that require e.g. input of passwords, such as MailCrypt."
Red Hat Security Advisory: Updated mailman packages are available. (May 24, 2000, 22:56)
"New mailman packages are available which close security holes
present in earlier versions of mailman. All sites using the mailman
mailing list management software should upgrade."
Wall St. Journal: Love Bug Prompts Security Experts To Poke At Microsoft's Weak Points (May 24, 2000, 20:56)
"Microsoft has taken steps to make Outlook more secure, but many
security experts say the fact that the ubiquitous e-mail system was
so vulnerable is evidence of fundamental flaws in many Microsoft
RootPrompt.org: Secure Deletion of Data from Magnetic and Solid-State Memory (May 24, 2000, 16:51)
"This paper covers some of the methods available to recover
erased data and presents schemes to make this recovery
significantly more difficult."
CNET News.com: Flaws in S&P service could put companies' data at risk (May 24, 2000, 15:52)
"Beyond the security of the VPN, Friedl cited numerous security
issues with the computer terminal configured and provided by
ComStock, including the use of a badly outdated version of the
Linux operating system."
SecurityFocus.com: XFree86 Xserver Denial of Service Vulnerability (May 24, 2000, 13:58)
"A denial of service exists in XFree86 3.3.5, 3.3.6 and 4.0. A
remote user can send a malformed packet to the TCP listening port,
6000, which will cause the X server to be unresponsive for some
period of time. During this time, the keyboard will not respond to
user input, and in some cases, the mouse will also not respond.
During this time period, the X server will utilize 100% of the CPU,
and can only be repaired by being signaled. This vulnerability
exists only in servers compiled with the XCSECURITY #define
PRNewswire: Sendmail Incorporates RSA Security Encryption Into its Sendmail Switch Family (May 24, 2000, 06:48)
"We are pleased to be a strategic partner of RSA Security, and
expect RSA Security technology to play a key role in giving our
customers confidence that Internet mail is safer for all