Security Linux News for Sep 06, 2000
ComputerWorld: Maryland's UCITA May Have National Reach (Sep 06, 2000, 20:50)
"But vendors can still cite Maryland law as their "choice of
law" in a licensing contract, no matter where the vendor and
licensee are located...The key point is, you don't need any
connection with Maryland, at least under UCITA."
AllLinuxDevices: Editor's Note: Those Little Boxes Can Bite! (Sep 06, 2000, 20:16)
"Two of these incidents, while having absolutely nothing to do
with Linux, or even open source computing in general, are useful
reminders that as our toys and appliances get smarter, we have to
treat them as something other than the hermetically sealed and
largely static devices consumer electronics have been to this
Slackware Security Advisory: glibc 2.1.3 vulnerabilities patched (Sep 06, 2000, 19:26)
"Three locale-related vulnerabilities with glibc 2.1.3 were
recently reported on BugTraq. These vulnerabilities could allow
local users to gain root access."
SuSE Security Announcement: shlibs (glibc) (Sep 06, 2000, 19:14)
"The glibc implementations in all SuSE distributions starting
with SuSE-6.0 have multiple security problems where at least one of
them allows any local user to gain root access to the system."
SuSE Security Announcement: screen (Sep 06, 2000, 19:05)
"By supplying a thoughtfully designed string as the visual bell
message, local users can obtain root privilege. Exploit information
has been published on security forums."
Security Portal: Why sulogin is Useless on Its Own (Sep 06, 2000, 15:13)
"...even with a secure LILO configuration, sulogin, and every
security patch, it is still possible for a local user to get a root
prompt simply by booting the machine from a Linux rescue floppy
disk... To fix this you must of course put a password on the BIOS,
and lock the boot order to C: first."