Security Linux News for Sep 11, 2000
Red Hat Security Advisory: Updated mgetty packages are now available (Sep 11, 2000, 22:32)
"The mgetty-sendfax package contains a vulnerability which
allows any user with access to the /var/tmp directory to destroy
any file on any mounted filesystem."
Caldera Systems Security Advisory: Security problems in xpdf (Sep 11, 2000, 22:21)
"There are two security problems in xpdf, the PDF file viewer.
The first is that temporary files were created insecurely. The
second problem is that xpdf was not cautious enough when the user
clicked on a URL."
PHP Security Advisory - File Uploads (Sep 11, 2000, 19:41)
"It's possible for a remote attacker to supply arbitrary file
names as values for FOO, by submitting a standard form input tag by
that name, and thus cause the PHP script to process arbitrary
VNU Net: Format string bugs become a problem (Sep 11, 2000, 19:29)
"Bad coding practices and the ability to feed format strings to
the later functions makes it possible for an attacker to execute
arbitrary code as a privileged user (root) using almost any SUID
[set userID] program on the vulnerable systems."
RootPrompt.org: They Can't Crack What They Can't Find (Sep 11, 2000, 18:10)
"The Internet today is a jungle full of predators. Some of these
predators are trying to crack your machine others are just looking
for a machine to crack. By using the firewalling tools built into
the Linux kernel it is possible to make a desktop machine virtually
disappear from the crackers view."
Salon: When Big Brother Knows You Watch "Big Brother" (Sep 11, 2000, 12:23)
"Ramsay, a thick-throated Scot and former Silicon Graphics
senior vice president, remains convinced that the TiVo will
radically change the way advertisers, networks and viewers
interact. All this from a glorified VCR?
Security Portal: Weekly Linux Security Digest 2000/09/04 to 2000/09/10 (Sep 11, 2000, 07:27)
"More bad news this week in regards to glibc. A number of
string-related problems have been found; chances are, if you
updated glibc last week, you need to do it again."
LinuxSecurity.com: Linux Security Week, September 11th 2000 (Sep 11, 2000, 07:13)
"Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security