Security Linux News for Oct 27, 2000
eWeek: Industry reaction to Microsoft hack: It will only get worse (Oct 27, 2000, 22:36)
"The breach of Microsoft Corp.'s network and subsequent access
to its source code represent to many the failure of that vendor's
product design, the failure of enterprises to implement best
practices and the failure to understand security as a
Red Hat Security Advisory: Updated nss_ldap packages are now available. (Oct 27, 2000, 20:41)
"A race condition has been found in the nss_ldap package. On a
system running nscd, a malicious user can cause the system to
Red Hat Security Advisory: Updated Secure Web Server packages now available (Oct 27, 2000, 20:34)
"Security bugs in versions of Apache prior to 1.3.14 also affect
Secure Web Server. A new release which incorporates 1.3.14 is now
SuSE Security Announcement: ncurses (Oct 27, 2000, 20:19)
"Insufficient boundary checking leads to a buffer overflow if a
user supplies a specially drafted terminfo database file. If an
ncurses-linked binary is installed setuid root, it is possible for
a local attacker to exploit this hole and gain elevated
LinuxSecurity.com: Linux Advisory Watch, October 27, 2000 (Oct 27, 2000, 19:40)
"This week, advisories were released for apache, gnupg, ping,
ypbind, ypserve, mysql, cyrus-sal, curl, ppp-off, and xlockmore.
The vendors include Immunix, Mandrake, Red Hat, and Slackware."
CNET News.com: Microsoft computer network hacked; WINE to benefit? (Oct 27, 2000, 14:09)
"...it could provide aid to projects that are trying to
reverse-engineer aspects of Windows. One example is a group called
Wine working on technology that lets Windows programs run on
Intel-based Linux systems."
Microsoft secrets 'safe' after hack attack
(Oct 27, 2000, 11:21)
"Microsoft's corporate network has been broken into by hackers,
but the Redmond giant said source code for its most popular
software was not compromised."
Security Portal: Auditing Code (Oct 27, 2000, 06:48)
"However, an automated code audit is much better than no code
audit, especially with a reasonably advanced tool such as ITS4,
which will catch many of the common problems that have resulted in
root exploits. The following is an interview with John Viega,
author of ITS4."