Security Linux News for Nov 24, 2000
LinuxSecurity.com: Linux Advisory Watch - November 24th 2000 (Nov 24, 2000, 21:02)
"This week, advisories were released for modutils, ghostscript,
elvis-tiny, xmcd, ncurses, joe, ethereal, tcpdump, CUPS, cron,
openssh, tcsh/csh, php, thttpd, curl, mgetty, telnet, pine."
Security Portal: Weekly Security Tools Digest 2000/11/17 to 2000/11/23 (Nov 24, 2000, 19:50)
"Firewalls for Unix/Linux/BSD & Cross-platform floppyfw, Smoothwall, Stunnel and 5 other tools."
Conectiva Linux Security Announcement - modutils (Nov 24, 2000, 17:34)
"The modutils package contains an utility called modprobe which
is normally used by the kernel when loading modules on demand. In
versions higher that 2.1.121, the modprobe utility could be tricked
into executing commands supplied as a module name."
Security problems with Phorum php message board (Nov 24, 2000, 17:08)
"Any user can parse a choosed php script file using the Phorum
sustem. It is also possible, under certain circunstances, to
execute arbitrary commands on the server as the httpd user."
Red Hat Security Advisory: New ncurses packages fixing buffer overrun available (Nov 24, 2000, 16:46)
"If you are any setuid applications that use ncurses and its
cursor movement functionality, local users may gain access to the
SunWorld: Tapping on the walls - Learn to think like your attacker
(Nov 24, 2000, 12:51)
"Paring down your network services isn't the only way to protect
your systems against attacks: port scanning can also be an
Caldera Systems Security Advisory: Two security problems with ghostscript (Nov 24, 2000, 09:26)
"Ghostscript creates temporary files insecurely. In addition, it
is linked in a way that makes it pick up shared libraries from the
current directory it is in."