Security Linux News for Jan 11, 2001
O'Reilly Network: Security Alerts: IBM Websphere, Shockwave Flash, and emacs Advisories (Jan 11, 2001, 23:37)
"Problems this week include minor problems with sendmail,
exposure problems with Lotus Domino, problems in the default setup
of Informix Webdriver and IBM Websphere Commerce Suite, a buffer
overflow in Shockwave Flash, denial of service attacks against
login, privacy problems in emacs, symlink attack in exmh, and a
potential exploit against GTK+."
Red Hat Security Advisory: glibc file read or write access local vulnerability (Jan 11, 2001, 22:52)
"A couple of bugs in GNU C library 2.2 allow unpriviledged user
to read restricted files and preload libraries in /lib and /usr/lib
directories into SUID programs even if those libraries have not
been marked as such by system administrator."
LinuxNews.pl: I don't think I really love you...; a deadly Internet worm is a real possibility (Jan 11, 2001, 14:59)
"...a working model has been written. And this model is deadly
dangerous engine, which can be certainly used to something more
than e-mail based infection of user-end workstations... Probably we
aren't the first people who thought about it and tried to write it,
that's what make us scared..."
Security Portal: Ask Buffy - named pipes, IPSec documentation and dangerous protocols (Jan 11, 2001, 08:14)
"I am a network engineer and am currently going through a
security overhaul at work. My question is, what protocols are the
most dangerous to have running?"
CERT Advisory: Interbase and Firebird (Jan 11, 2001, 08:03)
Both the open and closed source verisions of the Interbase
server contain a compiled-in back door account with a known
password. Systems Affected: Borland/Inprise Interbase 4.x and 5.x,
Open source Interbase 6.0 and 6.01, and Open source Firebird 0.9-3