|
|
Security Linux News for Apr 09, 2001
-
Progeny Security Advisory: execve()/ptrace() exploit in Linux kernels prior to 2.2.19
(Apr 09, 2001, 23:05)
"Linux kernels before 2.2.19 are vulnerable to a local root
exploit."
-
SuSE Security Announcement: xntp (SuSE-SA:2001:10) (Apr 09, 2001, 23:05)
"xntp is the network time protocol package widely used with many
unix and linux systems for system time synchronization over a
network. An exploit published by Przemyslaw Frasunek demonstrates a
buffer overflow in the control request parsing code. The exploit
allows a remote attacker to execute arbitrary commands as root. All
versions as shipped with SuSE Linux are affected by the buffer
overflow problem."
-
Progeny Security Advisory: mailx buffer overflow (Apr 09, 2001, 23:00)
"A buffer overflow in mailx allows a local user to gain access
to the mail group."
-
Progeny Security Advisory: ntpd remote buffer overflow (Apr 09, 2001, 23:00)
"Versions of the Network Time Protocol Daemon (ntpd) previous to
and including 4.0.99k have a remote buffer overflow which may lead
to a remote root exploit."
-
Bugtraq: Netscape Navigator/Communicator 4.76 gif comment flaw (on Linux and Win98/NT) (Apr 09, 2001, 22:22)
"The Netscape browser does not escape the gif file comment in
the image information page. This allows javascript execution in the
"about:" protocol and can for example be used to upload the History
(about:global) to a webserver."
-
EnGarde Secure Linux Security Advisory: xntp3 (Apr 09, 2001, 22:16)
"By attacking a very small buffer with a very small set of
shellcode, an attacker can potentially gain root access. It has
been reported that in some cases the only effect is the segfault of
the ntpd."
-
SSH Communications Security announces SSH 3.0 (Apr 09, 2001, 18:42)
"SSH Communications Security, a developer of Internet security
technologies, today announced SSH Secure Shell 3.0, the
next-generation of its leading encryption software product designed
to protect end-users, businesses and developers from the most
common break-in method used by hackers -- stealing passwords from
the Internet."
-
Apache Today: HP introduces software and services to promote secure e-commerce, including Apache and Linux support (Apr 09, 2001, 17:00)
"Hewlett-Packard today announced enhanced security software,
services and alliances to help businesses secure their e-commerce
environments, prevent intrusions and protect against attacks in
real-time."
-
Slackware Security Team: buffer overflow fix for NTP (Apr 09, 2001, 11:25)
"The version of xntp3 that shipped with Slackware 7.1 as well as
the version that was in Slackware -current contains a buffer
overflow bug that could lead to a root compromise. Slackware 7.1
and Slackware -current users are urged to upgrade to the new
packages available for their release. The updated package available
for Slackware 7.1 is a patched version of xntp3. The -current tree
has been upgraded to ntp4, which also fixes the problem. If you
want to continue using xntp3 on -current, you can use the updated
package from the Slackware 7.1 tree and it will work."
-
Red Hat Security Advisory: Network Time Daemon (ntpd) has potential
remote root exploit (Apr 09, 2001, 11:22)
"The Network Time Daemon (ntpd) supplied with all releases of
Red Hat Linux is vulnerable to a buffer overflow, allowing a remote
attacker to potentially gain root level access to a machine. All
users of ntpd are strongly encouraged to upgrade."
|
