Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Apr 10, 2001

  • SuSE Security Announcement: mc (Apr 10, 2001, 20:10)
    "The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation."

  • SuSE Security Announcement: vim/gvim (Apr 10, 2001, 20:10)
    "The text editor vim, Vi IMproved, was found vulnerable to two security bugs. 1.) a tmp race condition 2.) vim commands in regular files will be executed if the status line of vim is enabled in vimrc Both vulnerabilities could be used to gain unauthorized access to more privileges. "

  • Conectiva Linux Security Announcement - xntp3 (Apr 10, 2001, 11:57)
    "xntp3" is a package used to syncronize clocks between computers on a network. Przemyslaw Frasunek published an exploit that demonstrates a buffer overflow vulnerability in that package. This vulnerability can be exploited remotely and is aggravated by the fact that the xntpd daemon runs as root."

  • Debian Security Advisory: ntp (Apr 10, 2001, 01:08)
    "Przemyslaw Frasunek reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato2."