|
|
Security Linux News for Apr 19, 2001
-
Help-Net Security: Starting points of a secure Linux system (Apr 19, 2001, 18:30)
Aleksandar Stancin has a lot of good advice for both newbies and
Linux vets regarding system security. As he reminds us: "Remember,
there's no absolute security, so keep your eyes open, subscribe
yourself to good sec-related mailing lists, and keep your software
up-to-date."
-
Caldera Security Advisory: samba security problems (Apr 19, 2001, 17:00)
"During our security audits we found several places within the
Samba server code which could lead to a local attacker gaining root
access."
-
LinuxPR: Guardian Digital Presents EnGarde Secure Linux (Apr 19, 2001, 14:22)
"Engineered from the ground up with specific regard to security,
EnGarde Secure Linux incorporates intrusion detection capabilities,
ability to manage thousands of e-mail and DNS domains, a complete
suite of e-business applications using AllCommerce, improved
authentication and access control methods, strong cryptography, and
complete SSL secure Web-based administration capabilities."
-
SuSE Security Announcement: sudo (SuSE-SA:2001:13) (Apr 19, 2001, 11:40)
"The setuid application sudo(8) allows a user to execute commands under the privileges of another user (including root). sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise."
-
SuSE Security Announcement: nedit (SuSE-SA:2001:14) (Apr 19, 2001, 11:37)
"When printing a whole text or selected parts of a text,
nedit(1) creates a temporary file in an insecure manner. This
behavior could be exploited to gain access to other users
privileges, even root."
-
Debian Security Advisory: exuberant-ctags for sparc was incorrectly built (Apr 19, 2001, 11:32)
'The updated exuberant-ctags that was mentioned in DSA-046-1 was
unfortunately compiled incorrectly: the stable chroot we used
turned out to be running unstable instead."
-
Debian Security Advisory: samba for sparc was incorrectly built (Apr 19, 2001, 11:18)
"The updated samba packages that were mentioned in DSA-048-1
were unfortunately compiled incorrectly: the stable chroot we used
turned out to be running unstable instead."
-
Debian Security Advisory: remote cfingerd exploit (Apr 19, 2001, 03:46)
"Megyer Laszlo report on Bugtraq that the cfingerd Debian as
distributed with Debian GNU/Linux 2.2 was not careful in its
logging code. By combining this with an off-by-one error in the
code that copied the username from an ident response cfingerd could
exploited by a remote user. Since cfingerd does not drop its root
privileges until after it has determined which user to finger an
attacker can gain root privileges."
-
Microsoft Patches ISA Server Denial-of-Service Bug (Apr 19, 2001, 01:32)
Yeah, we know that Linux isn't better just because a Microsoft
product fails. But this sort of news is important for anyone
deciding between Linux and Windows: security is a legitimate issue
that should be addressed.
|
