Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs



Top White Papers




More on LinuxToday

Security Linux News for Apr 20, 2001

  • Progeny Security Advisory: Local root vulnerability in sendfiled (Apr 20, 2001, 21:30)
    "Local users on a system may be able to exploit security flaws in sendfiled to obtain root privileges."

  • Progeny Security Advisory: Netscape Navigator fails to protect privacy (Apr 20, 2001, 20:30)
    "The Netscape browser sometimes handles JavaScript in an insecure manner. In certain situations, it allows remote web sites to send JavaScript commands in an unorthodox manner that could compromise private data."

  • Debian Security Advisory: New version of sendfile fixes local root exploit (Apr 20, 2001, 19:00)
    "Colin Phipps and Daniel Kobras discovered and fixed several serious bugs in the daemon `sendfiled' which caused it to drop privileges incorrectly. Exploiting this a local user can easily make it execute arbitrary code under root privileges."

  • SuSE Security Announcement: hylafax (SuSE-SA:2001:15) (Apr 20, 2001, 16:00)
    SuSE identifies a security problem with the Hylafax fax daemon: "When hfaxd tries to change to its queue directory and fails, it prints an error message via syslog by directly passing user supplied data as format string. As long as hfaxd is installed setuid root, this behavior could be exploited to gain root access locally."

  • LinuxSecurity.com: Linux Advisory Watch -- April 20th 2001 (Apr 20, 2001, 14:00)
    This week, advisories were released for samba, ctags, kernel, cfingerd, ipfilter, sudo, nedit, netscape, pine, openssh, and ntp.

  • Tempest Security Technologies: Security flaw in Linux 2.4 IPTables using FTP PORT (Apr 20, 2001, 01:09)
    This is an important flaw to note for anyone using Linux as a firewall: "If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing 'related' connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself."

  • The Register: Exploit devastates WinNT/2K security (Apr 20, 2001, 00:06)
    "An application called SMBRelay, written by cDc's Sir Dystic, exploits a design flaw in the SMB (Server Message Block) protocol on Win NT/2K boxes, easily enabling an attacker to interpose himself between the client and the server."