Security Linux News for Apr 20, 2001
Progeny Security Advisory: Local root vulnerability in sendfiled (Apr 20, 2001, 21:30)
"Local users on a system may be able to exploit security flaws
in sendfiled to obtain root privileges."
Progeny Security Advisory: Netscape Navigator fails to protect privacy
(Apr 20, 2001, 20:30)
insecure manner. In certain situations, it allows remote web sites
compromise private data."
Debian Security Advisory: New version of sendfile fixes local root exploit
(Apr 20, 2001, 19:00)
"Colin Phipps and Daniel Kobras discovered and fixed several
serious bugs in the daemon `sendfiled' which caused it to drop
privileges incorrectly. Exploiting this a local user can easily
make it execute arbitrary code under root privileges."
SuSE Security Announcement: hylafax (SuSE-SA:2001:15) (Apr 20, 2001, 16:00)
SuSE identifies a security problem with the Hylafax fax daemon:
"When hfaxd tries to change to its queue directory and fails, it
prints an error message via syslog by directly passing user
supplied data as format string. As long as hfaxd is installed
setuid root, this behavior could be exploited to gain root access
LinuxSecurity.com: Linux Advisory Watch -- April 20th 2001 (Apr 20, 2001, 14:00)
This week, advisories were released for samba, ctags, kernel,
cfingerd, ipfilter, sudo, nedit, netscape, pine, openssh, and
Tempest Security Technologies: Security flaw in Linux 2.4 IPTables using FTP PORT (Apr 20, 2001, 01:09)
This is an important flaw to note for anyone using Linux as a
firewall: "If an attacker can establish an FTP connection passing
through a Linux 2.4.x IPTables firewall with the state options
allowing 'related' connections (almost 100% do), he can insert
entries into the firewall's RELATED ruleset table allowing the FTP
Server to connect to any host and port protected by the firewalls
rules, including the firewall itself."
The Register: Exploit devastates WinNT/2K security (Apr 20, 2001, 00:06)
"An application called SMBRelay, written by cDc's Sir Dystic,
exploits a design flaw in the SMB (Server Message Block) protocol
on Win NT/2K boxes, easily enabling an attacker to interpose
himself between the client and the server."