Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs






More on LinuxToday

Security Linux News for Jun 13, 2001

  • The Register: Security geek developing WinXP raw socket exploit (Jun 13, 2001, 22:42)
    Readers may remember a story we linked to a little over a week ago wherein Steve Gibson (of GRC.com) detailed a denial of service attack on his site and explained how the implementation of full Unix sockets support in Windows XP will bring about a script kiddie apocalypse. The Register follows up here with a report on Mr. Gibson's "spoofarino," a tool designed to ferret out ISP's that permit spoofed packets from customer machines. The Reg is less forgiving than many of our readers were when this story first ran, going so far as to suggest that Mr. Gibson's new tool may encourage development of malicious variations.

  • Immunix OS Security Advisory: xinetd update -- Immunix OS 7.0 (Jun 13, 2001, 21:27)
    "xinetd in the base Immunix OS 7.0 initially set its umask value to 0. This allows any services started via xinetd to create files that are world-writable unless the service changes its umask before creating files or specifies file modes when creating files. There is also a buffer overflow; StackGuard prevents this from being used to gain privileges, though an attacker could remotely kill the xinetd daemon."

  • Red Hat Security Advisory: LPRng fails to drop supplemental group membership (Jun 13, 2001, 21:00)
    "When LPRng drops uid and gid, it fails to drop membership in its supplemental groups."

  • The Register: UK govt poised to embrace open source for PKI standards (Jun 13, 2001, 14:45)
    As the Register says "The UK government e-Envoy, he of the Microsoft-only Government portal, seems to have got religion after all. In what unkind individuals might term one of the great u-turns of our time, an open source approach to PKI currently looks very close to being adopted for the second round of PKI interoperability trials, to be conducted by the UK Communications-Electronics Security Group [CESG] later this year.