Security Linux News for Jun 13, 2001
The Register: Security geek developing WinXP raw socket exploit (Jun 13, 2001, 22:42)
Readers may remember a story we linked to a little over a week
ago wherein Steve Gibson (of GRC.com) detailed a denial of service
attack on his site and explained how the implementation of full
Unix sockets support in Windows XP will bring about a script kiddie
apocalypse. The Register follows up here with a report on Mr.
Gibson's "spoofarino," a tool designed to ferret out ISP's that
permit spoofed packets from customer machines. The Reg is less
forgiving than many of our readers were when this story first ran,
going so far as to suggest that Mr. Gibson's new tool may encourage
development of malicious variations.
Immunix OS Security Advisory: xinetd update -- Immunix OS 7.0 (Jun 13, 2001, 21:27)
"xinetd in the base Immunix OS 7.0 initially set its umask value
to 0. This allows any services started via xinetd to create files
that are world-writable unless the service changes its umask before
creating files or specifies file modes when creating files. There
is also a buffer overflow; StackGuard prevents this from being used
to gain privileges, though an attacker could remotely kill the
Red Hat Security Advisory: LPRng fails to drop supplemental group membership (Jun 13, 2001, 21:00)
"When LPRng drops uid and gid, it fails to drop membership in
its supplemental groups."
The Register: UK govt poised to embrace open source for PKI standards (Jun 13, 2001, 14:45)
As the Register says "The UK government e-Envoy, he of the
Microsoft-only Government portal, seems to have got religion after
all. In what unkind individuals might term one of the great u-turns
of our time, an open source approach to PKI currently looks very
close to being adopted for the second round of PKI interoperability
trials, to be conducted by the UK Communications-Electronics
Security Group [CESG] later this year.