Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs



Top White Papers




More on LinuxToday

Security Linux News for Jun 23, 2001

  • Debian Security Advisory: samba remote file append/creation problem (Jun 23, 2001, 19:30)
    "Michal Zalewski discovered that samba does not properly validate NetBIOS names from remote machines. By itself that is not a problem, except if Samba is configure to write log-files to a file that includes the NetBIOS name of the remote side by using the `%m' macro in the `log file' command. In that case an attacker could use a NetBIOS name like '../tmp/evil'. If the log-file was set to '/var/log/samba/%s' samba would them write to /var/tmp/evil."

  • Samba security bugfix released (Jun 23, 2001, 17:30)
    "A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration."