Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs



Top White Papers




More on LinuxToday

Security Linux News for Jan 16, 2002

  • SuSE Security Announcement: at (Jan 16, 2002, 23:17)
    "The 'at' command reads commands from standard input for execution at a later time specified on the command line. If such an execution time is given in a carefully drafted (but wrong) format, the at command may crash as a result of a surplus call to free()."

  • Red Hat Security Advisory: sudo (Jan 16, 2002, 23:07)
    "Versions of sudo prior to 1.6.4 would not clear the environment before sending an email notification about unauthorized sudo attempts, making it possible for an attacker to supply parameters to the mail program. In the worst case, this could lead to a local root exploit." [ This advisory provides updates for Red Hat Powertools 6.2 users -ed. ]

  • Red Hat Security Advisory: xchat (Jan 16, 2002, 23:06)
    "Versions of xchat prior to version 1.8.7 contain a vulnerability which allows an attacker to cause a vulnerable client to execute arbitrary IRC server commands as if the vulnerable user had typed them."

  • Debian Security Advisory: at (Jan 16, 2002, 23:03)
    "zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user."

  • Conectiva Linux Security Announcement: sudo (Jan 16, 2002, 04:31)
    "Sebastian Krahmer from SuSe found a vulnerability in the sudo package which could be used by a local attacker to obtain root privileges. Versions prior to and including 1.6.3p7 remove a few potentially dangerous environment variables prior to executing a command as root, but other variables could be abused and used to obtain root privileges."

  • Red Hat Security Advisory: sudo (Jan 16, 2002, 00:16)
    "Versions of sudo prior to 1.6.4 would not clear the environment before sending an email notification about unauthorized sudo attempts, making it possible for an attacker to supply parameters to the mail program. In the worst case, this could lead to a local root exploit."