Security Linux News for Mar 04, 2002
CMP Network Computing: Modular Authentication for Linux (Mar 04, 2002, 21:36)
"For those Linux users in corporate environments, being able to
share files securely--both with other Linux users and with Windows
users--still means remembering a set of passwords for Linux and a
set for other platforms. But there's a better way: You can set up
your systems so Linux users can gain secure authentication against
a Windows NT Domain. That way they won't need a Linux account and a
separate NT Domain account. It'll make life easier for you as a
network administrator and make your power users happier."
ZDNet UK: Looping emails: Latest scourge of the Internet? (Mar 04, 2002, 20:10)
"When Roman Drahtmuller saw the volume of complaints his company
was receiving from disgruntled emailers, some of whom had suddenly
received hundreds of spam emails from the same source, he knew
something was wrong... The problem was that people around the world
were apparently getting spammed by SuSE and up to 20 other
companies. And the victims were not getting just one spam from each
company, but hundreds."
LinuxGazette: Implementing a Bridging Firewall
(Mar 04, 2002, 16:34)
"...a router connects two networks together and translates
between them; a bridge is like a patch cable, connecting two
portions of one network together. A bridging firewall acts as a
bridge but also filters the packets it passes, while remaining
unseen by either side."
Debian Security Advisory: php (Mar 04, 2002, 16:18)
"Stefan Esser, who is also a member of the PHP team, found
several flaws in the way PHP handles multipart/form-data POST
requests... For PHP3 flaws contain a broken boundary check and an
arbitrary heap overflow. For PHP4 they consist of a broken boundary
check and a heap off by one error."
Debian Security Advisory: cfs (Mar 04, 2002, 16:15)
"Zorgon found several buffer overflows in cfsd, a daemon that
pushes encryption services into the Unix(tm) file system. We are
not yet sure if these overflows can successfully be exploited to
gain root access to the machine running the CFS daemon. However,
since cfsd can easily be forced to die, a malicious user can easily
perform a denial of service attack to it."
MSNBC.com: The Threat of a Linux Generation (Mar 04, 2002, 15:08)
"In Germany, Linux is already becoming something of a movement.
Whereas American corporations moved from mainframes to networks of
personal-computer servers back in the 1980s, Europe lagged by a
decade. By then, Linux had been developed into a robust competitor
to Windows. European firms embraced Linux, and the Internet boom
provided further impetus."