Security Linux News for Apr 01, 2003
SuSE Linux Advisory: sendmail, sendmail-tls (Sep 20, 2003, 17:33)
"The vulnerability discovered is known as the prescan()-bug and
is not related to the vulnerability found and fixed in April 2003.
The error in the code can cause heap or stack memory to be
overwritten, triggered by (but not limited to) functions that parse
Mandrake Linux Advisory: sendmail (Sep 18, 2003, 15:58)
"A buffer overflow vulnerability was discovered in the address
parsing code in all versions of sendmail prior to 8.12.10 by Michal
Zalewski, with a patch to fix the problem provided by Todd C.
Red Hat Linux Advisories: openssl, vsftpd, samba (Apr 01, 2003, 19:43)
Three security advisories from Red Hat Linux.
Mandrake Linux Advisory: sendmail (Apr 01, 2003, 19:41)
"Michal Zalweski discovered a vulnerability in sendmail versions
earlier than 8.12.9 in the address parser, which performs
insufficient bounds checking in certain conditions due to a char to
The Register: Free Software Gives Hackers Taste of Own Medicine (Apr 01, 2003, 17:59)
"IT security specialist Backfire Security today announced the
availability of a software download as a discrete desk-top client
application which wreaks revenge on those hackers and culprits
attacking your network or infecting users with worms and/or
Mandrake Linux Advisory: Eterm (Apr 01, 2003, 17:47)
"Digital Defense Inc. released a paper detailing insecurities in
various terminal emulators, including Eterm..."
SuSE Linux Advisory: sendmail, sendmail-tls (Apr 01, 2003, 17:46)
"A remotely exploitable buffer overflow has been found in all
versions of sendmail that come with SuSE products..."
Help Net Security: Interview with Scott Mann (Apr 01, 2003, 02:30)
He's the co-author of Linux System Security: The
Administrator's Guide to Open Source Security Tools, 2/e