Security Linux News for Aug 26, 2003
Washington Post: Microsoft Windows: Insecure by Design (Aug 26, 2003, 23:30)
"Between the Blaster worm and the Sobig virus, it's been a long
two weeks for Windows users. But nobody with a Mac or a Linux PC
has had to lose a moment of sleep over these outbreaks--just like
in earlier 'malware' epidemics..."
SuSE Linux Advisory: sendmail (Aug 26, 2003, 23:29)
"The well known and widely used MTA sendmail is vulnerable to a
remote denial-of-service attack in version 8.12.8 and
Debian GNU/Linux Advisory: libpam-smb (Aug 26, 2003, 23:29)
"If a long password is supplied, this can cause a buffer
overflow which could be exploited to execute arbitrary code with
the privileges of the process which invokes PAM services..."
Red Hat Linux Advisory: pam_smb (Aug 26, 2003, 18:59)
"Updated pam_smb packages are now available which fix a security
vulnerability (buffer overflow)..."
The Salt Lake Tribune: Embattled SCO Group's Web Site Hit with a 'Denial of Service' Strike (Aug 26, 2003, 18:00)
A recap of this weekend's DoS attack on sco.com, with reactions
from SCO and open source advocates.
Mandrake Linux Advisory: sendmail (Aug 26, 2003, 16:59)
"A vulnerability was discovered in all 8.12.x versions of
sendmail up to and including 8.12.8..."
Debian GNU/Linux Advisory: unzip (Aug 26, 2003, 15:59)
"A directory traversal vulnerability in UnZip 5.50 allows
attackers to bypass a check for relative pathnames..."
Slackware Linux Advisory: unzip (Aug 26, 2003, 14:59)
"These fix a security issue where a specially crafted archive
may overwrite files (including system files anywhere on the
filesystem) upon extraction by a user with sufficient
ONLamp: Postfix: A Secure and Easy-to-Use MTA (Aug 26, 2003, 09:00)
"Sendmail has a long history of security holes, most of which
have been thoroughly documented on security sites around the world.
Why do people continue to run Sendmail...?"
Red Hat Linux Advisory: iptables (Aug 26, 2003, 02:29)
"Updated iptables packages which are fully compatible with
recent kernel updates are now available..."