Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: Weekly Linux Security Roundup - 2000/05/22 to 2000/05/28

May 29, 2000, 17:11 (0 Talkback[s])
(Other stories by Kurt Seifried)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Busy week, with many issues. Time to go upgrading again. Some more exploits for Kerberos released, it's high time to upgrade if you haven't already. Also a nasty bug on X, and in Netscape (universal applications at the desktop level as far as I know, time to update and plug those holes too). Note: having multiple layers of security will either stop or slow down the exploitation of many of these problems. Firewalling at the desktop machine incurs very little penalty for performance, and increases a system's survivability in the event of an attack. I'm playing around with the format of the bulletin a bit, comments are welcome ( Warning, this advisory is rather on the huge side."

Yes kerberos has holes, vendors have been releasing updates but if you are in a hurry you can do it yourself... The patches previously posted for fixing the krb4 buffer overruns had some whitespace issues resulting from untabifying. ... These fixed patches have tabs repaired and also have pathnames in the diff headers fixed to include directory names so that they may be applied from the top of a source tree."

Netscape version prior to 4.73 have a nasty bug in certificate handling, upgrade immediately. Version 4.73 also has a bad exploit, similar to but unrelated to previous problems. Basically it gives attackers the ability to spoof legitimate sites using fake SSL certificates easily, so unless you are watching out you can easily be fooled into giving up information to a site that is not the one you think it is."

"X Nasty little denial of service attack in X, send a malformed packet to it (port 6000) and it freezes up for a while (does 4 billion iterations of a loop before unsticking). As always you should firewall X..."

Complete Story

Related Stories: