LinuxSecurity.com: Linux Security Week, July 10th 2000Jul 10, 2000, 07:13 (0 Talkback[s])
(Other stories by Benjamin D. Thomas)
"This week, several vendors released patches for a denial of service vulnerability in BitchX. It is caused by improper handling of incoming invitation messages. Any user on IRC can send the client an invitation message that causes BitchX to segfault. Patches were also released for man. The problem exists because the makewhatis portion of the man package uses files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not."
"If you're running FreeBSD, it is now a good time update your system. Patches for majordomo, openSSH, libedit, popper, wu-ftpd, canna, XFree86. and BitchX were released...."
"In the news, the article "Securing Sendmail" provides helpful information for users wishing to tighten sendmail's security. Sections include: general security, tuning sendmail for security, file and directory modes, restrictive file access, and other tips for the truly paranoid. This is an overall well written paper that can provide much benefit."