Security Portal: Weekly Linux Security Digest 2000/10/09 to 2000/10/15Oct 16, 2000, 20:37 (0 Talkback[s])
(Other stories by Kurt Seifried)
"Vendors are playing catch-up this week - several major things, even more minor things. Ncurses has some buffer overflows that might allow an attacker to gain extra privileges, if the program using it is setuid. Tmpwatch has a bug that allows attackers to execute a denial of service, and in some cases possibly get a root shell. Big Brother can be tricked into running shell commands; cfengine has some problems in syslog calls that can be used to run commands as the user cfengine runs as (usually root); and Boa Web server has a file disclosure vulnerability."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."