Linux Today: Linux News On Internet Time.

Trustix Security Advisory - bind and openssh (and modutils)

Nov 15, 2000, 21:11 (0 Talkback[s])

Date: Wed, 15 Nov 2000 17:53:47 +0100
From: TSL Team tsl@TRUSTIX.COM
Subject: Trustix Security Advisory - bind and openssh (and modutils)


Trustix has created updated packages for Trustix Secure Linux 1.0x and 1.1 that fixes one security problem and one DOS attack:

openssh, openssh-clients, openssh-server:

The openssh client does not enforce the "ForwardX11 no", and "ForwardAgent no" configuration options, so that a malicious server could force a client to forward these even if they are turned off.

The X11 forwarding part is not a big issue for Trustix Secure Linux, as the OS does not have any X11. The agent forwarding could however be an issue.

bind, bind-devel, bind-utils:

Fixes a DOS attack against the name daemon. Note that TSL comes with all network services turned off by default, and will thus only run named on systems where this has been explicitly configured. This DOS attack has to do with zone transfers, and will therefore only be possible from the servers configured slaves.

The modutils part is just to reassure that Trustix Secure Linux comes with modutils version 2.1.121, which should not be susceptible to the attacks seen in later versions.

fdd14c09864e3deef43fe5e5bdabcf64  openssh-2.3.0p1-1tr.i586.rpm
06ede52d3461a98b3128a1bb181cf836  openssh-clients-2.3.0p1-1tr.i586.rpm
6b49cf18ac659591e8c1fa2c0c69125a  openssh-server-2.3.0p1-1tr.i586.rpm
81954383f8199dcf1c81806e2129d731  bind-8.2.2_P7-2tr.i586.rpm
133aeb6a90adc402cad2d2b597193d1c  bind-devel-8.2.2_P7-2tr.i586.rpm
13a81108e19c2560f98e31e337217659  bind-utils-8.2.2_P7-2tr.i586.rpm
Get the packages from:


Trustix Security Advisor