Trustix Security Advisory - bind and openssh (and modutils)Nov 15, 2000, 21:11 (0 Talkback[s])
Date: Wed, 15 Nov 2000 17:53:47 +0100
Trustix has created updated packages for Trustix Secure Linux 1.0x and 1.1 that fixes one security problem and one DOS attack:
openssh, openssh-clients, openssh-server:
The openssh client does not enforce the "ForwardX11 no", and "ForwardAgent no" configuration options, so that a malicious server could force a client to forward these even if they are turned off.
The X11 forwarding part is not a big issue for Trustix Secure Linux, as the OS does not have any X11. The agent forwarding could however be an issue.
bind, bind-devel, bind-utils:
Fixes a DOS attack against the name daemon. Note that TSL comes with all network services turned off by default, and will thus only run named on systems where this has been explicitly configured. This DOS attack has to do with zone transfers, and will therefore only be possible from the servers configured slaves.
The modutils part is just to reassure that Trustix Secure Linux comes with modutils version 2.1.121, which should not be susceptible to the attacks seen in later versions.
MD5sums: fdd14c09864e3deef43fe5e5bdabcf64 openssh-2.3.0p1-1tr.i586.rpm 06ede52d3461a98b3128a1bb181cf836 openssh-clients-2.3.0p1-1tr.i586.rpm 6b49cf18ac659591e8c1fa2c0c69125a openssh-server-2.3.0p1-1tr.i586.rpm 81954383f8199dcf1c81806e2129d731 bind-8.2.2_P7-2tr.i586.rpm 133aeb6a90adc402cad2d2b597193d1c bind-devel-8.2.2_P7-2tr.i586.rpm 13a81108e19c2560f98e31e337217659 bind-utils-8.2.2_P7-2tr.i586.rpmGet the packages from:
Trustix Security Advisor