Linux Today: Linux News On Internet Time.

O'Reilly Network: Insecurities in a Nutshell: Twig, Midnight Commander, and More

Dec 08, 2000, 08:53 (0 Talkback[s])
(Other stories by Noel Davis)

"Welcome to the Insecurities in a Nutshell security column, an overview of new Unix and open source security-related advisories and news. Problems this week include arbitrary code execution in Twig, new symlink attacks, a hidden control code attack on Midnight Commander, and a LANGUAGE attack on glibc."

"Twig, a popular web mail system that was once named Muppet, has a vulnerability that can lead to the execution of arbitrary code on your web server. There is a problem with the virtual hosting setup in Twig that can allow an attacker to cause a remote file to be loaded and executed. At this time there does not seem to be an official fix for this problem...."

Complete Story

Related Stories: