LinuxSecurity.com: Linux Security Week - December 15th 2000

[ Thanks to Benjamin D. Thomas for this link. ]

"This week, advisories were released for tcsh, ghostscript, joe, rp-pppoe, ed, bitchx, pam, apcupsd, mc, pico/pine, and zope. The vendors include Conectiva, Caldera, Immunix, Mandrake, and Red Hat. It is critical that you update all vulnerable packages to reduce the risk of being compromised."

"Vulnerabilities in KTH Kerberos IV - 12/10/2000
The vulnerabilities may lead to local and remote root compromise if the system supports Kerberos authentication and uses the KTH implementation (as is the case with e.g. OpenBSD per default). The system needn't be specifically configured to use Kerberos for all of the issues to be exploitable; some of the vulnerabilities are exploitable even if Kerberos is disabled by commenting out the realm name in the "krb.conf" file."

"Conectiva 6.0: 'tcsh' vulnerability [UPDATE] - 12/08/2000
When using in-here documents (via the "<<" redirect), tcsh creates a temporary file in an insecure manner that could allow a symlink attack to overwrite arbitrary files."

Complete Story

Related Stories:

• LinuxSecurity.com: Linux Security Week - December 11th 2000(Dec 11, 2000)
• LinuxSecurity.com: Linux Security Week - December 4th 2000(Dec 04, 2000)
• LinuxSecurity.com: Linux Security Week - November 27th 2000(Nov 27, 2000)
• LinuxSecurity.com: Linux Security Week - November 20th 2000 (Nov 20, 2000)
• LinuxSecurity.com: Linux Security Week, November 13th 2000(Nov 13, 2000)
• LinuxSecurity.com: Linux Security Week - November 6th 2000(Nov 06, 2000)