Linux Today: Linux News On Internet Time.

O'Reilly Network: Security Alerts: IBM Websphere, Shockwave Flash, and emacs Advisories

Jan 11, 2001, 23:37 (0 Talkback[s])
(Other stories by Noel Davis)

"Problems this week include minor problems with sendmail, exposure problems with Lotus Domino, problems in the default setup of Informix Webdriver and IBM Websphere Commerce Suite, a buffer overflow in Shockwave Flash, denial of service attacks against login, privacy problems in emacs, symlink attack in exmh, and a potential exploit against GTK+."

"Sendmail, Inc. and the Sendmail Consortium have released sendmail 8.11.2. Fixed in sendmail 8.11.2 is a segmentation fault in address test mode (not believed to be exploitable), IPv6 address problems, a problem with the Cyrus-SASL security layer, a problem with QueueSortOrder by host, delivery to set-user-ID files expanded from aliases, and many more."

"Lotus Domino 5.0.5's web server has a vulnerability that can be used to read files outside the web server root. By using a carefully crafted URL, a remote user can read arbitrary files on the web server. This can be used to gather information on the system that can be used in an attack."

Complete Story

Related Stories: