Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Nov 11, 1999

  • LinuxPPC Security Advisory: bind (Nov 11, 1999, 22:26)
    "A new version of bind was just released which fixes a variety of serious problems including crashes and remote access."

  • Red Hat Security Advisory: Security problems in bind (Nov 11, 1999, 20:59)
    "Several security vulnerabilities exist in the DNS server, 'bind'."

  • Debian Security Advisory: New version of proftpd fixes remote exploits (Nov 11, 1999, 19:17)
    "The proftpd version that was distributed in Debian GNU/Linux 2.1 had several buffer overruns that could be exploited by remote attackers. A short list of problems:
    * user input was used in snprintf() without sufficient checks
    * there was an overflow in the log_xfer() routine
    * you could overflow a buffer by using very long pathnames."

  • Debian Security Advisory: New version of nfs-server fixes remote exploit (Nov 11, 1999, 18:25)
    "The version of nfs-server that was distributed in Debian GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed that the total length of a path would never exceed (PATH_MAX_NAME_MAX). With a read/write exported directory people could created longes path and cause a bufferoverflow."

  • BW: NetNation Partners With Cobalt Networks (Nov 11, 1999, 15:46)
    "NetNation's new line of Cobalt servers, called the NetRaQ, enable customers to choose from five dedicated server hosting options. The NetRaQ is co-branded by NetNation and Cobalt and is aimed at businesses with high-traffic Web sites."

  • Red Hat Security Advisory: new NFS server pacakges available (5.2, 4.2) (Nov 11, 1999, 07:56)
    "The length of a path name was not checked on the removal of a directory. If a long enough directory name was created, the buffer holding the pathname would overflow, and the possibility exists that arbitrary code could be executed as the user the NFS server runs as (root). Exploiting this buffer overflow does require read/write access to a share on an affected server."

  • Yellow Dog Linux Security Advisory: bind (Nov 11, 1999, 07:46)
    "The Internet Software Consortium have announced the discovery of six bugs which result in vulnerabilities of varying levels of severity in BIND (Berkeley Internet Name Domain)."