Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jun 07, 2000

  • Red Hat Security Advisory: kdelibs vulnerability for suid-root KDE applications (2000-06-07 21:49:01)
    "In kdelibs 1.1.2, there are security issues with the way some applications perform when they are run suid root. The only application vulnerable is kwintv from Powertools. With our PAM configuration, the suid bit for kwintv is not necessary."

  • Conectiva Linux Security Announcement - cdrecord (2000-06-07 20:48:23)
    "The cdrecord program has a buffer overflow problem in the processing of the command-line argument "dev=". By exploring this vulnerability, a local user could make the program execute arbitrary commands."

  • Conectiva Linux Security Announcement - gdm (2000-06-07 14:58:04)
    "The gdm program is on of the graphical login choices available for Conectiva Linux users. A serious vulnerability has been found in this program during the XDMCP protocol processing that could lead to remote root compromise."

  • SANS Institute: How To Eliminate The Ten Most Critical Internet Security Threats (2000-06-07 13:42:32)
    "The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. ... "System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all."

  • RootPrompt.org: Know Your Enemy: A Forensic Analysis (2000-06-07 13:18:26)
    "This paper... studies step by step a successful attack of a system. ...we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces."

  • Caldera Systems Security Advisory: kdelibs vulnerability for setuid KDE applications (2000-06-07 05:20:17)
    "There is a very serious vulnerability in the way KDE starts applications that allows local users to take over any file in the system by exploiting setuid root KDE application."

  • Conectiva Linux security announcement - inn (2000-06-07 02:08:30)
    "This announcement reports a problem found with a packet or component of Conectiva Linux and instructions on how to fix it."