Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jul 27, 2000

  • VNU Net: Microsoft hit by further Outlook bug (Jul 27, 2000, 23:12)
    "When exploited, this vulnerability allows an attacker to store an HTML file in an area that is not protected by the policies of the 'Internet Zone'. This file may then be used to open arbitrary files on [a] machine and send the contents back to the attacker."

  • excite/ZDNet: Silence the best security policy (Jul 27, 2000, 21:41)
    "Well-meaning hackers are creating an army of "script kiddies" by making security holes public, says a speaker at the Black Hat Security Conference."

  • Interviews Secure Computing (Jul 27, 2000, 21:22)
    "If a user manages to mount an HTTP overrun attack, or a stack overrun attack of any sort, they can't use that to break out of the application they're in and get down into the operating system to gain root access to take over the entire system. We've absolutely eliminated that."

  • Conectiva Linux Security Announcement: Package: pam (Jul 27, 2000, 20:33)
    "This module incorrectly identifies remote X logins for displays other than :0 (:1, :2, etc.) as local ones, thus giving the console to this user. Having the console, the remote user could issue commands like reboot to remotely reboot the system (after providing his or her password)."

  • Conectiva Linux Security Announcement: Package: nfs-utils (Jul 27, 2000, 20:28)
    "There is a problem in the nfs-utils package that could lead to a remote root exploit."

  • Conectiva Linux Security Announcement: Package: MAN (Jul 27, 2000, 20:23)
    "The man package has a script called makewhatis that is run weekly by the cron daemon as root. This script creates a directory in /tmp and some files under it with predictable names, thus making it possible for a local attacker to alter any file in the system via symlink attacks."

  • Red Hat Security Advisory: gpm security flaws have been addressed (Jul 27, 2000, 20:17)
    "gpm as shipped in Red Hat Linux 5.2 and 6.x contains a number of security problems. Additionally, a denial of service attack via /dev/gpmctl is possible."

  • LinuxWorld: Linux's lack of compliance with the Common Criteria may prohibit government acceptance (Jul 27, 2000, 19:40)
    "The biggest threat to Linux becoming the software of choice in government circles is that there is no third-party verification, certification or evaluation of it."

  • Releases the Linux Security Quick Reference Card (Jul 27, 2000, 01:19)
    "This Quick Reference Card is intended to provide a starting point for improving the security of your system. Contained within include references to security resources around the net, tips on securing your Linux box, and general security information. It is intended to be printed on 8x11" US paper in Landscape."