Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Aug 13, 2000

  • Conectiva Linux Security Announcement - diskcheck (2000-08-13 22:56:54)
    "The diskcheck package includes a perl script which checks for available disk space. It is run as root by cron every hour. This script creates a file in /tmp in an insecure manner, allowing an attacker to use symlink attacks to write anywhere in the system."

  • SuSE Security Announcement: suidperl (perl) (2000-08-13 22:48:15)
    "A maliciously implemented feature causes the interpreter to spawn the /bin/mail program to inform the superuser of its usage, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root."

  • SuSE Security Announcement: rpc.kstatd (knfsd) (2000-08-13 22:26:50)
    "Due to incorrect string parsing in the code, a remote attacker could gain root privileges on the machine running the vulnerable rpc.kstatd."