Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Aug 30, 2000

  • LinuxWorld: Attacking Linux - To stop an attacker, think like a cracker (2000-08-30 23:10:56)
    "Or the attacker may skip the fancy network scanners and concentrate on stealing one of your passwords. In my experience, that is the bad guys' usual way in and absurdly easy on most systems."

  • Helix Code Security Advisory - go-gnome pre-installer (2000-08-30 20:10:29)
    "A vulnerability in the go-gnome pre-installer allows non-root users to exploit world-writable permissions in /tmp, permitting files normally only accessible by root to be overwritten."

  • Debian Security Advisory: New version of xchat released (update) (2000-08-30 19:58:54)
    "The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands."

  • Red Hat Security Advisory: Updated usermode packages (2000-08-30 19:36:52)
    "The usermode package allows unprivileged users logged in at the system console to run the halt, poweroff, reboot, and shutdown commands without using the superuser's password."

  • Helix Code Security Advisory - X-Chat (2000-08-30 19:28:05)
    "A vulnerability in the X-Chat IRC client allows a malicious URL to possibly execute arbitrary shell commands as the user running X-Chat."

  • Security Portal: Debian 2.2 [Security issues in the newest release] (2000-08-30 13:14:02)
    "I wanted to write a really positive article about Debian 2.2, which was just released a few weeks ago. Unfortunately, I can't. While Debian itself is a reasonably well-done Linux distribution, it has some major security issues."

  • Debian Security Advisory: New version of ntop released (2000-08-30 00:54:29)
    "The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode."