Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Oct 11, 2000

  • SuSE Security Announcement: cfengine (2000-10-11 20:21:25)
    "The only efficient fix for the problem is an update of the cfengine package since access restrictions limit the attack possibilities to a closed group of hosts/users only."

  • SuSE Security Announcement: esound (2000-10-11 20:13:14)
    "The esound daemon creates a directory /tmp/.esd to host a unix domain socket. Upon startup, the daemon changes the modes of the socket, but a race condition allows an attacker to place a symlink into the directory to point to an arbitrary file belonging to the victim."

  • Security Portal: Format Strings - An Interview with Chris Evans (2000-10-11 08:37:37)
    "It appears to me that these format strings have been present a very long time. A CERT advisory mentioned them being in WuFTPD since 1993. Do you think attackers have known about them and been using them?"

  • Caldera Systems Security Advisory: file view vulnerability in mod_rewrite (2000-10-11 06:41:42)
    "The Apache HTTP server comes with a module named mod_rewrite which can be used to rewrite URLs presented by the client before further processing."