Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Dec 17, 2000

  • E-mail security using Mutt and GPG (Dec 17, 2000, 17:10)
    "Most of you would have heard of mutt. Mutt is an MUA, a Mail User Agent, which is the program that you would use to send and receive mail. So, why use mutt when there are so many other mail programs available? A bunch of free and not so free mail readers exist, and each one has its pros and cons. However, apart from pgp which has add-ons for pgp/gpg support, almost no other client supports gpg natively. I could be wrong though."

  • Debian Security Advisory: slocate local exploit (Dec 17, 2000, 16:10)
    "Michel Kaempf reported a security problem in slocate (a secure version of locate, a tool to quickly locate files on a filesystem) on bugtraq which was originally discovered by zorgon. He discovered there was a bug in the database reading code which made it overwrite a internal structure with some input. He then showed this could be exploited to trick slocate into executing arbitrary code by pointing it to a carefully crafted database."

  • Debian Security Advisory: nano symlink attack (Dec 17, 2000, 15:32)
    "The problem that was previously reported for joe also occurs with other editors. When nano (a free pico clone) unexpectedly dies it tries a warning message to a new file with a predictable name (the name of the file being edited with ".save" appended). Unfortunately that file was not created safely which made nano vulnerable to a symlink attack."