Security Linux News for Mar 28, 2001
SuSE Security Announcement: eperl (2001-03-28 22:26:33)
"Fumitoshi Ukai and Denis Barbier have found several potential
buffer overflows, which could lead to local privilege escalation if
installed setuid (note: it's not installed setuid per default) or
to remote compromise."
SuSE Security Announcement: joe (2001-03-28 21:52:32)
"An attacker could place a malicious joerc file in a public
writeable directory, like /tmp, to execute commands with the
privilege of any user (including root), which runs joe while being
in this directory."
Red Hat Security Advisory: Updated Kerberos 5 and pam_krb5 packages available (2001-03-28 20:39:34)
"A race condition exists in libkrb4 which would allow a
malicious user to cause kerberized login services to overwrite the
contents of any file on the system. The destroyed file would
contain the kerberos credentials of an unsuspecting user who had
attempted to log in using the kerberized login service being
Conectiva Linux Security Announcement - sgml-tools (2001-03-28 20:29:46)
"Previous releases of the sgml-tools package create temporary
files with poor permissions, tipically allowing world-read
The Register: Risks from hybrid Linux / Windows virus low
"David Millard, technical manger of Command Software (a seperate
anti-virus firm to Central Command), said there were fewer than 10
viruses that infect Linux systems and he said the bug should be
treated as a "proof of concept" rather than anything more
The Register: Highly destructive Linux worm mutating
"The recently discovered Lion worm, which attacks Linux BIND
(DNS) servers, is turning out to be one nasty little package which
leaves infected victims with no choice but to re-format their
entire systems and rebuild from scratch."
Yahoo/Reuters: First Virus to Infect Both Windows, Linux Emerges (2001-03-28 09:04:43)
"A computer virus that can infect PCs running either the
ubiquitous Windows operating system or the increasingly popular
Linux operating system emerged on Tuesday, which its discoverers
say is a world first."
Immunix OS Security Advisory: kernel (2001-03-28 08:53:58)
"The 2.2.19 kernel release fixes numerous security problems
including the ptrace/execve race condition bug."
Conectiva Linux Security Announcement - licq (2001-03-28 07:49:56)
"Previous versions have two vulnerabilities that could be
exploited by a remote attacker to execute arbitrary commands on the