Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Apr 09, 2001

  • Progeny Security Advisory: execve()/ptrace() exploit in Linux kernels prior to 2.2.19 (2001-04-09 23:05:37)
    "Linux kernels before 2.2.19 are vulnerable to a local root exploit."

  • SuSE Security Announcement: xntp (SuSE-SA:2001:10) (2001-04-09 23:05:14)
    "xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem."

  • Progeny Security Advisory: mailx buffer overflow (2001-04-09 23:00:14)
    "A buffer overflow in mailx allows a local user to gain access to the mail group."

  • Progeny Security Advisory: ntpd remote buffer overflow (2001-04-09 23:00:02)
    "Versions of the Network Time Protocol Daemon (ntpd) previous to and including 4.0.99k have a remote buffer overflow which may lead to a remote root exploit."

  • Bugtraq: Netscape Navigator/Communicator 4.76 gif comment flaw (on Linux and Win98/NT) (2001-04-09 22:22:38)
    "The Netscape browser does not escape the gif file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver."

  • EnGarde Secure Linux Security Advisory: xntp3 (2001-04-09 22:16:06)
    "By attacking a very small buffer with a very small set of shellcode, an attacker can potentially gain root access. It has been reported that in some cases the only effect is the segfault of the ntpd."

  • SSH Communications Security announces SSH 3.0 (2001-04-09 18:42:17)
    "SSH Communications Security, a developer of Internet security technologies, today announced SSH Secure Shell 3.0, the next-generation of its leading encryption software product designed to protect end-users, businesses and developers from the most common break-in method used by hackers -- stealing passwords from the Internet."

  • Apache Today: HP introduces software and services to promote secure e-commerce, including Apache and Linux support (2001-04-09 17:00:40)
    "Hewlett-Packard today announced enhanced security software, services and alliances to help businesses secure their e-commerce environments, prevent intrusions and protect against attacks in real-time."

  • Slackware Security Team: buffer overflow fix for NTP (2001-04-09 11:25:18)
    "The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise. Slackware 7.1 and Slackware -current users are urged to upgrade to the new packages available for their release. The updated package available for Slackware 7.1 is a patched version of xntp3. The -current tree has been upgraded to ntp4, which also fixes the problem. If you want to continue using xntp3 on -current, you can use the updated package from the Slackware 7.1 tree and it will work."

  • Red Hat Security Advisory: Network Time Daemon (ntpd) has potential remote root exploit (2001-04-09 11:22:10)
    "The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is vulnerable to a buffer overflow, allowing a remote attacker to potentially gain root level access to a machine. All users of ntpd are strongly encouraged to upgrade."