Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Apr 27, 2001

  • SecurityFocus: "lpdw0rm" Worm Analysis (2001-04-27 18:43:34)
    This worm exploits unpatched Red Hat 7.0 servers running lprng, as the recent Lion worm did. According to this analysis, though, it remains a threat.

  • LinuxSecurity.com: Linux Advisory Watch - April 27th 2001 (2001-04-27 17:15:59)
    "This week, advisories were released for mgetty, netscape, nedit, zope, sendfile, samba, hylafax, licq, slrn, and sudo. The vendors include Debian, FreeBSD, Mandrake, Progeny, Red Hat, and SuSE. This was still a pretty active week. The samba vulnerability and others such as sendfile and sudo are pretty serious. As always, it is important to stay current with all software you choose to implement."

  • Progeny Security Advisory: Older versions of NEdit make insecure use of temp files (2001-04-27 15:42:05)
    "NEdit, a popular GUI editor, insecurely opens a file in /tmp for printing purposes. This vulnerability could be used by a local attacker to cause a privileged user to unwittingly overwrite a file (via a symbolic link) to which the user has write access."

  • Debian Security Advisory: nedit symlink attack (2001-04-27 12:02:47)
    "The nedit (Nirvana editor) package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created safely, which could be exploited by an attacked to make nedit overwrite arbitrary files."

  • Progeny Security Advisory: Vulnerabilities in FTP daemons (2001-04-27 02:13:36)
    This advisory discusses issues that could impact multiple FTP daemons from multiple sources and vendors. All related and similar software in Progeny Debian is summarized here.