Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Oct 10, 2001

  • SuSE Security Announcement: lprold (Oct 10, 2001, 19:47)
    "ISS X-Force reported an overflow in BSD's lineprinter daemon shipped with the lprold package in SuSE Linux. Due to missing bounds checks in the lockfile processing function, internal buffers may overflow. Bounds checks have been added to fix that problem. Additionally the SuSE Security Team uncovered other security releated bugs in lpd while analyzing lpd source after receiving the X-Force advisory. These bugs allows users on machines listed in /etc/hosts.lpd or /etc/hosts.equiv to chown any file on the system running lpd to any user."

  • Caldera Security Advisory: sendmail queue run privilege problem (Oct 10, 2001, 18:50)
    "There is a permission problem in the default setup of sendmail in all OpenLinux versions, which allows a local attacker to cause a denial of service attack effectively stopping delivery of all mails from the current system. This vulnerability also allows a local attacker to read the full headers of all mails in the mail queue."