Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Dec 20, 2001

  • O'Reilly Network: Understanding Rootkits (2001-12-20 20:55:57)
    "Most rootkits also come with modified system binaries that replace the existing ones on the target system. At a minimum, core binaries such as ps, w, who, netstat, ls, find , and other binaries that can be used in monitoring server activity, are replaced so intruders and the processes they run are invisible to an unsuspecting system administrator."

  • Trustix Secure Linux Security Advisory: OpenSSH (2001-12-20 16:43:07)
    "A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL."

  • Trustix Secure Linux Security Advisory: OpenSSH (2001-10-18 05:43:55)
    "Depending on the order of the user keys in ~/.ssh/authorized_keys2 sshd might fail to apply the source IP based access control restriction."