Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 25, 2002

  • Chicago Tribune: Use Linux firewall to fend off hackers (Jan 25, 2002, 22:24)
    "Protecting your home computer has never been easier -- or more important -- and the tools to do this are just clicks away. Doing the work with Linux can be inexpensive and fun."

  • EnGarde Secure Linux Security Advisory: rsync (Jan 25, 2002, 21:48)
    "There are instances where rsync does not do proper input validation, allowing an attacker to write NULL-bytes to somewhat arbitrary locations of the stack. This may potentially lead to a remote root shell."

  • Conectiva Linux Security Announcement: rsync (Jan 25, 2002, 21:46)
    "Sebastian Krahmer from SuSe did an audit on the rsync source code and found several vulneranilities regarding the use of signed integers. Some variables could receive a negative value, and this was a condition that was not expected by the program. A remote attacker could exploit this to execute commands on the rsync server."

  • SuSE Security Announcement: rsync (Jan 25, 2002, 18:16)
    "There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely. These bugs have been fixed."