Security Portal: Weekly Linux Security Digest 2000/07/10 to 2000/07/16 | Linux Today

Security Portal: Weekly Linux Security Digest 2000/07/10 to 2000/07/16

Written By
Web Webster
Web Webster
Jul 17, 2000

“The WuFTPD saga continues (ProFTPD 1.2.0pre10 also has holes —
upgrade to the new 1.2.0rc1), with updates from most vendors.
The other big nasty hole this week is in ISC’s DHCP client.
Whoops, we left a trivial to exploit root hack, silly us (hey,
mistakes happen). If you are using ISC’s DHCP client, then any
attacker managing to compromise the DHCP server, or place one on
your network (using a compromised host) can then very quickly seize
control of many machines.
It’s not 100% clear that the patches
issued by ISC solve the problem, and ISC has not released any
further updates. To quote their Website:”

“Fix two network input buffer overflow problems which could
allow an attacker to pervert the stack.”

“You have to love how they make the sentiment of “an attacker
can remotely get root access to your box with relative ease” sound
so harmless.”

“This week a lot of bad things happened, and a lot of good
things did not happen. Netscape has been found to track what you
are doing when you use the Smart Download feature, and sending the
data back as well as storing it locally (with a good chance that a
remote web page will suck the info down). Moral of the story: don’t
trust anyone (including me!). The Register ran a story here (and
they’re usually pretty accurate). OK, now I’m going to get mean, so
if you are easily offended, skip down to the next section.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.