LINUX TODAY SECURITY LETTER FOR APRIL 25, 2000
Latest Security News for the Linux and Open Source Community.
___________________________ Sponsors ________________________
This newsletter sponsored by: TurboLinux
_____________________________________________________________
------------------------------------------------------------------
TODAY'S LINUX SECURITY NEWS:
------------------------------------------------------------------
CNET NEWS.COM: RED HAT GLITCH LEAVES WEB SERVERS WIDE OPEN
"Red Hat's Piranha software, which lets several Linux
machines share a task such as delivering Web pages, has a
password-protected feature used to control the software. But
the part of the software that checks the password also will
run whatever command an attacker wants, said Mike Wangsmo,
director of the Piranha product."
COMPLETE STORY:
http://news.cnet.com/news/0-1003-200-1757740.html?tag=st.ne.1002.
------------------------------------------------------------------
THE STANDARD: POKING HOLES IN LINUX
"...the security community is divided, or undecided, about
whether open-source as an operating system offers enough
security."
COMPLETE STORY:
http://www.thestandard.com/article/display/0,1151,14491,00.html
------------------------------------------------------------------
LINUXSECURITY.COM: IMPLEMENTING ACCESS CONTROL LISTS USING LINUX
"The main advantage of this mechanism is its simplicity. With
just a couple of bits, many permission scenarios can be modeled."
COMPLETE STORY:
http://linuxsecurity.com/articles/server_security_article-501.html
/-------------------------------------------------------------------\
"As e-commerce grows in popularity, and Web servers become
mission-critical, clustering is back on the scene as a hot and
vitally needed technology. And TurboCluster (from TurboLinux)
is taking center stage." -Sm@rt Reseller
TurboLinux. High-Performance Linux!
http://www.turbolinux.com
\--------------------------------------------------------------adv.-/
SECURITY PORTAL: SUBDOMAIN - SECURITY SOFTWARE FOR LINUX
"SubDomain is a kernel module that mediates system
calls... allows you to configure which files a process is
allowed to access, how it is allowed to access them (read /
write / execute), and allows you to manipulate what child
processes are allowed to do."
COMPLETE STORY:
http://securityportal.com/closet/closet20000426.html
------------------------------------------------------------------
FREEBSD SECURITY ADVISORY: FREEBSD-SA-00:14.IMAP-UW
"There are numerous buffer overflows available to an imap user
after they have successfully logged into their mail account
(i.e. authenticated themselves by giving the correct password,
etc). Once the user logs in, imapd has dropped root privileges
and is running as the user ID of the mail account which has
been logged into, so the buffer overflow can only allow code
to be executed as that user."
COMPLETE STORY:
http://linuxtoday.com/story.php3?sn=20801
------------------------------------------------------------------
SUPPORT.MICROSOFT.COM: HOW MICROSOFT ENSURES VIRUS-FREE SOFTWARE
[BY USING UNIX]
"[MS software] Disks are duplicated on a variety of industrial
strength, quality focused systems. Most of these systems
are UNIX-based. The UNIX-based duplication systems used in
manufacturing are impervious to MS-DOS-based, Windows- based,
and Macintosh-based viruses.
COMPLETE STORY:
http://support.microsoft.com/support/kb/articles/Q80/5/20.ASP
------------------------------------------------------------------
VNU NET: LINUX SECURITY HOLE DISCOVERED
"Only Red Hat users who have installed the Piranha component
are vulnerable. Piranha is installed only if a Red Hat user
specifically selects clustering functions when installing the
software or if a user chooses 'install all'."
COMPLETE STORY:
http://linuxtoday.com/story.php3?sn=20823
------------------------------------------------------------------
LINUXSECURITY.COM: BELL LABS LIBSAFE ADDED TO SLACKWARE-CURRENT
"libsafe replaces several standard C library functions with
versions that have been hardened against buffer overflow
exploits."
COMPLETE STORY:
http://linuxsecurity.com/articles/host_security_article-507.html
------------------------------------------------------------------
Visit the other sites in the Linux Channel:
Linux Planet <http://www.linuxplanet.com>,
LinuxStart <http://www.linuxstart.com>,
Linux Central <http://www.linuxcentral.com>,
and JustLinux <http://www.justlinux.com>.
Also, check out the ISP-Linux Moderated Digest
<http://isp-lists.isp-planet.com/moderated/isp-linux/>.
------------------------------------------------------------------
---
--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
