Linux Today SECURITY LETTER FOR JULY 6, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: MULTIPLE LOCAL IMWHEEL VULNERABILITIES "Read access violations where there is no checking of the file itself, it follows a symlink blindly. Perl wrapper might allow other users on the machine to kill the imwheel process." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24382 ------------------------------------------------------------------ SENDMAIL.NET: SECURING SENDMAIL "Still, while hype, myth, and hysteria abound, useful information seems to be in short supply. Had enough of generalities? Time for something, um, practical? We think so." COMPLETE STORY: http://sendmail.net/?feed=000705securitygeneral ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: BITCHX DENIAL OF SERVICE VULNERABILITY "A denial of service vulnerability exists in BitchX. Improper handling of incoming invitation messages can crash the client. Any user on IRC can send the client an invitation message that causes BitchX to segfault." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24437 ------------------------------------------------------------------ FREEBSD SECURITY ADVISORY: FREEBSD-SA-00:24.LIBEDIT "libedit incorrectly reads an ".editrc" file in the current directory if it exists, in order to specify configurable program behaviour. However it does not check for ownership of the file..." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24439 ------------------------------------------------------------------ FREEBSD SECURITY ADVISORY: FREEBSD-SA-00:30.OPENSSH "The sshd server is typically invoked as root so it can manage general user logins. OpenSSH has a configuration option, not enabled by default ("UseLogin") which specifies that user logins should be done via the /usr/bin/login command instead of handled internally." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24440 ------------------------------------------------------------------ FREEBSD PORTS SECURITY ADVISORY: FREEBSD-SA-00:32.BITCHX "Remote IRC users can cause the local client to crash, and possibly execute code as the local user." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24441 ------------------------------------------------------------------ FREEBSD PORTS SECURITY ADVISORY: FREEBSD-SA-00:28.MAJORDOMO "Unprivileged local users can run commands as the 'majordomo' user, including accessing and modifying mailing-list subscription data." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24442 /-------------------------------------------------------------------\ SEARCHING FOR A SPECIFIC LINUX PRODUCT? Linux Central has a comprehensive inventory of everything you need to get started with Linux. It's the most convenient place to get Linux hardware, software, games and gear on the internet. Visit http://www.linuxcentral.com \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ FREEBSD PORTS SECURITY ADVISORY: FREEBSD-SA-00:27.XFREE86-4 "XFree86 4.0 contains a local root vulnerability in the XFree86 server binary, due to incorrect bounds checking of command-line arguments." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24443 ------------------------------------------------------------------ FREEBSD PORTS SECURITY ADVISORY: FREEBSD-SA-00:31.CANNA "The Canna server contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24444 ------------------------------------------------------------------ FREEBSD PORTS SECURITY ADVISORY: FREEBSD-SA-00:29.WU-FTPD "The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows remote anonymous FTP users to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24445 ------------------------------------------------------------------ FREEBSD PORTS SECURITY ADVISORY: FREEBSD-SA-00:26.POPPER "The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24446 ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Stocks/VC http://internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
