Thomas –
This week advisories were released
for pam_smb, exim, stunnel, wu-ftpd, mah-jong, sane-backends, pine, GtkHTML, and
inetd. The distributors include Conectiva, Debian, Guardian Digital’s EnGarde
Secure Linux, Red Hat, Slackware, and SuSE.
LinuxSecurity Feature
Extras:
A
Practical Approach of Stealthy Remote Administration
– This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).Expert
vs. Expertise: Computer Forensics and the Alternative OS – No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]
Distribution: | Conectiva | ||
9/5/2003 | pam_smb | ||
Remote buffer overflow A buffer overflow vulnerability has been discovered in the pam_smb module. |
|||
9/5/2003 | exim | ||
Remote buffer overflow A remote heap buffer overflow vulnerability[2] has been reported[3] in the |
|||
9/5/2003 | stunnel | ||
File descriptor and DoS vulnerabilities A file descriptor leak and denial of service vulnerability have been fixed. |
|||
Distribution: | Debian | ||
9/5/2003 | ‘exim’ buffer overflow |
||
File descriptor and DoS vulnerabilities A buffer overflow exists in exim, which is the standard mail transport agent |
|||
9/5/2003 | ‘wu-ftpd’ insecure program execution |
||
File descriptor and DoS vulnerabilities wu-ftpd, an FTP server, implements a feature whereby multiple files can |
|||
9/8/2003 | exim | ||
buffer overflow vulnerability A buffer overflow exists in exim. |
|||
9/8/2003 | mah-jong multiple vulnerabilities |
||
buffer overflow vulnerability Nicolas Boullis discovered two vulnerabilities in mah-jong. |
|||
9/11/2003 | sane-backends multiple vulnerabilities |
||
buffer overflow vulnerability Thes problems allow a remote attacker to cause a segfault fault and/or consume |
|||
Distribution: | EnGarde | ||
9/11/2003 | ‘pine’ buffer overflows |
||
buffer overflow vulnerability The pine e-mail client shipped with EnGarde Secure Linux contains buffer |
|||
Distribution: | Red Hat |
||
9/5/2003 | ‘httpd’ vulnerabilities |
||
buffer overflow vulnerability Updated httpd packages that fix several minor security issues are now available |
|||
9/11/2003 | GtkHTML | ||
denial of service vulnerability Alan Cox discovered that certain malformed messages could cause the Evolution |
|||
9/11/2003 | pine | ||
buffer overflow vulnerability A buffer overflow exists in the way unpatched versions of Pine prior to |
|||
Distribution: | Slackware | ||
9/9/2003 | inetd | ||
denial of service vulnerability These updates fix a previously hard-coded limit of 256 connections-per-minute, |
|||
9/11/2003 | pine | ||
arbitrary code execution vulnerability Upgraded pine packages are available for Slackware 8.1, 9.0 and – -current. |
|||
Distribution: | SuSE | ||
9/5/2003 | ‘pam_smb’ privilege escalation |
||
arbitrary code execution vulnerability Dave Airlie |
|||
9/11/2003 | pine | ||
arbitrary code execution vulnerability The well known and widely used mail client pine is vulnerable to a buffer |
|||
Category:
- Security