C|Net reports that Hewlett-Packard has begun selling new Intel-based workstations with Linux. Its x1100, an Intel-based machine first introduced with Windows in January, is available with Red Hat Linux version 7.1.

From C|Net: ” The second beta of the new version 3 of the KDE Linux desktop user interface was released, the KDE Project said Thursday. The final version is scheduled for release in the second quarter, but in the meantime KDE is seeking large numbers of developers to test the software.
“

Slashdotters debate an article at Kuro5hin.org called The Myth of Open Source Security Revisited. “In his seminal writing The Cathedral and the Bazaar, Eric Raymond used the statement ‘Given enough eyeballs, all bugs are shallow’ to describe the belief that given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone. Over time the meaning of the original quote has been lost and instead replaced with the dogmatic belief that Open Source is the panacea that solves the problems involving security in software development.

Posted at LinuxSecurity.com: “There is a potential buffer overflow vulnerability in CUPS when reading
the names of attributes. This bug affects all versions of CUPS and is
fixed upstream in version 1.1.14.”

John Gowin writes “New in the LO HOWTOs section, editor-in-chief John Gowin explains how to configure sound under GNU/Linux using the tools available. That can also include rolling up your sleeves and editing a configuration file manually.” Read the article here at LinuxOrbit.com.

The Associated Press (on CNN.com) reports that the U.S. Department of Justice has released just 47 of the thousands of comments people made on the proposed Microsoft antitrust settlement. These 47 comments were the only ones the DoJ judged “major.” Just five of the 47 are in favor of the settlement. Among the comments released one from the KDE League and another from Free Software Foundation lawyer Eben Moglen.

Technology Review: “What do bird watchers and bird hunters have in common?… [A]fter years of pursuing separate agendas, these incongruous groups ultimately came to understand that they have a shared interest in protecting the ‘environment.’ Does the same principle hold in the intellectual-property realm?” Read more here.

In this article, FindVPN explains in simple terms what a VPN (Virtual Private Network) is, what types there are and some of the reasons setting one up.

NGSEC: “As it is said in ettercap’s home page ‘Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN’. Due to improper use of the memcpy() function, anyone can crash ettercap and execute code as root user… This vulnerability only exists on Linux version because on *BSD and MacOSX ettercap only works on ethernets devices.”

 Next Generation Security Technologies
                          http://www.ngsec.com
                            Security Advisory


       Title:   Ettercap, remote root compromise
          ID:   NGSEC-2002-1
 Application:   ettercap 0.6.3.1 and older (http://ettercap.sourceforge.net)
        Date:   05/02/2002
      Status:   Vendor Contacted, new fixed version released.
    Platform:   Linux on interfaces with MTU > 2000
      Author:   Fermín J. Serna 
    Location:   http://www.ngsec.com/docs/advisories/NGSEC-2002-1.txt


Overview:
---------

As it is said in ettercap's home page "Ettercap is a multipurpose 
sniffer/interceptor/logger for switched LAN". Due to improper use of the
memcpy() function, anyone can crash ettercap and execute code as root 
user.

Vulnerabiliy has been confirmed and exploited in ettercap's version 
0.6.3.1. Older versions maybe vulnerable too. 

This vulnerability only exists on Linux version because on *BSD and MacOSX 
ettercap only works on ethernets devices.

Technical description: 
----------------------

Ettercap is composed of decoders which looks for user, passwords, 
communities and stuff alike.

Several decoders (mysql, irc, ...) suffer the following problem:

   memcpy(collector, payload, data_to_ettercap->datalen);

Collector is declared as: 

    u_char collector[MAX_DATA];

Where MAX_DATA is:

  #define MAX_DATA 2000

Datalen is the data (after TCP/UDP header) length read from the interface.
So on interfaces where MTU is higher than 2000 you can exploit ettercap. 
Since normal ethernets have MTU:1500 this bug can not be exploited due to 
unsupported defragmentation in ettercap, but may be crashed with a forged 
packet (ip->tot_len > MAX_DATA). 

Here are common MTU and interface types:
 
    65535 Hyperchannel
    17914 16 Mbit/sec token ring
    8166  Token Bus (IEEE 802.4)
    4464  4 Mbit/sec token ring (IEEE 802.5)
    1500  Ethernet
    1500  PPP (typical; can vary widely)


Exploit for this vulnerability can be found at 

       http://www.ngsec.com/downloads/exploits/ettercap-x.c

Sample explotation could be also in loopback interfaces: MTU:16436

  piscis:~# ettercap -NszC -i lo &
[1] 21887
  piscis:~# ./ettercap-x 0 | nc localhost 3306
  ettercap-0.6.3.1 xploit by Fermín J. Serna 
Next Generation Security Technologies
  http://www.ngsec.com   

  punt!
  piscis:~# telnet localhost 36864
  Trying 127.0.0.1...
  Connected to localhost.
  Escape character is '^]'.
  id;
  uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),10(wheel)


Recomendations:
---------------

Upgrade to a newer ettercap version. 
Run ettercap on a secure environment.


More advisories at: http://www.ngsec.com/advisories/
PGP Key: http://www.ngsec.com/labs.asc

(c)Copyright 2002 NGSEC. All rights reserved.

The Register is reports: “Sun Microsystems Inc will announce today that it has created a set of Java-based frameworks that integrate its iPlanet Portal Server with its Grid Engine software… Sun’s Grid Engine software is used to aggregate the unused processing capacity in Solaris and Linux workstations and servers…supercomputers. Sun has estimated that workstations and server spread around companies are generally only working 5% to 20% of the time, and says that by using Grid Engine software, companies can push the CPU utilization of their workstations and servers as high as 98%.”