Linux Today SECURITY LETTER FOR JULY 28, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: GPM SECURITY FLAWS HAVE BEEN ADDRESSED "gpm as shipped in Red Hat Linux 5.2 and 6.x contains a number of security problems. Additionally, a denial of service attack via /dev/gpmctl is possible." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25391 ------------------------------------------------------------------ CONECTIVA LINUX SECURITY ANNOUNCEMENT: PACKAGE: MAN "The man package has a script called makewhatis that is run weekly by the cron daemon as root. This script creates a directory in /tmp and some files under it with predictable names, thus making it possible for a local attacker to alter any file in the system via symlink attacks." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25392 ------------------------------------------------------------------ CONECTIVA LINUX SECURITY ANNOUNCEMENT: PACKAGE: NFS-UTILS "There is a problem in the nfs-utils package that could lead to a remote root exploit." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25393 ------------------------------------------------------------------ CONECTIVA LINUX SECURITY ANNOUNCEMENT: PACKAGE: PAM "This module incorrectly identifies remote X logins for displays other than :0 (:1, :2, etc.) as local ones, thus giving the console to this user. Having the console, the remote user could issue commands like reboot to remotely reboot the system (after providing his or her password)." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25394 ------------------------------------------------------------------ LINUXSECURITY.COM INTERVIEWS SECURE COMPUTING "If a user manages to mount an HTTP overrun attack, or a stack overrun attack of any sort, they can't use that to break out of the application they're in and get down into the operating system to gain root access to take over the entire system. We've absolutely eliminated that." COMPLETE STORY: http://www.linuxsecurity.com/feature_stories/secure-1.html /-------------------------------------------------------------------\ RECEIVE VALUABLE LINUX / OPEN SOURCE INFORMATION BY E-MAIL Subscribe to our Linux / Open Source e-mail lists today and you'll receive targeted mailings that will notify you of products and services that meet your interests. Subscribers to these free lists will receive occasional e-mailed announcements of special offers relating to Linux / Open Source. Sign up today at http://e-newsletters.internet.com/mailinglists.html \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ EXCITE/ZDNET: SILENCE THE BEST SECURITY POLICY "Well-meaning hackers are creating an army of "script kiddies" by making security holes public, says a speaker at the Black Hat Security Conference." COMPLETE STORY: http://news.excite.com/news/zd/000726/18/silence-the-best ------------------------------------------------------------------ VNU NET: MICROSOFT HIT BY FURTHER OUTLOOK BUG "When exploited, this vulnerability allows an attacker to store an HTML file in an area that is not protected by the policies of the 'Internet Zone'. This file may then be used to open arbitrary files on [a] machine and send the contents back to the attacker." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25404 ------------------------------------------------------------------ SECURITY PORTAL: DEFAULT PASSWORDS AND WHAT YOU CAN DO ABOUT THEM "The reason this issue exists is that vendors want to make products easy to deploy, increase ease of use and decrease support costs." COMPLETE STORY: http://securityportal.com/topnews/pwd20000728.html ------------------------------------------------------------------ COMPUTERWORLD: DEBATE ERUPTS OVER DISCLOSURE OF SOFTWARE SECURITY HOLES "Ranum claimed that many disclosures of security holes are "rock-throwing" incidents done by companies or individuals to attack vendors such as Microsoft Corp. or for the purposes of self-promotion, financial gain or ego gratification. And, he said, such disclosures give malicious attackers point-and-click tools that they can use to take down Web sites." COMPLETE STORY: http://www.computerworld.com/cwi/story/0,1199,NAV47_STO47589,00.html ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Stocks/VC http://internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
