1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Linux Vulnerablilities : Nov 20

Discussion in 'Linux and Unix' started by eddie5659, Nov 20, 2001.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Mar 19, 2001

    Been a while, but here are the latest:

    remote root exploit

    We have received reports that the "SSH CRC-32 compensation attack
    detector vulnerability" is being actively exploited. This is the same
    integer type error previously corrected for OpenSSH in DSA-027-1.
    OpenSSH (the Debian ssh package) was fixed at that time, but
    ssh-nonfree and ssh-socks were not.

    ssh-nonfree, ssh-socks


    End Of Life

    Effective Monday, December 10th 2001, after a lifespan of two years, SuSE
    will discontinue support for the successful SuSE Linux distribution
    SuSE Linux 6.3.

    The remaining distributions
    SuSE Linux 6.4
    SuSE Linux 7.0
    SuSE Linux 7.1
    SuSE Linux 7.2
    SuSE Linux 7.3


    Postfix session log memory exhaustion bugfix

    The Postfix SMTP server maintains a record of SMTP conversations
    for debugging purposes. Depending on local configuration details
    this record is mailed to the postmaster whenever an SMTP session
    terminates with errors


    Session hijacking vulnerability

    Imp is a webmail system which uses the Horde[3] framework.

    Joao Pedro Goncalves reported[1] a vulnerability[2] in the Imp
    webmail system which could be used by a remote attacker to access a
    victim's email.
    It is possible to include a script in an URL via html tags. Since
    these tags are not treated appropriately in previous versions (<=
    2.2.6) of Imp, such scripts can be executed by an unsuspecting user
    if clicked on when viewing an email. By emailing such a crafted URL
    to an user and having this user click on it, the attacker is able to
    retrieve the authentication cookies used in the webmail session, thus
    gaining access to the user's webmail account.


    Mandrake Linux Security Update Advisory

    In older versions of procmail, it is possible to crash procmail by
    sending it certain signals. If procmail is installed setuid, this
    could be exploited to gain unauthorized privilege. This problem is
    fixed in unstable version 3.20 and stable version 3.15.2


    Mandrake Linux Security Update Advisory

    A format string vulnerability exists in gnupg 1.0.5 and previous
    versions which is fixed in 1.0.6. This vulnerability can be used to
    invoke shell commands with privileges of the currently logged-in user


    Mandrake Linux Security Update Advisory

    A problem was discovered in the temporary file handling capabilities
    of some teTeX filters by zen-parse. These filters are used as print
    filters automatically when printing .dvi files using lpr. This can
    lead to elevated privileges. This update relies on the updated mktemp
    packages for 7.x in MDKA-2001:021, which gives mktemp the ability to
    create temporary directories. 8.x users already have a mktemp that
    works in this fashion.



As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/59140

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice