Från Bugtraq år 2000

Se alltid till att uppdatera din Linux med senaste uppdateringarna från din Linuxdistributör se Länklista, säkerhet.

För loggbok över allt som installeras och ändras på alla datorer (framförallt servermaskiner).

Några texter från Bugtraq (nyaste texterna ligger sist):

[RHSA-2000:001-01] New version of usermode, pam
[CERT Advisory CA-2000-01] Denial-of-Service Developments
L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper
PHP3 safe_mode and popen()
[RHSA-2000:001-03] New version of usermode, pam
[RHSA-2000:002] New lpr packages
RHSA-2000-005-03
mSQL and not MySQL exploit
ssh & xauth
Corel Linux 1.0 local root compromise
New MySQL Available
Om DDoS-attacker
Red Hat 6.1 initial root password encryption
NIS security advisory : password method downgrade
remote root qmail-pop with vpopmail advisory and exploit wit
majordomo 1.94.5 does not fix all vulnerabilities
Qpopper security bug
SARA Security Auditor -- a new tool
[Debian] New version of apcd released
vulnerability in Linux Debian default boot configuration
RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)
SuSE make-3.77-44 and earlier <thomas@SUSE.DE>
Re: application proxies?
ASP Security Hole (fwd)
crash windows boxes on your local network (twinge.c)
Re: DDOS Attack Mitigation
spidermap-0.1 released
Re: Analysis of "stacheldraht"
TFN2K - An Analysis
Packet Tracing (linux klog patch) Packet filter logging: MAC & TCP flags
perl-cgi hole in UltimateBB by Infopop Corp.
sshd and pop/ftponly users incorrect configuration
snmp problems still alive...
ANNOUNCE: Medusa DS9 security system
[Debian] New version of make released
Re: A DDOS defeating technique based on routing
lynx - someone is deaf and blind ;)
man bugs might lead to root compromise (RH 6.1 and other boxes) man exploit
[Debian] New version of htdig released
Re: SSH & xauth
Oracle installer problem
[XFree86 3.3.6] fix for race conditions in xterm logfile handling
[RHSA-2000:006-01] New nmh packages available
OpenLinux 2.3: rpm_query
TFN2K Analysis - Update 1.3
Corel Linux 1.0 dosemu default configuration: Local root vuln
[SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
New online publication: "Computer Vulnerabilities"
[TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Bilaga till: [TL-Security-Announce] man-1.5g-5 and earlier TLSA2000004-1
[TL-Security-Announce] htdig-3.1.2-1 and earlier TLSA200005-1
[TL-Security-Announce] MySQL-3.22.27-5 and earlier TLSA200006-1
Linux patch for blocking buffer overflow based attacks
[ Hackerslab bug_paper ] Linux printtool get printer password
TESO advisory -- wmcdplay
abuse.man (webmanager kit)
[ Hackerslab bug_paper ] Linux dump buffer overflow [TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1
Process hiding in linux
Bilaga (advisory-006.txt) till: TESO & C-Skills development advisory -- imwheel
Bilaga (advisory-007.txt) till: TESO & C-Skills development advisory -- kreatecd
Exploit for Mandrake 6.1 (PAM/userhelper bug)
Analysis of the Shaft distributed denial of service tool
wmcdplayer exploits.
Still More Overflows
Extending the FTP "ALG" vulnerability to any FTP client
[TL-Security-Announce] nmh-1.0.2 and earlier TLSA200008-1
Local Linux Crash
Local Denial-of-Service attack against Linux
gpm-root
Security issues with S&P ComStock multiCSP (Linux)
The TCP Flags Playground Re: The TCP Flags Playground
[RHSA-2000:008-01] ircii buffer overflow
Security Problems with Linux 2.2.x IP Masquerading
Cobalt apache configuration exposes .htaccess, [ Cobalt ] Security Advisory -- 03.31.2000
Re: Local Denial-of-Service attack against Linux
The Sentinel Project
linux trustees 1.5 long path name vulnerability
StarOffice 5.1
XFree86 server overflow - exploit issues
xfs
Re: RUS-CERT Advisory 200004-01: GNU Emacs 20
pop3
local user can delete arbitrary files on SuSE-Linux
SECURITY: [RHSA-2000:012] New openldap packages available
[RHSA-2000:016-02] imwheel buffer overflow
netkill - generic remote DoS attack
imapd4r1 v12.264
Libsafe Protecting Critical Elements of Stacks
SECURITY: [RHSA-2000:014-10] Updated piranha packages available
[RHSA-2000:014-16]
SuSE 6.3 Gnomelib buffer overflow
gpm-root initgroups()
man-exploit for MANPAGER environment and a comment about the IMA
Re: Postgresql cleartext password storage
unsafe fgets() i sendmail's mail.local
Source code to mstream, a DDoS tool
Re: local user can delete arbitrary files on SuSE-Linux
Re: Source code to mstream, a DDoS tool
Linux knfsd DoS issue
SuSE Security Announcement - aaa_base - UPDATE
glibc resolver weakness
pam_console bug
Passive Network Mapping
Race condition in "rm -r"
Denial of service attack against tcpdump
"I don't think I really love you" (Writing Internet Worms)
Ipchains buffer overflow with debian 2.2.10 Kernel.
SSH Authentication Vulnerability
[RHSA-2000:025-07] Updated Kerberos 5 packages are now available for Red Hat Linux.
[RHSA-2000:028-02] Netscape 4.73 available
You can now track Bugtraq 24/7 with Software.
kscd vulnerability
antisniff x86/linux remote root exploit
announce : Nessus 1.0 released
xsoldier update for Linux Mandrake
CERT Advisory CA-2000-06
[TL-Security-Announce] openLDAP TLSA2000010-1
Fw: [suse-security-announce] SuSE Security Announcement - kernel
"gdm" remote hole
Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Key Generation Security Flaw in PGP 5.0
Qpopper 2.53 remote problem
fdmount buffer overflow, fdmount 0.8 exploit
[RHSA-2000:030-01] Updated mailman packages are available.
`sniffit -L mail' vulnerabilities
Re: Nasty XFree Xserver DoS - Workaround
Buffer Overflow in fdmount (fwd)
new vulnerability in Netscape effectively disables SSL server auth
[TL-Security-Announce] gpm TLSA2000011-1
[RHSA-2000:005-05] New majordomo packages available
KDE: /usr/bin/kdesud, gid = 0 exploit
[linux-security] Re: [RHSA-2000:028-02] Netscape 4.7
SuSE Security Announcement: kmulti
[COVERT-2000-06] Initialized Data Overflow in Xlock
Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Jolt2 crashes tcpdump
[TL-Security-Announce] xlockmore TLSA2000012-1.txt
PGP Security Advisory for PGP 5.0
Corel Linux Default Install
Remote DoS attack in Real Networks Real Server (Strike #2
[RHSA-2000:032-02] kdelibs vulnerability for suid-root KDE applications
New DDoS methods
Re: Jolt2 crashes tcpdump
Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2), [Gael Duval ] [Security Announce
more majordomo brokeness, [Debian] Majordomo will be removed
/usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)
buffer overflow in netscape
Re: XFree86 server overflow
bind running as root in Mandrake 7.0
Linux-Mandrake Xlockmore security update
Caldera Security Advisory CSSA-2000-015: suid root KDE
Sendmail Workaround for Linux Capabilities Bug
Conectiva Linux Security Announcement - cdrecord
innd 2.2.2 remote buffer overflow
gdm exploit
Brev från Technical Support
Sendmail 8.10.2, Linux 2.4.0 - capabilities
local root on linux 2.2.15, Local root vulnerability in most used Linux kernels
Yet another heap overflow in wu-ftpd and so on...
BRU Vulnerability
[rootshell.com] Xterm DoS Attack
Piranha password file
Re: bind running as root in Mandrake 7.0
Security Update: serious bug in setuid()
Security Update: flaws in the SSL transaction handling of Netscape
Trustix Security Advisory
Mission statement for LKAP(Linux Kernel Auditing Project)
CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN Kerberos
[suse-security-announce] SuSE Security Announcement: pop (fwd)
Remote DOS in linux rpc.lockd
OpenSSH's UseLogin option allows remote access with root privilege
Re: Piranha password file
Security Advisory: local ROOT exploit in BRU
Conectiva Linux Security Announcement - ZOPE
[RHSA-2000:036-01] New emacs packages available
[RHSA-2000:025-12] Updated Kerberos 5 packages are now available for Red Hat Linux.
[RHSA-2000:025-13] Updated Kerberos 5 packages are now available for Red Hat Linux.
XFree86: Various nasty libX11 holes
[RHSA-2000:038-01] Zope update
XFree86: libICE DoS
[TL-Security-Announce] Linux Kernel TLSA2000013-1
[RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed
Bug in gpm
CUPS DoS Bugs
rh 6.2 - gid compromises, etc
Bruce 1.0 EA3: Networked Host-Vulnerability Scanner for Solaris and Linux
Immunix OS 6.2 (StackGuarded Red Hat 6.2)
[RHSA-2000:037-02] New Linux kernel fixes security bug
Why pine must never be sgid
[SECURITY] New Debian wu-ftpd packages released
RHL 6.2 xconq package - overflows yield gid games
[Security Announce] Various Mandrake 7.1 security updates.
Re: rh 6.2 - gid compromises, etc [+ MORE!!!]
Free mail scanning tool (was Re: NAI WebShield SMTP does not sca
WuFTPD: Providing *remote* root since at least 1994
Security Update: wu-ftpd vulnerability
[Security Announce] kernel update
CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD
[RHSA-2000:037-05] New Linux kernel fixes security bug
[RHSA-2000:041-02] man package's 'makewhatis' uses insecure handling of files in /tmp
[RHSA-2000:016-03] Multiple local imwheel vulnerabilities
format bugs, in addition to the wuftpd bug
[RHSA-2000:042-01] BitchX denial of service vulnerability
[suse-security-announce] SuSE Security Announcement: wuftpd-2.
[suse-security-announce] SuSE Security Announcement: kernel-2.2.
Re: RHL 6.2 xconq package - overflows yield gid games
Improved ARP sniffer
[SECURITY] New verion of dhcp released
Re: format bugs, in addition to the wuftpd bug
Linux capability bounding set weakness
Re: [TL-Security-Announce] Linux Kernel TLSA2000013-1
Concerning the LDAP Enabled Netscape FTP Server
CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump
ICMP Usage In Scanning - Research Paper
working version of wuftpd exploit
[Security Announce] wu-ftpd update
[SECURITY] New version of canna released.
[Security Announce] dhcp update
XFree86 4.0.1 and /tmp
Re: Nasty hole in postifx/procmail/cyrus Nasty hole in postifx/procmail/cyrus
[slackware-security] wu-ftpd remote exploit patched
FreeBSD Security Advisory: FreeBSD-SA-00:30.openssh
remote crash BitchX 1.0c16
Kerberos security vulnerability in SSH-1.2.27
Cobalt Linux security problems...
[Security Announce] man update
inn update
CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX
CERT Advisory CA-2000-1, wu-ftpd 2.6.0
Caldera Security Update: Denial of Service against irc-BX
Mandrake: BitchX update
Security Update: symlink attack on makewhatis script possible
gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
LPRng lpd should not be SETUID root
SuSE Security Announcement: tnef
SuSE Security Announcement: dhclient
Fw: New man packages availible
Security Advisory: Netscape Administration Server Password
MDKSA-2000:018 dump update
proftp advisory, proftpd non-root patch
MDKSA-2000:019 cvsweb update
Lots and lots of fun with rpc.statd
[SECURITY] New Debian nfs-common packages released
[RHSA-2000:043-02] Updated package for nfs-utils available
[COVERT-2000-07] LISTSERV Web Archive Remote Overflow
CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
[Debian] New version of cvsweb released
[Paper] Format bugs.
MDKSA-2000:020 usermode update
[Security Announce] MDKSA-2000:021 nfs-utils update
[TL-Security-Announce] wu-ftpd TLSA2000014-1
Security Update: DoS on gpm
New DHCP releases: 2.0pl3 and 3.0b1pl17
Security Advisory: rpc.statd is not a problem on OpenLinux
"Best Practices for Secure Web Development" whitepaper
[RHSA-2000:043-03] Revised advisory: Updated package for nfs-utils available
[ANNOUNCE] INN 2.2.3 available
Sendmail filter rule to stop Outlook exploit
Roxen Web Server Vulnerability
[RHSA-2000:044-02] Updated PAM packages are available.
MDKSA-2000:022 dhcp update
MDKSA-2000:023 inn update
JPEG COM Marker Processing Vulnerability in Netscape Browsers
New reporting service w/ Bugtraq
Package xzx-2.9.2-2.i386.rpm spies - SuSE Linux 6.4
CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP
Re: Chasing bugs / vulnerabilties Don't change C conventions; fix programmers instead
[RHSA-2000:045-01] gpm security flaws have been addressed
CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
[SECURITY] New version of userv released
CONECTIVA LINUX SECURITY ANNOUNCEMENT - GPM
CONECTIVA LINUX SECURITY ANNOUNCEMENT - NFS-UTILS
CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
MDKSA-2000:024 - Linux Mandrake not affected by OpenLDAP problem
userv security boundary tool 1.0.1 (SECURITY FIX)
CONECTIVA LINUX SECURITY ANNOUNCEMENT - BITCHX
cvs security problem
[SECURITY] New verion of dhcp released (updated)
MDKSA:2000-025 gpm update
MDKSA-2000:026 Zope update
[RHSA-2000:046-02] New netscape packages available to fix JPEG problem
[RHSA-2000:030-03] Updated mailman packages are available.
Dan & Wietse's Forensics Tools released
Dangerous Java/Netscape Security Hole
[RHSA-2000-047-03] New umb-scheme packages are available.
[RHSA-2000-048-02] Updated mailx and perl packages are now available.
[RHSA-2000-048-06] Updated mailx and perl packages are now available.
[RHSA-2000-050-01] mopd-linux buffer overflow
[RHSA-2000-049-02] Remote file access vulnerability in ntop
[TL-Security-Announce] cvsweb TLSA2000016-1
MDKSA-2000-027 netscape update
MDKSA-2000-028 kon2 update
MDKSA-2000-027-1 netscape update
MDKSA-2000-029 pam update
[bwarsaw@beopen.com- [Mailman-Announce] Mailman 2.0 beta 5]
CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman
[TL-Security-Announce] netscape TLSA2000017-1
New book
MDKSA-2000-030 - Linux-Mandrake not affected by mailman problem
LIDS severe bug
SuSE Security- miscellaneous
kon2
Redhat Linux 6.x remote root exploit
Dangerous Java/Netscape Security Hole Brown Orifice HTTPD Directory Traversal Vulnerability
[Security] Mailman exploitability
sperl 5.00503 (and newer ;) exploit
rpc.statd remote root xploit for linux/x86
[Security] ntop remote file exploitability
Security Update- sperl vulnerability
[SECURITY] New version of mailx released
MDKSA-2000-031 perl update
SuSE Security Announcement- rpc.kstatd (knfsd)
[TL-Security-Announce] perl TLSA2000018-1
MDKSA-2000-032 - Linux-Mandrake not affected by umb-scheme problem
SuSE Security Announcement- suidperl (perl)
Conectiva Linux security announcemente - PERL
CERT Advisory CA-2000-15
[RHSA-2000-052-02] Zope update
[RHSA-2000-053-01] Updated usermode packages.
Conectiva Linux security announcement - usermode
[TL-Security-Announce] PAM TLSA2000009-2
Conectiva Linux Security Announcement - netscape
CONECTIVA LINUX SECURITY ANNOUNCEMENT - diskcheck
MDKSA-2000-033 Netscape Java vulnerability
Remote vulnerability in Gopherd 2.x
MacroMedia Flash/Shockwave plug-in on linux - memcpy overrun
MDKSA-2000-034 MandrakeUpdate update
Conectiva Linux Security Announcement - Zope
xlock vulnerability
MDKSA-2000-035 Zope update
Conectiva Linux Security Announcement - xlockmore
[SECURITY] New version of xlockmore/xlockmore-gl released
CERT Advisory CA-2000-17
[RHSA-2000-052-04] Zope update
Conectiva Linux Security Announcement - netscape
[RHSA-2000-054-01] New Netscape packages fix Java security hole
Conectiva Linux Security Announcement - Zope
Helix Code Security Advisory - Helix GNOME Update
Gopher2.3.1p0 and below remote buffer overflow.
[SECURITY] new version of zope released (updated)
MDKSA-2000-036 - netscape update
Security Update- Netscape java security bug
SuSE Security Announcement- Netscape
[RHSA-2000-055-03] XChat can pass URLs from IRC to a shell
MDKSA-2000-038 - xlockmore update
Security Update- ld.so unsetenv problem
Conectiva Linux Security Announcement - xchat
Advisory- mgetty local compromise
MDKSA-2000-039 - xchat update
MDKSA-2000-040 - glibc update
MDKSA-2000-039-1 - xchat update
[RHSA-2000-053-04] Updated usermode packages.
Helix Code Security Advisory - X-Chat
MDKSA-2000-041 - xpdf update
[SECURITY] New version of xchat released (update)
Conectiva Linux Security Announcement - mgetty
Security Update- /tmp file race in faxrunq
[TL-Security-Announce] netscape TLSA2000020-1
MDKSA-2000-043 - Zope update
MDKSA-2000-042 - mgetty update
[SECURITY] New version of Netscape Communicator/Navigator released
[RHSA-2000-057-02] glibc vulnerabilities in ld.so,
[SECURITY] New version of glibc released
Conectiva Linux Security Announcement - glibc
(SRADV00001) Arbitrary file disclosure through PHP file upload
[security@slackware.com- [slackware-security] Perl root exploit
Serious vulnerability in glibc
Binary file initd_2000-09.txt matches
[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)
Security Update- serious vulnerability in glibc NLS code
SuSE Security Announcement- shlibs (glibc)
Screen-3.7.6 local compromise
scanssh announcement
SuSE Security Announcement- screen
[slackware-security]- glibc 2.1.3 vulnerabilities patched
Trustix Security Advisory - glibc and friends
MDKSA-2000-045 - glibc update
SuSE Security Announcement- apache
@stake Advisory- SuSE Apache WebDAV Directory Listings (A090700-3
[RHSA-2000-057-04] glibc vulnerabilities in ld.so,
glibc/locale exploit for linux/x86
[TL-Security-Announce] glibc unsetenv and locale TLSA2000021-1
[SECURITY] New version of xpdf released
[SECURITY] New version of horde and imp released
[RHSA-2000-059-02] Updated mgetty packages are now available.
Security Update- Security problems in xpdf
Conectiva Linux Security Announcement - pam_smb
[SECURITY] New version of libpam-smb released
MDKSA-2000-046 - mod_perl update
MDKSA-2000-047 - Linux Mandrake not vulnerable to pam_smb
Conectiva Linux Security Announcement - xpdf
SuSE Security Announcement- pam_smb
MDKSA-2000-048 - mod_php3 update
[RHSA-2000-060-03] xpdf bugfix release
[slackware-security]- xchat input validation bug fixed
[RHSA-2000-058-03] Format string exploit in screen
Binary file klogd-2000-09.txt matches
MDKSA-2000-050 - sysklogd update
klogd Kernel Logger vulnerability and fix
[RHSA-2000-061-02] syslog format vulnerability in klogd
[SECURITY] New versions of sysklogd released
Trustix security advisory
glibc/locale sploit for ImmunixOS
[TL-Security-Announce] xchat TLSA2000022-1
SuSE Security Announcement- syslogd/klogd
[CSSA-2000-032.0] Security Problems with syslog/klogd
Binary file kvt-format-bug-2000-09.txt matches
[RHSA-2000-062-03] glint symlink vulnerability
httpd.conf in Suse 6.4
Conectiva Linux Security Announcement - imp
New Variants of Trinity and Stacheldraht Distributed Denial of
Pine
[Security Announce] MDKSA-2000-041-1 - xpdf update
MDKSA-2000-050-1 - sysklogd update
Format strings- bug #2- LPRng
Security Update- format bug in LPRng
MDKSA-2000-051 - esound update
another wu-ftpd exploit
[slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0,
Re- Very interesting traceroute flaw
Security vulnerability in Apache mod_rewrite
Security Update- security problem in traceroute
Conectiva Linux Security Announcement - traceroute
Mandrake 7.1 bypasses Xauthority X session security.
MDKSA-2000-052 - xinitrc update
GnoRPM local /tmp vulnerability
MDKSA-2000-053 - traceroute update
Very probable remote root vulnerability in cfengine
Conectiva Linux Security Announcement - gnorpm
[RHSA-2000-077-03] esound contains a race condition
[RHSA-2000-065-04] LPRng contains a critical string format bug
[RHSA-2000-066-05] lpr has a format string security bug, LPRng compat issues, and a race cond.
[RHSA-2000-078-02] traceroute setuid root exploit with multiple
scp file transfer hole openssh2.2.p1
/bin/su local libc exploit yielding a root shell
SuSE- lprNG
MDKSA-2000-054 - lpr update
Conectiva Linux Security Announcement - lpr
Trustix Security Advisory - apache, traceroute and LPRng
Re- Security vulnerability in Apache mod_rewrite
MDKSA-2000-055 - gnorpm update
Bilaga (SLA-15-PHPix.txt) till- PHPix advisory
Immunix OS Security Update for traceroute
ISS Security Advisory- Insecure call of external programs in Red Hat Linux tmpwatch
sendmail -bt negative index bug...
MDKSA-2000-056 - tmpwatch update
Immunix OS Security Update for tmpwatch
[RHSA-2000-080-01] tmpwatch has a local denial of service and
Trustix Security Advisory - tmpwatch
SuSE- tmpwatch
Re- tmpwatch executes shell commands
ncurses buffer overflows
[SECURITY] New versions of Boa packages available
[SECURITY] Debian esound packages not affected by /tmp/.esd race
Conectiva Linux Security Announcement - tmpwatch
[RHSA-2000-075-05] Updated usermode packages available
Immunix OS Security Update for usermode packages
Security Update- file view vulnerability in mod_rewrite
Binary file statdx2-rpc-2000-10.txt matches
MDKSA-2000-059 - Linux-Mandrake not vulnerable to usermode
[RHSA-2000-072-05] Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0
MDKSA-2000-058 - Linux-Mandrake not vulnerable to boa
SuSE Security Announcement- cfengine
SuSE Security Announcement- esound
Immunix OS Security Update for gnorpm package
Conectiva Linux Security Announcement - apache
MDKSA-2000-060 - apache update
PHP remote format string vulnerabilities PHP security improved -- Fwd- [ANNOUNCE] PHP 4.0.3 released
MDKSA-2000-057 - openssh update
Security Upeate- buffer overflows in ncurses
MDKSA-2000-061 - cfengine update
MDKSA-2000-062 - mod_php3 update
MDKSA-2000-057-1 - openssh update
Bilaga (SLA-17.Anaconda.txt) till- Anaconda Advisory
[SECURITY] New versions of Debian traceroute packages
Conectiva Linux Security Announcement - mod_php3
GPG 1.0.3 doesn't detect modifications to files with multiple
[SECURITY] New version of curl fixes buffer overflow
[SECURITY] New version of Debian php3 packages released (updated)
[SECURITY] New version of Debian php4 packages released (updated)
Security Update- format bug in PHP
[SECURITY] New version of nis released
SuSE Security Announcement- traceroute (SuSE-SA-2000-041)
another Xlib buffer overflow
SuSE Security Announcement- gnorpm (SuSE-SA-2000-040)
[TL-Security-Announce] traceroute TLSA2000023-1
SuSE Security Announcement- ypbind/ypclient (SuSE-SA-2000-042)
Apache 1.3.14 Released
[RHSA-2000-087-02] Potential security problems in ping fixed.
vulnerability in Oracle Internet Directory in Oracle 8.1.6
MDKSA-2000-060-1 - apache update
MDKSA-2000-060-2 - apache update
Security Update- verification bug in gnupg
[RHSA-2000-089-04] Updated gnupg packages available
[ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability
MDKSA-2000-063 - gnupg update
[RHSA-2000-086-05] ypbind for Red Hat Linux 5.x,
MDKSA-2000-063-1 - gnupg update
[CORE SDI ADVISORY] MySQL weak authentication
[RHSA-2000-088-04] Updated apache, php, mod_perl,
MDKSA-2000-064 - ypbind and ypserv updates
Re- another Xlib buffer overflow
linux xlock exploit
Immunix OS Security Update for gnupg package
Immunix OS Security Update for ping package
Immunix OS Security Update for ypbind package
Immunix OS Security Update for apache packages
[IMNX-2000-042-01] Immunix OS Security Update for apache and php
[RHSA-2000-094-01] Updated cyrus-sasl packages available for Red
Potential Security Problem in bftpd-1.0.11
SuSE Security Announcement- ncurses (SuSE-SA-2000-043)
[RHSA-2000-095-02] Updated Secure Web Server packages now
Security Update- security problems in ypbind
[RHSA-2000-024-02] Updated nss_ldap packages are now available.
tcsh- unsafe tempfile in << redirects
[CLSA-2000-334] Conectiva Linux Security Announcement - gnupg
Trustix Security Advisory - ping gnupg ypbind
Samba 2.0.7 SWAT vulnerabilities
Redhat 6.2 dump command executes external program with suid
Ultraseek 3.1.x Remote DoS Vulnerability
FW- Pine 4.30 now available
numerous format string attacks in Nap ( Napster for linux )
Re- Redhat 6.2 dump command executes external program with suid
Re- Samba 2.0.7 SWAT vulnerabilities
[RHSA-2000-100-02] Setuid bits are removed on dump to prevent
[RHSA-2000-072-07] Updated gnorpm packages are available for Red Hat
Redhat 6.2 dump Exploit
MDKSA-2000-065 - Linux-Mandrake not affected by dump
[SAFER] Buffer overflow in Lotus Domino SMTP Server
dump issues with Conectiva Linux
Redhat 6.2 restore exploit
mail Reply-To field exploit
Re- tcsh- unsafe tempfile in << redirects
BIND 8.2.2-P5 Possible DOS
vlock vulnerability in RedHat 7.0
StarOffice 5.2 Temporary Dir Vulnerability
[slackware-security] buffer overflow vulnerability in Pine
[RHSA-2000-102-04] Updated pine and imap packages are available
[RHSA-2000-075-07] Updated usermode packages available
[CLSA-2000-338] Conectiva Linux Security Announcement - bind
[RHSA-2000-107-01] Updated bind packages fixing DoS attack
[SECURITY] New version of gnupg installed
MDKSA-2000-066-1 - nss_ldap update
MDKSA-2000-067 - bind update
Unidentified subject!
[CLSA-2000-339] Conectiva Linux Security Announcement - bind
[SECURITY] New version of tcsh released
SuSE Security Announcement- modules
numerous free/paid account systems are vulnerable too
Immunix OS Security Update for bind
OpenSSH Security Advisory (adv.fwd)
Security Update- DoS attack against named
SuSE- miscellaneous
MDKSA-2000-068-1 - openssh update
RedHat 7.0 (and SuSE)- modutils + netkit = root compromise. (fwd)
CERT Advisory CA-2000-20
Exploit- phf buffer overflow (CGI)
socks5 remote exploit / linux x86
Trustix Security Advisory - bind and openssh (and modutils)
SuSE Security Announcement- bind8 (SuSE-SA-2000-45)
Joe's Own Editor File Link Vulnerability
Immunix OS Security update for modutils
[RHSA-2000-108-02] Updated modutils fixing local root security
MDKSA-2000-071 - modutils update
MDKSA-2000-070 - cups update
vixie cron...
SuSE Security Announcement- tcpdump (SuSE-SA-2000-46)
[RHSA-2000-109-04] New Netscape packages available
[SECURITY] New version of openssh released
[SECURITY] New Debian cron packages released
[RHSA-2000-108-03] Updated modutils fixing local root security
New version of cupsys released
local exploit for linux's Koules1.4 package
[SECURITY] New version of tcpdump released
[RHSA-2000-110-06] Updated joe packages are available for Red Hat
[Security Announce] MDKSA-2000-072 - joe update
MDKSA-2000-073 - pine update
Immunix OS Security update for joe
[SECURITY] New Debian xmcd packages released
Binary file CSSA-2000-041.0.txt matches
[SECURITY] New version of joe released
[SECURITY] New version of modutils released
Immunix OS Security update for netscape
[RHSA-2000-111-03] Updated openssh packages available for Red Hat
[SECURITY] New version of ethereal released
New version of elvis-tiny released
[SECURITY] No koules vulnerability
[CLSA-2000-340] Conectiva Linux Security Announcement - modutils
DoS possibility in syslog-ng
MDKSA-2000-074 - ghostscript update
[CLSA-2000-342] Conectiva Linux Security Announcement - ethereal
[RHSA-2000-114-03] ghostscript uses mktemp instead of mkstemp,
[SECURITY] New Debian ncurses packages released
[CLSA-2000-341] Conectiva Linux Security Announcement - tcsh
[RHSA-2000-108-04] new modutils release addresses more local root
[RHSA-2000-115-01] New ncurses packages fixing buffer overrun
[SECURITY] New version of ghostscript released
[CLSA-2000-343] Conectiva Linux Security Announcement -
[CLSA-2000-344] Conectiva Linux Security Announcement - netscape
MDKSA-2000-071-1 - modutils update
SuSE Security Announcement- openssh/ssh (SuSE-SA-2000-47)
[CLSA-2000-345] Conectiva Linux Security Announcement - openssh
[SECURITY] New version of mc released
[RHSA-2000-109-05] New Netscape packages available
Bilaga (xp-bitchx.c) till- bitchx remote xploit
[RHSA-2000-075-08] Updated usermode packages available
[RHSA-2000-107-04] Updated bind packages fixing DoS attack available
[RHSA-2000-111-04] Updated openssh packages available for Red Hat Linux 7
[RHSA-2000-094-02] Updated cyrus-sasl packages available for Red Hat Linux 7
[RHSA-2000-114-04] ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH
[RHSA-2000-072-08] Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0
[RHSA-2000-117-01] Updated bash (1.x) packages for Red Hat Linux 5.x, 6.x available
[RHSA-2000-102-05] Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and 7
[RHBA-2000-112-04] Updated web server module packages are now available for Red Hat Linux 7.
[RHBA-2000-079-08] Update to official glibc 2.2
[RHSA-2000-088-05] Updated apache, php, mod_perl, and auth_ldap packages available.
[RHSA-2000-108-05] new modutils release addresses more local root compromise possibilities
[RHSA-2000-115-02] New ncurses packages fixing buffer overrun available
[RHSA-2000-024-03] Updated nss_ldap packages are now available.
Security Update- bash creates insecure temp files
MDKSA-2000-073-1 - pine update
A working glibc LANGUAGE xploit
Midnight Commander
Binary file SuSE-ident-2000-11.txt matches
[SECURITY] [DSA-001-1] ed symlink attack
Re- bitchx remote xploit
MDKSA-2000-075 - bash1 update
[RHSA-2000-116-05] Ethereal vulnerable to buffer overflows
Immunix OS Security update for bash 1.x
[SECURITY] [DSA-002-1] fsh symlink attack
[ADV/EXP]- RH6.x root from bash /tmp vuln + MORE
SuSE Security Announcement- netscape (SuSE-SA-2000-48)
Immunix OS Security update for modutils (take 2)
Majordomo filenames used as passwords
Immunix OS Security update for ncurses
[RHSA-2000-120-04] Updated PAM packages available.
Immunix OS Security update for ghostscript
Slack-7.0/Apache-1.3.12/PHP-3.0.16 remote exploit
[RHSA-2000-121-04] Updated tcsh packages are now available for
[RHSA-2000-122-04] race condition exists in diskcheck
Security Update- CSSA-2000-043.0 unsecure temp files in tcsh
[CLA-2000-350] Conectiva Linux Security Announcement - bash
apcupsd 3.7.2 Denial of Service
[CLA-2000-351] Conectiva Linux Security Announcement - openssh
bitchx/ircd DNS overflow demonstration
Vulnerabilities in KTH Kerberos IV
format string in ssl dump
Immunix OS Security update for pam
[CLA-2000-355] Conectiva Linux Security Announcement - ghostscript
Immunix OS Security update for tcsh
[CLA-2000-354] Conectiva Linux Security Announcement - tcsh
[RHSA-2000-122-06] race condition exists in diskcheck
[CLA-2000-356] Conectiva Linux Security Announcement - joe
MDKSA-2000-076 - ed update
LINUX ICMP Error Message Quoting Size Differences (The 20 Bytes
Bilaga (lpd-ex.c) till- Re- lpd buffer overflow
Bilaga (bftpd-advisory.txt) till- More security problems in bftpd-1.0.12. Thanx ASYNCHRO
pico Text Editor Symbolic Link Vulnerability - ERROR CORRECTION
DoS vulnerability in rp-pppoe versions <= 2.4
[RHSA-2000-123-01] New ed packages available
Immunix OS Security update for ed
CSSA-2000-044 irc-bx buffer overflow
CERT Advisory CA-2000-22
MDKSA-2000-077 - apcupsd update
[CLA-2000-357] Conectiva Linux Security Announcement - rp-pppoe
[RHSA-2000-125-02] New Zope packages are available.
MDKSA-2000-078 - mc update
[CLA-2000-358] Conectiva Linux Security Announcement - pam
[CLA-2000-359] Conectiva Linux Security Announcement - ed
[RHSA-2000-126-03] New BitchX packages are available
Symlink attack in (all?) Samba. - Local root walkthrough by Tozz
Bilaga (rdC-LPRng.c) till- LPRng remote root exploit
MDKSA-2000-080 - netscape update
[hacksware]Pine temporary file hijacking vulnerability
[Security Announce] MDKSA-2000-079 - BitchX update
[CLA-2000-359-2] Conectiva Linux Security Announcement - ed
Bilaga (hhp-expect_adv#17.txt) till- hhp's Expect advisory/exploit/patch.
MDKSA-2000-081 - jpilot update
Re- J-Pilot Permissions Vulnerability
[SECURITY] [DSA-004-1] nano symlink attack
MDKSA-2000-082 - pam update
MDKSA-2000-083 - Zope update
MDKSA-2000-082-1 - pam update
[SECURITY] [DSA-005-1] slocate local exploit
Trustix Security Advisory - ed, tcsh, and ftpd-BSD
MDKSA-2000-084 - rp-pppoe update
[SECURITY] [DSA-006-1] zope privilege escalation
[RHSA-2000-127-06] new Zope-Hotfix package available
MDKSA-2000-085 - slocate update
OBSD ftpd exploit clarification
Re- /tmp topic
Re- "The End of SSL and SSH?"
[RHSA-2000-128-02] New slocate packages available to fix local
[RHSA-2000-131-02] Updated gnupg packages now available
[RHSA-2000-129-02] Updated stunnel packages available.
MDKSA-2000-086 - Zope update
Trustix Security Advisory - stunnel
Trustix Security Advisory - gnupg, ftpd-BSD
[RHSA-2000-130-05] Updated rp-pppoe packages fixing denial of service attack are available.
[SECURITY] [DSA-007-1] insufficient protection for zope Image and
[CLA-2000-364] Conectiva Linux Security Announcement - BitchX
ProFTPD 1.2.0 Memory leakage - denial of service
listing of vendor's security-announcement lists
[RHSA-2000-137-04] Updated stunnel packages available for Red Hat
[RHSA-2000-135-03] Zope Hotfix package available
MDKSA-2000-087 - gnupg update
ICMP Usage In Scanning v2.5 - Research Paper
[SECURITY] [DSA-010-1] two gpg problems
[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities
[SECURITY] [DSA-008-1] dialog symlink attack
buffer overflow in libsecure (NSA Security-enhanced Linux)
[TL-Security-Announce] fetchmail-5.5.0-3.i386.rpm TLSA2000024-1
Linux port of OpenBSD ftpd patched
[CLA-2000-363] Conectiva Linux Security Announcement - stunnel
[CLA-2000-368] Conectiva Linux Security Announcement - gnupg
Shockwave Flash buffer overflow
MDKSA-2000-088 - emacs update

Upp en nivå

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".