Find the information you need for your favorite open source distribution .
The syslogd server uses a Unix Domain stream socket (/dev/log) for receiving local log messages via syslog(3). Unix Domain stream sockets are non connection-less, that means, that one process is needed to serve one client.
The thttpd web server doesn't do proper bounds checking in the date parsing function tdate_parse().
Several vulnerabilities were found within bind4 and bind8.
The rpc.nfsd which is part of the nfs-server package was found to have two remote vulnerabilities.
The file access permissions aren't properly checked by the lpr and lpd program.
The package ypserv is the former "yellow pages", now called NIS information service, which is used for e.g. central network user account management. Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users.
The cdwtools package is a frontend for various programs used to create CDs. Several buffer overflows and /tmp vulnerabilities exist in the cdwtools package. Thanks to Brock Tellier bringing this problem to our attention.
The mirror package is a tool to duplicate the contents of ftp servers. A vulnerability exists when attackers can create directory like " .." on the target mirror ftp server.
sccw does insufficient bounds checking, trust it's environment and calls insecure system functions. On a default installation sccw is setuid root.
The /usr/bin/pg and /usr/bin/pb tools can be used to read any file on the system.
Several buffer overflows have been found in proftpd which have been verified to be exploitable from an remote attacker. The fixing and finding of new holes is going on for over 2 weeks now, and there is no end in sight. Even with all known fixes, proftpd is still vulnerable to remote exploitation.
When lynx calls external programs for protocols (e.g. telnet), the location is passed unchecked. This can be used to activate commandline parameters. For example, this reference [A HREF="telnet://-n.rhosts"]click me[/A] would activate the tracefile options on the telnet client, with the result, that a .rhosts in the current directory would created or overwritten.
On June the 28th SuSE released a new pine package, which fixes a security bug. Unfortunately the patch brokes IMAP support for pine. Now there is a new package available which works correctly.
Three security threats were found in the vixie crond, which is shipped with SuSE Linux. 1) no boundchecking on a local buffer, while copying data from MAILTO 2) passing invalid options to sendmail 3) it doesn't drop root privileges while sending acknowledge mail to a user
The security breach occurs when you try to transfer an empty directory into a non-existent directory. In that case rsync sets the permissions of the working directory to those of the empty directory; this means, that the permissions of your home directory are changed to the file access mode of the empty directory if you do a remote rsync by using ssh/rsh.
The way in.identd is started by inetd from a standard /etc/inetd.conf on a SuSE Linux distribution may be exploited to mount a Denial-of-Service attack against the system. When inetd starts in.identd with the "wait" flag and the "-w -t120" options, the in.identd will start to listen on the well known port while inetd deactivates its own listener for the time in.identd is alive.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
