Find the information you need for your favorite open source distribution .
Three security threats were found in the vixie crond, which is shipped with SuSE Linux. 1) no boundchecking on a local buffer, while copying data from MAILTO 2) passing invalid options to sendmail 3) it doesn't drop root privileges while sending acknowledge mail to a user
The security breach occurs when you try to transfer an empty directory into a non-existent directory. In that case rsync sets the permissions of the working directory to those of the empty directory; this means, that the permissions of your home directory are changed to the file access mode of the empty directory if you do a remote rsync by using ssh/rsh.
The way in.identd is started by inetd from a standard /etc/inetd.conf on a SuSE Linux distribution may be exploited to mount a Denial-of-Service attack against the system. When inetd starts in.identd with the "wait" flag and the "-w -t120" options, the in.identd will start to listen on the well known port while inetd deactivates its own listener for the time in.identd is alive.
The news reader trn uses a hardcoded temporary file, which resides in /tmp.
A buffer overflow has been found in libtermcap's tgetent() function. If a setuid root program uses this function, the user could execute arbitrary code. SuSE Linux 6.0, 6.1 and 6.2 are not affected, since the only program using libtermcap is bc. This program is not setuid root.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
