Find the information you need for your favorite open source distribution .
The way in.identd is started by inetd from a standard /etc/inetd.conf on a SuSE Linux distribution may be exploited to mount a Denial-of-Service attack against the system. When inetd starts in.identd with the "wait" flag and the "-w -t120" options, the in.identd will start to listen on the well known port while inetd deactivates its own listener for the time in.identd is alive.
The news reader trn uses a hardcoded temporary file, which resides in /tmp.
A buffer overflow has been found in libtermcap's tgetent() function. If a setuid root program uses this function, the user could execute arbitrary code. SuSE Linux 6.0, 6.1 and 6.2 are not affected, since the only program using libtermcap is bc. This program is not setuid root.
xmonisdn which is part of the i4l package is installed setuid root by default. To control and display the status of the ISDN network connections xmonisdn uses external programs, which are executed by the system() systemcall, without taking care of a safe environment. The problem arises by old libc, that don't overwrite the IFS environment variable.
a) A setuid root installed smbmnt could lead to a security breach due to a race condition. b) The NetBIOS name server nmbd is vulnerable to a denial-of-service attack. c) The message service of the SMB-/CIFS-server has got a buffer overflow.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
