search for: openlinux

...________________________ 1. Problem Description Recently, a security problem was discovered in various BSD derived implementations of the telnet daemon. Initially, it was thought that the Linux netkit-telnet was not vulnerable to this problem. It turne out that this was wrong. On OpenLinux previous to version 3.1, this bug allows remote attackers to gain root privilege. Starting with OpenLinux 3.1, the telnet daemon is split into two processes, a privileged one running the login session, and a restricted one handling the network protocol where the bug occurs. As a con...

...Linux - libdb buffer overflow problem Advisory number: CSSA-2001-037.0 Issue date: 2001, October 30 Cross reference: ______________________________________________________________________________ 1. Problem Description Due to a configuration mistake in the libdb1 package included with OpenLinux 3.1 some programs were using unsafe version of the snprintf and vsnprintf functions. This might allow remote attackers to gain access to your system or local attackers to gain root access. 2. Vulnerable Versions System Package -----------------------------------...

...reported to bugtraq by the htdig authors. This vulnerability allows an attacker to read any files on the system with the privilege of the http server account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 All package...

...ms in imp Advisory number: CSSA-2001-027.0 Issue date: 2001, July 31 Cross reference: ______________________________________________________________________________ 1. Problem Description There are several security problems with IMP, a PHP based webmail application, shipped as part of OpenLinux 3.1 Server. These vulnerabilities allowed attackers to execute commands with the privileges of the httpd account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable...

...ux - Squid configuration problems Advisory number: CSSA-2001-029.0 Issue date: 2001, August 06 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a security problem with Squid, a proxy server shipped as part of OpenLinux 3.1 Server. If Squid is configured for accelerator mode (setting http_accel_with_proxy off), any request to Squid is allowed. Malicious users may use your proxy to portscan remote systems, forge email, and other activities. 2. Vulnerable Versions System Package...

...problems Advisory number: CSSA-2001-028.0 Issue date: 2001, August 02 Cross reference: ______________________________________________________________________________ 1. Problem Description There are several security problems with Jakarta-Tomcat, a Java Servlet Engine, shipped as part of OpenLinux 3.1 Server. Several vulnerabilities allowed attackers to view files in the system. A second problem allowed so-called cross-site scripting, where a hostile Web server can feed JavaScript or other code to a web browser, making it appear to originate from the server running tomcat. 2...

...ta to process memory, possibly allowing the execution of code/commands with elevated privileges. This allows a local attacker to gain access to the root account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 All package...

...hich allows a local attacker to gain access to the uucp group. Using this access the attacker could use badly written scripts to gain access to the root account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to uucp-1.06.2-8OL OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder uucp-1.06.2-8OL OpenLinux eDesktop 2.4 All packages pr...

...nder which snmpd is running. This update fixes all known problems and also makes the snmpd run as user 'nobody', reducing the impact of further problems. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder ucd-snmp-4.2.1-6b OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 not vulnera...

Hello. I am looking to get the parameters that the Caldera RPM was made with. I have noticed that it is not being updated and would like to get the current ver. on my system, but need to have the same links to various files. Can anyone help me to find the parameters? I would be interested in making the RPMs but need to know how to make them first, maybe some direction to info on making RPMs.

...our customers to upgrade to the fixed kernel as soon as possible because there's a high potential that exploits for this vulnerability will be available soon. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to linux-2.2.10-10 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder linux-2.2.14-2S OpenLinux eDesktop 2.4 All packages previous to linux-2.2.1...

..._______________________________________ 1. Problem Description There is a very serious vulnerability in the way KDE starts applications that allows local users to take over any file in the system by exploiting setuid root KDE application. The only vulnerable application shipped with OpenLinux is kISDN, but third party software might be vulnerable too. There is currently no fix available. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 no vulnerable packages included...

...TABLES implementation in the 2.4 kernel also had a problem in the RELATED connection handling of the ip_conntrack_module which is fixed by the supplied packages. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to linux-2.2.10-13 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder linux-2.2.14-12S OpenLinux eDesktop 2.4 All packages previous to linux...

...ault configuration of the wu-ftpd we are shipping for all ftp users, including the anonymous user. We urge our users to upgrade to the fixed version of wu-ftpd. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to wu-ftpd-2.5.0-7 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder wu-ftpd-2.5.0-7 OpenLinux eDesktop 2.4 All packages previous to wu-ftpd-2.5.0-7...

...sions. This update upgrades Netscape to version 4.73, which also fixes some annoying crashes during common usage. Upgrade to the new version is recommended. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 not vulnerable OpenLinux eServer 2.3 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 previous to communicator-4.73-2 3. Solution Workaround: none The proper solution is to upgrade to the fi...

...assing the firewall. Even though the attack requires a very large number of IP packets, it is not unthinkable for a determined attacker to exploit this problem. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to linux-2.2.10-14 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder linux-2.2.14-13S OpenLinux eDesktop 2.4 All packages previous to...

...l interacts with /bin/mail, any local user is able to obtain root privilege on the local machine. An exploit for this vulnerability has been published widely. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 not vulnerable OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder perl-5.005_03-6S OpenLinux eDesktop 2.4 All packages previous to perl-5.005_03-6 3. Solution Workaround: none We recommend our...

Hello, I believe I''ve found a bug in the installation process of OpenLinux 2.2 when using the LISA boot disk. During the installation a temporary passwd file is put on the new file system containing the user "help" set uid=0 gid=0 and no password. Once you are prompted to set the root password and default user password a new passwd and shadow file is created yet...

Hi all: I'm running Caldera OpenLinux with kernel 2.0.29, shadow password and quotas. The shadow kit is 980403 and is working fine. Well, when I try to compile I got this output : ------------------------- Begin Compile output ------------------------ Using CFLAGS = -O -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFIL...

...ere are security problems within gpm (General Purpose Mouse support daemon) which allow removal of system files and also exhibit a local denial of service attack. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to gpm-1.17.8-5 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder gpm-1.17.8-5 OpenLinux eDesktop 2.4 All packages previous to gpm-1.19.2-4 3. Soluti...