search for: openlinux

Displaying 20 results from an estimated 88 matches for "openlinux".

2001 Aug 13
0
Security Update: [CSSA-2001-30.0] Linux - Telnet AYT remote exploit
...________________________ 1. Problem Description Recently, a security problem was discovered in various BSD derived implementations of the telnet daemon. Initially, it was thought that the Linux netkit-telnet was not vulnerable to this problem. It turne out that this was wrong. On OpenLinux previous to version 3.1, this bug allows remote attackers to gain root privilege. Starting with OpenLinux 3.1, the telnet daemon is split into two processes, a privileged one running the login session, and a restricted one handling the network protocol where the bug occurs. As a con...
2001 Nov 01
0
Security Update: [CSSA-2001-037.0] Linux - libdb buffer overflow problem
...Linux - libdb buffer overflow problem Advisory number: CSSA-2001-037.0 Issue date: 2001, October 30 Cross reference: ______________________________________________________________________________ 1. Problem Description Due to a configuration mistake in the libdb1 package included with OpenLinux 3.1 some programs were using unsafe version of the snprintf and vsnprintf functions. This might allow remote attackers to gain access to your system or local attackers to gain root access. 2. Vulnerable Versions System Package -----------------------------------...
2001 Oct 09
0
Security Update: [CSSA-2001-035.0] Linux - Remote File View Problem in htdig
...reported to bugtraq by the htdig authors. This vulnerability allows an attacker to read any files on the system with the privilege of the http server account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 All package...
2001 Aug 01
0
Security Update [CSSA-2001-026.0] Linux - Security problems in imp
...ms in imp Advisory number: CSSA-2001-027.0 Issue date: 2001, July 31 Cross reference: ______________________________________________________________________________ 1. Problem Description There are several security problems with IMP, a PHP based webmail application, shipped as part of OpenLinux 3.1 Server. These vulnerabilities allowed attackers to execute commands with the privileges of the httpd account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable...
2001 Aug 06
0
Security Update [CSSA-2001-029.0] Linux - Squid configuration problems
...ux - Squid configuration problems Advisory number: CSSA-2001-029.0 Issue date: 2001, August 06 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a security problem with Squid, a proxy server shipped as part of OpenLinux 3.1 Server. If Squid is configured for accelerator mode (setting http_accel_with_proxy off), any request to Squid is allowed. Malicious users may use your proxy to portscan remote systems, forge email, and other activities. 2. Vulnerable Versions System Package...
2001 Aug 06
0
Security Update: [CSSA-2001-028.0] Linux - Tomcat security problems
...problems Advisory number: CSSA-2001-028.0 Issue date: 2001, August 02 Cross reference: ______________________________________________________________________________ 1. Problem Description There are several security problems with Jakarta-Tomcat, a Java Servlet Engine, shipped as part of OpenLinux 3.1 Server. Several vulnerabilities allowed attackers to view files in the system. A second problem allowed so-called cross-site scripting, where a hostile Web server can feed JavaScript or other code to a web browser, making it appear to originate from the server running tomcat. 2...
2001 Aug 24
0
Security Update [CSSA-2001-032.0] Linux - sendmail instant root exploit
...ta to process memory, possibly allowing the execution of code/commands with elevated privileges. This allows a local attacker to gain access to the root account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 All package...
2001 Sep 10
0
Security Update [CSSA-033.0]Linux - uucp argument handling problems
...hich allows a local attacker to gain access to the uucp group. Using this access the attacker could use badly written scripts to gain access to the root account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to uucp-1.06.2-8OL OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder uucp-1.06.2-8OL OpenLinux eDesktop 2.4 All packages pr...
2001 Aug 17
0
Security Update: [CSSA-2001-031.0] Linux -security issues in ucd-snmp
...nder which snmpd is running. This update fixes all known problems and also makes the snmpd run as user 'nobody', reducing the impact of further problems. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder ucd-snmp-4.2.1-6b OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 not vulnera...
2003 Mar 21
4
Compiling Samba For OPENLinux 3.1.1
Hello. I am looking to get the parameters that the Caldera RPM was made with. I have noticed that it is not being updated and would like to get the current ver. on my system, but need to have the same links to various files. Can anyone help me to find the parameters? I would be interested in making the RPMs but need to know how to make them first, maybe some direction to info on making RPMs.
2000 Jun 08
1
Security Update: serious bug in setuid()
...our customers to upgrade to the fixed kernel as soon as possible because there's a high potential that exploits for this vulnerability will be available soon. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to linux-2.2.10-10 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder linux-2.2.14-2S OpenLinux eDesktop 2.4 All packages previous to linux-2.2.1...
2000 Jun 06
0
[CSSA-2000-015-0] Caldera Security Advisory: KDE suid root applications
..._______________________________________ 1. Problem Description There is a very serious vulnerability in the way KDE starts applications that allows local users to take over any file in the system by exploiting setuid root KDE application. The only vulnerable application shipped with OpenLinux is kISDN, but third party software might be vulnerable too. There is currently no fix available. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 no vulnerable packages included...
2001 Oct 18
0
Security Update: [CSSA-2001-036.0] Linux - Several Linux Kernel Security Problems
...TABLES implementation in the 2.4 kernel also had a problem in the RELATED connection handling of the ip_conntrack_module which is fixed by the supplied packages. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to linux-2.2.10-13 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder linux-2.2.14-12S OpenLinux eDesktop 2.4 All packages previous to linux...
2000 Jun 23
1
Security Update: wu-ftpd vulnerability
...ault configuration of the wu-ftpd we are shipping for all ftp users, including the anonymous user. We urge our users to upgrade to the fixed version of wu-ftpd. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to wu-ftpd-2.5.0-7 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder wu-ftpd-2.5.0-7 OpenLinux eDesktop 2.4 All packages previous to wu-ftpd-2.5.0-7...
2000 Jun 09
0
Security Update: flaws in the SSL transaction handling of Netscape
...sions. This update upgrades Netscape to version 4.73, which also fixes some annoying crashes during common usage. Upgrade to the new version is recommended. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 not vulnerable OpenLinux eServer 2.3 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 previous to communicator-4.73-2 3. Solution Workaround: none The proper solution is to upgrade to the fi...
2001 Nov 06
0
Security Update: [CSSA-2001-38.0] Linux - syncookies firewall breaking problem
...assing the firewall. Even though the attack requires a very large number of IP packets, it is not unthinkable for a determined attacker to exploit this problem. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to linux-2.2.10-14 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder linux-2.2.14-13S OpenLinux eDesktop 2.4 All packages previous to...
2000 Aug 09
0
Security Update: sperl vulnerability
...l interacts with /bin/mail, any local user is able to obtain root privilege on the local machine. An exploit for this vulnerability has been published widely. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 not vulnerable OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder perl-5.005_03-6S OpenLinux eDesktop 2.4 All packages previous to perl-5.005_03-6 3. Solution Workaround: none We recommend our...
1999 May 08
1
OpenLinux 2.2: LISA install leaves root access without password
Hello, I believe I''ve found a bug in the installation process of OpenLinux 2.2 when using the LISA boot disk. During the installation a temporary passwd file is put on the new file system containing the user "help" set uid=0 gid=0 and no password. Once you are prompted to set the root password and default user password a new passwd and shadow file is created yet...
1998 May 02
1
Shadow and OpenLinux
Hi all: I'm running Caldera OpenLinux with kernel 2.0.29, shadow password and quotas. The shadow kit is 980403 and is working fine. Well, when I try to compile I got this output : ------------------------- Begin Compile output ------------------------ Using CFLAGS = -O -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFIL...
2000 Jul 20
0
Security Update: DoS on gpm
...ere are security problems within gpm (General Purpose Mouse support daemon) which allow removal of system files and also exhibit a local denial of service attack. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to gpm-1.17.8-5 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder gpm-1.17.8-5 OpenLinux eDesktop 2.4 All packages previous to gpm-1.19.2-4 3. Soluti...