similar to: 2.0.38 fixes a glitch

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in proftpd Advisory ID: RHSA-1999:034-01 Issue date: 1999-08-31 Keywords: proftpd buffer overflow remote exploit - --------------------------------------------------------------------- 1. Topic: proftpd is a ftp server

Well, last night, my box was hit again.. same symptoms: All attempts to connect remotely receive a connection, but a login prompt never comes up. When I went to the console and turned on the monitor, I had the login prompt, but written on to the screen was the message IPMASQ: Reverse ICMP: Checksum error from xxx.xxx.xxx.xxx So, on this occasion, I thought I would post a summary of the

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overrun in amd Advisory ID: RHSA-1999:032-01 Issue date: 1999-08-30 Keywords: amd am-utils buffer overflow remote exploit - --------------------------------------------------------------------- 1. Topic: New packages of am-utils

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

This and the following 2 messages are from linux-watch@redhatc.com Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW:

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow problem in the inews program Advisory ID: RHSA-1999:033-01 Issue date: 1999-09-01 Keywords: inn inews buffer overflow - --------------------------------------------------------------------- 1. Topic: New packages for INN

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: local ROOT exploit in BRU Advisory number: CSSA-2000-018.0 Issue date: 2000 June, 14 Cross reference: ______________________________________________________________________________ 1. Problem Description

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Zope update Advisory ID: RHSA-2000:052-04 Issue date: 2000-08-11 Updated on: 2000-08-18 Product: Red Hat Powertools Keywords: Zope Cross references: N/A

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New majordomo packages available Advisory ID: RHSA-2000:005-05 Issue date: 2000-01-20 Updated on: 2000-05-31 Product: Red Hat Powertools Keywords: majordomo Cross references: N/A

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New PAM packages available Advisory ID: RHSA-1999:040 Issue date: 10/13/1999 Updated on: 10/13/1999 Keywords: pam security login NIS server Cross references: N/A -

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New openldap packages. Advisory ID: RHSA-2000:012-05 Issue date: 2000-04-13 Updated on: 2000-04-21 Product: Red Hat Linux Keywords: openldap startup symlink overwrite denial Cross

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: gpm Advisory ID: RHSA-2000:009-02 Issue date: 2000-04-07 Updated on: 2000-04-10 Product: Red Hat Linux Keywords: gpm gpm-root gid 0 priviledge Cross references: N/A -

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Piranha web GUI exposure Advisory ID: RHSA-2000:014-10 Issue date: 2000-04-18 Updated on: 2000-04-24 Product: Red Hat Linux Keywords: piranha remote CGI command Cross references:

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Piranha web GUI exposure Advisory ID: RHSA-2000:014-16 Issue date: 2000-04-18 Updated on: 2000-04-26 Product: Red Hat Linux Keywords: piranha Cross references: php -

Back in June when I was fooling around with some programs I was writing, I found a serious buffer overflow in WindowMaker 0.60.0 and 0.52, but I assume previous versions are vulnerable as well. By replacing argv[0] of a program with a string longer than 249 characters, it is possible to overflow one of the programs buffers, causing it, and possibly X as well to crash. It is assumed this can

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: imwheel buffer overflow Advisory ID: RHSA-2000:016-02 Issue date: 2000-04-20 Updated on: 2000-04-21 Product: Red Hat Powertools Keywords: imwheel buffer imwheel-solo Cross references: N/A