similar to: SECURITY: RHSA-1999:032 Buffer overflows in amd

Freshmeat says: Following up to yesterday's Linux 2.0.38 release, Alan Cox sent out a security notice about a remote network DoS vulnerability which is present in all Linux 2.0.x systems. Linux 2.2.x is not affected by this bug. Causing this requires a great deal of skill and probably a reasonably local network access as it is extremely timing dependant. Nevertheless everyone is advised to

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in proftpd Advisory ID: RHSA-1999:034-01 Issue date: 1999-08-31 Keywords: proftpd buffer overflow remote exploit - --------------------------------------------------------------------- 1. Topic: proftpd is a ftp server

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New PAM packages available Advisory ID: RHSA-1999:040 Issue date: 10/13/1999 Updated on: 10/13/1999 Keywords: pam security login NIS server Cross references: N/A -

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New openldap packages. Advisory ID: RHSA-2000:012-05 Issue date: 2000-04-13 Updated on: 2000-04-21 Product: Red Hat Linux Keywords: openldap startup symlink overwrite denial Cross

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: gpm Advisory ID: RHSA-2000:009-02 Issue date: 2000-04-07 Updated on: 2000-04-10 Product: Red Hat Linux Keywords: gpm gpm-root gid 0 priviledge Cross references: N/A -

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Piranha web GUI exposure Advisory ID: RHSA-2000:014-10 Issue date: 2000-04-18 Updated on: 2000-04-24 Product: Red Hat Linux Keywords: piranha remote CGI command Cross references:

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow problem in the inews program Advisory ID: RHSA-1999:033-01 Issue date: 1999-09-01 Keywords: inn inews buffer overflow - --------------------------------------------------------------------- 1. Topic: New packages for INN

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Piranha web GUI exposure Advisory ID: RHSA-2000:014-16 Issue date: 2000-04-18 Updated on: 2000-04-26 Product: Red Hat Linux Keywords: piranha Cross references: php -

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

This and the following 2 messages are from linux-watch@redhatc.com Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW:

Well, last night, my box was hit again.. same symptoms: All attempts to connect remotely receive a connection, but a login prompt never comes up. When I went to the console and turned on the monitor, I had the login prompt, but written on to the screen was the message IPMASQ: Reverse ICMP: Checksum error from xxx.xxx.xxx.xxx So, on this occasion, I thought I would post a summary of the

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: kdelibs vulnerability for suid-root KDE applications Advisory ID: RHSA-2000:032-02 Issue date: 2000-06-07 Updated on: 2000-06-07 Product: Red Hat Powertools Keywords: N/A Cross references: N/A

I have produced fixed sendmail RPMs for RedHat systems for the exploit posted yesterday on BoS. They are not official, until RedHat release an official version themselves: URL: ftp://ftp.sorosis.ro/pub/linux/local/fixes/ 3237df366bd1def87c91b1f8fb835a3e ./redhat-3.0.3/sendmail-8.8.2-2.i386.rpm dc1ba8ce94c4f5df357e3db06989819e ./redhat-3.0.3/sendmail-cf-8.8.2-2.i386.rpm

I have been trying for quite a while now to understand why is the flist.c:f_name() function implemented using static buffers. Anyone care to comment? The immediate problem is that any call to f_name overrides the previous content (well, obvious). This, combined with the fact that several function calls are made with the result of f_name(file) results in problems handling hardlinks - and

Hi! I wrote a small patch to enable /etc/limits support in openssh. nice thing when you don't have PAM installed.. It is based on Ultor's openssh 1.x patch (http://marc.theaimsgroup.com/?l=secure-shell&m=96427677022741&w=2) Works fine on slackware7.1. define USE_ETC_LIMITS in config.h , and compile as usual. Sagi -------------- next part -------------- diff -N -u

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: - --------------------------------------------------------------------- 1. Topic: