pintday.org We rant so you don’t have to.

Security News (Old)

Last Update: May 1999. This is very old.

99-05-11 - SP5 Fixes Source Routing

With the release of Windows NT Service Pack 5 , Microsoft customers can finally disable source routing in the TCP/IP Stack. For details, see Microsoft Knowledge Base article Q217336. A number of other security issues are also corrected in SP5.

99-05-07 - Constitutional Crypto Challenge Succeeds

In a landmark ruling in the US Crypto debate, the Ninth Circuit Court of Appeals ruled in favour of Dan Bernstein in his challenge against the Justice Department. The ruling upheld his right, under First Amendment protection, to post the source code for cryptographic software on his web site. The details of the ruling are available online.

99-05-07 - Patch now available for Oracle Hole

Oracle has released a patch for the recent oratclsh setuid issues. In preparing for this patch, Oracle also fixed several other potential security holes. Oracle Metalink customers may retrieve the patch (in the form of a shell script) from Oracle. Other users may find it in the BugTraq archives.

99-05-05 - New NT Bastion Host Paper

Stefan Norberg, of HP Consulting Sweden, has written a paper entitled Building a Windows NT bastion host in practice. This paper gives detailed instructions on configuring Windows NT for use in an exposed, or bastion host environment. The paper is available from HP Sweden.

99-05-05 - FTP Serv-U Buffer Overflows

FTP Serv-U 2.5, the popular Windows-based FTP server software, contains buffer overflows in many server commands. These buffer overflows can easily cause denial of service conditions, and may be exploitable by a remote user. An updated version has been released, and is available from Deerfield.

99-05-04 - New Crypto Advances

Adi Shamir, co-developer of the RSA algorithm and one of the world's leading cryptographers, has announced the design of a device that may allow code breakers to decipher even 512-bit RSA keys in the near future.

The paper, announced at EuroCrypt '99 in Prague, describes a device called twinkle. Twinkle uses dedicated opto-electronic hardware to attack the factoring problem, producing an estimated threefold decrease in the time necessary to factor a large prime.

A detailed analysis of this approach can be found at RSA Labs.

99-05-03 - ICQ Webserver problems continue

Though a patch for the last month's ICQ webserver problems has now been made available by Miribalis, the latest version of the ICQ mini-webserver contains a small bug, allowing remote users to test for the presence of (but not read) a file on the local system. Briefly, when the remote user attempts to traverse to previous levels of the directory hierarchy, a 404 Forbidden message will be presented if the file being accessed exists. If no file is present, the standard 403 message is issued.

99-04-30 - Oracle 8.0.5 Intelligent Agent Hole

The installation routine for Intelligent Agent that ships with Oracle 8.0.5 contains a trivially exploitable security hole under most Unix flavours. When Intelligent Agent is installed, it creates a setuid root version of oratclsh. Any user may use this executable to issue TCL commands with root privileges.

Users who have installed the Intelligent Agent utility should remove the setuid bit on $ORACLE_HOME/bin/oratclsh immediately as a workaround.

99-04-29 - Computer Associates Patches Password Issue

Computer Associates, makers of ARCServe Backup Agent and InnocuLAN, have finally addressed the clear text password issue identified many months ago. Registered users of these products may obtain patches by calling CA tech support and asking for patches T146159 (ARCserve Backup Agent 6.5) and TF68089 (InocuLAN 4.0).

99-04-25 - eBay Password Theft with JavaScript

Users who make bids on eBay auctions with JavaScript enabled may be in for a nasty surprise. Blue Adept of because-we-can.com has identified a method where embedded JavaScript in an Item's description can cause a user's account name and password to be mailed to a third party.

eBay users should be warned to turn off JavaScript before reviewing or placing any bids. See the advisory for details.

99-04-22 - Microsoft Patches IE5 vulnerabilities

Microsoft has released a pair of advisories addressing vulnerabilities in the Internet Explorer 5.0 client. The advisories, MS99-011 and MS99-012 correct the latest cross-frame scripting vulnerability and several other privacy bugs.

99-04-21 - Cold Fusion Holes

Allaire's popular Cold Fusion Application Server software contains a number of vulnerabilities, which may allow remote users to read, delete, and possibly upload arbitrary files to the server. The vulnerability, described in the latest L0pht Advisory, affects servers where the online documentation is installed. Affected sites should apply Allaire's patch immediately.

99-04-20 - Hewlett Packard Advisories

Hewlett-Packard has released a pair of advisories that describe vulnerabilities in its MPE/ix, and HP-UX operating systems respectively. The first advisory, HPSBMP9904-006 describes a condition where local users may gain elevated privileges. The second advisory, HPSBUX9904-097 describes a denial of service condition in sendmail. Affected users should apply the relevant patches.

99-04-20 - Numerous E-Commerce Vulnerabilities

Widespread misconfigurations of popular e-commerce applications (primarily shopping cart software) have recently been brought to light. These common configuration errors may expose entire lists of credit card numbers to outsiders if precautions are not taken. Anyone making use of a third party shopping cart application should take note and determine if they are affected immediately.

For details, and a list of commonly misconfigured software packages, see the original advisory

99-04-17 - Gauntlet, FWTK Random Seed Issue

MSG.net has discovered a problem with the random number generation used in the popular TIS Firewall Toolkit (FWTK), and it's commercial counterpart Gauntlet. The problem, similar to the early Netscape SSL challenge-response issue, may allow attackers to predict, or influence the generation of the so-called random challenge used by the authentication server, authserv. For details, see MSG.net's Advisory.

99-04-16 - Secure Unix Programming FAQ

Thamer Al-Herbish has begun work on a Secure Unix Programming FAQ. This document attempts to condense some of the most pertinent information on writing secure software into one location. Anyone thinking of writing network code under UNIX should consider this mandatory reading.

99-04-15 - NetBSD/OpenBSD Filesystem Panic

NetBSD issued an advisory today describing a bug in their vfs filesystem code. This bug makes it possible for local users to crash the operating systems. OpenBSD is also affected. For details, see NetBSD-SA1999-008, or the OpenBSD Erratum.

99-04-15 - Temporary File Problem in IPFilter

A problem with the handling of temporary files has been identified in Darren Reed's popular IPFilter packet filtering software. The problem may allow malicious local users to overwrite files on the local filesystem, effecting denial of service and other damage. Darren has indicated an interim patch. OpenBSD has their own variant, which avoids a secondary race condition.

99-04-14 - Cisco Access List Leakage

Cisco has released an advisory describing bugs in the IOS software that may allow undesired packet leakage through input access lists. The situation affects users who make use of Network Address Translation (NAT) in conjunction with input access lists. Users employing Cisco devices in this configuration should apply the necessary upgrades immediately. For details, see the Cisco advisory.

99-04-09 - IE 5 Cross-Frame Vulnerability

Georgi Guninski has discovered another cross-frame scripting bug, this time in Internet Explorer 5. This bug may allow malicious web site operators to read files on the local computer, or spoof apparently trusted web sites. For details, see Georgi's description.

99-04-09 - webcom.se Guestbook CGI Problems

The CGI guestbook applications provided by webcom.se are dangerously insecure. A remote user can easily view any file on the local system, so long as the filename is known. Affected users should disable the software immediately.

99-04-09 - Norton Products may Expose Passwords

Certain Norton products, including Norton Antivirus for Internet Email Gateways (ver 1.0.1.7) and Norton Antivirus for Microsoft Exchange (ver 1.5) store clear-text passwords in locations that may be accessible to users. In the former's case, the password is stored in a file called navieg.ini. In the latter, the password is stored in the registry: HKLM\Software\Symantec\NAVMSE\1.5\ModifyPassword. Affected system administrators should take steps to ensure that these passwords are not visible to unprivileged users.

99-04-07 - rsync permissions problem

A minor bug has been identified in the rsync utility, which could cause directory permissions to be inadvertently changed when transferring an empty directory into a nonexistent subdirectory.

This problem has been corrected in rsync 2.3.1, available from rsync.samba.org.

99-04-05 - Procmail Buffer Overflows

A number of buffer overflows in the popular procmail mail processing utility have been discovered. These buffer overflows are present in all versions of procmail prior to 3.12. Patched versions of procmail are available from www.procmail.org, and most Linux distributions.

99-04-05 - Serious Java 2 hole

A serious flaw if the byte code verifier portion of many popular JVM implementations has been identified by University of Marburg's Karsten Sohr. Most versions of Sun's JDK 1.1 and 2, and the Netscape 4 JDK are vulnerable. For more complete details, see the original BugTraq posting and SUN's response.

99-04-05 - Apache/Debian misconfigurations

An information leakage scenario is present in most Debian Linux installations if default web server configurations are used. By Debian policy, web servers must create a symbolic link from /var/www/doc to /usr/doc. This access is not (by default) restricted to localhost. Remote users may then browse the documentation via the url: http://YourIP/doc . This may allow them to determine installed software versions, packages, or other information.

Affected users should change this default configuration. Either restrict access to localhost or disable the feature entirely on sensitive machines.

99-04-04 - Nessus Alpha 2 released

Nessus, the freely available, GPL'ed remote security scanner, is not available in its alpha-2 release. This release includes over 200 vulnerability checks, improved port scanning, and support for many more unix platforms (alpha-1 was Linux only). For details, see the Nessus home page.

99-04-03 - ICQ Web Server vulnerability

Users of the Miribalis ICQ chat client, build 1700 and earlier should be aware of an enormous security hole in the ICQ webserver software. If the ICQ mini-webserver is active (Activate Homepage box checked) any file on the ICQ user's system can be accessed by constructing a URL of the form:

http://yourIP/.html/......../anyfile

Note that the IP address of a given ICQ user can be obtained by visiting the URL http://members.icq.com/ICQ#. Affected users should disable the webserver feature until a fix is available.

99-04-01 - Webramp Denial of Service

ISS has issued an advisory describing two possible denial of service (DoS) attacks against the WebRamp internet appliance. In one case, a carefully formatted HTTP string can cause the device to lock up. In another, a carefully formed UDP packet can be used to change the WebRamp's IP address. See the ISS advisory for details

99-03-26 - HostSentry alpha released

Craig Rowland, leader of the abacus audit tools project, has released a new tool in alpha form. The tool, called HostSentry allows a system administrator to monitor unusual login/logout activity, and trigger an event when unusual activities occur. See the project page for details.

99-03-25 - Cisco Catalyst DoS

A software bug, affecting Cisco Catalyst series 5xxx, 29xx, and 12xx switches has been discovered that may allow remote users to reboot the switch, causing a denial of service scenario. Cisco has released a field notice on the subject. See this notice for details.

99-02-23 - Netbus Pro 2.0 Available

A new version of Netbus is available. This new version communicates on a new default port (20034) and is now user configurable. Additional support for SOCKS 4 servers, a scheduler and the ability to modify registry settings are some of the new features. Security managers should ensure they have the latest virus/trojan scanner updates and as usual, review firewall logs regularly and explore any suspicious network traffic.

99-02-22 - Microsoft Taskpad Scripting Vulnerability

Microsoft has released an advisory describing a vulnerability in the taskpads feature, that is installed as part of both the Windows 98 Resource Kit, and the BackOffice Resource kit. The vulnerability may allow malicious web site operators to run arbitrary executables on a visiting user's machine. For details, see Microsoft Advisory MS99-007.

99-02-20 - A Trio of Advisories

Three new advisories were issued yesterday. Two of these advisories, ISS-990219 and MS99-006, describe vulnerabilities in the Windows NT platform. The third advisory, SGI's 19981101-01-PX addresses a vulnerability in the IRIX ToolTalk RPC service.

99-02-19 - NT 4.0 File-Mapping Object Caching Vulnerability

The L0pht's dildog has discovered a serious Windows NT 4.0 cache vulnerability related to Windows NT's file-mapping object cache. By default, Windows NT permissions allow cache objects to be deleted and replaced, which could allow an intruder to gain administrative access to the system. Source code and executables that demonstrate this vulnerability have been published. For more information, see the L0pht advisory.

99-02-17 - Id Software hacked

Id Software, the creators of Doom, Doom II, Quake, and Quake II, had their web pages hacked sometime this morning according to a posting on the BUGTRAQ mailing list. The intruder apparently used the inherent features of Id Software's web server, Website Pro 2.0, to overwrite their main web page with a “Free Kevin” webpage. This is a good reminder to all of us that sample applications and code should be removed before the server is put online.

For more details see the BUGTRAQ posting.

99-02-17 - BackOffice Exposes Passwords

Microsoft has just released an advisory describing a problem with the BackOffice 4.0 installation procedure which may expose system passwords. It appears that the usernames and passwords for a number of system accounts (SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account) are written to a disk file during installation. This file, named reboot.ini is never deleted. Affected users should delete the file, if present. See MS99-005 for details.

99-02-17 - NFR 2.02 Vulnerability

NAI Labs (formerly SNI) has published an advisory describing a stack overflow vulnerability in Network Flight Recorder 2.02. Details are available in NAI-031. A patch for this vulnerability is now available from NFR.

99-02-16 - FTP Server Vulnerabilities

CERT released an advisory recently describing vulnerabilities in at least two FTP servers. Both ProFTPD 1.20pre1 and earlier, and wu-ftpd 2.4.2 and earlier are known to be vulnerable to a remote buffer overflow. Affected users should disable the FTP daemons immediately until a fix is available. For details, see Cert Advisory CA-99.03.

99-02-16 - Debian Linux Vulnerabilities

Several vulnerabilities, including buffer overflows and a temporary file problem have recently been identified in various Debian Linux packages. ISS Advisory 990215 describes a buffer overflow condition in versions 3.9.6 through 3.11.6 of the Super utility. A Debian advisory describes problems with temporary file handling in the cfengine package. Finally, the ftp issues discussed in CERT Advisory CA-99.03 are known to affect Debian. Patches are available for all three problems. See the Debian Security Alert archive for details.

99-02-11 - New NetBSD advisory

The NetBSD group has released an advisory describing a vulnerability in the netstat utility. According to NetBSD advisory SA1999-002, recent versions of netstat could allow non-root users to read arbitrary kernel memory locations. A patch is available.

99-02-10 - New SUN Advisories

SUN Microsystems has released three new security advisories describing vulnerabilities in the Solaris Operating System. Two of the advisories, 00185 and 00183 describe vulnerabilities that may be exploited to gain root access. The remaining advisory, 00184 describes a condition where arbitrary files could be overwritten by an unsuspecting root user. For details see the respective advisories.

99-02-10 - NT Authentication Processing Bug

Microsoft released an advisory today describing a situation where, under certain conditions, a user could use a blank password to log in and connect to network shares on an NT server. The vulnerability affects only environments including non-win32 (non-Windows 95, 98, or NT) client workstations. Further details are available in Microsoft Security Advisory MS99-004.

99-02-08 - Trojans and Viruses

CERT and CIAC released advisories recently describing recent Trojan Horse and Virus outbreaks respectively. CERT's CA-99.02 describes Trojan Horse activity in general over the last few months. CIAC J-025 describes a new macro virus that has been spotted in the wild. Concerned system administrators should read both advisories for details.

99-02-08 - NAI Re-releases Linux Scanner

Network Associates has re-released a Linux version of its CyberCop Scanner product. When the CyberCop product was first purchased from Secure Networks, NAI dropped the Linux version in favour of Solaris. Now, customer demand has caused the large software vendor to reverse that decision. For details, see PCWeek Online.

99-02-08 - New HP Advisory

Hewlett-Packard released a new advisory today describing a vulnerability in HPUX's rpc.pcnfsd user authentication service. This vulnerability allows local and remote users to make the printer spool directory world writable. Patches are available for the problem. For details, see HPSBUX9902-091.

99-02-08 - nmap 2.06 out

Fyodor has just released version 2.06 of the nmap port scanner. The latest version incorporates many bugfixes, vastly improved TCP fingerprinting code, and improved documentation. Download it here, or visit the nmap home page.

99-02-03 - Serious IIS FTP Vulnerability

Recently, a serious buffer overflow was discovered in Microsoft's Internet Information Server FTP service. This vulnerability may be exploited by a remote user to execute arbitrary code on an IIS server. For this reason, affected users should apply the patch immediately. For details, see the original eEye advisory, and Microsoft MS99-003.

99-02-01 - Two new IE bugs

Georgi Guninski has identified two new vulnerabilities in Microsoft's Internet Explorer 4.0 - 4.01. The first bug circumvents Microsoft's Internet Explorer cross-frame security features. This bug, which could potentially expose local files so long as the filename is known, may also be exploited using an HTML email message. The second bug allows a hostile web site operator to open a browser window that appears to be a trusted site. Unsuspecting users may be duped into providing sensitive information.

No fixes are currently available for these problems. Affected users should disable JavaScript until Microsoft releases a patch. See Georgi Guninski's site for details and examples.

99-02-01 - "Free" Security Scanner Updates

Updates to two freely available security scanners are now available. Nessus, the younger of the two, features a client-server architecture, and graphical interface for Unix, NT, and Java. SAINT, wwdsi's derivative of SATAN, has also been updated. Version 1.3.6 is available from the SAINT website.

99-01-26 - ControlIT Password Vulnerabilities

ISS has released an advisory describing several potential vulnerabilities in Computer Associates' ControlIT (formerly Remotely Possible/32) remote management software. The main issue raised in the advisory is that a weak encryption method is used to transmit usernames and passwords over the network. By employing a network sniffer, an attacker could obtain user or administrator Windows NT passwords. See ISS-990125 for details.

99-01-26 - Wingates k-Line @Home Users

Users of @Home's cable Internet service may find themselves banned from DALNet IRC servers for the time being. Recent denial of service attacks, originating from @Home users running WinGate, have forced DALNet to ban all @Home subscribers until a technical fix can be implemented. Are you running a WinGate? If so, you should definitely read Wingate Technical Note 1146, on how to secure your gateway.

99-01-25 - ActiveX Forms bug affects IE

Users of Microsoft's Internet Explorer product should be aware that the ActiveX Forms 2.0 vulnerability, described in Microsoft Advisory MS99-001 may be exploited through JavaScript of VBScript. Affected users should apply the patches indicated by Microsoft. For details, see Juan Cuartango's site.

99-01-25 - Quakenbush releases SSL-enabled Update

Quakenbush has responded to recent concerns over its Password Appraiser software, which sent Windows NT LANMAN password hashes unencrypted over the Internet. In an announcement on their web site, Quakenbush has indicated a new version is available. This new version is configured to use only SSL-encrypted communications over the Internet. Affected users should upgrade before using the product.

99-01-24 - Minor update - CERT CA-99.01

CERT has released an update to its TCP Wrapper Trojan horse advisory, CA-99.01. In the its original publication, CERT mistakenly asserted that the back door was accessed by initiating a connection to port 421. In reality, the back door is accessed whenever a connection is initiated from port 421. See the updated advisory for details.

99-01-24 - More ftp.win.tue.nl Trojans

Another trojan horse has been discovered on the ftp.win.tue.nl server. Linux Weekly News has reported that the version of util-linux 2.9g posted there contained a trojan horse that would expose usernames and password. This is the second such trojan that has been discovered to date. Until appropriate action is taken, all software on ftp.win.tue.nl must be considered as suspect. Users are warned not to trust any software downloaded from that site unless a PGP signature can be verified.

99-01-22 - TCP Wrapper Back Door

Yesterday, the version of Wietse Venema's tcpwrapper available from ftp.win.tue.nl was replaced with a version containing a back door. This back door spawned a root shell when a connection attempt was received from port 421. CERT has released an advisory on the subject. See CA-99.01 for details.

99-01-21 - Debian ftpwatch Root Compromise

A root compromise has been discovered in the ftpwatch utility shipped with Debian Linux 1.3 and later. Affected users should remove this utility until a fix is available. For more information, see the Debian advisory.

99-01-21 - Frontpage Personal Web Server Bug

Windows 95 and 98 machines running certain versions of Microsoft's Personal Web Server (PWS) are vulnerable to a serious privacy bug. Windows 9x (not NT) machines treat patterns like ... and .... in a directory context as ..\.. and ..\..\.. respectively. Web servers, such as Frontpage's PWS, will mistakenly return directory listings and files from directories outside the virtual root when dot patterns like these are included in URLs. As no fix is currently available, affected users may wish to disable web servers on Windows 95/98 machines machines until further notice.

99-01-21 - Quakenbush Password Fiasco

Today the L0pht released an advisory detailing an enormous vulnerability in the Quakenbush Windows NT password analyser. It appears that the free version of this tool sends your actual Windows NT password hashes over the Internet to its own web server. If a vulnerable hash is found, the result is returned in plaintext (again, over the Internet). This is clearly a very dangerous applications. Administrators should not run this application on any real password file. For details, see the L0pht advisory.

99-01-21 - New Microsoft Advisories

Microsoft issued two new security advisories today. The first, MS99-001 addresses vulnerabilities in the ActiveX textbox control used by many VBA applications. The second advisory, MS99-002 addresses an issue in Word 97's handling of macros in template documents. For details, see the respective Microsoft advisories.

99-01-20 - RSA's Des III Challenge Over

RSA's DES III Challenge is over. The challenge, to successfully break a 56-bit DES encrypted message, was defeated in under 24 hours by the distributed.net effort. The Electronic Frontier Foundation's Deep Crack DES cracking machine found the correct key as part of the massively parallel effort. For complete details, see RSA's press release.

99-01-20 - New Sendmail Denial of Service

A denial of service vulnerability has been identified in the latest version of sendmail (8.9.2). This bug, caused by email message with an abnormally large number of header lines, can cause sendmail to use an excessive amount of CPU, effectively holding up the mail spool. No official patches are available yet, though third party patches are available.

99-01-20 - NetBSD TCP/IP Denial of Service

A denial of service vulnerability has been identified in NetBSD, and possibly other 4.4-derived BSD implementations. The vulnerability, a race condition in the handling of extremely short-lived TCP sessions, has been patched by the NetBSD developers. See NetBSD SA1999-001 for details.

99-01-20 - nmap 2.03 available

A minor upgrade of the nmap port scanner is now available. 2.03 can be retrieved from our downloads page, or the nmap home page.

99-01-19 - AntiOnline becoming a Portal

AntiOnline, John Vranesevich's popular site devoted to the Computer Underground, is set to make the transformation into The AntiOnline Network. This network is to be a collection of six sites, each with a slightly different focus on the Computer Underground. For details, visit AntiOnline.

99-01-19 - Vulnerability in Backweb Protocol

ISS has identified a vulnerability in the Backweb Polite Agent Protocol that may allow malicious users to spoof Backweb server responses. Because the Backweb protocol lacks any strong method of authentication, responses sent to a backweb server may be spoofed by a third party, which could result in arbitrary software getting installed on client machines. Details are available in ISS-990118.

99-01-18 - Cisco Port 1999 Feature

Cisco routers appear to contain a feature which allow them to be identified by sending packets to port 1999. Though the ability to detect a Cisco router is present in other types of software (notably nmap), system administrators should likely be aware of the port 1999 feature.

Briefly, when a packet is sent to port 1999, the router responds with a RST as expected. Examination of the RST packet, however, will reveal a payload containing the word cisco. Concerned sysadmins may wish to block access to the port in question.

99-01-17 - Linux SLang/DOSemu Buffer Overflow

The version of SLang shipped with DOSemu prior to 0.99.6 is vulnerable to a buffer overflow. A fix is available in the 0.99.6 pre-release. Affected users should upgrade immediately.

99-01-13 - Apache 1.3.4 released

The Apache group has just released the latest version of their popular web server software. Version 1.3.4 fixes a few bugs, including one potential denial of service attack. See the Apache release notes for details.

99-01-12 - mSQL Buffer Overflows

Sekure SDI has just released an advisory describing buffer overflows in the mSQL database package. These overflows can lead to denial of service (in any version of mSQL), and arbitrary command execution in versions 2.0.2 and prior. See the sekure SDI advisory for details.

99-01-10 - CGI Buffer Overflow

Thomas Boutell's CGIC library of CGI-based web applications (versions 1.05 and previous) has an exploitable buffer overflow which could allow an attacker to insert and execute arbitrary code on the affected system. For details on the bug see Bugtraq's report. For the free upgrade see Boutell's web site.

99-01-09 - L0pht tmp tool released

Mudge (of L0pht fame) has just released the first version of his tool for monitoring temp file directories. For details. see the L0pht mini-advisory.

99-01-08 - NFR 2.0.2 Released

The latest version of Marcus Ranum's Network Flight Recorder project (version 2.0.2 Research) has just been made available. This version marks a slight departure from previous versions as both a Research (freely downloadable), and Commercial (available only through resellers) version have been released. Differences between the versions are minor, and relate primarily to performance on 100 MBit networks. See NFR for details.

99-01-06 - l0phtcrack 2.51 Bugfix

A minor bugfix was issued for l0phtcrack today, involving that application's handling of temporary files. Affected users should download the latest version.

99-01-06 - DoS Vulnerability in IntraNetWare Client

SecureXpert Labs have released an advisory detailing a denial of service vulnerability in the Novell IntraNetWare client version 3.0.0.0 for Windows 98 and Windows NT. Details are available in the SecureXpert Advisory SX-98.12.30-01.

99-01-05 - l0phtcrack 2.5 Released

The L0pht has just released the latest version of its Windows NT/9x password cracker. Version 2.5 includes massive performance enhancements, improved "hybrid" password cracking, and improved SMB packet capturing capability.

For more information, visit the L0phtCrack home page, or download your own copy.

99-01-05 - L0pht Identifies SMB Protocol Bug

In the wake of the L0phtCrack 2.5 release, Weld Pond of the L0pht has identified a potential vulnerability in the Windows 95/98 implementation of the SMB networking protocol.

The vulnerability occurs when a user connects to a Windows 9x share. Rather than generating a unique challenge each time this connection is made (a key part of any cryptographic challenge-response algorithm), the challenge is re-used for approximately 15 minutes. This means that anyone intercepting the challenge-response can simply replay it to gain access to the share.

No patch is yet available. See the L0pht Advisory for details.

99-01-04 - OpenSSL Project Announced

C2Net, creators of the Stronghold Web Server product, and Ralf S. Engelschall, author of the Apache mod_ssl and mod_rewrite modules have just announced the creation of the OpenSSL project.

OpenSSL is intended to ensure that a freely available implementation of the Secure Sockets Layer protocol exists and is actively maintained. For details, see www.OpenSSL.org

99-01-04 - Potential PAM Bug

A potential vulnerability has been identified in the Linux implementation of PAM (Pluggable Authentication Modules). The vulnerability, a race condition in the pam_unix_passwd.so is not exploitable in the default configuration of Red Hat Linux, as this shared library is not used. Custom configurations, however, may be vulnerable to this bug. A fix is available from Red Hat. See the Red Hat Errata page for details.

99-01-03 - L0pht Advisory: DataLynx suGuard

Dr. Mudge of L0pht fame has just released an advisory describing vulnerabilities in DataLynx's suGuard application. suGuard, a commercial product similar to sudo, will allow any user configured for suGuard to run arbitrary commands as root. For complete details, see the L0pht Advisory.

99-01-03 - Buffer Overflows in Debian netstd

At least two buffer overflows have been identified in the Debian Linux netstd package. The affected binaries are the bootp and ftp clients. An updated package is available from Debian. See Debian's Security Advisory for details.

99-01-03 - Tigris Access Server Vulnerability

Advanced Computer Communications manufactures and distributes a terminal server system called Tigris. The login part of the server that allows unauthenticated commands to be run by users has a flaw. Once exploited, the flaw allows users to to execute non-privileged commands from the server. See Bugtraq's report for more details.

99-01-01 - Are You a Smurf Amplifier?

A new repository of smurf amplifying networks (networks that respond to broadcasted ICMP packets) has recently come online. netscan.org's database contains over 132,729 networks vulnerable to directed broadcast (smurf) attacks. Want to check if you have a problem? Visit netscan.org, or use a tool like nmap to test it yourself.

98-12-31 - Sendmail 8.9.2 Released

Sendmail version 8.9.2 was released today. This version includes minor bug fixes, a fix for a Linux-based Denial of Service attack, and optional protection against the MIME Buffer Overflow attack. See www.sendmail.org for details.

98-12-29 - sshd2 Privileged Port Problem

A bug in the ssh2 Secure Shell daemon, versions 2.0.11 and earlier, allow non-privileged users to redirect privileged TCP and UDP ports. A patch for ssh2d 2.0.11 is available from SSH. Affected users should apply this patch as soon as possible.

98-12-29 - SCO OpenServer Enterprise Calserver Buffer Overflow

SCO's OpenServer Enterprise calserver has a locally and remotely exploitable buffer overflow which could give an attacker root access. The calserver is at risk only if it is set to 'network' mode, which is not its default setting. See the BugTraq posting for details.

98-12-26 - BNC IRC Proxy Buffer Overflow

The BNC IRC Proxy server contains a remotely exploitable buffer overflow flaw that could allow attackers to run arbitrary commands on the server. See the BugTraq posting for details.

98-12-25 - Phrack 54 Released

The latest issue of the popular Phrack e-zine was released today. Phrack 54 is available locally, and at all of the popular phrack mirrors, including www.phrack.org. Happy Christmas Reading!

98-12-24 - Grandson of Cuartango Hole

Juan Carlos Cuartango has identified yet another bug in the Microsoft Internet Explorer software. This latest bug allows a malicious web site operator to create a false web browser frame, imitating a window on a legitimate web site. All versions of Internet Explorer 3 and 4 are believed to be affected. See MS09-020 for details.

98-12-24 - Cookie Implementation Flaws

An interesting flaw in the way cookies are handled on most browsers has been identified by Oliver Lineham and Arun Stephens. This flaw, which affects web sites operating in generic domains outside the big 7 (com, edu, gov, mil, net, org, and int), allows cookie values to be returned to sites outside the control of the originating site. For details, see Oliver Lineham's paper on the subject.

98-12-24 - nmap Crash Potential

Though this issue has been mentioned before, it's recent appearance on BugTraq makes it worth another mention. Many scanning tools, such as the recently released nmap 2.02, can have adverse effects on certain TCP/IP stacks. In the case of nmap, many embedded devices, certain inetd daemons, and old (pre 7) versions of Solaris may stop responding, or even crash as a result of an nmap scan. A summary of affected platforms is available in the BugTraq archives.

98-12-24 - BackWeb Cleartext Passwords

BackWeb, a program that automatically updates customers software over the Internet, has a flaw in that it stores the customers username and password used for connecting to the upgrade site in cleartext. More details are available at NTBugTraq.

98-12-22 - CERT Issues TCP/IP Advisory

CERT has just issued an advisory describing a denial of service attack against BSD-derived TCP/IP implementations. The attack, which appears to be a combination of fragmentation and a ping-of-death style attack, can cause the target system to crash. Older versions of BSDI (3.1 and earlier), FreeBSD (pre 2.2.8, 3.0), and OpenBSD (2.3 and 2.4) are known to be vulnerable. Patches are available for all three of these systems.

98-12-22 - Cisco IOS 12.0 Denial of Service

The release the nmap version 2.0 scanning tool has unearthed a number of vulnerabilities in widely distributed TCP/IP stacks. Cisco has announced that certain versions of its IOS TCP/IP stack are vulnerable to crashes when certain packets are sent to the router syslog port. So far, IOS versions 12.0x, 11.3AA, and 11.3DB are known to be affected. See the Cisco advisory for details and a workaround.

98-12-22 - FTP Client Vulnerability

A potential vulnerability has been discovered in the ftp client shipped with RedHat Linux 5.2 (and earlier). A fix is available from RedHat. See the RedHat errata page for details.

98-12-22 - “DES Challenge III”

In order to demonstrate that the U.S. Government's standard for encryption is too weak, RSA Data Security has issued an encryption challenge. RSA Data Security is offering prize money to whomever can crack a DES encrypted file and reveal the plain text message. The prize, which will go to the first person or team that cracks the code is $10,000 US if done in under 24 hours and $5000 US if done in under 48 hours.

98-12-21 - Microsoft IIS Denial of Service

Microsoft has just issued an advisory identifying vulnerabilities in its Internet Information Server (IIS) 3.0 and 4.0 products. The vulnerability, affecting the IIS GET method, may allow remote users to cause IIS to hang or crash. For full details, see MS98-019

98-12-21 - New Virus Hits

MCI WorldCom announced the discovery of a new virus. The virus, called “Remote Explorer,” moves through Windows NT networks running in administrator mode, encrypting data files and compressing executable files so programs cannot be launched. The virus can be sent over the Internet but cannot be activated this way. Risk of infection for typical systems is low, however, Network Associates has posted a patch on its web site.

98-12-17 - New SUN Advisories

SUN Microsystems has just released three advisories describing vulnerabilities in the Solaris operating system. The First, 00180, describes remote buffer overflow and local denial of service issues with the BIND DNS daemon. The second, 00181, describes local denial of service vulnerabilities in passwd. Finally, 00182 describes buffer overflows in the dtmail mail client. Affected users should apply patches immediately. See the advisories for details.

98-12-15 - NMap 2.00 Released

Fyodor has just released version 2.00 of his network security auditing tool, NMap. NMap is primarily a port scanning tool, with myriad options for performing (and disguising) the scan. The 2.00 release also includes TCP fingerprinting technology for operating system identification.

NMap 2.00 is available for download on the Codetalker Downloads page, or from the NMap Home Page. For more information, see www.insecure.org/nmap.

98-12-14 - Wassenaar Arrangement

98-12-03 What could a military de-arming agreement possibly have to do with information security? Well, it seems the U.S. Government has persuaded 33 other nations, the same ones that signed the Wassenaar Arrangement limiting arms export, to put export controls on data encryption software and products. This comes at a time when the U.S. Government is having a hard time selling controls to its own citizens.

98-12-14 U.S. Government officials are preparing a document for loosening controls on encryption standards for financial institutions and e-commerce businesses.

98-12-11 - IBM Releases Secure Mailer

IBM has just released Secure Mailer, a secure alternative to the widely deployed sendmail daemon under an open source license.

Secure Mailer, or Postfix was developed by Wietse Venema, and was formerly known as VMailer. For details, See Wietse's postfix page, or IBM's AlphaWorks.

98-12-11 - Fugitive Caught

Justin Petersen, a fugitive for breaking parole was captured by U.S. Marshalls in Los Angeles. Petersen, who was convicted of electronically breaking into a financial institution and stealing $150,000 U.S., is more infamous for his role as an FBI informant in the arrest of Kevin Mitnick.

98-12-10 - New Advisories: ISS, SGI

Two advisories relating to denial of service were released today. The first (19981201-01-PX), from Silicon Graphics, describes a problem in the FibreVault status monitor, fcagent. The second (ISS-981210), issued by ISS, highlights problems with older HP JetDirect firmware. Users concerned about denial of service should review these advisories.

98-12-09 - Mergers & Acquisitions

98-12-09 CyberSafe, an American information security company, purchased Sagus Security, an Ottawa based information security company.

98-12-08 Alladin Knowledge Systems, an information security company bought eSafe Technologies, a company that makes anti-virus software, among other things.

98-12-07 - New Hewlett Packard Advisories

Hewlett Packard has just released two advisories addressing problems in the HP-UX operating system. The first advisory, HPSBUX9812-090, fixes problems in many of the Berkeley r-commands.

The second advisory, HPSBUX9812-089, describes the spam-defeating enhancements to Sendmail 8.8.6. For detailed information, see the individual advisories.

98-12-04 - Buffer Overflow in Solaris MCookie

Repent Security Inc. has discovered a buffer overflow condition in the Solaris mcookie utility. The overflow, which relates to the $HOME environment variable, may allow local users to gain elevated privileges. No patch is currently available. See RSI Advisory RSI-0012 for details.

98-12-03 - John the Ripper 1.6 Released

Solar Designer has just released the latest version of his excellent John the Ripper password cracker. This latest version supports two new password styles (WinNT LM Hash and Kerberos AFS), and contains a number of bugfixes and portability enhancements.

See the John the Ripper homepage for details. A local copy is available for download from our downloads page.

98-12-03 - Bug in Exceed v6.0.1.0

Readers of the BugTraq mailing list have identified a bug in the Exceed X server for Windows 95, 98 and NT. The bug causes a file called test.log to be created in the root directory of the client workstation. This file can contain username and password information for remote connections in cleartext.

The problem has been corrected in Exceed 6.1 Affected users should upgrade immediately.

98-11-30 - RSI Advisory Updated

Repent Security Inc. has updated it's recent advisory detailing attacks the IRIX autofsd daemon. The original advisory described how a local user could exploit the autofsd daemon to gain root privileges. The updated advisory indicates that a remote vulnerability also exists, and it affects both the IRIX (SGI) and AIX (IBM) platforms. See SGI's 19981005-01-PX, IBM's ERS-SVA-E01-1998:004.1, or the updated RSI.0010a for details.

98-11-30 - HP OpenView SNMP Issue

Hewlett-Packard issued an advisory for its HP 9000 series 700/800 because of a SNMP security vulnerability. The problem is in HP OpenView, where a SNMP community string allows access to certain SNMP variables. For more details see HP Security Advisory HPSBUX9811-088.

98-11-25 - XFree86 3.3.3 Released

The XFree86 group has just released their latest version of the core X Windowing system code. This update addresses all known security issues in XFree86 and adds support for a number of new cards and platforms. See www.xfree86.org for details.

98-11-25 - New Navigator Privacy Bug

A new privacy bug in the Netscape Communicator browser has been identified by Georgi Guninski. This bug, which is known to affect at least Communicator 4.5 for Win95, 4.5 for Linux, and 4.05 for WinNT, allows malicious web site operators to view any directory or file on the local computer if both Java and JavaScript are enabled.

No patch is yet available. As a workaround, disable either Java or JavaScript in your browser. Full details are available at Georgi Guninski's site.

98-11-25 - NT Administrator Password Exposed!

A problem with Computer Associates' Innoculan and ArcServe products has recently been discovered by readers of the NTBugtraq mailing list.

It seems that when either of the Innoculan or ArcServe products are installed on an NT server that is also running Microsoft Exchange 5.5, a log file is created that either indicates the number of characters in the NT administrator's password, or exposes the plaintext password directly.

Users of either Innoculan, or ArcServe should check for the existence of a file called c:\exchverify.log, and delete it if necessary. No Patch is currently available. Affected users should contact CAI immediately.

98-11-24 - Radio Station E-mail Hoax

An attacker broke into WHFS (99.1 FM) radio station's e-mail system and e-mailed recipients of the stations entertainment news that a concert had been cancelled. The popular radio station in Landover, Maryland received thousands of e-mail replies in a matter of days from angry would-be concert goers.

98-11-24 - The Merger of the Year

America OnLine acquired the popular browser software maker, Netscape, for $ 4.2 billion (US) worth of stock. The package includes Netscape's NetCenter which has approximately 9 million users and was contributing an increasing revenue stream to Netscape. This will also put AOL in the lead for the most business and home users for the portals. The deal also includes a co-operative with Sun Microsystems who will develop Netscape software. It is also believed that AOL and Sun Microsystems have plans to develop a turn-key e-commerce software package that will run on a Java based operating system with Netscape software for which AOL will act as the portal for transactions.

98-11-23 - Microsoft Patches Named Pipe Vulnerability

Microsoft has issued a fix for yet another denial of service type attack against the Windows NT operating system. This latest attack, which involves sending streams of garbage to named pipes via the RPC service, can cause a Windows NT machine to consume 100% of the CPU. See MS98-017 for more information.

98-11-23 - SGI Patches autofsd Issue

SGI has just released an advisory addressing a recent vulnerability in the IRIX autofsd daemon. The vulnerability, first identified by Repent Security Inc. in their RSI-0010 advisory, details a possible remote root compromise. Affected users should apply the fixes immediately. See 19981005-01-PX for details.

98-11-20 - NEW ADVISORIES: Samba, NetBSD, RSI

Three advisories were released today. The first involved a vulnerability in the samba networking package distributed as part of Red Hat, Caldera, and TurboLinux Linux distributions. See SAMBA-981120 for details.

The second advisory, issued by the NetBSD development team, describes possible bounds checking vulnerabilities in device drivers providing mmap access. See SA98-0005.

Finally, Repent Security Inc. recently released an advisory describing vulnerabilities in AIX's infod information explorer. See RSI-0011 for details.

98-11-18 - Microsoft Updates Cuartango Patch

Microsoft has just released an updated version of it's patch for the Cuartango, or Untrusted Scripted Paste vulnerability. The new patch corrects the original vulnerability, as well as a new variant. See the updated Microsoft Advisory (MS98-015) for details.

98-11-18 - NEW ADVISORIES: SUN, KDE

SUN Microsystems released an advisory today addressing buffer overflows in its rdisk utility. See Sun #00179 for details.

Also today, the KDE group released a new utility that allows system administrators to remove the setuid bit from most KDE executables (KDE-981118). Shortly after the utility was released, they released a second advisory detailing a number of additional problems (KDE-981118B).

98-11-17 - Red Hat 5.2 Vulnerabilities

The first set of security fixes has just been made available for the recently released Red Hat Linux 5.2. These fixes address vulnerabilities in:

• samba [i386] [alpha] [sparc]
• sysklogd [i386] [alpha] [sparc]
• libc [i386]
• svgalib [i386]
• zgv [i386]

Red Hat releases prior to 5.2 may also be affected by these fixes. See the Red Hat Errata page for more information.

98-11-17 - NT SNMP Vulnerability

NAI's Security Lab (formerly Secure Networks Inc) released an advisory today detailing a vulnerability in the default configuration of Windows NT's SNMP service. By default, NT's SNMP service ships with a community string of "public". By guessing this string, remote users can view critical system information such as users, shares, and TCP/IP connections and routing information. Worse, an attacker may use these variables to change routing tables, effect denial of service, or perform any number of network-based attacks.

The solution is to either disable the SNMP service, or change the default community string to something hard to guess. NT4 SP4 adds access control to each setting as well. See NAI-30 for details.

98-11-16 - NEW ADVISORY: ISS

ISS today released an update to two of its previously published advisories. ISS-981116 includes updated patch information on its Hidden community string in SNMP implementation and BMC PATROL File Creation Vulnerability advisories.

98-11-16 - HP Vacation

Hewlett-Packard released an advisory affecting its HP 9000 series 700/800 running HP-UX versions 9.x, 10.x, and 11.0. The vacation program in these versions erroneously passes parameters to sendmail which would allow remote users to modify system files. For more details see the HP advisory.

98-11-12 - Communicator 4.08 Released

Netscape has just released Communicator version 4.08. This version fixes all known privacy bugs (including the latest 4.5 bugs), and includes most of the functionality of 4.5.

98-11-10 - New CGI Vulnerabilities

A number of CGI Scripts available at the popular www.cgi-resources.com site are vulnerable to remote exploit. The vulnerable scripts are:

• HAMcards Postcard script v1.0 Beta 2
• Hot Postal Services
• RC Bowen's Postcards
• LakeWeb's File Mail and Mail List
• Sam Kareem's Webcards v1.6

Users or ISPs who have installed these scripts should disable them until fixes are available.

98-11-09 - Microsoft Moves Service Packs

Microsoft has changed the location where Service Packs (including the latest Windows NT Service Pack 4) may be downloaded from. This change comes about as a result of the outsourcing of high-volume downloads.

To obtain Windows NT Service Pack 4 in its new location, see http://www.microsoft.com/support/winnt/default.htm

98-11-09 - Stackguard Protected SSH Released

Since the announcement of the recent rootshell break in, there has been much debate as to whether SSH version 1.2.26 was vulnerable to buffer overflow attacks. Although no clear resolution has occurred, worried system administrators may want to install the StackGuard protected version of SSH. (NOTE: These RPMs are for US and Canada-based users only. International users should recompile SSH themselves.)

For more information on StackGuard, see the StackGuard project page.

98-11-05 - Undocumented SNMP strings

ISS has just released two new advisories describing undocumented SNMP community strings in both HP Openview, and the Solaris 2.6 SNMP daemons. The Openview problem relates to an intruder's ability to view SNMP variables, and possibly disrupt SNMP data collection. The Solaris vulnerability is far more serious, and may allow a remote user to execute arbitrary commands on the Solaris machine with root privileges.

For more information, see the Openview and Solaris Advisories.

98-10-28 - Rootshell Hacked

Rootshell.com, the popular web site featuring Internet security news and information was hacked into at 5:12am October 28, 1998. System administrators took the site off-line at 6:00am and had it fixed within hours of the hack. The hackers also threatened another Internet security advisory site, Antionline.

The hacked web page is mirrored here. For details see the News.com story.

98-10-27 - Operating System Detection

One of the starting places for an intruder wanting to break into a system is to determine the operating system type. In the past month two new programs were made available to accomplish this very task using a technique called TCP Fingerprinting.

Queso, the original TCP fingerprinting tool, runs under Linux and is available at www.apostols.org/projectz/queso. Nmap, Fyodor's popular port scanner, plans to incorporate these features in the next release, currently in beta.

98-10-27 - Microsoft getting into Smart Cards

Microsoft is looking to extend its Windows operating system to the world of smart cards.

Smart Cards, long used for storing data on mobile phones and banking online are credit card sized and feature a computer chip with limited processing power and memory. For more information, visit Microsoft's Smartcard Resource.

98-10-27 - Navigator 4.5 Bug

A new bug has been discovered in the latest version of Netscape Communicator 4.5, the version that fixed the “cache cow” bugs, as well as Navigator 3.x and 4.07. This bug only affects those versions of Navigator when running on Windows. See Netscape's advisory page for full details.

98-10-26 - Microsoft Information Leak

Personal Data of approximately 108,000 Microsoft Money customers was briefly available over the Internet to anyone knew how to look for it. The site exposing the personal information, hosted by Softbank, was pulled later that evening when Microsoft officials were made aware of the problem.

For complete story see the Computerworld story.

98-10-26 - Cisco Designs VPN Routing Device

Cisco Systems has designed a routing device that is intended for secure high speed access over the Internet. It is based on virtual private networking (VPN) protocols. See Cisco's 1720 series page for details.

98-10-21 - NT 4.0 SP4 is here!

The long awaited service pack SP4 for Microsoft's Windows NT is now available and can be downloaded at Microsoft's ftp site. As far as installing goes, however, downloader beware. Service Pack upgrades are rarely seamless.

98-10-20 - Netscape's MIME Type Buffer Overflow

Dan Brumleve has uncovered another bug in the Netscape browser. This bug, an exploitable buffer overflow in Netscape's handling of MIME, applies only to Unix versions of the browser software. Affected versions include Netscape Navigator 3.0x, 4.0x, and Communication 4.5. Details are posted on Dan Brumleve's web page.

98-10-16 - Dalco Electronics Hit

Dalco Electronics suffered a major breach in security recently when three teenagers managed to steal over 8000 credit card numbers from the company's servers. The credit card numbers were stored unencrypted on the company's servers long after the transactions were processed. For details, see the Wired News story.

98-10-16 - AOL, Where Are You?

13 million America Online (AOL) users suffered a mail outage recently when a forged form sent to the InterNIC requested that AOL's authoritative name servers be changed. Email was bounced back and eventually rerouted to Autonet.net. Apparently AOL had opted for the default method of securing access to InterNIC changes, and not the infinitely stronger PGP-based method. For details, see Hack puts AOL off limits or AOL: 'You've got weak security!'

98-10-13 - Computer Combination Lock

Sandia National Laboratories has announced a product called “The Recodable Locking Device” that may be used to secure microchips from unauthorised access. The small device is a micromachined combination lock that would be built into a chip and allow users one chance to enter a correct password before shutting down. Once shut down, the chip must be physically reset. The device is not expected to be commercially available for another two years.

98-10-07 - Son of Cache-Cow Netscape Vulnerability

Dan Brumleve has found and exploited another Netscape Communicator cache/JavaScript vulnerability in the newly released Communicator 4.07. This version was released to fix the "Cache-Cow" vulnerability found by Dan in late September. (Actually, all versions of Communicator have been confirmed to be vulnerable)

The workaround? Turn off JavaScript. See http://www.shout.net/~nothing/son-of-cache-cow/index.html for more information.

98-10-01 - Snork Denial of Service Attack

ISS has discovered a new denial of service attack against Windows NT machines. This attack is launched by sending a RPC datagram to the target host with a spoofed return address. The targeted server responds to the call as if the datagram had come from another server. The two servers then end up sending error messages back and forth creating an ongoing loop until the bad packets are dropped. This typically results in the two servers taking up bandwidth and processing power, leaving authorised users hanging. Windows NT 4.0 Workstation and Server, including the Terminal Server Edition are vulnerable to this attack. Microsoft has released a patch for this issue. For more details, Microsoft's security advisory MS98-014 or the ISS Snork Advisory.

98-09-29 - "Cache-Cow" Netscape Communicator Vulnerability

Dan Brumleve has found and exploited a Netscape Communicator cache/JavaScript vulnerability in all versions of Communicator and Navigator 3.x .

See http://www.shout.net/~nothing/cache-cow/index.html for more information.

98-09-14 - New York Times Site Attacked

Hacking for Girlies (or H4ck1ng F0r G1rl13z) has struck again. The group responsible for the recent NASA JPL attack has also hit the New York Times website. A mirror of the hacked page is available at http://24.0.214.250/~comega/nyt/index.html

98-09-04 - Fix for IE Privacy Bug

Microsoft has just published a fix for a privacy bug affecting the latest version of Internet Explorer. The bug, known as the cross frame navigate vulnerability, may allow remote users to read files from your local machine. See Microsoft advisory MS98-013 for more information.

98-09-03 - NASA JPL Web Site 'Hacked'

The NASA JPL WWW page suffered an embarrassing fate when it was recently replaced by a group calling themselves H4ck1ng F0r G1rl13z. A mirrored version of the page is available at http://www.security.org.il/mirrors/www.jpl.nasa.gov/.

98-09-03 - Linux NFS Servers Vulnerable

A vulnerability has been discovered in a number of Linux-based NFS servers. Affected users should check with their vendors for patches. Red Hat and Caldera have both issued patches for this issue.

98-09-03 - Exposé: Back Orifice

Back Orifice was being featured in this month's Codetalker Digest. For complete details, see Digest 2.09.

For past months Codetalker News articles, please see the Codetalker Digests

©

• Rants
• Guides
• Library
• Who
• RSS