New Slapper worm variants spread

Security 10912 Published by Philipp Esselbach 0

InfoWorld reports that two new variants of the Slapper worm have appeared

"The latest variants of the original Slapper.A worm use different UDP ports to communicate with other infected servers, and have different names from the original worm. While Slapper.A uses the name "bugtraq" and relies on UDP port 2002, Slapper.B is called "cinik" and uses port 1978 while Slapper.C is named "unlock" and uses port 4156, according to an advisory published by F-Secure."

Read more

New Security Updates for Mandrake

Security 10912 Published by Philipp Esselbach 0

MandrakeSoft has released two security updates:

Security Advisory MDKSA-2002:060 : tcltk
Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library.

Read more

Security Advisory MDKSA-2002:061 : glibc
A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability.

Read more

Slapper worm smarting less

Security 10912 Published by Philipp Esselbach 0

CNET News has posted another article about the Slapper Worm

"Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's spread has fallen far short of the biggest attackers in recent times. For example, Code Red infected 400,000 servers last summer. And according to the "National Strategy to Secure Cyberspace," the Nimda virus compromised 86,000 systems last fall.

Perhaps most telling, security experts are already talking about Slapper in the past tense."

Read more

Linux worm causes peer pressure

Security 10912 Published by Philipp Esselbach 0

CNET News has put up another article about Slapper worm:

The Linux Slapper worm had compromised more than 6,700 servers as of early Monday morning, and it continues to create a peer-to-peer attack network that could shut down even corporate Internet connections.

Read more

Sun Cobalt RaQ and Slapper

Security 10912 Published by Philipp Esselbach 0

Michael Stauber has posted a temporary hotfix for the Slapper worm on Sun's supportforum:

"As root and from within SSH (or Telnet, which you should have disabled as a security precaution) issue the following command:

chmod 700 /usr/bin/gcc

It will remove most of the executable bits from the GCC compiler so that the compiler is only available to user root, but not to ordinary users or the httpd process. The more drastic approach would be to deny the compiler to all users including root:

chmod 600 /usr/bin/gcc

As said: The worm can still exploit the Apache hole to get in, but it then won't be able to compile the exploit code on the RaQ."

Read more

Linux worm creating P2P attack network

Security 10912 Published by Philipp Esselbach 0

CNet News has posted another article on the new Linux Worm "Slapper":

The worm seems to spreading fairly rapidly, according to security firm Symantec, which early Friday detected about 2,000 infected computers actively attacking, a number that climbed to 3,500 late Friday. The company's security personnel could not be contacted for comment Saturday.

Read more

Linux server worm exploits known flaw

Security 10912 Published by Philipp Esselbach 0

Saw over CNET News:

"Designated "Linux.Slapper.Worm" by security firm Symantec, the self-replicating program may have originated in Europe and threatens Linux servers that offer an encryption feature known as Secure Sockets Layer, the standard method for encrypting sensitive Web traffic, through a common extension to the open-source Apache Web server."

Read more

New wordtrans packages for Red Hat 7.3

Security 10912 Published by Philipp Esselbach 0

New wordtrans packages for Red Hat Linux 7.3 has been released:

Updated wordtrans packages are now available for Red Hat Linux 7.3 which fix remote vulnerabilities in wordtrans-web.

The wordtrans-web package provides an interface to query multilingual dictionaries via a web browser. Guardent discovered vulnerabilities which affect versions of wordtrans up to and including 1.1pre8.

Read more

Ethereal Update for Debian

Security 10912 Published by Philipp Esselbach 0

An Ethereal update for Debian GNU/Linux has been released:

"Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.

This problem has been fixed in version 0.9.4-1woody2 for the current stable distribution (woody), in version 0.8.0-4potato.1 for the old stable distribution (potato) and in version 0.9.6-1 for the unstable distribution (sid)."

Read more

New Mantis Package for Debian

Security 10912 Published by Philipp Esselbach 0

A new updated Mantis package for Debian GNU/Linux has been released:

"A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id."

Read more

New Security Updates for Debian & SuSE

Security 10912 Published by Philipp Esselbach 0

New security updates for Debian GNU/Linux and SuSE Linux are available

Debian GNU/Linux:
DSA-160-1 scrollkeeper -- insecure temporary file creation

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.

Read more

SuSE Linux:
glibc: local/remote privilege escalation

An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.

Read more

PXE Server Update for Red Hat

Security 10912 Published by Philipp Esselbach 0

Red Hat has released a new security update for Red Hat Linux:

"Updated PXE packages are now available for Red Hat Linux which fix a vulnerability that can crash the PXE server using certain DHCP packets.

The PXE package contains the PXE (Preboot eXecution Environment) server and code needed for Linux to boot from a boot disk image on a
Linux PXE server.

It was found that the PXE server could be crashed using DHCP packets from some Voice Over IP (VOIP) phones. This bug could be used to cause a denial of service attack on remote systems by using malicious packets."

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...