💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HNS › issue054.… captured on 2021-12-03 at 14:04:38.
-=-=-=-=-=-=-
HNS Newsletter Issue 54 - 12.03.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Current subscriber count to this digest: 2014 Table of contents: 1) General security news 2) Security issues 3) Security world 4) Security software 5) Defaced archives General security news --------------------- ---------------------------------------------------------------------------- DEMONIZING CRYPTOGRAPHY Judging from recent headlines, one would think cryptography is responsible for all current evils, from child pornography to global terrorism. But is it really something to fear? Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.unixinsider.com/unixinsideronline/swol-02-2001/swol-0223-unixsecurity.html HACKING EXPOSED REVIEW If you spend enough time with Hacking Exposed, you could probably learn enough to start hacking networks yourself, although anyone else who has the book could probably learn enough to stop you. The fact is, if you really want to protect your network, you�ll need more information than any one book can hold. But if you want a head start on keeping your network safe, make sure Hacking Exposed is on your bookshelf. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.unixreview.com/books/casad/0102Hackex.shtml BUSH FORWARDS CLINTON INFRASTRUCTURE SECURITY REPORT The Bush administration has forwarded to Congress a report on the Clinton administration's efforts to protect the nation's most critical computer systems from cyber-attack. The 200-page study was completed more than a week before Bill Clinton left office, but never was signed by Clinton or forwarded to Congress, as required by law. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/03/05/news11.html SHOCKS WITH PHONE BILLS Annette Leech received quite an unpleasant surprise when she was informed that $700 of calls had been rung up on her phone in a single afternoon. Watch out what are you downloading, because there are lot of programs that dial sex lines through your computer. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.smh.com.au/news/0103/05/national/national2.html VIERIKA WORM F-Secure has issued a level two alert to users of its Radar virus alerting service this morning. The firm has warned about a visual basic worm called Vierika, which is known to be circulating "in the wild." As usual with VBS viruses, F-Secure said that this worm spreads like LoveLetter. The firm said it consists of two different script parts: one that arrives in an MS-Outlook message as an attachment and another that is available on a Web site. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162695.html SURVEY: BREACHES DRIVE SECURITY UPGRADES A major security breach within a company is the single greatest catalyst for effecting increased security measures across that organization, according to the results of a recently released survey from IDC. Other big drivers of increased security measures include the growth in Internet usage and the trend toward mobile computing, according to IDC. A majority of the 1,000 companies that responded to the survey identified viruses as the most common security problem, with 90% saying they had been hit by a virus. The other most common security problem was unauthorized use of system resources and data. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO58255,00.html CHECK POINT FIREWALL-1 ON LINUX, PART TWO This article is the second in a series of three by SecurityFocus writer David "Del" Elson that looks at Check Point Firewall-1 for Linux. The first article consisted of a brief introductory overview of Firewall-1, and a discussion of installation, post-installation tasks, as well as single and multi-system installations. This installment will cover Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. The final article will then discuss aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installation to Linux, and back-up and standby configurations. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/linux/articles/checkpoint2.html SQL 7.0 SECURITY MODES COVERED In this article, Alexander Chigrik talks about two security modes (authentication modes) in SQL Server 7.0. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.swynk.com/friends/achigrik/SQL70SecurityModes.asp FBI ROOTS OWN SYSTEMS TO FIND SPY'S BACKDOOR The FBI is systematically searching for evidence that suspected double agent Robert Hanssen, who has computer programming skills, compromised systems at the Bureau and/or the State Department with some manner of malicious backdoor. "The jury is still out as to what he was able to do," the official is quoted as saying. But "because of the possibilities, we�ve got to take a look." Hanssen had the highest security clearance, which gave him access to extremely sensitive data. The FBI fears that he might have enabled Russian spies to access secure systems used by the FBI, State and other agencies. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17359.html CREDIT CARD INFO STOLEN FROM BIBLIOFIND? After Bibliofind web site got defaced past month, internal investigation showed that attacker(s) had access to Bibliofind server from October 2000 and February 2001. Company's representative said all 98,000 customers will be notified of the incident via e-mail. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/03/05/bibliofind/index.html A TOOL FOR COLD MIRRORING OF SOLARIS SYSTEM DISKS Minimum downtime and prevention of data loss is important for most system administrators. The traditional solution is to use backups or RAID to cover for disk failures. We describe an alternative for "cold mirroring" of system disks - it mounts a spare disk, copies files to the spare, installs a boot block and copies over a new vfstab. This creates a fully updated bootable spare disk. The administrator is notified of success/failure by syslog or email. This tool, called mirror_boot.sh, has been tested on several Solaris versions. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/coldmirroring20010306.html TOP 50 THINGS TO KNOW TO PASS SAIR EXAM 101 As I mentioned last month, you must pass four Sair exams to become a Linux Certified Administrator (LCA). One of the four exams is the Installation and Configuration 101 exam; passing this exam will earn you the designation of Linux Certified Professional (LCP). All of the Sair exams are available through Prometric testing centers. The following is a list of 50 key points to know for Exam 101. There is some overlap between the topics listed here and those I mentioned for the LPI 101 and 102 exams, due to the fact that they are competing certifications on the same topics. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.unixreview.com/columns/dulaney/0103sair.shtml SECURITY CONSULTANTS TO BE LICENSED IT security consultants could soon join wheel-clampers and bouncers in having to apply for licences. The UK government's Private Security Industry Bill proposes the creation of an authority to set standards of conduct and training for consultants, and to carry out inspections. The Security Industry Authority would check a consultant's background for any criminal record before issuing a licence. It would also keep a public register, and establish a voluntary body of approved contractors. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1118593 NEW ZEALAND PHREAKING CASE Borislav Misic arrived in New Zealand in April 1998 from Yugoslavia and a year later was granted refugee status. He was convicted on two counts of fraud and one count of forgery involving the use of a piece of "blue boxing" software to make 80,000 minutes of international calls using Telecom's Home Country Direct service. There are debates over there regarding wheter he did anything wrong according to the New Zealand law. Link: http://www.nzherald.co.nz/storydisplay.cfm?storyID=175646&thesection=technology&thesubsection=general GERMANY SKEPTICAL ON US PLANS German industry and the German government responded with skepticism to the news of US plans to build a national defense shield, or firewall, against attacks on data networks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.handelsblatt.com/hbiwwwangebot/fn/relhbi/sfn/buildhbee/cn/bp_artikel_e/strucid/PAGE_201098/pageid/PAGE_201098/docid/391343/SH/0/depot/0/index.html EMAIL SNOOPING CODE OF PRACTICE DELAYED The Data Protection Registrar's code of practice for surveillance in the workplace has been delayed due to the large number of responses from a public consultation. The code of practice is vital for clarifying what employees and employers are entitled to do in the workplace following several pieces of new legislation. The controversial and flawed RIP Act opens up the possibility of widespread email and phone surveillance. But this has also to tie in with the Human Rights Act, which enshrines the right to reasonable privacy, and the Data Protection Act, which insists that data is recovered "in a fair and proportionate manner". Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17365.html TCP WRAPPERS: PART 2 In the second part of our series on TCP Wrappers, we look at its various features, implementation and configuration. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3768/ CARNIVORE, CYBERCRIME TAKE PRIME TIME Carnivore, cryptography and cybercrime are just a few of the topics on tap this week at the Computers Freedom and Privacy Conference 2001 concerning recent developments in Internet policy and civil liberties. The conference will feature a forum for privacy watchdogs, free-speech activists and human-rights specialists to discuss how the Internet is changing society. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2692921,00.html NAKEDWIFE VIRUS HITS U.S. MILITARY, COMPANIES A virus advertising itself as an e-mailed photo of someone's wife has started infecting computers in Europe and the United States and may have started spreading from the U.S. military. Four different antivirus software companies have reported that at least 68 organizations have computers infected by the virus. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-201-5041693-0.html WHY HOTMAIL USERS GET SO MUCH SPAM Hotmail has come under criticism for placing its subscribers' email addresses on a public Internet directory site when they sign up for the service, making them easy prey for spammers, something that has got under the skin of privacy activists. Unless users opt-out by checking a box on Hotmail's registration form, their addresses can rapidly enter spammers' databases, as Infospace's privacy protection methods can be bypassed using a number of methods. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17379.html POWER GRIDS COULD BE VULNERABLE TO "HACKERS" Nationwide rolling blackouts could have a devastating impact on the economy, but experts also fear that the stress being placed on the nation's power grid could make it more susceptible to disruptions from hackers. In California's Silicon Valley, large Internet data centers have been blamed for stressing the region's power grid beyond what its Korean War-era design can handle. Now, other states, including Oregon, Utah and Washington, are preparing for possible rolling blackouts. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/03/06/power.hackers.idg/index.html THE GREAT SECURITY DEBATE: LINUX VS. WINDOWS Microsoft operating systems have often been attacked for their vulnerability, but the perception that the software titan's systems are insecure is changing as the company shores up its servers and applications. Meanwhile, supposedly stronger Unix and Linux systems have suffered security breaches of their own. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsfactor.com/perl/story/7907.html HACKER GROUP FINDS FAULTS IN CRACK CHALLENGE Hacker advocacy group 2600 Australia has called on a Perth company to honor its promise to donate $US1 million to charity after its network security device remained uncracked after a 30-day public trial. 2600 Australia yesterday criticised the company's decision to move the cracking challenge into a second phase, which was to have launched on the company's website. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.it.fairfax.com.au/breaking/20010307/A27390-2001Mar7.html SECUREWAVE - STUFF MS SHOULD HAVE DONE "Like many people, I use Microsoft products on a regular basis, but having spent as much or more (probably more) time in Unix, I find certain things frustrating. In the Unix world, I take for granted the ability to set permissions on files and devices. While NT and 2000 have file permissions, you cannot easily restrict users' access to communications ports and removable media, for example. I also want to be able to restrict what users can and cannot run. There are a number of ways to do this in Unix, with varying degrees of difficulty to implement and of effectiveness." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010307.html ANTI-VIRUS COMPANY BLASTS MEDIA FOR SCARE TACTICS Susan Orbuch, spokesperson for Trend Micro, told Newsbytes misinformation about viruses is more dangerous than the bugs themselves. "There is a vast body of knowledge and folklore out there, much of which is incorrect," said Orbuch. "The end user is constantly exposed to misinformation and myths by the media and by popular fiction such as movies, TV and novels." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162786.html RUNNING SNORT ON IIS WEB SERVERS PART 2 Snort is an rule-based intrusion detection system that monitors network traffic by applying rules based on known attack signatures. However, in addition to guarding against known attacks, it is vital that an IDS be able to detect new or lesser-known exploits. In this article, SecurityFocus writer Mark Burnett introduces three strategies that will enable administrators to set up Snort to detect new or obscure exploits. These strategies include: monitoring outgoing traffic, establishing command-based rules and watching for traffic from online scanning sites. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/iis/mssnort2.html ESCAN CONTENT CHECKING eScan is a comprehensive Content Security and Traffic Scanning software package that checks the content in the e-mails, the attachment files and all the web pages. The checks are made for viruses, restricted words & phrases and embedded objects such as Java applets etc. before these reach the recipient. Link: http://www.security-db.com/product.php?id=630&cid=141 DESCRAMBLE THAT DVD IN 7 LINES Descrambling DVDs just got even easier, thanks to a pair of MIT programmers. Using only seven lines of Perl code, Keith Winstein and Marc Horowitz have created the shortest-yet method to remove the thin layer of encryption that is designed to prevent people - including Linux users - from watching DVDs without proper authorization. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,42259,00.html CARNEGIE MELLON AND EIA JOIN FORCES The Electronic Industries Alliance (EIA) has formed a new alliance with the nation's top federally funded computer security group in an effort to help companies evade computer security threats online. The new partnership, dubbed the Internet Security Alliance, will draw upon the collaborative efforts of EIA member companies and computer security experts at Carnegie Mellon's Software Engineering Institute in Pittsburgh, the same unit that hosts the university's CERT Centers, a research and development organization sponsored by the Department of Defense. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162845.html MITNICK: IDENTITY THEFT EASY AS PIE Thanks to lame online security measures, stealing an individual's identity is like taking candy from a baby, said Kevin Mitnick. Passwords, user names and other data used by financial institutions and utility companies to verify identity, such as an account holder's Social Security number, driver's license information and mother's maiden name, are readily accessible in myriad databases on the Web, according to Mitnick. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/03/07/news6.html URL, URL, LITTLE DO WE KNOW THEE Today we will look closer at URLs and the associated security implications. "Interesting" ways of using them have been known by spammers for a while, but now the KB spoof and the February issue of Crypto-Gram have made the Internet community more aware of what URLs can do. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/urlurl20010307.html ZEN AND THE ART OF BREAKING SECURITY - PART II There are cases in which "gentle" techniques like timing or power analyses are not enough to fulfill the attacker's goal. Or the goal itself is not to break the protection scheme but to break through it, to the end target the mechanism is protecting, in a modern reenactment of Alexander the Great's "solution" to the Gordian knot. Enter failure-inducing attacks, in which the technique is to induce a failure in the very protection mechanism itself. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/zenandsecurity20010308.html NSA AND FBI BIG WINNERS AT BIG BROTHER AWARDS The great and the good, when it comes to privacy invasion, have been "honoured" for their efforts to mess up life for the rest on us online. Privacy International last night handed out "Big Brother" awards to government agencies, companies and initiatives which have done most to invade personal privacy. The National Security Agency, the US government's signals intelligence arm, took a lifetime menace award for "clipper, Echelon and 50 years of spying". In a separate category, the FBI's Carnivore email surveillance system was judged the most invasive proposal of the year. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17428.html FEDS ESCALATE WARNING ABOUT E-COMMERCE HACKS The federal government's central computer-crime bureau reported that there is an ongoing and organized series of hacker attacks against e-commerce Web sites that has resulted in the theft of more than 1 million individual credit-card numbers. The National Infrastructure Protection Center said it has been working with the Federal Bureau of Investigation and the United States Secret Service for several months on the investigation and has identified more than 40 victim sites in 20 states. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2694098,00.html LEVY RECOUNTS THE HISTORY OF PUBLIC KEY CRYPTOGRAPHY What are the roots of cryptography, and how has it evolved over the last 30 years? In this month's Bill's Bookshelf, Bill Rosenblatt reviews Steven Levy's new book on the history of public key cryptography, and finds it to be a balanced and engaging work. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sunworld.com/unixinsideronline/swol-03-2001/swol-0302-bookshelf.html DIFFERENT APPROACH TO INTRUSION DETECTION A security firm has put together two intrusion detection products to create technology it says takes a different approach to defending against hack attacks. CentraxICE, from security integrator Articon-Integralis, is positioned as a product which provides "defence in depth" from hack attacks beyond that offered by firewalls. It is designed to defend against packet floods - attempts to break into systems by bombarding an organisation's Web server with traffic and thereby overwhelming an organisation's defences. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17451.html UNCOVERING THE SECRETS OF SE LINUX: PART 1 In an uncharacteristic move, the U.S. National Security Agency recently released a security-enhanced version of Linux - code and all - to the open source community. This dW-exclusive article takes a first look at this unexpected development - what it means and what's to come - and delves into the architecture of SE Linux. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www-106.ibm.com/developerworks/library/s-selinux/ MICROSOFT CO-OPTS OPEN SOURCE APPROACH In a major extension of corporate policy, Microsoft has quietly started a program to provide selected large enterprise customers with copies of the source code for Windows 2000 (Professional, Server, Advanced Server and Data Center), Windows XP (released betas) and all related service packs. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-201-5067896-0.html LAWYERS WITH HACKING SKILLS With online and other various computer attacks against companies becoming increasingly common, corporate lawyers are arming themselves with new technical skills. "Ultimate Hacking: Hands On," a new crash course offered by the security-consulting firm Foundstone, will teach lawyers about common cybercrimes by re-enacting them in the classroom. Lawyers will come out of the course a bit more dangerous than when they walked in. Among the new skills they'll acquire is the ability to create a backdoor into a company's system using a remote-access Trojan, an application that allows crackers to gain access to restricted networks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/business/0,1367,42278,00.html CRYPTOGRAPHY TOOLS: ARE THEY REALLY ONLY FOR CROOKS? "Are there crypto success stories out there? I suspect that the kinds of shops using crypto are also the kinds of shops that don't talk about their work, but I hope some of you will write and tell me that crypto is working for your company, and how so. Until I'm convinced otherwise, I have to stick with the position that crypto is just more trouble than it's worth, and that it's likely to lull you into a false sense of security." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/op/xml/01/03/12/010312opswatch.xml EU ENCRYPTION SYSTEM NOT BROKEN Paranoia is alive and well at the European Union Commission, which has been forced to officially deny its encryption system has been compromised by the NSA. Fears of eavesdropping by the ultra-secretive US spy agency grew out of comments by a Commission employee, Briton Desmond Perkins, who told a EU Parliamentary committee of regular but unsuccessful attempts by the NSA to crack the Commission's encryption system. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17492.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- TROJANED REALITY FUSION APPLICATION The executable rfupd.exe included in the Reality Fusion products bundled with many popular cameras sends data to 204.176.10.168 port 80 every time you use the app, reboot your computer or change configuration. Link: http://www.net-security.org/text/bugs/983755970,25167,.shtml SLIMSERVE HTTPD DIRECTORY TRAVERSAL it is possible to view dir. and (download) files outside of the wwwroot directory. Link: http://www.net-security.org/text/bugs/983755986,60952,.shtml BROKER FTP SERVER 5.0 VULNERABILITY Users can break out of their root directory and list directories. Depending on the priv. you have other commands like delete maybe executed outside of the home. directory. Link: http://www.net-security.org/text/bugs/983756002,47106,.shtml REMOTE BUFFER OVERFLOW IN POST-QUERY The overflow condition is *very* easily exploitable, since the code actually supplies the pointer to the exploit code itself, odd as it maye seem. The pointer thusly does not need to be second-guessed at all, making life much easier for crackers. Link: http://www.net-security.org/text/bugs/983838961,73107,.shtml VULNERABILITIES IN CURRENT IRCD'S TKSERV There are 3 major bugs in the current IRCd distribution (as used on the IRCnet for example). The included service daemon 'tkserv' (tkserv.c v1.3.0 and all previous versions) suffers from: a) remote exploitable buffer overflow while querying tklines b) memory leck due to strdup'ing a string and not freeing the mem c) format string bug while reading the ircd's config file Link: http://www.net-security.org/text/bugs/983839093,38311,.shtml SUSE LINUX - CUPS UPDATE A SuSE-internal security audit conducted by Sebastian Krahmer and Thomas Biege revealed several overflows as well as insecure file handling. These bugs have been fixed by adding length-checks and securing the file-access. Link: http://www.net-security.org/text/bugs/983840455,45873,.shtml DEBIAN LINUX - SUDO BUFFER OVERFLOW Todd Miller announced a new version of sudo which corrects a buffer overflow that could potentially be used to gain root privilages on the local system. This bugfix has been backported to the version which was used in Debian GNU/Linux 2.2. The most recent advisory covering sudo missed one architecture that was released with 2.2. Therefore this advisory is only an addition to DSA 031-1 and only adds the relevant package for the powerpc architecture. Link: http://www.net-security.org/text/bugs/983880197,9394,.shtml DEBIAN LINUX - REMOTE DOS IN PROFTPD In Debian Security Advisory DSA 029-1 we have reported several vulnerabilities in proftpd that have been fixed. Link: http://www.net-security.org/text/bugs/983880227,72205,.shtml DEBIAN LINUX - MGETTY UPDATE In Debian Security Advisory DSA 011-1 we have reported insecure creation of temporary files in the mgetty package that have been fixed. Link: http://www.net-security.org/text/bugs/983880279,18936,.shtml DEBIAN LINUX - PROFTPD UPDATE The following problems have been reported for the version of proftpd in Debian 2.2 (potato): 1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no effect. 2. There is a bug that comes up when /var is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed; when it's started again a file named /var is created. Link: http://www.net-security.org/text/bugs/983965297,39939,.shtml LINUX MANDRAKE - JOE UPDATE The joe text editor looks for configuration files in the current working directory, the user's home directory, and finally in /etc/joe. A malicious user could create their own .joerc configuration file and attempt to get other users to use it. If this were to happen, the user could potentially execute malicious commands with their own user ID and privileges. This update removes joe's ability to use a .joerc configuration file in the current working directory. Link: http://www.net-security.org/text/bugs/983965343,54664,.shtml DEBIAN LINUX - SGLM-TOOLS PROBLEM Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion. Version 1.0.9-15 and higher create a subdirectory first and open temporary files within that directory. We recommend you upgrade your sgml-tools package. Link: http://www.net-security.org/text/bugs/984081490,22578,.shtml DEBIAN LINUX - ATHENA WIDGET REPLACEMENTS It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely. Joey Hess has ported the bugfix from XFree86 to these Xaw replacements libraries. We recommend you upgrade your nextaw, xaw3d and xaw95 packages. Link: http://www.net-security.org/text/bugs/984081556,93503,.shtml DEBIAN LINUX - MIDNIGH COMMANDER UPDATE It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander. This behaviour has been fixed by Andrew V. Samoilov. We recommend you upgrade your mc package. Link: http://www.net-security.org/text/bugs/984081612,94030,.shtml DEBIAN LINUX - MAN2HTML REMOTE DOS It has been reported that one can tweak man2html remotely into consuming all available memory. This has been fixed by Nicol�s Lichtmaier with help of Stephan Kulow. We recommend you upgrade your man2html package immediately. Link: http://www.net-security.org/text/bugs/984081653,45766,.shtml DEBIAN LINUX - EPERL BUFFER OVERFLOW Fumitoshi Ukai and Denis Barbier have found several potential buffer overflow bugs in our version of ePerl as distributed in all of our distributions. When eperl is installed setuid root, it can switch to the UID/GID of the scripts owner. Although Debian doesn't ship the program setuid root, this is a useful feature which people may have activated locally. When the program is used as /usr/lib/cgi-bin/nph-eperl the bugs could lead into a remote vulnerability as well. Link: http://www.net-security.org/text/bugs/984081700,15344,.shtml PROBLEMS WITH CISCO AIRONET 340 SERIES It is possible to view and modify the bridge's configuration via Web interface even when Web access is disabled in the configuration. This defect is documented as Cisco bug ID CSCdt52783. This defect is present in the following hardware models: