Subject: [LINUX:12383] Dikkat Açıklar Var
From: Dr.VeRmIdoN (ebal@tradesoft.com.tr)
Date: Mon 24 Jan 2000 - 16:13:32 EET
Arkadaslar dün bu linux te kullandığımız programların açıklarıyla ilgili
araştırma yaptım. Durumum ŞOK.!!!
neworder.box.sk adresine bakarsanız bunların exploitlerini görebilirsiniz.
Bence güvenlikle ilgili ciddi türkçe dökümanlar
yapmalıyız. 1 ay önce başlayıp devam etmediğim Linux security how-to dosyama
devam edicem.
Birkaç örnek vermek gerekirse ;
Serious bug in Corel Linux update program allows gaining of local root
QPopper vulnerable to a remotely exploitable buffer overflow (AUTH)
Multiple vulnerabilities in glFtpD
Linuxconf contains remotely exploitable buffer overflow
UnixWare i2odialogd remote root exploit
FTP conversions on misconfigured systems (specifically wu-ftpd) posses a
security threat
SSH 1.2.27 Exploit code has been released
CERT Advisory CA-99-15 Buffer Overflows in SSH Daemon and RSAREF2 Library
qpop 3.0 (QPopper) remote root exploit
An improved Wu-FTPD exploit code has been released
Local users can cause Linux kernel to panic
DeleGate vulnerable to a remotely exploitable buffer overflow
WU-FTP 2.4.x leaks user information
NFS Server MAX_PATH exploit code
BIG/ip security vulnerabilities
Vulnerability in TCPlogD's hostlookup() function
WFTPd 'MKD' exploit code released
WFTPd vulnerable to a remotely exploitable buffer overflow
'xmonisdn' allows reading of any local files under RedHat 6.x
Lpd/lpr allows users to print files without read access
KVIrc local file request vulnerability
cdda2cdr - Linux local exploit
SuSE sccw local root exploit
CFingerD GECOS buffer overflow vulnerability
/usr/bin/pb and /usr/bin/pg can read any local file on SuSE 6.2
Glibc 2.1.1's unsetenv() function vulnerability
WWWBoard passwords vulnerability
SuSE 6.2 '/usr/bin/sccw' allows reading of any local file
AMD vulnerability has been released
ProFTPd 1.2.0pre4 still vulnerable to 'mkdir attack'
ProFTPd - remote root exploit
WindowMaker buffer overflow vulnerabilities
Exploit code for a bug in ircd2.10.x's qident
Cfingerd <=1.3.2 local root exploit
Joe Editor can be used to get access to read restricted files
Shared memory DoS
AMaViS virus scanner can be used to get a root access on Linux box
IRC Networks based on the IRCu code can be easily crashed
VMware v1.0.1 exploit code released
Serious HHP-Pine remote exploit
VMware for Linux 1.0.1 buffer overflow exploit
Xi Graphics Accelerated X Server 4.x/5.x buffer overflow vulnerabilities
Root exploit found in Red Hat 6.0
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr'a gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/