Specifications

SAFER – Vol. 3, Issue 6 27 © 2000 The Relay Group
SECURITY ADVISORIES
This section contains official advisories as released by various vendors or security organizations. This
list addresses the problems found during May 2000.
Red Hat Security Advisory 2000:005-05: New majordomo packages available
Released May 31, 2000
Affects Red Hat Powertools 6.1
Reference http://www.redhat.com/
Problem
- A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of
arbitrary commands with elevated privileges.
SAFER
- It is recommended that all users of Red Hat Linux using the majordomo package upgrade to the
fixed package.
PGP Security Advisory: PGP 5.0 Vulnerabilities
Released May 30, 2000
Affects PGP 5.0 for Linux US Commercial, Freeware editions and Source code book
Reference http://www.nai.com/
Problem
- During a recent review of our published PGP 5.0 for Linux source code, researchers discovered
that under specific, rare circumstances PGP 5.0 for Linux would generate weak, predictable
public/private keypairs.
- Network Associates has verified that this issue does not exist in any other version of PGP.
SAFER
- Upgrade PGP to latest version.
Microsoft Security Bulletin (MS00-038)
Released May 30, 2000
Affects Microsoft Windows Media Encoder 4.0, 4.1
Reference http://www.microsoft.com/technet/security/bulletin/fq00-038.asp
Problem
- Windows Media Encoder is a component of the Windows Media Tools, which are part of the
Windows Media Technologies. Windows Media Encoder is used to convert digital content into
Windows Media Format for distribution by Windows Media Services in Windows NT and Windows
2000 Server. If a request with a particular malformation were sent to an affected encoder, it could
cause it to fail, thereby denying formatted content to the Windows Media Server.
- This vulnerability would primarily affect streaming media providers that supply real-time
broadcasts of streaming media - it would not prevent a Windows Media Server from distributing
already-encoded data. The vulnerability cannot be used to cause a machine to crash, nor can it be
used to usurp any administrative privileges. Simply locating the server could be a challenge,
because the IP address of the Windows Media Encoder would typically not be advertised.
SAFER
- Microsoft has released a patch.