Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
31323334353637383940
SAFER – Vol. 3, Issue 6 31 © 2000 The Relay Group
TurboLinux Security Announcement TLSA2000011-1: gpm-1.19.1 and earlier
Released May 26, 2000
Affects TurboLinux 6.0.4 and earlier
Reference http://www.turbolinux.com/
Problem
- The gpm-root program, included in the gpm package, contains a programming error whereby a
call to setgid() fails, and defaults to the group of the gpm-root binary. The group for the gpm-root
binary in the affected installations is root.
- A user with console access can use this vulnerability to execute arbitrary commands with elevated
privileges.
SAFER
- Update the packages.
CERT Advisory CA-2000-08: Inconsistent Warning Messages in Netscape Navigator
Released May 26, 2000
Affects Systems running Netscape Navigator, up to and including Navigator 4.73
Reference http://www.cert.org/
Problem
- A flaw exists in Netscape Navigator that could allow an attacker to masquerade as a legitimate
web site if the attacker can compromise the validity of certain DNS information. This is different
from the problem reported in CERT Advisory CA-2000-05, but it has a similar impact.
- If a user visits a web site in which the certificate name does not match the site name and proceeds
with the connection despite the warning produced by Netscape, then subsequent connections to
any sites that have the same certificate will not result in a warning message.
SAFER
- The CERT/CC recommends that prior to providing any sensitive information over SSL, you check
the name recorded in the certificate to be sure that it matches the name of the site to which you
think you are connecting.
NAI Security Advisory COVERT-2000-05: Microsoft Windows Computer Browser Reset
Released May 25, 2000
Affects All versions of Microsoft Windows 95, 98, NT and 2000
Reference http://www.nai.com/covert/
Problem
- The Microsoft Windows implementation of the Browser Protocol contains an undocumented
feature that provides for the remote shutdown of the Computer Browser Service on a single
computer or multiple computers.
SAFER
- Microsoft has released a patch for this vulnerability.
Cobalt Networks Security Advisory 5.25.2000
Released May 25, 2000
Affects Cobalt RaQ 3.0, 2.0
Reference http://www.cobaltnet.com/
Problem
- With the current installation of Frontpage on RaQ2 and RaQ3, the ability to write data to other
websites hosted on the same RaQ. This is due to a permission issue with the 'httpd' user.
SAFER
- Cobalt Networks has produced a patch to correct this vulnerability.