Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
31323334353637383940
SAFER – Vol. 3, Issue 6 39 © 2000 The Relay Group
NetBSD Security Advisory 2000-002: IP options processing Denial of Service
Released May 07, 2000
Affects NetBSD 1.4 up to 1.4.2 Alpha and SPARC
Reference http://www.netbsd.org/
Problem
- Vulnerability exists in the 1.4.x NetBSD kernel that may allow remote attackers to cause the
machine to kernel panic on certain architectures. By sending a packet to a machine running the
Alpha or SPARC versions of NetBSD, with an unaligned IP timestamp option, it is possible to
cause the kernel to perform an unaligned memory access. This will cause a panic, causing the
machine to reboot.
- x86 and arm32 platforms have a similar bug. However, as both of these architectures can perform
unaligned memory accesses, this vulnerability does not cause them to panic.
SAFER
- Patches are available from NetBSD.
FreeBSD Security Advisory SA-00:18: gnapster port allows remote users to view local files
Released May 05, 2000
Affects Knapster 0.9, Gnapster 1.3.8
Reference http://www.freebsd.com/
Problem
- Various open source clones of the Napster software package have a vulnerability by which users
may view files on a machine running a vulnerable Napster clone client.
- The file access is limited to files accessible by the user running the client. The official commercial
version of Napster does not contain this vulnerability.
SAFER
- Upgrades for FreeBSD ports, and source patches, are available.
FreeBSD Security Advisory SA-00:16: golddig port allows users to overwrite local files
Released May 05, 2000
Affects Alexander Siegel golddig 2.0
Reference http://www.freebsd.com/
Problem
- It was discovered during a security audit of the golddig2 package by the FreeBSD ports team, that
the makelev program can be used to overwrite arbitrary files, as it is by default installed setuid
root.
- The content of the file is not arbitrary, however, so it is not immediately clear whether this program
could be used to elevate privilege. That the makelev program being setuid is a potential security
problem is documented in the original Makefile for golddig.
SAFER
- FreeBSD has issued updated ports packages.
HP Security Advisory #00113: Sec. Vulnerability with shutdown command
Released May 04, 2000
Affects HP-UX 11.0, 10.20, 10.10, HP VirtualVault 11.4, 10.24
Reference http://us-support.external.hp.com/
Problem
- Vulnerability exists in the 'shutdown' program, as included with versions 10 and 11 of HP-UX, and
HP-UX VirtualVault (VVOS), from Hewlett Packard.
- The exact nature of this vulnerability was not made available. From the wording of the advisory, it
appears to be a buffer overflow.
SAFER
- Patches are available from HP.