Saturday, November 20, 2004

Linux security alert!

-Linux iptables:
Linux is vulnerable to an integer underflow in the iptables code that handles firewall rules, which can be exploited by a remote attacker to crash the server. To exploit this vulnerability, the attacker would construct a packet that, when processed by the firewall, would crash the server. Machines without the firewall enabled are not vulnerable to this attack.
All affected users should upgrade to a repaired version of the Linux kernel or should watch their vendors for a patched version of the kernel for their distribution.
-OpenSSL 0.9.7e:
The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking code and bug fixes in code dealing with S/MIME.
The OpenSSL project team strongly recommends all users of OpenSSL upgrade to version 0.9.7e or newer as soon as possible.
-PuTTY:
PuTTY is a free version of telnet, SSH, and a Xterm emulator for Windows and Unix machines. A buffer overflow in the code that handles SSH2_MSG_DEBUG packets during a SSH2 connection can be exploited by a remote attacker to execute arbitrary code on the server with the permissions of the user account running PuTTY.

No comments: