Some security issues by oreilly

Dagmar d'Surreal dagmar.wants at nospam.com
Wed Jun 18 15:13:55 PDT 2003


On Wed, 2003-06-18 at 03:27, Dan Osterrath wrote:
> Just found that:
> http://www.oreillynet.com/pub/a/linux/2003/06/16/insecurities.html
> 
> Interesting for (B)LFS might be the section with linux kernel 2.4 and gnu zip.
> Can anyone confirm these issues and does know, which versions are vulnerable?

Which ones are you referring to?  There's a list of several things
there, and most of them _do_ apply to LFS/BLFS, for instance...

Kernel, yup.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247

Kernel, yup.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248

Gzip, yup.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0367

Eterm, yup.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0382

I'm not going any further than those three because they're the majority
case, and basically, if you can't read, you shouldn't be using Linux. 
If you /really/ care, you'll subscribe yourself to Bugtraq.  (...and I'm
neck deep in an audit for some NT machines right now, which makes the
work involved in checking Unix machines seem an utter cakewalk.)

Just start at the CVE entries and follow all the references.  There
should be more than enough detail for you to determine if you have a
problem... that's the point of the advisories although CERT is a fair
bit better about being clear on matters.

-- 
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar  Jabber: evilDagmar at jabber.org

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list