mac can be syn flooded
Any MacOS including 8.x is vulnerable to syn flooding. Not sure
why this is considered newsworthy but I'll dutifully report it.
cert reports on linux mountd
This looks like the same mountd buffer overflow from last month.
I think CERT waited for all the Linux distributions to upgrade their packages
before making the announcement. It only affects Linux boxes that
are running NFS.
hpux omniback ii has flaw
I don't know what it is, but HP OpenView OmniBack II has had a patch
released for it. Apparently you could gain root through it, though
they don't explain how. It sounds like this might be some tool used
by Windows clients that makes HP appear to be a Windows machine.
Does anyone use this?
nt ftp client can create forks
The NT FTP client treats a colon (:) in a filename as a delimiter between
the filename and a resource fork name. Therefore if you download
"hello:kitty", it will create the file "hello" with a fork named "kitty"
holding the actual file. The reason this is a security problem is
that NT doesn't come with any tools for fork managment, so forks are effectively
hidden files. You can create this type of file even without using
FTP, so apparently the issue is that most users won't realize that
they are creating a hidden file when they are doing the FTP transaction.
solaris xdm login will reveal usernames
When logging into a Solaris box using "desktop login" (xdm), if you
enter a username for a user that has chosen a window manager other than
CDE, a graphic to the side will change to indicate the chosen window manager.
This way you can determine usernames of users on the system who aren't
using CDE.
solaris cde screensaver (w/nis+) doesn't need a password
If you're using NIS+ and CDE on Solaris, and you are not root, and
you lock your screen with the CDE screensaver, it will accept any password
to unlock. (It doesn't require your password.)
irix buffer overflows
Xterm and libXaw on Irix have buffer overflow problems.
sco 'mscreen' exploit
They don't give any specifics, but it's suid root, so my first guess
would be a buffer overflow. 'mscreen' is specific to SCO.
frontpage bugs update
FrontPage is some sort of web DAV-like thing by Microsoft that lets
users update their web pages easily. For them to use FrontPage, you
need to be running a FrontPage server on your web server box. This
is one of Microsoft's first unix servers, so holes galore were to be found.
An update was posted that showed that some have been fixed, some haven't.
The bottom line is that you shouldn't run this on a unix box yet.
None of the exploits were unusual so probably aren't worth listing here.
freebsd rst attack
FreeBSD had a bug in its handling of TCP RST packets that would cause
it to accept a RST packet if the sequence number was anywhere within about
50% of what it should be. In other words, a random guess at a sequence
number would be right 50% of the time. Evil-doers can force connections
to drop by forging RST packets. This looked similar to the Windows
problem at first glance, but is actually different (and easier to exploit).