Security Alerts, BSD TCP/IP, webmin, java, PHP and more: Oreilly

Navigation

User login

GWT in Practice at Manning
GWT in Practice at Amazon
GWT Resources

Unlocking Android at Manning
Unlocking Android at Amazon
Android Resources

Quote

Winston Churchill

The power of the executive to cast a man into prison without formulating any charge known to the law, and particularly to deny him the judgment of his peers, is in the highest degree odious, and the foundation of all totalitarian government whether Nazi or Communist.

Security Alerts, BSD TCP/IP, webmin, java, PHP and more: Oreilly

Wed, 03/27/2002 - 09:08 — charlie.collins

Oreillys' weekly list of security bulletins has a few notables this time. Most of these are minor or local exploits but still be advised.

The most notable issue on the list is a vulnerability in the BSD TCP/IP implementation (that is a very rare sentence you just read, very rare indeed.) It seems a broadcast bug could allow for some issues to arise with BSD TCP/IP (affects em all, NetBSD, OpenBSD, FreeBSD, etc.)

Also if you use Webmin, there is a local root exploit that s not that difficult to pull off (for 0.92), ouch.

In addition a major one is a vulnerability in Suns JRE that can allow an applet to elevate its own privileges (apparently most 1.3 jres are affected.)

And in a Microsoft sounding statement there is a PHP "issue" that affects the move_uploaded_file() function as follows: "The PHP function move_uploaded_file() is not restricted by safe_mode and may be usable to write to files to unauthorized locations. It should be noted that this is not a bug; it is a documented feature."

There are a few others, all pretty minor stuff, but be advised. For more info check the linked Oreilly article. Security Alerts, BSD TCP/IP, webmin, java, PHP and more: Oreilly