Re: [ISN] Start-up banks on hack-proof Linux

From: InfoSec News (isnat_private)
Date: Fri Sep 27 2002 - 00:06:31 PDT

  • Next message: InfoSec News: "[ISN] completes RC5-64 project - September 25, 2002"

    Forarded from: Kurt Seifried <listuserat_private>
    I don't mean to be rude but EnGarde is far from "secure". Duct-taping
    LIDS on top of the system helps but attackers can still compromise
    services, load code into memory and do naughty things. Check out the
    following list of advisories for 2002 alone. Please also note that
    they haven't issued advisories for the last ~2 months, leaving users
    vulnerable to several major issues.
     ESA-20020114-001  January 14, 2002  'sudo' MTA invocation as root
     ESA-20020114-002  January 14, 2002  'pine' URL handling vulnerability
     ESA-20020114-003  January 14, 2002  Several LIDS vulnerabilities
     ESA-20020125-004  January 25, 2002  'rsync' signed integer handling
     ESA-20020301-005  March 1, 2002 mod_ssl's session caching potential
     buffer overflow
     ESA-20020301-006  March 1, 2002  Several flaws in PHP's MIME parsing.
     ESA-20020307-007  March 7, 2002  Local vulnerability in OpenSSH's
     channel code.
     ESA-20020311-008  March 11, 2002  Double free() in zlib may lead to
     buffer overflow.
     ESA-20020423-009  April 23, 2002  webalizer contains a potentially
     exploitable buffer overflow.
     ESA-20020429-010  April 29, 2002  sudo heap corruption vulnerability
     EBA-20020515-011  May 15, 2002  Fix defaults in php.ini
     EBA-20020515-012  May 15, 2002  Minor parsing fixes in Daily 
     Summaries report.
     ESA-20020607-013  June 07, 2002  Remote buffer overflow in imap
     ESA-20020619-014  June 19, 2002  'apache' chunk handling overflow
     ESA-20020625-015  June 25, 2002  openssh: introduce privilege
     separation into sshd
     ESA-20020702-016  July 02, 2002  several vulnerabilities in the
     OpenSSH daemon
     ESA-20020702-017  July 02, 2002  off-by-one in mod_ssl's 
     configuration directive handling
     ESA-20020724-018  July 24, 2002  Buffer overflow in BIND4-derived
     resolver code
     ESA-20020730-019  July 30, 2002  Several vulnerabilities in the
     openssl library.
     ESA-20020807-020  August 7, 2002  OpenSSL ASN.1 vulnerability fix
    Kurt Seifried, kurtat_private
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 02:38:41 PDT