[logs] LogWatch 2.5 still vulnerable (fwd)

From: Tina Bird (tbird@precision-guesswork.com)
Date: Wed Apr 03 2002 - 14:19:38 PST

Next message: H C: "[logs] NT/2K syslog clients"

Previous message: Devin Kowatch: "Re: [logs] Problems/Questions on PEO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Date: Wed, 3 Apr 2002 18:12:43 +0200
From: Spybreak <spybreakat_private>
To: bugtraqat_private
Subject: LogWatch 2.5 still vulnerable

Release  : April 3 2002
Author   : Spybreak (spybreakat_private)
Software : LogWatch
Version  : 2.5
URL      : www.logwatch.org
Status   : vendor contacted
Problems : A /tmp race condition leads to root



After the security alert from march 27 (http://www.securityfocus.com/
archive/82/264233) a new version of LogWatch 2.5 was released.
Unfortunately this new version is still vulnerable
to a race condition root exploit, although not the same
one that was published.


So it is recomended for the user, who already upgraded to
LogWatch 2.5 to download the latest version (2.6).



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDyNCFYRBADSWAw4wBseXXi5O85Y/vXLauDyIZWCDg3oHTI8muKmMc4gUuPy
yYtrzF3eYKunDxxxyHNKgtFPwbQ/gRSZrtNb3HnWvWfE5BJlJ34+gsezlHztLrbu
HU07OGVj9LzAqXp9hv/zVhFombUjjJw3PtBb4nURsCyKNI2ELOaRlb5TtwCglbk6
Mb+83fkFWO7Netq6BM1qMIUD/1rrsDaMmsZe3ykiSo3yNnBmM4Dy2t4detn0BSF0
WzJ5AoX7Waa0e3I5aGiHxwE2v+fjGv5G1f+Ho0COt0YaPouWrt3kzEYa1TbtSNmK
9B/v00J/MYB311G1oMBJ1Qnaudc/6A2GsE9M05ubyfze/LccJk+/iuL/JPbHB6bz
tO8LA/0aZgOS8Vxu5Y6+kd0x61sAyvRvec8kriQcd2ntY8e1/ajJGGEoTGburn/8
pbyaQv3d01C9xQWkIQDHG9vveSaDe6g2wViPeRck5qENUoUZVAp92GarntYk5u5L
puW/iECkH5qfVyirc3x5F3iE5UhwSggPdJbVCVlXWF0S/jwdm7QbU3B5YnJlYWsg
PHNweWJyZWFrQGhvc3Quc2s+iFcEExECABcFAjyNCFYFCwcKAwQDFQMCAxYCAQIX
gAAKCRD618glLCYuNiIhAJ4v+NjW2sxebAqvatiwUy5T/PQV8gCfXAvm52qI62yD
rF1C5eqSJE38V3i5AQ0EPI0IWhAEANIdWxgsOG4aeTxnm22g2BKEF9kUBk6H16u8
SUjuO1tEsTOQrX7jwf+vMNTUlt1OEyX+FdPkhIbDxZPyfItGmsZItPsv5f5za4We
41QDnWZLPbLVR+DznDgBrPlbEJ402GD/kXGbIvN/G2bO+GV5onOOf0Xg0z62YEnv
ZmTMOTe/AAMFA/9bZqUpP5NHilu6vZfHybT7RqtnZoIVgVCnEChRPVN6DtcxS0Ux
YMTD/qnHlpa4Brwd2+jpOIfnx8NQT1Ijan66LN2u/qK5Y4O17gIgc9rn4js8XeVp
cPWq33Ux1ComMiWMuaJ5uIPPbGHgqGaR2HZ4tQt43AqzkuR6PWNR7lHAJYhGBBgR
AgAGBQI8jQhaAAoJEPrXyCUsJi42O7cAnjjZ0x6WOvGcX8nicpPCeUiyAIFmAJ49
JuaXm+j6UXFsTyeAkSYbGwHP5g==
=0feG
-----END PGP PUBLIC KEY BLOCK-----



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: H C: "[logs] NT/2K syslog clients"
Previous message: Devin Kowatch: "Re: [logs] Problems/Questions on PEO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 15:03:19 PST