For best results: this site
requires that cookies be enabled for proper operation - see Legal Page for more info
Select Any of These
Red Hat Linux Bugs
LAST UPDATED:
Thursday, 14 February 2008 20:47:39 -0600
Changes to this page are IN PROGRESS
REDHAT 7.0 CYRUS-SASL AUTHORIZATION
Cyrus-SASL is an open-source implementation of SASL
(Simple Authentication and Security Layer). The 1.5.24 package
included with RedHat 7.0 contains a bug that allows authenticated
users to access unauthorized resources. This bug only affects the
version 1.5.24 that ships with RedHat Linux 7.0. The Cyrus-SASL 1.5.24
package available at the main project FTP site and older versions that
shipped with RedHat PowerTools are not vulnerable. Patches are
available for Alpha and i386 systems; download them respectively from
REDHAT LINUX 6.1 ORBIT AND GNOME-SESSION SUSCEPTIBLE
TO DOS ATTACKS
Users of RedHat Linux 6.1 on Sparc- and i386-based
systems should take note of a problem with ORBit and gnome-session.
Under specific circumstances, a bug that exists in ORBit and
gnome-session allows attackers to crash a program remotely. Redhat has
fixed the problem and added TCP Wrappers support to gnome-session
(ORBit already has TCP Wrappers support). For more information or to
download the respective patches, browse to
REDHAT PIRANHA VIRTUAL SERVER PACKAGE CONTAINS TWO
MAJOR SECURITY BUGS
Two distinct and important security issues have arisen
with the Piranha virtual server and load-balancing package from
RedHat. A vulnerability exists in Piranha version 0.4.12 in the
passwd.php3 cgi-bin script. Due to improper checking of input, it is
possible for any user who can authenticate to the Piranha package to
execute arbitrary commands with the effective ID of the Web server,
giving anyone the ability to leverage access to the machine.
Furthermore, Piranha contains a default account, piranha, with the
password q. Using this user name and password, in conjunction with the
flaws in the passwd.php3 script, a remote user could execute arbitrary
commands on the machine. Patches are available for Sparc, i386, and
Alpha systems. They are available, respectively, from
Changes to this page are IN PROGRESS 