[PLUG] From the Symantec Newsletter
Steve Beattie
steve at wirex.net
Wed Aug 14 00:47:38 UTC 2002
On Tue, Aug 13, 2002 at 04:53:31PM -0700, Rich Shepard wrote:
> On Tue, 13 Aug 2002, J Henshaw wrote:
>
> > Software Flaw Puts Multiple Operating Systems at Risk
> > REPRINTED FROM: Computerworld
> > AUG 12, 2002 ARTICLE ID: 1531
>
> Interesting, Jeff. In today's "Oregonian" (Business Section) there's a
> little piece about a major security hole in Microsoft's Internet Exploder.
> (So, what else is new, right?). At first, I thought that's what this story
> reported.
>
> The Microsoft flaw was confirmed by Symantec so perhaps it is the same
> problem.
It's not, the Microsoft problem (which also affects Konquerer) is related
to its handling of SSL certificates. The above flaw that Jeff quoted is
the buffer overflow vulnerability in Sun's RPC xdr_array code, which
exists in both glibc and kerberos' kadmind, so you should be seeing
advisories from your vendor for both of those packages.
--
Steve Beattie Don't trust programmers?
<steve at wirex.net> Complete StackGuard distro at
http://NxNW.org/~steve/ immunix.org
http://www.personaltelco.net -- overthrowing QWest, one block at a time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20020813/8e1a3ee6/attachment.asc>
More information about the PLUG
mailing list