Trovato Bug nel processore AMD Athlon
E' stato trovato un BUG nei processori Athlon che montano il Kernel Linux della serie 2.4. E' confermato che il Bug e' del processore e non di Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=5381
Also - http://punto-informatico.it/pi.asp?i=38746

SLASHCODE LOGIN VULUNERABILITY
Slash, the code that runs Slashdot and many other web sites, has a vulnerability in recent versions that allows any logged-in user to log in as any other user.
Link: http://www.net-security.org/text/bugs/1011019139,17257,.shtml

CALDERA OPENSERVER WU-FTPD FTPGLOB() VULNERABILITY
A vulnerability in the wu-ftpd ftpglob() function was found by the CORE ST team. This vulnerability can be exploited to obtain root access on the ftp server.
Link: http://www.net-security.org/text/bugs/1011019467,29792,.shtml

IE CLIPBOARD STEALING VULNERABILITY
Since Internet Explorer 5.0, there has been a way to read and set the users clipboard text from script, by default, and with no prompting. This can be handy for web-based applications to do so, but can be used in a malicious way to steal the clipboard contents.
Link: http://www.net-security.org/text/bugs/1011099532,92823,.shtml

INTERNET EXPLORER POP-UP OBJECT TAG BUG
Under initial testing scripting was not possible in the popup object, nor could I pass parameters to the executables. Regardless, there may be more dangerous examples of code being put within the popup object as it seems to do almost no internal checking at all.
Link: http://www.net-security.org/text/bugs/1011099646,37878,.shtml

PHP 4.X SESSION SPOOFING
Since PHP4 there is a native support for sessions, which was derived from the PHPLib. But instead of using a SQL backend to store these IDs, they chose to store them as files in /tmp. Every session is stored in a file like sess_g35g5g54gg45wg85 where "g35g5g54gg45wg85" is the actual session-ID. Someone could now easily spoof these sessions, because he now knows the IDs. He would even be able to *read* the contents of these files, because PHP very oftenly runs as module (i.e. every executed PHP script inherits the user permissions of apache), thus you only have to write a PHP script which reads out these files.
Link: http://www.net-security.org/text/bugs/1011099707,9919,.shtml

SERIOUS SECURITY FLAW IN PHP NUKE
The flaw is in the index.php's include file feature. It allows including files like index.php?file=file It prevents users including ..'s in URL's, but it didn't prevent users from entering http://-urls Remember the PHP's remote get feature...
Link: http://www.net-security.org/text/bugs/1011265953,38579,.shtml

Vulnerabilities
Source: The Register
Date Written: January 21, 2002
Date Collected: January 21, 2002
Title: Windows wipe utilities fail to shift stubborn data stains
A researcher has found that files are not completely erased by file wiping utilities for users of the NTFS file systems on the Windows NT, Widows 2000 and Windows XP systems. In addition to the privacy implications of not properly completing the data wiping function, another issue that is raised by this defect is that virus-infected files may not be completely deleted by the utilities, leaving the remnants on the computer.
http://www.theregister.co.uk/content/55/23759.html

Linux Security Week - January 21st 2002
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
http://www.ziobudda.net/Admin/redir_news.php?id=5389

»SecurityFocus Linux Newsletter #64
http://www.ziobudda.net/Admin/redir_news.php?id=5403

SecurityFocus Newsletter #128
http://www.ziobudda.net/Admin/redir_news.php?id=5404

Vulnerabilities
Source: Newsbytes
Date Written: January 23, 2002
Date Collected: January 23, 2002
Title: Net Users Warned To Beware Sites With Scripting Holes
The Computer Emergency Response Team (CERT) has warned Internet users that cross-site script (CSS) attacks are possible when visiting sites that have not addressed the security vulnerability. CERT issued an advisory on web sites that contain the cross-site scripting vulnerability two years ago, and securing these sites seems to be a low priority, as many have not fixed the flaw.
http://www.newsbytes.com/news/02/173873.html
Also - http://punto-informatico.it/pi.asp?i=38803

Xinetd e squid
Ancora problemi di sicurezza per il nostro sistema operativo. Questa volta a segnalare il tutto è la distribuzione asiatica TurboLinux.
http://www.ziobudda.net/Admin/redir_news.php?id=5440

Bug nei vecchi kernel
Andrew Griffiths ha scoperto un bug presente nei vecchi kernel della serie 2.2 (precedenti alla versione 2.2.18 per esattezza) che puo' mandare in crash il sistema se esso viene utilizzato per creare una VPN.
http://www.ziobudda.net/Admin/redir_news.php?id=5444

Vulnerabilities
Source: The Register
Date Written: January 25, 2002
Date Collected: January 25, 2002
Title: AOL ICQ in hacker risk alert
CERT issued a warning on January 24, 2002 that a remote overflow glitch exists for AOL ICQ users who have not applied the security fix. The estimated 122 million users of ICQ could be vulnerable to the exploit when running the Voice, Video and Games feature, and users risk a hacker gaining privileges on the victim's computer.
http://www.theregister.co.uk/content/55/23831.html

Vulnerabilities
Source: Newsbytes
Date Written: January 24, 2002
Date Collected: January 25, 2002
Title: Real To Close Security Hole in RealPlayer
A patch has been issued by RealNetworks for a security flaw in RealPlayer 8 software. If the patch is not applied, the buffer overflow vulnerability in the software could allow a rogue site to crash the program or execute malicious code.
http://www.newsbytes.com/news/02/173936.html

Linux Advisory Watch - January 25th 2002
Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each
http://www.ziobudda.net/Admin/redir_news.php?id=5459

g00d reading! 'n' bye
Security News Staff:
The Jackal < -jackal-@libero.it >

Sito ufficiale di Security News: http://securitynews.gnomixland.com