Open Source

Exterminator: AppleShare has its share of problems

Are you running AppleShare IP on your network? If so, you may be interested in this week's Exterminator, which explains an AppleShare vulnerability and offers information on Cisco and Linux updates.


Get rid of your bugs!
The Exterminator brings you insight on bug fixes, virus recovery, service release announcements, and security notices for Windows, Sun, Linux, and other systems.

Cisco Issues
Regarding: Cisco Router and IOS
Posted: May 3, 2000
Patch URL:Click here for a workaround provided by SecurityFocus
Information URL:Click here for more information

SecurityFocus.com recently reported a vulnerability in the Cisco Router Online Help. According to SecurityFocus, under certain revisions of IOS, multiple Cisco routers have information leakage vulnerability in their online help systems. For more information, click on the Information URL above.

Apple Issues: AppleShare
Regarding: AppleShare IP 6.1 through 6.3
Posted: May 2, 2000
Patch URL:Click here for patch information
Information URL:Click here for more information

SecurityFocus.com recently reported a vulnerability in Apple’s AppleShare software. According to SecurityFocus, requesting a URL containing a range exceeding the physical limit of a file will cause the Web Server in AppleShare IP to return an extra 32 KB of information taken from RAM. The additional data will appear appended to the file requested and may contain sensitive information. For more on this issue, click the Information URL above.

Linux Issues: Linux Kernel
Regarding: Linux Kernel 2.3.x, 2.2.x, and 2.1.x
Posted: May 1, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information

SecurityFocus.com recently reported a vulnerability in the Linux Kernel, versions 2.1.x through 2.3.x. According to SecurityFocus, a denial of service exists in the Linux kernel. Due to inconsistencies in differentiating between signed and unsigned integers within the program, it becomes possible for a remote, unauthenticated use to cause the knfsd and the NFS service to be unavailable.

Linux Issues: S.u.S.E
Regarding: SuSE 6.3 and 6.4
Posted: April 29, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information.

SecurityFocus.com recently reported a vulnerability in S.u.S.E. versions 6.3 and 6.4. According to SecurityFocus, a vulnerability exists in the handling of the display variable in versions of Gnomelib shipped with S.u.S.E Linux. By supplying a long buffer containing the machine executable code in the display environment variable, it is possible to execute arbitrary code with the permissions of the user running the binary. For more information, click the information URL given above.

Virus Alerts from Trend Micro
Posted: April 26, 2000 through May 3, 2000

The following virus updates have been posted on Trend Micro’s Security Info page. Click on the virus for more information.

The only good bug is a patched bug!
Have you found a new bug or discovered a nifty little software patch? We’re interested in what you know! Post your findings below or feel free to send us a note.

 

Editor's Picks

Free Newsletters, In your Inbox