-----BEGIN PGP SIGNED MESSAGE----- This file: ftp.cert.org:/pub/cert_bulletins/01-README This directory contains an archive of all the bulletins the CERT Coordination Center has published. A listing and short description of each bulletin follow. VB-94:01.sco 12/94 This bulletin describes problems with the programs at(C), login(M), prwarn(C) sadc(ADM), and pt_chmod, and provides patch information. VB-94:02.dec 12/94 Patch information for ULTRIX Versions 4.3, 4.3A, V4.4; DECnet-ULTRIX Version 4.2; and DEC OSF/1 Versions 1.2, 1.3, 1.3A, 2.0. VB-95:01.hp 2/95 This bulletin addresses problems with Remote Watch in fileset WATCH-RUN for releases of HP-UX, in particular HP 9000 series 300/400s & 700/800s running HP-UX revisions 8.X, 9.X. Patch information is included. VB-95:02.sgi 3/95 Vulnerability and patch information for the IRIX 5.2, 6.0, 6.0.1 Desktop Permissions Tool. VB-95:03.hp 4/95 Sendmail vulnerability and patch information for HP 9000 series 300/400s and 700/800s 8.x and 9.x. VB-95:04.venema 6/95 Vulnerability and patch information for S/Key software enhancements for FreeBSD 1.1.5.1 and 2.0 and for logdaemon versions prior to 4.9. VB-95:05.osf 7/95 Description of a security hole in all releases of OSF/DCE prior to version 1.1, and information about the fix. VB-95:06.cisco 8/95 Problem description, upgrade information, and workaround for a vulnerability in Cisco's IOS software versions 10.3(1) through 10.3(2); 10.2(1) through 10.2(5); 10.0(1) through 10.0(9); and all previous versions. VB-95:07.abell 9/95 Description of a directory and file vulnerability in lsof 3.18 through 3.43, along with instructions on getting later versions. VB-95:08.X_Authentication_Vul 11/95 Vulnerability and patch information for an X authentication vulnerability. VB-95:09.hp 12/95 Vulnerability and patch information for a vulnerability in ftp in releases 9.X and 10.X of HP-UX (platforms: HP 9000 series 300/400s and 700/800s). VB-95:10.elm 12/95 Vulnerability and patch information for a vulnerability in elm 2.4 PL 24. VB-95:10a.elm 1/96 This updated version of VB-95:10 lists additional FTP sites. VB-96.01.splitvt 1/96 Vulnerability information on splitvt versions lower than 1.6.3, locations of the latest version (1.6.3), and an interim workaround to apply until you can install that version. VB-96.02.sgi 2/96 Vulnerability information on the "ATT Packaging Utility" and security measures to take on all SGI systems running IRIX 5.2, 5.3, 6.0, 6.0.1, and 6.1. VB-96.03.sun 2/96 Vulnerability information and workaround for a potential security weakness on some SunSoft demo CDs for Catalyst CDWARE; SunSoft Developer CD, Premiere Issue; and Business Solutions. VB-96.04 3/96 Information about a vulnerability in the BSD/OS 2.0/2.0.1 kernel and a pointer to the patch. VB-96.05 4/96 Advisory from Digital Equipment about a potential security vulnerability with dxconsole for OSF/1 V2.0 thru V3.2C and pointers to patches. VB-96.06 5/96 Information about a problem in FreeBSD versions 2.0 through 2.2-CURRENT, related to unauthorized access via mount_union / mount_msdos (vfsload). VB-96.07 5/96 Information about system stability compromise via mount_union program; the problem is present in all source code and binary distributions of FreeBSD version 2.x released before 1996-05-18. VB-96.08 5/96 Information about a vulnerability in the IRIX 5.3, 6.1, and 6.2 operating systems regarding the permissions tool under the IRIX desktop environment. VB-96.09 5/96 Information about a vulnerability in the manual page reader for FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current. VB-96.10 6/96 Information from The Santa Cruz Operation, Inc. about a problem in a kernel error handling routine. A patch is provided. VB-96-11 7/96 Information from FreeBSD, Inc. on a vulnerability in the ppp program. Patch information is included. VB-96.12 7/96 Information from FreeBSD, Inc. on a Trojan horse vulnerability via the rz program. A workaround is included. VB-96.13 8/96 Information from the Hewlett-Packard Company on vulnerabilities in the elm executable. Patch information is included. VB-96.14 8/96 Information from Silicon Graphics Inc. about vulnerabilities in the visual admin and user tool programs used in the IRIX operating systems versions 5.2, 5.3, 6.1, and 6.2. Patch information is included. VB-96.15 9/96 Information from The Santa Cruz Operation about a problem with system security in SCO(R) UnixWare(R) releases 2.0.x and 2.1.0. VB-96.16 9/96 Information from Transarc Corp. about a problem with a Solaris AFS/DFS Integrated login bug if the user is in too many groups. VB-96.17 10/96 Linux Security FAQ Update from Alexander Yuriev. Includes information about a mount/umount vulnerability. VB-96.18 11/96 Information from Sun Microsystems, Inc. about vulnerabilities in the libc and libnsl libraries. VB-96.19 12/96 Information from Silicon Graphics Inc. about vulnerabilities in the systour and OutOfBox subsystems. VB-96.20 12/96 Information from Hewlett-Packard Company about vulnerabilities in HP Remote Watch. These vulnerabilities allow unauthorized root access. VB-97.01 1/97 Information from Digital Equipment Corporation about a potential vulnerability in the Division of Privilege (DoP). VB-97.02 4/97 Information from Selena Sol about a vulnerability in her Guestbook script for Web servers using Server Side Includes (SSI). VB-97.03 6/97 A Sun Security Bulletin announcing patches for a vulnerability in rpcbind. VB-97.04 7/97 Information from Hewlett-Packard on a vulnerability in the chfn executable in HP 9000 Series 700/800s running versions of HP-US 9.X and 10.X. VB-97.05 7/97 Information from members of the lynx-dev mailing list about a vulnerability in temporary files that enables users to replace the temporary file with a symbolic link or with another file. VB-97.06 7/97 Information from members of the lynx-dev mailing list about a vulnerability in Lynx downloading that enables users to read or execute arbitrary files regardless of restrictions set by the system administrator. VB-97.07 8/97 A Silicon Graphics Inc. Security Advisory addressing vulnerabilities in the IRIX webdist.cgi, handler, and wrap programs, part of the Outbox subsystem. VB-97.08 9/97 Information from Transarc Corp. about a vulnerability in Transarc DCE Integrated login for sites running both AFS and DCE. VB-97.09 10/97 Information from Cisco Systems about vulnerabilities in CHAP authentication. VB-97.10 10/97 Information from The Samba Team concerning a security vulnerability. VB-97.11 10/97 NEC Corporation has identified and corrected a problem with the "nosuid" mount(1) option. This bulletin gives details. VB-97.12 10/97 Open Group has discovered that OSF/DCE has a potential problem in the security server that could allow for a denial of service attack. This bulletin includes source code fix information. VB-97.13 11/97 A vulnerability exists in the GlimpseHTTP and WebGlimpse web search packages. This bulletin provides details. VB-97.14 11/97 The Santa Cruz Operation has discovered a security vulnerability in the implementation of scoterm. VB-97.15 12/97 Sun announces the release of patches for Solaris which relate to a vulnerability in nis_cachemgr. VB-97.16 12/97 There is a weakness in a published version of CrackLib (v2.5, dated 1993) that could lead to a compromise of system privileges. For more information on the CERT(sm) Coordination Center and on computer and information security, see ftp://ftp.cert.org/pub http://www.cert.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNJfo+HVP+x0t4w7BAQHV0AP8ChypCiamzCUdYjzVyxhm0+my7AnWKKF1 2MvOyDJTnKjhUDMHzPQzc8PsY7ftlF/pmfz1OA8rXSe8roiPhgzBQjL+I2lajytr Zk/Akv2eYJfc8Kk0NXcsfuk6/J6zfa/0sLPH8DhTaj8D2pAc5MQwNyxm98COAFDS H2P5x/H53XQ= =8Ppn -----END PGP SIGNATURE-----