mailing list archives
Trustix Security Advisory - bind and openssh (and modutils)
From: TSL Team <tsl () TRUSTIX COM>
Date: Wed, 15 Nov 2000 17:53:47 +0100
Trustix has created updated packages for Trustix Secure Linux 1.0x and
1.1 that fixes one security problem and one DOS attack:
openssh, openssh-clients, openssh-server:
The openssh client does not enforce the "ForwardX11 no", and
"ForwardAgent no" configuration options, so that a malicious server
could force a client to forward these even if they are turned off.
The X11 forwarding part is not a big issue for Trustix Secure Linux, as
the OS does not have any X11. The agent forwarding could however be an
bind, bind-devel, bind-utils:
Fixes a DOS attack against the name daemon. Note that TSL comes with
all network services turned off by default, and will thus only run named
on systems where this has been explicitly configured. This DOS attack
has to do with zone transfers, and will therefore only be possible from
the servers configured slaves.
The modutils part is just to reassure that Trustix Secure Linux comes
with modutils version 2.1.121, which should not be susceptible to the
attacks seen in later versions.
Get the packages from:
Trustix Security Advisor
- Trustix Security Advisory - bind and openssh (and modutils) TSL Team (Nov 16)