Security Advisories Week: 30 May - 6 June 2002
by Berislav Kucan


Title: Buffer Overflow when parsing NFS traffic
Date: June 6 2002
Vendor: Conectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory: http://www.net-security.org/advisory.php?id=746
Problem description: There is a buffer overflow vulnerability in tcpdump when it is parsing NFS traffic. A remote attacker could exploit this to at least crash the tcpdump process.



Title: tcpdump AFS RPC and NFS packet vulnerabilities
Date: June 6 2002
Vendor: Caldera
Vulnerable systems: OpenLinux 3.1.1 Server prior to tcpdump-3.6.2-2.i386.rpm, OpenLinux 3.1.1 Workstation prior to tcpdump-3.6.2-2.i386.rpm, OpenLinux 3.1 Server prior to tcpdump-3.6.2-2.i386.rpm, OpenLinux 3.1 Workstation prior to tcpdump-3.6.2-2.i386.rpm
Full advisory: http://www.net-security.org/advisory.php?id=747
Problem description: The tcpdump program is vulnerable to several buffer overflows, the most serious of which are problems with the decoding of AFS RPCpackets and the handling of malformed NFS packets.



Title: Conectiva Linux Kernel update
Date: June 6 2002
Vendor: Conectiva
Vulnerable systems: 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0
Full advisory: http://www.net-security.org/advisory.php?id=748
Problem description: This announcement updates the kernel package and fixes zlib and lcall vulnerabilities.



Title: Remote denial of service attack in BIND
Date: June 6 2002
Vendor: SuSE
Vulnerable systems: SuSE Linux 7.0, 7.1, 7.2, 7.3, 8.0
Full advisory: http://www.net-security.org/advisory.php?id=749
Problem description: There is a bug in the BIND9 name server that is triggered when processing certain types of DNS replies.

Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Nov 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //