Loading ...
Sorry, an error occurred while loading the content.

Bug Patches - Assorted

Expand Messages
  • Donny Mark Ramdathsingh
    Cisco Catalyst 5000 Series 802.1x vulnerability According to an alert from Cisco: When an 802.1x frame is received by an affected Catalyst 5000 series switch
    Message 1 of 1 , Apr 30, 2001
    • 0 Attachment
      Cisco Catalyst 5000 Series 802.1x vulnerability

      According to an alert from Cisco: When an 802.1x frame is
      received by an affected Catalyst 5000 series switch on a
      Spanning Tree Protocol blocked port, it is forwarded in that
      virtual LAN instead of being dropped. This causes a
      performance-impacting 802.1x frames network storm in that part
      of the network, which is made up of the affected Catalyst 5000
      series switches. This network storm only subsides when the
      source of the 802.1x frames is removed or one of the
      workarounds in the workaround section is applied. This
      vulnerability can be exploited to produce a denial-of-service
      (DoS) attack. For more information:
      http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml


      Linux kernel updates available

      A number of vendors have released Version 2.2.19 of the Linux
      kernel to fix numerous holes in previous releases. Users can
      download the appropriate patches from:
      Linux-Mandrake:
      http://www.linux-mandrake.com/en/ftp.php3

      Debian:
      http://www.debian.org/security/2001/dsa-047

      Red Hat:
      http://www.redhat.com/support/errata/RHSA-2001-047.html




      FreeBSD patches FTP vulnerability

      The much-publicized FTP "globbing" vulnerability has been
      patched in FreeBSD's implementation of FTP. The glob() function
      contains a buffer overflow that could allow a user to gain root
      privileges. Patches can be downloaded from:

      FreeBSD 4.x:
      ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch
      ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch.asc




      Versions of Netscape Navigator prior to 4.77 contain a flaw
      that could allow a remote user to glean history, configuration
      and other information from the Netscape client. Some of the
      information could contain usernames and passwords. Version 4.77
      fixes the problem. Download the appropriate version at:
      Red Hat:
      http://www.redhat.com/support/errata/RHSA-2001-046.html


      Samba vulnerability patched

      The smbclient and samba programs have been found to use .tmp
      files incorrectly. A local user could exploit this
      vulnerability to overwrite files they would not normally have
      access to. Users can download the appropriate patches from:
      Samba:

      The 2.0.8 release is available at
      ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz

      The patch is available at:
      ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz

      The 2.2.0 release is available at:
      ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
    Your message has been successfully submitted and would be delivered to recipients shortly.