See also: last week's Security page.

Security

If you are running a pool of HP print servers, be aware that a legitimate SNMP packet can crash HP 5M and 5N printers. The problem has been reported to HP and a response is expected once HP has a fix available.

Navindra Umanee reported this problem with sshd, fearing its use to forge mail and potentially allow root access. In subsequent conversations on Bugtraq, Seth Schoen and "der Mouse" pointed out that the root access fear was unfounded, because sshd uses unprivileged ports. They did agree that the bug in sshd still needs to be fixed.

Chris Wilson discovered a vulnerability in pine which can allow users to bypass site policies and run arbitrary commands. This is a problem for sites that issue "pine-only" accounts. The problem was reported to the Pine authors and a new version, 4.03, released. If you have a site that runs pine with restricted policies, you will want to upgrade immediately.

Sunworld has provided an article reviewing the SANS SHADOW Intrusion detection software. The review is extremely favorable. Source-available and freely distributable, SHADOW uses information gathered by tcpdump (or snoop, for SunOS/Solaris). Here is a full description of SHADOW from SANS (System Administration and Network Security).

Bernd Eckenfels and "others" have posted The Freefire Bulletin #3 to comp.security.unix. This edition has comments and information on Ethereal, SAINT, g2s, smtpd/smtpfwdd and the SINUS Firewall Mailing List. The Freefire Bulletin #1 and The Freefire Bulletin #2 are also available.

Next: Kernel