|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 01 Mar 2001 18:11:19
To : All
Subject : URL: http://lwn.net/2001/0301/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
Vulnerability Reporting: Bugs in the bug reporting process (CORE-SDI).
[15]Volume 3, Issue 3 of Insight a newsletter from The Internet
Security Conference, contains a column by Ivan Arce, Founder and
Chairman of the Board of CORE-SDI, which discusses the problems in the
current ad-hoc process for reporting security vulnerabilities. The
column uses a detailed list of the steps possibly involved in a given
security report, then outlines many of the ways in which that process
can break down. Near the end, he recommends a simplified set of
guidelines:
The guidelines: A feeble attempt at improving the process
(1) Vulnerability reporting costs money: Keep it simple and
everybody wins.
All the involved parties (discoverer, proxy, vendor, trusted third
party, user) must invest a certain amount of effort to fix bugs.
All parties have finite resources and therefore it costs them
money. Streamlining the process and addressing the problems in a
responsible and timely fashion reduces the efforts for all parties.
(2) Communication is key.
The best way to streamline the process and ensure cooperation is to
maintain every party informed of what is going on. When that fails,
unilateral actions take place that could put all at risk.
(3) Minimize harm.
Conduct all activities bearing in mind that the end goal is to
improve the overall security and minimize the harm to all parties.
Although this sounds obvious, the ultimate goal can be obscured
during the process, evaluate your actions accordingly.
Extend the benefit of doubt, do not impute motives.
From here, though, he goes on to end with a recommendation to
"formalize and implement a vulnerability reporting process". That
opens many cans of worms, in terms of who is involved in "formalizing"
such a process and, once formalized, what are the penalties for
non-conformance? The "who" is mentioned at the beginning of the
article, which was inspired by discussions at SafeNet2000, an
invitation-only gathering sponsored by Microsoft that was held last
December. Apparently as a result of that gathering, work to formalize
the process is already underway. Neither the sponsor nor the
invitation-only nature of that gathering recommend it to us.
The article does a good job of showing why the ideal process of
reporting vulnerabilities will always be impacted by reality
(insufficient resources, poor vendor response, multiple discoverers,
active exploits, etc.), in short, why a formalized process will always
tend to break down. Add to that the danger of allowing a closed
(invitation-only) group to define, implement and potentially enforce a
formal process and it seems like we might end up exchanging one set of
problems for a less-appealing set.
Starting and ending with the simple guidelines suggested seems like a
better idea.
WEP: No weapon against hackers (ZDNet). You might assume that [16]this
latest ZDNet article on WEP was also talking about the cryptographic
issues with WEP, which have been mentioned in the last couple of
weeks. You'd be wrong. Instead, it looks at the issue of keeping
trespassers off of your wireless LAN. "Controlling access to wireless
networks is an increasingly difficult challenge for network
administrators. Unlimited access means that anyone with a wireless
network card could gain access to the network. On the other hand,
highly restricted access negates the benefits of going wireless and
annoys the users."
More SSH articles. For those still with stamina to handle more
editorial coverage of the SSH trademark issue, C|Net's Robert Lemos
has written an article entitled, "[17]Ssh! Don't use that trademark".
"'Regardless of its origins, the word has become the generic
description for this type of software,' said Michael Bednarek, an
intellectual property attorney at Washington, D.C.-based law firm Shaw
Pittman. 'As far as I can tell, there is no other name for it.'"
Security Reports
Security hole in Java may expose servers (News.com).
Sun has issued a warning that [18]a bug in Java Runtime Environments
for multiple platforms, including Linux, may allow an attacker to run
harmful programs on a server, though client systems running browsers
should be unaffected.
Linux-Mandrake security advisory for CUPS.
Linux-Mandrake has issues a [19]security advisory for the CUPS
printing packages. An internal audit found buffer overflow and
temporary file creation problems. It is highly recommended that all
Linux-Mandrake users upgrade to this new version of CUPS.
sudo buffer overflow.
A buffer overflow in Sudo, apparently discovered [20]by Chris Wilson,
has been fixed in the [21]just-released sudo 1.6.3p6.
* [22]Slackware
* [23]Trustix
* [24]Conectiva
* [25]Linux-Mandrake
* [26]Debian
* [27]Immunix
Zope security update.
Digital Creations has released [28]a security update to Zope (all
versions up to 2.3b1) fixing a security vulnerability in how ZClasses
are handled. An upgrade is recommended.
* [29]Red Hat
* [30]Linux-Mandrake
elm alternate folder buffer overflow.
A [31]buffer overflow in elm 2.5 PL3 was demonstrated this week. It
can be exploited by passing a long string in via the "-f" option. No
patch or updated version has yet been reported. Check BugTraq ID
[32]2403 for more details.
PHP-Nuke magic quotes vulnerability.
A [33]new vulnerability in PHP-Nuke was reported this week which can
allow any user to execute commands with the privileges of the PHP-Nuke
administrator. This occurs because magic_quotes_gpc is expected to be
enabled; if it is disabled, then information continues to be read even
after a NULL character is seen. An upgrade to PHP-Nuke 4.4.1 will fix
the problem. Note, however, that any PHP script that expects Magic
Quotes to be enabled could have this same problem. Here is a
[34]recommended tip to prevent such problems.
joe file handling vulnerability.
The configuration file for the joe editor, .joerc, is read first from
the current directory, if available, making it possible to [35]trick
users into executing commands if they edit/open a file in a directory
with a malicious .joerc file installed. No workaround/vendor solution
has been posted yet, though theoretically a patch should be fairly
easy to implement, by removing the check for the configuration file in
the local directory and restricting the file to the user's home
directory or the appropriate system directory.
An [36]informal report indicates that FreeBSD and NetBSD are
vulnerable to this, but that OpenBSD is not. No Linux-specific reports
have been posted.
Slackware IMAP exploit. A short note in the slackware-current
changelog commented that [37]all previous versions of imapd (which is
installed by default for Slackware distributions) had a remote exploit
problem. This was slightly puzzling to us, since we hadn't heard of a
new imapd vulnerability and Slackware [38]issued an update for imapd
in November that fixed the most recent vulnerability that we knew of.
Wednesday, though, an update to the Slackware Changelog cleared up the
confusion:
Tue Feb 27 15:31:05 PST 2001
n1/imapd.tgz: No, the package wasn't changed. But, there's an
update regarding the supposed imapd overflow. It was reported to us
that an exploit existed for the version of imapd previously used by
Slackware, but after obtaining a copy of the exploit from this
site: http://packetstorm.securify.com/0102-exploits/imapd_exploit.c
...we found it to be completely ineffective. Still, it never hurts
to keep daemons that provide network services as up-to-date as
possible, so if you're running imapd you should consider upgrading.
web scripts.
The following cgi-bin scripts were reported to contain
vulnerabilities:
* [39]Mailnews.cgi is reported to contain a user-supplied input
vulnerability, which can be exploited to remotely execute
arbitrary shell commands. No patch or vendor response has been
reported so far.
* [40]Adlibrary.pm, a perl-based package from Adcycle.com, is
reported to contain a vulnerability that can be exploited remotely
to execute arbitrary commands. This is due to insufficient
screening of user input. No patch or vendor response has been
reported so far.
Commercial products.
The following commercial products were reported to contain
vulnerabilities:
* [41]Marconi ASX-1000, a commercial ATM switch, is reported to
contain a vulnerability that can be used to disable remote
administration of the device (until it is power-cycled). No patch
or vendor response has been reported so far.
* [42]Cisco IOS Software contains an SNMP Read-Write ILMI Community
String vulnerability, which might make the device using the
software vulnerable to a denial-of-service attack. Cisco is
offering free updates to fix the problem.
* A second [43]Cisco IOS Software vulnerability report details
multiple vulnerabilities related to the unexpected creation and
exposure of SNMP community strings. They can be exploited to
permit unauthorized viewing or modification of devices. Specific
workarounds are provided, along with a table of related updates.
* [44]Chili!Soft responded to several recently discussed
vulnerabilities in Chili!Soft ASP. In some cases, workarounds are
offered; in others, it is promised that they will be addressed in
the next release.
* Shortly after the above Chili!Soft note was posted, Jim Sander
responded with yet an additional vulnerability, in which the
[45]Chili!Soft ASP license file, installed by default as a
world-readable and writable file, can be removed by any user,
causing the Chili!soft services to stop functioning.
* [46]The APC web/snmp management card, available as an option for
some APC products (power management), contains a potential
denial-of-service attack via a telnet connection to the card. APC
has responded by recommending that the APC product should be
firewalled to protect it from connections from outside the local
area network.
* The [47]Netscape Collabra Server has been reported to be
vulnerable to a denial-of-service attack via malicious packets
sent to the 119, 5238, 5239 and 20749 ports. Filtering those ports
is recommended; no vendor response has been seen so far.
Updates
Analog buffer overflow.
An exploitable buffer overflow in analog was reported in the
[48]February 22nd LWN Security Summary. Version 4.16 contains a fix
for the problem, which affects all earlier versions.
This week's updates:
* [49]Red Hat
Multiple vulnerabilities in bind 8.2.2 and bind 4.
Check the [50]February 1st LWN Security Summary for the initial
reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4
fixes are also available, but an upgrade to bind 8 or even bind 9 is
generally considered a preferable approach.
This week's updates:
* [51]Turbolinux
Previous updates:
* [52]Caldera Systems (February 1st)
* [53]Conectiva (February 1st)
* [54]Debian (February 1st)
* [55]Linux-Mandrake (February 1st)
* [56]Immunix (February 1st)
* [57]Red Hat (February 1st)
* [58]Slackware (February 1st)
* [59]SuSE (February 1st)
* [60]Trustix (February 1st)
* [61]Yellow Dog Linux (February 1st)
* [62]LinuxPPC (February 8th)
* [63]FreeBSD (February 8th)
* [64]Cobalt bind 8.2.3 (for the RaQ2 only) (February 8th)
* [65]Cobalt bind 4 (for the Qube1, RaQ1 and Qube2) (February 8th)
* [66]NetBSD (February 15th)
Sendmail 8.11.2 security fixes.
Check the [67]January 4th LWN Security Summary for the announcement of
the release of sendmail 8.11.2. It includes fixes for a number of
security issues found after 8.11.1 was released, including the
"sendmail -bt negative index bug" reported by Michal Zalewski in
October, 2000. Note that the exploitability of this bug was
questioned, but in any case, it has been fixed as of sendmail 8.11.2.
This week's updates:
* [68]Turbolinux
dump-0.4b15 local root access.
Check the [69]November 2nd LWN Security Summary for the original
report. This exploit only affects dump/restore if they are installed
setuid root. As of dump-0.4b18, dump and restore no longer require
setuid root. dump 0.4b20 was released in mid-November, 2000, with a
fix for this problem.
This week's updates:
* [70]Immunix
Previous updates:
* [71]Red Hat 5.x and 6.x (Red Hat 7.0 not vulnerable) (November
9th, 2000)
* [72]Linux-Mandrake (not vulnerable) (November 9th, 2000)
* [73]Trustix (November 9th, 2000)
* [74]Conectiva (not vulnerable) (November 9th, 2000)
* [75]Kondara (November 9th, 2000)
* [76]SuSE, not vulnerable (November 16th, 2000)
Format string vulnerabilities in PHP.
Check the [77]October 19th LWN Security Summary for the original
report. PHP 3.0.17 and 4.0.3 contain the fixes for these problems.
This week's updates:
* [78]Immunix
Previous updates:
* [79]Debian (October 19th, 2000)
* [80]Caldera (October 19th, 2000)
* [81]Linux-Mandrake (October 19th, 2000)
* [82]Conectiva (October 19th, 2000)
* [83]Red Hat (October 26th, 2000)
* [84]Immunix (October 26th, 2000)
* [85]FreeBSD (November 23rd, 2000)
* [86]Red Hat, Alpha packages added for RH7 (November 30th, 2000)
LPRng format string vulnerability.
Check the [87]September 28, 2000 LWN Security section for the first
report of format string vulnerabilities in LPRng and lpr.
This week's updates:
* [88]Immunix, lpr
Previous updates:
* [89]Turbolinux
* [90]Caldera, LPRng (September 28th)
* [91]Red Hat, LPRng (October 5th)
* [92]Red Hat, lpr (October 5th)
* [93]Immunix, lpr (October 5th)
* [94]Linux-Mandrake, lpr (October 12th)
* [95]Conectiva, lpr (October 12th)
* [96]SuSE, LPRng (not vulnerable) (October 12th)
* [97]Trustix, LPRng (October 12th)
Resources
OpenSSH 2.5.1p2. A new, minor update to the portable version of
OpenSSH 2.5.1p2 [98]has been announced. The new version primarily
contains bug-fixes, none of them specific to any security problem, but
the upgrade is still recommended, possibly in particular to its
bug-fixes for PAM failures seen on Linux (and Solaris) systems.
Events
Upcoming security events.
Date Event Location
March 3-6, 2001. [99]EICAR and Anti-Malware Conference Munich,
Germany.
March 26-29, 2001. [100]Distributed Object Computing Security Workshop
Annapolis, Maryland, USA.
March 27-28, 2001. [101]eSecurity Boston, MA, USA.
March 28-30, 2001. [102]CanSecWest/core01 Network Security Training
Conference Vancouver, British Columbia, Canada.
March 29, 2001. [103]Security of e-Finance and e-Commerce Forum Series
Manhattan, New York, USA.
March 30-April 1, 2001. [104]@LANta.CON Doraville, GA, USA.
April 6-8, 2001. [105]Rubi Con 2001 Detroit, MI, USA.
April 8-12, 2001. [106]RSA Conference 2001 San Francisco, CA, USA.
April 20-22, 2001. [107]First annual iC0N security conference
Cleveland, Ohio, USA.
April 22-25, 2001. [108]Techno-Security 2001 Myrtle Beach, SC, USA.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [109]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [110]lwn@lwn.net.
Section Editor: [111]Liz Coolbaugh
March 1, 2001
[112]Click Here
Secure Linux Projects [113]Bastille Linux
[114]Immunix
[115]Nexus
[116]SLinux [117]NSA Security-Enhanced
[118]Trustix
Security List Archives
[119]Bugtraq Archive
[120]Firewall Wizards Archive
[121]ISN Archive
Distribution-specific links
[122]Caldera Advisories
[123]Conectiva Updates
[124]Debian Alerts
[125]Kondara Advisories
[126]Esware Alerts
[127]LinuxPPC Security Updates
[128]Mandrake Updates
[129]Red Hat Errata
[130]SuSE Announcements
[131]Yellow Dog Errata
BSD-specific links
[132]BSDi
[133]FreeBSD
[134]NetBSD
[135]OpenBSD
Security mailing lists [136]Caldera
[137]Cobalt
[138]Conectiva
[139]Debian
[140]Esware
[141]FreeBSD
[142]Kondara
[143]LASER5
[144]Linux From Scratch
[145]Linux-Mandrake
[146]NetBSD
[147]OpenBSD
[148]Red Hat
[149]Slackware
[150]Stampede
[151]SuSE
[152]Trustix
[153]turboLinux
[154]Yellow Dog
Security Software Archives
[155]munitions
[156]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[157]CERT
[158]CIAC
[159]Comp Sec News Daily
[160]Crypto-GRAM
[161]LinuxLock.org
[162]Linux Security Audit Project
[163]LinuxSecurity.com
[164]OpenSSH
[165]OpenSEC
[166]Security Focus
[167]SecurityPortal
[168]Next: Kernel
[169]Eklektix, Inc. Linux powered! Copyright Л 2001 [170]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0301/
4. http://lwn.net/2001/0301/kernel.php3
5. http://lwn.net/2001/0301/dists.php3
6. http://lwn.net/2001/0301/desktop.php3
7. http://lwn.net/2001/0301/devel.php3
8. http://lwn.net/2001/0301/commerce.php3
9. http://lwn.net/2001/0301/press.php3
10. http://lwn.net/2001/0301/announce.php3
11. http://lwn.net/2001/0301/history.php3
12. http://lwn.net/2001/0301/letters.php3
13. http://lwn.net/2001/0301/bigpage.php3
14. http://lwn.net/2001/0222/security.php3
15. http://tisc.corecom.com/newsletters/33.html
16. http://www.zdnet.com/enterprise/stories/main/0,10228,2689916,00.html
17. http://news.cnet.com/news/0-1003-201-4933417-0.html
18. http://news.cnet.com/news/0-1003-201-4917560-0.html
19. http://lwn.net/2001/0301/a/lm-MDKSA-2001-023.php3
20. http://lwn.net/2001/0301/a/sec-sudo-credit.php3
21. http://lwn.net/2001/0301/a/sec-sudo.php3
22. http://lwn.net/2001/0301/a/sl-sudo.php3
23. http://lwn.net/2001/0301/a/trustix-sudo.php3
24. http://lwn.net/2001/0301/a/conectiva-sudo.php3
25. http://lwn.net/2001/0301/a/lm-sudo.php3
26. http://lwn.net/2001/0301/a/debian-sudo.php3
27. http://lwn.net/2001/0301/a/immunix-sudo.php3
28. http://lwn.net/2001/0301/a/zope-zclasses.php3
29. http://lwn.net/2001/0301/a/rh-2001-021-06.php3
30. http://lwn.net/2001/0301/a/lm-zope.php3
31. http://lwn.net/2001/0301/a/elmoverflow.php3
32. http://www.securityfocus.com/bid/2403
33. http://lwn.net/2001/0301/a/phpnuke2.php3
34. http://lwn.net/2001/0301/a/phptip.php3
35. http://lwn.net/2001/0301/a/sec-joe.php3
36. http://lwn.net/2001/0301/a/sec-joe-bsd.php3
37. http://lwn.net/2001/0301/a/sl-imapd.php3
38. http://lwn.net/2000/1123/security.php3#pine
39. http://www.securityfocus.com/bid/2391
40. http://www.securityfocus.com/bid/2393
41. http://www.securityfocus.com/bid/2400
42. http://lwn.net/2001/0301/a/cisco-ilmi.php3
43. http://lwn.net/2001/0301/a/cisco-snmp.php3
44. http://lwn.net/2001/0301/a/chilisoft.php3
45. http://lwn.net/2001/0301/a/chilisoftlicense.php3
46. http://lwn.net/2001/0301/a/apc.php3
47. http://lwn.net/2001/0301/a/netsc-collabra.php3
48. http://lwn.net/2001/0222/security.php3#web
49. http://lwn.net/2001/0301/a/rh-analog.php3
50. http://lwn.net/2001/0201/security.php3
51. http://lwn.net/2001/0301/a/tl-bind.php3
52. http://lwn.net/2001/0201/a/cald-bind.php3
53. http://lwn.net/2001/0201/a/con-bind.php3
54. http://lwn.net/2001/0201/a/deb-bind.php3
55. http://lwn.net/2001/0201/a/lm-bind.php3
56. http://lwn.net/2001/0201/a/immunix-bind.php3
57. http://lwn.net/2001/0201/a/rh-bind.php3
58. http://lwn.net/2001/0201/a/sl-bind.php3
59. http://lwn.net/2001/0201/a/su-bind.php3
60. http://lwn.net/2001/0201/a/trustix-bind.php3
61. http://lwn.net/2001/0201/a/yd-bind.php3
62. http://linuxppc.org/security/advisories/LPPCSA-2001-003-1.php3
63. http://lwn.net/2001/0208/a/fb-bind-01-18.php3
64. http://lwn.net/2001/0208/a/cbraq-bind.php3
65. http://lwn.net/2001/0208/a/cbqube-bind.php3
66. http://lwn.net/2001/0215/a/nb-bind.php3
67. http://lwn.net/2001/0104/security.php3#sendmail
68. http://lwn.net/2001/0301/a/tl-sendmail.php3
69. http://lwn.net/2000/1102/security.php3#dump
70. http://lwn.net/2001/0301/a/im-phpdumplpr.php3
71. http://lwn.net/2000/1109/a/sec-rh-dump-upd.php3
72. http://lwn.net/2000/1109/a/sec-lm-dump.php3
73. http://lwn.net/2000/1109/a/sec-trustix-dump.php3
74. http://lwn.net/2000/1109/a/sec-conectiva-dump.php3
75. http://lwn.net/2000/1109/a/sec-kondara-dump.php3
76. http://lwn.net/2000/1116/a/sec-suse-misc.php3
77. http://lwn.net/2000/1019/security.php3#php
78. http://lwn.net/2001/0301/a/im-phpdumplpr.php3
79. http://lwn.net/2000/1019/a/deb-php3.php3
80. http://lwn.net/2000/1019/a/cs-php3.php3
81. http://lwn.net/2000/1019/a/lm-php3.php3
82. http://lwn.net/2000/1019/a/con-php3.php3
83. http://lwn.net/2000/1026/a/rh-apache.php3
84. http://lwn.net/2000/1026/a/sec-im-apache.php3
85. http://lwn.net/2000/1123/a/sec-freebsd-mod_php.php3
86. http://lwn.net/2000/1130/a/sec-rh-apache.php3
87. http://lwn.net/2000/0928/security.php3#lprng
88. http://lwn.net/2001/0301/a/im-phpdumplpr.php3
89. http://lwn.net/2001/0301/a/tl-lprng.php3
90. http://lwn.net/2000/0928/a/sec-lprng.php3
91. http://lwn.net/2000/1005/a/sec-lprng-rh.php3
92. http://lwn.net/2000/1005/a/sec-lpr-rh.php3
93. http://lwn.net/2000/1005/a/sec-lpr-immunix.php3
94. http://lwn.net/2000/1012/a/sec-lpr-mandrake.php3
95. http://lwn.net/2000/1012/a/sec-lpr-conectiva.php3
96. http://lwn.net/2000/1012/a/su-lprng.php3
97. http://lwn.net/2000/1012/a/tr-threefixes.php3
98. http://lwn.net/2001/0301/a/openssh2.5.1p2.php3
99. http://conference.eicar.org/
100. http://www.omg.org/news/meetings/docsec2001/
101. http://www.intmedgrp.com/security/sec01bs/overview.html
102. http://www.dursec.com/conference.html
103. http://www.ists.dartmouth.edu/iria/events/ebizforum.html
104. http://www.atlantacon.org/
105. http://www.rubi-con.org/
106. http://www.rsasecurity.com/conference/rsa2001/index2.html
107. http://lwn.net/2001/0208/a/iC0N.php3
108. http://www.techsec.com/html/Conferences.html
109. http://securityfocus.com/calendar
110. mailto:lwn@lwn.net
111. mailto:lwn@lwn.net
112. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
113. http://bastille-linux.sourceforge.net/
114. http://www.immunix.org/
115. http://Nexus-Project.net/
116. http://www.slinux.org/
117. http://www.nsa.gov/selinux/
118. http://www.trustix.com/
119. http://www.securityfocus.com/bugtraq/archive/
120. http://www.nfr.net/firewall-wizards/
121. http://www.jammed.com/Lists/ISN/
122. http://www.calderasystems.com/support/security/
123. http://www.conectiva.com.br/atualizacoes/
124. http://www.debian.org/security/
125. http://www.kondara.org/errata/k12-security.html
126. http://www.esware.com/actualizaciones.html
127. http://linuxppc.org/security/advisories/
128. http://www.linux-mandrake.com/en/fupdates.php3
129. http://www.redhat.com/support/errata/index.html
130. http://www.suse.de/security/index.html
131. http://www.yellowdoglinux.com/resources/errata.shtml
132. http://www.BSDI.COM/services/support/patches/
133. http://www.freebsd.org/security/security.html
134. http://www.NetBSD.ORG/Security/
135. http://www.openbsd.org/security.html
136. http://www.calderasystems.com/support/forums/announce.html
137. http://www.cobalt.com/support/resources/usergroups.html
138. http://distro.conectiva.com.br/atualizacoes/
139. http://www.debian.org/MailingLists/subscribe
140. http://www.esware.com/lista_correo.html
141. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
142. http://www.kondara.org/mailinglist.html.en
143. http://l5web.laser5.co.jp/ml/ml.html
144. http://www.linuxfromscratch.org/services/mailinglistinfo.php
145. http://www.linux-mandrake.com/en/flists.php3
146. http://www.netbsd.org/MailingLists/
147. http://www.openbsd.org/mail.html
148. http://www.redhat.com/mailing-lists/
149. http://www.slackware.com/lists/
150. http://www.stampede.org/mailinglists.php3
151. http://www.suse.com/en/support/mailinglists/index.html
152. http://www.trustix.net/support/
153. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
154. http://lists.yellowdoglinux.com/ydl_updates.shtml
155. http://munitions.vipul.net/
156. http://www.zedz.net/
157. http://www.cert.org/nav/alerts.html
158. http://ciac.llnl.gov/ciac/
159. http://www.MountainWave.com/
160. http://www.counterpane.com/crypto-gram.html
161. http://linuxlock.org/
162. http://lsap.org/
163. http://linuxsecurity.com/
164. http://www.openssh.com/
165. http://www.opensec.net/
166. http://www.securityfocus.com/
167. http://www.securityportal.com/
168. http://lwn.net/2001/0301/kernel.php3
169. http://www.eklektix.com/
170. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0301/security.php3 |
Sergey Lentsov |
01 Mar 2001 18:11:19 |
|
|
