|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 12 Apr 2001 17:11:22
To : All
Subject : URL: http://lwn.net/2001/0412/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
Adore those kernel modules. It seems highly likely the name of the
Adore worm was chosen partially because it provides opportunity for so
many humorous headlines and off-hand comments. However, there are a
couple of points about the Adore worm that did not come to light
before we published last week. The most important point is that the
Adore worm, unlike the Ramen and Lion worms of which it was considered
to be a variant, is the first worm to [15]use a loadable Linux kernel
module to hide its tracks.
We've been discussing the security impact of loadable kernel modules
for some time. For example, in June of 2000, when a loadable kernel
module (capcheck) was released in order to close a security
vulnerability in the kernel (the 2.2 capability bug). This fix
demonstrated the scope of loadable kernel modules, making it pretty
much inevitable that rootkits such as [16]Knark and now the Adore worm
would make use of them on behalf of attackers.
Further back than that, though, we also discussed how the ability to
load kernel modules could be disabled on a running system, by removing
CAP_SYS_MODULE from the capability bounding set (see the [17]December
2nd, 1999 Kernel Page) for instructions and caveats). Although root
has the ability to remove capabilities, only init has the ability to
add them. This means that loadable kernel modules can be used
initially, when your system is booted, but then they can be disabled,
preventing root kits like Knark and worms like Adore from using
loadable kernel modules to cover their tracks.
This was considered something that only the most security-conscious
sites would be interested in back in 1999. Nowadays, it is a
configuration option that may want to be seriously considered by Linux
distributors, particularly those that are marketing themselves as
secure by default.
Cybercrime Treaty. A commentary on the [18]International Treaty on
Cybercrime from a lawyer's perspective marvels at the lack of
attention paid to this bill, which could have enormous implications in
terms of requiring law enforcement agencies, phone companies, ISPs and
more to comply with evidence orders from nations all around the world.
"One moment, an Internet provider might be turning over all Bulgarian
folk songs on its system to an investigator. The next moment, it might
be searching for e-mail traffic between customers in Latvia and the
Ukraine".
Federal Computer Incident Response Center contracts out. The Federal
Computer Incident Response Center is currently supported by a contract
with [19]CERT. According to [20]this report, that will soon change.
Day-to-day operations will, instead, be performed by Science
Applications International Corp. ([21]SAIC) and its partner Global
Integrity Information Security. "The two companies proved their
effectiveness during the 'ILOVEYOU' e-mail virus from the Philippines
in May 2000. They were able to inform their customer, the Financial
Services Information Sharing and Analysis Center, about the virus and
how to counteract it hours before even the Defense Department could
spread the word to the United States".
PGP Security's NAI Labs Partner With NSA. NAI Labs, a division of PGP
Security, announced [22]they are joining with the National Security
Agency (NSA) and its other partners to further develop the NSA's
Security-Enhanced Linux (SELinux) prototype. The $1.2 million deal
will be paid over the life of the two-year contract, and the work will
focus on research and development to improve the security of
open-source operating system platforms
Security Reports
ntp remotely exploitable static buffer overflow.
An exploit for a static buffer overflow in the Network Time Protocol
(ntp) was published on April 4th. This exploit can allow a remote
attacker to crash the ntp daemon and possibly execute arbitrary
commands on the host. Patches and new packages to fix this problem
came out quickly. It is recommended that you upgrade your ntp package
immediately. If you cannot, disabling the service until you can is a
good idea. For more details and links to related posts, check BugTraq
ID [23]2540.
This week's updates:
* [24]Caldera
* [25]Conectiva
* [26]Debian
* [27]Debian, original patch to ntp introduced a potential
denial-of-service problem, fixed in new updates to ntp.
* [28]Engarde
* [29]Immunix
* [30]Linux-Mandrake
* [31]NetBSD
* [32]Progeny
* [33]Red Hat
* [34]Slackware
* [35]SuSE
* [36]Trustix
Netscape 4.76 GIF comment vulnerability.
Florian Wesch discovered that Netscape 4.76 would display the comment
attached to a GIF file, but does not filter the displayed comment in
any manner, allowing embedded javascript in a comment to be directly
executed. This is apparently fixed as of Netscape 4.77, which is
available for download from ftp.netscape.com.
* [37]Red Hat
IP Filter fragment caching vulnerability.
IP Filter is a TCP/IP packet filter used in FreeBSD, NetBSD and
OpenBSD. Darren Reed reported a [38]serious vulnerability in IPFilter
in which fragment caching can be used to pass through any packet,
essentially destroying the function of the firewall. When matching
fragments, only the source IP address, destination IP address and IP
identification number are checked before the fragment cache is used.
This is done before any rules are checked.
[39]IP Filter 3.4.17 has been released with a fix for the problem.
Check BugTraq ID [40]2545 for additional details.
Multiple FTP daemon globbing vulnerability.
The FTP daemons used on BSD (and other Unix) systems have been
reported vulnerable to [41]multiple buffer overflows in glob()
function. Check the related [42]CERT advisory for more details.
* [43]NetBSD
web scripts.
The following web scripts were reported to contain vulnerabilities:
* [44]talkback.cgi, a cgi script from [45]Way to the Web, is
reported to contain a file disclosure vulnerability that can be
used to view any file on the host. An [46]updated version of the
script has been released.
* The perl script [47]nph-maillist.pl, part of a web-based email
list generator, does not filter input sufficiently and can be used
to execute arbitrary commands. An exploit has been published; no
vendor response so far.
* [48]Ultimate Bulletin Board (UBB) Version 5.47e, an older and
currently supported version of UBB, has been reported to be
vulnerable to a password bypass vulnerability in its forum. This
can allow an attacker to gain access to any message on the forum,
regardless of membership privilege or password requirements. An
upgrade to Ultimate Bulletin Board 6.01 should to fix the problem.
Commercial products.
The following commercial products were reported to contain
vulnerabilities:
* Multiple vulnerabilities have been reported in [49]Alcatel
ADSL-Ethernet bridge devices, the most serious of which include
both a cryptographic challenge back-door and the ability to
remotely load new firmware, potentially including firmware
containing sniffers or other attack software. No workaround or fix
has been reported so far, nor any vendor response. Check the
related [50]CERT advisory for more details. Here is another
[51]related posting.
* The [52]Caucho Technology Resin webserver is reported to contain a
JavaBean disclosure vulnerability. Resin is a commercial product
released under a Developer Source license, meaning that, although
development use is free, a license is required to deploy a product
that includes or is developed with Resin. This vulnerability
allows read access to any known JavaBean file residing on a host
running Resin. No fix for this has yet been reported.
* Cisco has reported that their [53]Content Services (CSS) switch,
also known as Arrowpoint, in older releases contains a security
vulnerability that can allow a non-privileged user to escalate
their privilege level. Free software upgrades are offered to
resolve the problem.
* The [54]Watchguard Firebox II has been reported vulnerable to a
denial-of-service attack when subject to bursts of specific
malformed packets. The vendor has released an update.
* The [55]BinTec X4000 Router is reported to be vulnerable to a
denial-of-service vulnerability because a SYN portscan will cause
a lockup. Workarounds for the problem have been posted and include
feedback from Bintec.
* A denial-of-service vulnerability has been reported in the [56]PIX
Firewall 5.1. Cisco is working on the problem, but having
difficulties recreating it.
Updates
ptrace/execve/procfs race condition in the Linux kernel 2.2.18.
Exploits were released the week of [57]March 29th for a
[58]ptrace/execve/procfs race condition in the Linux kernel 2.2.18. As
a result, an upgrade to Linux 2.2.19 is recommended.
Last week, Alan Cox put up the [59]Linux 2.2.19 release notes, finally
giving the specifics on all the security-related fixes in 2.2.19 (all
thirteen of them!) and giving credit to the [60]Openwall project and
Chris Evans, for the majority of the third-party testing and auditing
work that turned up these bugs. Fixes for the same bugs have also been
ported forward into the 2.4.X kernel series.
This week's updates:
* [61]Trustix
* [62]Progeny
* [63]Progeny, advisory updated due to error in update instructions.
Previous updates:
* [64]Immunix (March 29th)
* [65]Linux 2.2.19 release notes
* [66]Caldera, 2.2.19 security fixes (April 5th) backported to
2.2.10 and 2.2.14, the kernels used in various Caldera products
VIM statusline Text-Embedded Command Execution Vulnerability.
A security problem was reported in VIM [67]last week where VIM codes
could be maliciously embedded in files and then executed in
vim-enhanced or vim-X11. Check BugTraq ID [68]2510 for more details.
This week's updates:
* [69]SuSE
* [70]Caldera
Previous updates:
* [71]Red Hat (March 29th)
* [72]Linux-Mandrake (March 29th)
* [73]Immunix (April 5th)
mailx buffer overflow.
Check the [74]March 15th LWN Security Summary for the original report.
The buffer overflow is only exploitable if the program is shipped
setgid mail.
This week's updates:
* [75]Progeny, setgid bit removed
Previous updates:
* [76]Debian, setgid bit removed
mc binary execution vulnerability.
Check the [77]March 8th LWN Security Summary or [78]BugTraq ID 2016
for more details.
This week's updates:
* [79]SuSE
Previous updates:
* [80]Debian (March 8th)
* [81]Slackware (changelog, 2001/3/10)
joe file handling vulnerability.
Check the [82]March 1st LWN Security Summary for the initial report.
This week's updates:
* [83]Slackware (from the Changelog, updated April 10th)
Previous updates:
* [84]Red Hat (March 8th)
* [85]Immunix (March 8th)
* [86]Linux-Mandrake (March 8th)
* [87]Debian (March 15th)
* [88]SuSE (March 29th)
Multiple vulnerabilities in splitvt.
Multiple vulnerabilities were reported in splitvt in the [89]January
18th LWN Security Summary, including several buffer overflows and a
format string vulnerability. An upgrade to splitvt 1.6.5 should
resolve the problems.
This week's updates:
* [90]Slackware (from the Changelog, updated April 10th)
Previous updates:
* [91]Debian (January 25th)
* [92]Debian, updated advisory due to package mixup (January 25th)
pico symbolic link vulnerability.
Check the [93]December 14th, 2000 LWN Security Summary for the initial
report of this problem. Note that this has also been reported as a
[94]pine vulnerability, but the vulnerable component is still pico,
not pine. Check BugTraq ID [95]2097 for more details.
This is the first distribution update we've seen for this
four-month-old vulnerability.
This week's update:
* [96]Red Hat
Resources
Trustix Secure Linux 1.4.80. Trustix has [97]announced the release of
Trustix Secure Linux 1.4.80, a beta release toward the 1.5 stable
version. It is nicknamed "Ooops," and is incompatible with 1.2 in a
number of ways; read the announcement closely.
Lion Internet Worm Analysis. Max Vision has posted [98]his analysis of
the Lion worm and the three variants of it that have been identified
so far. (Thanks to Jose Nazario).
Security Focus announces Malware Repository. Security Focus announced
this week that they will be maintaining [99]a repository of malware
samples in order to make such software readily available for analysis.
"Initially, the page will contain samples for Ramen, Lion, and Adore,
plus anything else that comes out between now and then. We will be
maintaining copies of new items from now on, and will not be making an
attempt to go back in time to get a complete collection, unless
someone wants to volunteer a personal collection".
Bastille Linux 1.2.0rc1. Bastille Linux has [100]version 1.2.0rc1, the
first release candidate for their upcoming 1.2.0 release. This version
is considered stable enough for use on production systems.
Detecting Loadable Kernel Modules (LKM). Toby Miller has posted a
paper on [101]detecting loadable kernel modules. It goes over the
basics of loadable kernel modules, /lib/modules, conf.modules and
kstat.
Linux Security Module mailing list. Crispin Cowan has announced a new
mailing list called [102]linux-security-module. "The charter is to
design, implement, and maintain suitable enhancements to the LKM to
support a reasonable set of security enhancement packages. The
prototypical module to be produced would be to port the POSIX Privs
code out of the kernel and make it a module. An essential part of this
project will be that the resulting work is acceptable for the mainline
Linux kernel"
Events
Upcoming Security Events.
Date Event Location
April 12, 2001 [103]RSA Conference 2001 San Francisco, CA, USA
April 17 - 18, 2001 [104]E-Security Conference New York City, NY, USA
April 20 - 22, 2001 [105]First annual iC0N security conference
Cleveland, Ohio, USA
April 22 - 25, 2001 [106]Techno-Security 2001 Myrtle Beach, SC, USA
April 24 - 26, 2001 [107]Infosecurity Europe 2001 London, Britain, UK
May 13 - 16, 2001 [108]2001 IEEE Symposium on Security Oakland, CA,
USA
May 13 - 16, 2001 [109]CHES 2001 Paris, France
May 29, 2001 [110]Security of Mobile Multiagent Systems(SEMAS-2001)
Montreal, Canada
May 31 - June 1, 2001 [111]The first European Electronic Signatures
Summit London, England, UK
June 1 - 3, 2001 [112]Summercon 2001 Amsterdam, Netherlands
June 4 - 8, 2001 [113]TISC 2001 Los Angeles, CA, USA
June 5 - 6, 2001 [114]2nd Annual IEEE Systems, Man, and Cybernetics
Information Assurance Workshop United States Military Academy,
Westpoint, New York, USA
June 11 - 12, 2001 [115]7th Annual Information Security Conference:
Securing the Infocosm: Security, Privacy and Risk Orlando, FL, USA.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [116]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [117]lwn@lwn.net.
Section Editor: [118]Liz Coolbaugh
April 12, 2001
[119]Click Here
Secured Distributions:
[120]Engarde Secure Linux
[121]Immunix
[122]Nexus
[123]SLinux [124]NSA Security Enhanced
[125]Trustix
Security List Archives
[126]Bugtraq Archive
[127]Firewall Wizards Archive
[128]ISN Archive
Distribution-specific links
[129]Caldera Advisories
[130]Conectiva Updates
[131]Debian Alerts
[132]Kondara Advisories
[133]Esware Alerts
[134]LinuxPPC Security Updates
[135]Mandrake Updates
[136]Red Hat Errata
[137]SuSE Announcements
[138]Yellow Dog Errata
BSD-specific links
[139]BSDi
[140]FreeBSD
[141]NetBSD
[142]OpenBSD
Security mailing lists [143]Caldera
[144]Cobalt
[145]Conectiva
[146]Debian
[147]Esware
[148]FreeBSD
[149]Kondara
[150]LASER5
[151]Linux From Scratch
[152]Linux-Mandrake
[153]NetBSD
[154]OpenBSD
[155]Red Hat
[156]Slackware
[157]Stampede
[158]SuSE
[159]Trustix
[160]turboLinux
[161]Yellow Dog
Security Software Archives
[162]munitions
[163]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[164]CERT
[165]CIAC
[166]Comp Sec News Daily
[167]Crypto-GRAM
[168]LinuxLock.org
[169]Linux Security Audit Project
[170]LinuxSecurity.com
[171]OpenSSH
[172]OpenSEC
[173]Security Focus
[174]SecurityPortal
[175]Next: Kernel
[176]Eklektix, Inc. Linux powered! Copyright Л 2001 [177]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
Visible links
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0412/
4. http://lwn.net/2001/0412/kernel.php3
5. http://lwn.net/2001/0412/dists.php3
6. http://lwn.net/2001/0412/desktop.php3
7. http://lwn.net/2001/0412/devel.php3
8. http://lwn.net/2001/0412/commerce.php3
9. http://lwn.net/2001/0412/press.php3
10. http://lwn.net/2001/0412/announce.php3
11. http://lwn.net/2001/0412/history.php3
12. http://lwn.net/2001/0412/letters.php3
13. http://lwn.net/2001/0412/bigpage.php3
14. http://lwn.net/2001/0405/security.php3
15. http://lwn.net/2001/0412/a/adoremodule.php3
16.
http://www.securityfocus.com/templates/forum_message.html?forum=2&head=4871&id=4
871
17. http://lwn.net/1999/1202/kernel.php3
18. http://www.law.com/cgi-bin/nwlink.cgi?ACG=ZZZD3WRL5LC
19. http://www.cert.org/
20. http://www.fcw.com/fcw/articles/2001/0402/web-saic-04-05-01.asp
21. http://www.saic.com/
22.
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/04-09-200
1/0001464825&EDATE=
23. http://www.securityfocus.com/bid/2540
24. http://lwn.net/2001/0412/a/cald-ntpd.php3
25. http://lwn.net/2001/0412/a/con-xntp.php3
26. http://lwn.net/2001/0412/a/deb-ntp.php3
27. http://lwn.net/2001/0412/a/db-ntp-2.php3
28. http://lwn.net/2001/0412/a/engarde-xntp.php3
29. http://lwn.net/2001/0412/a/im-ntp-xntp3.php3
30. http://lwn.net/2001/0412/a/lm-ntp-xntp3.php3
31. http://lwn.net/2001/0412/a/nb-ntp.php3
32. http://lwn.net/2001/0412/a/progeny-ntpd.php3
33. http://lwn.net/2001/0412/a/rh-xntp.php3
34. http://lwn.net/2001/0412/a/sl-xntp.php3
35. http://lwn.net/2001/0412/a/suse-xntp.php3
36. http://lwn.net/2001/0412/a/trustix-xntp.php3
37. http://lwn.net/2001/0412/a/rh-netscape.php3
38. http://lwn.net/2001/0412/a/ipfilter.php3
39. http://freshmeat.net/releases/45473/
40. http://www.securityfocus.com/bid/2545
41. http://lwn.net/2001/0412/a/ftpglob.php3
42. http://lwn.net/2001/0412/a/cert-ftpglob.php3
43. http://lwn.net/2001/0412/a/nb-ftp.php3
44. http://lwn.net/2001/0412/a/talkback.php3
45. http://www.waytotheweb.com/webscripts/talkback.htm
46. http://www.waytotheweb.com/webscripts/talkback.htm
47. http://lwn.net/2001/0412/a/nphmaillist.php3
48. http://www.securityfocus.com/bid/2546
49. http://lwn.net/2001/0412/a/alcatel.php3
50. http://lwn.net/2001/0412/a/cert-alcatel.php3
51. http://lwn.net/2001/0412/a/alcatel2.php3
52. http://www.securityfocus.com/bid/2533
53. http://lwn.net/2001/0412/a/cisco-arrowpoint.php3
54. http://lwn.net/2001/0412/a/watchguarddos.php3
55. http://lwn.net/2001/0412/a/bintec2.php3
56.
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%
26tid%3D175489%26fromthread%3D0%26threads%3D1%26start%3D2001-04-08%26end%3D2001-
04-14%26
57. http://lwn.net/2001/0329/security.php3#kernelptrace
58.
http://securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26ti
d%3D172196%26fromthread%3D0%26threads%3D1%26start%3D2001-03-25%26end%3D2001-03-3
1%26
59. http://www.linux.org.uk/VERSION/relnotes.2219.html
60. http://www.openwall.com/
61. http://lwn.net/2001/0412/a/trustix-kernel.php3
62. http://lwn.net/2001/0412/a/progeny-ptrace.php3
63. http://lwn.net/2001/0412/a/progeny-ptrace2.php3
64. http://lwn.net/2001/0329/a/im-kernel.php3
65. http://www.linux.org.uk/VERSION/relnotes.2219.html
66. http://lwn.net/2001/0405/a/caldera-backport.php3
67. http://lwn.net/2001/0329/security.php3#vim
68. http://www.securityfocus.com/bid/2510
69. http://lwn.net/2001/0412/a/suse-vim.php3
70. http://lwn.net/2001/0412/a/cald-vim.php3
71. http://lwn.net/2001/0329/a/rh-vim.php3
72. http://lwn.net/2001/0329/a/lm-vim.php3
73. http://lwn.net/2001/0405/a/im-vim.php3
74. http://lwn.net/2001/0315/security.php3#mailx
75. http://lwn.net/2001/0412/a/progeny-mailx.php3
76. http://lwn.net/2001/0412/a/deb-mailx.php3
77. http://lwn.net/2001/0308/security.php3#mc
78. http://www.securityfocus.com/bid/2016
79. http://lwn.net/2001/0412/a/suse-mc.php3
80. http://lwn.net/2001/0308/a/deb-mc.php3
81. http://www.slackware.com/changelog/current.php?cpu=i386
82. http://lwn.net/2001/0301/security.php3#joe2
83. ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt
84. http://lwn.net/2001/0308/a/rh-joe.php3
85. http://lwn.net/2001/0308/a/imm-joe.php3
86. http://lwn.net/2001/0308/a/lm-joe.php3
87. http://lwn.net/2001/0315/a/deb-joe-20010309.php3
88. http://lwn.net/2001/0329/a/suse-joe.php3
89. http://lwn.net/2001/0118/security.php3#splitvt
90. ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt
91. http://lwn.net/2001/0125/a/deb-splitvt.php3
92. http://lwn.net/2001/0125/a/deb-DSA-014-2.php3
93. http://lwn.net/2000/1214/security.php3#pico
94. http://www.securityfocus.com/archive/1/150150
95. http://www.securityfocus.com/bid/2097
96. http://lwn.net/2001/0412/a/rh-pine.php3
97. http://lwn.net/2001/0412/a/trustix-oops.php3
98. http://whitehats.com/library/worms/lion/
99. http://lwn.net/2001/0412/a/malware.php3
100. http://freshmeat.net/releases/45074/
101. http://members.prestige.net/tmiller12/papers/lkm.htm
102. http://lwn.net/2001/0412/a/linux-security-module.php3
103. http://www.rsasecurity.com/conference/rsa2001/index2.html
104. http://www.esecurityexpo.com/mainmenu.asp
105. http://lwn.net/2001/0208/a/iC0N.php3
106. http://www.techsec.com/html/Conferences.html
107. http://www.infosec.co.uk/page.cfm
108. http://www.ieee-security.org/TC/sp2001.html
109. http://www.ece.wpi.edu/Research/crypt/ches/start.html
110. http://www.dfki.de/~kuf/semas/
111.
http://www.iqpc.com/cgi-bin/templates/98485262029583740234300003/genevent.html?e
vent=1525&topic=
112. http://www.summercon.org/announcements/
113. http://www.tisc2001.com/
114. http://www.itoc.usma.edu/Workshop/2001/Workshop2001.htm
115.
http://www.gartner.com/IndexHomePage.jsp?landPage=/2_events/conferences_briefing
s/conferences/sec7.jsp
116. http://securityfocus.com/calendar
117. mailto:lwn@lwn.net
118. mailto:lwn@lwn.net
119. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
120. http://www.engardelinux.org/
121. http://www.immunix.org/
122. http://Nexus-Project.net/
123. http://www.slinux.org/
124. http://www.nsa.gov/selinux/
125. http://www.trustix.com/
126. http://www.securityfocus.com/bugtraq/archive/
127. http://www.nfr.net/firewall-wizards/
128. http://www.jammed.com/Lists/ISN/
129. http://www.calderasystems.com/support/security/
130. http://www.conectiva.com.br/atualizacoes/
131. http://www.debian.org/security/
132. http://www.kondara.org/errata/k12-security.html
133. http://www.esware.com/actualizaciones.html
134. http://linuxppc.org/security/advisories/
135. http://www.linux-mandrake.com/en/fupdates.php3
136. http://www.redhat.com/support/errata/index.html
137. http://www.suse.de/security/index.html
138. http://www.yellowdoglinux.com/resources/errata.shtml
139. http://www.BSDI.COM/services/support/patches/
140. http://www.freebsd.org/security/security.html
141. http://www.NetBSD.ORG/Security/
142. http://www.openbsd.org/security.html
143. http://www.calderasystems.com/support/forums/announce.html
144. http://www.cobalt.com/support/resources/usergroups.html
145. http://distro.conectiva.com.br/atualizacoes/
146. http://www.debian.org/MailingLists/subscribe
147. http://www.esware.com/lista_correo.html
148. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
149. http://www.kondara.org/mailinglist.html.en
150. http://l5web.laser5.co.jp/ml/ml.html
151. http://www.linuxfromscratch.org/services/mailinglistinfo.php
152. http://www.linux-mandrake.com/en/flists.php3
153. http://www.netbsd.org/MailingLists/
154. http://www.openbsd.org/mail.html
155. http://www.redhat.com/mailing-lists/
156. http://www.slackware.com/lists/
157. http://www.stampede.org/mailinglists.php3
158. http://www.suse.com/en/support/mailinglists/index.html
159. http://www.trustix.net/support/
160. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
161. http://lists.yellowdoglinux.com/ydl_updates.shtml
162. http://munitions.vipul.net/
163. http://www.zedz.net/
164. http://www.cert.org/nav/alerts.html
165. http://ciac.llnl.gov/ciac/
166. http://www.MountainWave.com/
167. http://www.counterpane.com/crypto-gram.html
168. http://linuxlock.org/
169. http://lsap.org/
170. http://linuxsecurity.com/
171. http://www.openssh.com/
172. http://www.opensec.net/
173. http://www.securityfocus.com/
174. http://www.securityportal.com/
175. http://lwn.net/2001/0412/kernel.php3
176. http://www.eklektix.com/
177. http://www.eklektix.com/
Hidden links:
178. http://lwn.net/2000/0622/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0412/security.php3 |
Sergey Lentsov |
12 Apr 2001 17:11:22 |
|
|
