David G. Andersen Consulting

We make these security advisories available to assist system administrators, security personnel, and vendors in securing their systems. The information contained herein is Copyright 1997-1999 David G. Andersen, but may be freely distributed as long as the contents of the advisories are not changed.

Security Advisories
KDE root compromise


The K Desktop Environment (KDE) provides an integrated graphical desktop environment for UNIX workstations. As a part of this environment, it supplies its own PPP implementation (kppp) and its own screen locking environment (klock), both of which are installed setuid root. Both of these programs have numerous security vulnerabilities which can expose the computer to a root compromise by a local user.
ICMP Address Mask Replies


Several host platforms improperly reply to ICMP address mask requests (ICMP_MASKREQ, type 17) in violation of RFC1122. The information leaked by these hosts can be used to gather topological information about unknown networks.
Livingston Telnet DOS


Livingston Enterprises routers and terminal servers running ComOS versions prior to 3.7 are vulnerable to a remote denial of service attack if an intruder has access to the telnet port.

[search] [top] [research] [personal] [consulting] [utah rep]
Last updated: Fri Oct 18 14:03:00 GMT 2002

Bulk mailers and marketers: I do not accept unsolicited email, telephone calls or junk mail. Do not attempt to send me spam.
email: dga - at - pobox dot com.