[jen@ettnet.se: sdtcm_convert]

Ehrm, I was really tired when I wrote the first message, ok..? :-) I did not only forgot to mention that the system was Solaris 2.6, but also made a small error.. The bug may be used to _create_ files that is owned by root, but writeable by your group, but not to overwrite any existing ones.

Bay Annex-Pri Privacy Issues

I was just wondering if anyone had noticed that in the SNMP MIB in the annex-pri models there is a table that has what appears to be dnis information or something. (I havent seen the mib definition so i dont know what it is exactly.) It is located at 1.3.6.1.4.1.15.2.16.1.1.1.2. I tried to get

profil(2) bug, a simple test program

This program will check to see if a given system has the profil(2) bug described in NetBSD Security Advisory 1999-011. If it prints `Counting!' then you've got it... At least one system (Solaris) appears to fix the security issue but doesn't turn off profiling unless the new image is owned by a

ISS Security Advisory: Denial of Service Attack Against Windows NT Terminal Server

-BEGIN PGP SIGNED MESSAGE- ISS Security Advisory August 9, 1999 Denial of Service Attack Against Windows NT Terminal Server Synopsis: The ISS X-Force has discovered a denial of service attack against Windows NT Server 4.0, Terminal Server Edition. This vulnerability allows a remote

Uploaded cfingerd 1.3.2-18.1 for Debian (security fix)

There was a discussion on BUGTRAQ about cfingerd (specially in Debian): - Forwarded message from Martin Schulze [EMAIL PROTECTED] - Resent-Date: 9 Aug 1999 17:12:59 - Resent-Cc: recipient list not shown: ; X-Envelope-Sender: [EMAIL PROTECTED] Date: Mon, 9 Aug 1999 19:12:10 +0200

Re: FW1 UDP Port 0 DoS

I would like to clarify some discrepancies with this initial email. ISAKMP encapsulation is the only one vulnerable to this attack. I would also like to point out that it will reboot a solaris machine when exploited. Malikai

Re: FlowPoint DSL router vulnerability

Brute force, as it is not likely you will know what the number is without physical access to the router. If you were to block telnet and snmp access to the router, then you probably would only have to worry about access via the console port. I think that FlowPoint's graphical admin tools use

Re: ISS Security Advisory: Denial of Service Attack Against Windows NT Terminal Server

One small clarification: At 11:51 AM 8/9/99 -0400, X-Force wrote: The ISS X-Force has discovered a denial of service attack against Windows NT Server 4.0, Terminal Server Edition. This vulnerability allows a remote attacker to quickly consume all available memory on a Windows NT Terminal

Re: user flags in public temp space (was Re: chflags() [heads up])

On Sat, 7 Aug 1999, Darren Reed wrote: In some mail from Tim Fletcher, sie said: I think I defeated myself in trying to explain the implementation I was trying to describe. For each user, when they login, a virtual /tmp is created and that is shared between all sessions that user

Re: sdtcm_convert

On Tue, Aug 10, 1999 at 04:48:20PM +0930, [EMAIL PROTECTED] wrote: On 9 Aug, Joel Eriksson wrote: snip If one of the following files does not exist and sdtcm_convert is SUID you are probably vulnerable (I say probably since I haven't tested exploiting the bug):

Possible Denial Of Service using DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I must admit that I have been really surprised seeing people's 'reaction' on this particular matter. We are used to see really good debates when something 'c00l' comes up to the scene... But this time, nothing: no code review, no debate about

Re: user flags in public temp space (was Re: chflags() [heads up

On Mon, 9 Aug 1999, Adam Morris wrote: The CMW machines (Compartmentalised Mode Workstation) has the concept of "multi level directories" These include such things as /tmp. When you are operating at level "Top Secret" you have what appears to be a different /tmp from when you are operating

New cfingerd 1.4.0 - Configurable Finger Daemon

After several years of development I'm happy to present a new version of the configurable finger daemon. The original author and former maintainer Ken Hollis has handed over development to me as stated before. So this release is authorized. I feel a need for this second posting because the new

Re: [Bugs] Fw: IRC: Exploit for a Bug in ircd2.10.x (qident)

Hi there, At 1:55 +0200 10-08-1999, Simon Coggins wrote: I'm sure your all on the list but just incase. - Original Message - From: [EMAIL PROTECTED] qident does not check sucessfully for spaces and characters as like *, ! and @. When using an ident as like "@o ! ! !", o would be

Re: FlowPoint DSL router vulnerability

At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote: It involves a bug that allows a password recovery feature to be utilized from the LAN or WAN instead of just the serial console port. Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will allow you to get access to the box to do

Re: [jen@ettnet.se: sdtcm_convert]

On Tue, Aug 10, 1999 at 10:36:13AM -0500, Topher Hughes wrote: at some point in time in the past either 1)netscape, 2) a patch or 3)me set the set-gid bit on the /usr/spool/calendar directory. this effectively stops it - the created files are all in the daemon group. *shrug* as soon as I

Microsoft Security Bulletin (MS99-028)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. Microsoft Security Bulletin (MS99-028)