Ehrm, I was really tired when I wrote the first message, ok..? :-)
I did not only forgot to mention that the system was Solaris 2.6,
but also made a small error.. The bug may be used to _create_ files
that is owned by root, but writeable by your group, but not to
overwrite any existing ones.
I was just wondering if anyone had noticed that in the SNMP MIB in
the annex-pri models there is a table that has what appears to be
dnis information or something. (I havent seen the mib definition
so i dont know what it is exactly.)
It is located at 1.3.6.1.4.1.15.2.16.1.1.1.2.
I tried to get
This program will check to see if a given system has the profil(2) bug
described in NetBSD Security Advisory 1999-011. If it prints `Counting!'
then you've got it...
At least one system (Solaris) appears to fix the security issue but
doesn't turn off profiling unless the new image is owned by a
-BEGIN PGP SIGNED MESSAGE-
ISS Security Advisory
August 9, 1999
Denial of Service Attack Against Windows NT Terminal Server
Synopsis:
The ISS X-Force has discovered a denial of service attack against
Windows NT Server 4.0, Terminal Server Edition. This vulnerability
allows a remote
There was a discussion on BUGTRAQ about cfingerd (specially in Debian):
- Forwarded message from Martin Schulze [EMAIL PROTECTED] -
Resent-Date: 9 Aug 1999 17:12:59 -
Resent-Cc: recipient list not shown: ;
X-Envelope-Sender: [EMAIL PROTECTED]
Date: Mon, 9 Aug 1999 19:12:10 +0200
I would like to clarify some discrepancies with this initial email. ISAKMP
encapsulation is the only one vulnerable to this attack. I would also like
to point out that it will reboot a solaris machine when exploited.
Malikai
Brute force, as it is not likely you will know what the number is without
physical access to the router.
If you were to block telnet and snmp access to the router, then you
probably would only have to worry about access via the console port. I
think that FlowPoint's graphical admin tools use
One small clarification:
At 11:51 AM 8/9/99 -0400, X-Force wrote:
The ISS X-Force has discovered a denial of service attack against
Windows NT Server 4.0, Terminal Server Edition. This vulnerability
allows a remote attacker to quickly consume all available memory on a
Windows NT Terminal
On Sat, 7 Aug 1999, Darren Reed wrote:
In some mail from Tim Fletcher, sie said:
I think I defeated myself in trying to explain the implementation I was
trying to describe. For each user, when they login, a virtual /tmp is
created and that is shared between all sessions that user
On Tue, Aug 10, 1999 at 04:48:20PM +0930, [EMAIL PROTECTED] wrote:
On 9 Aug, Joel Eriksson wrote:
snip
If one of the following files does not exist and sdtcm_convert is SUID you
are probably vulnerable (I say probably since I haven't tested exploiting
the bug):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I must admit that I have been really surprised seeing people's
'reaction'
on this particular matter. We are used to see really good debates when
something 'c00l' comes up to the scene... But this time, nothing: no
code review, no debate about
On Mon, 9 Aug 1999, Adam Morris wrote:
The CMW machines (Compartmentalised Mode Workstation) has the
concept of "multi level directories" These include such things as
/tmp. When you are operating at level "Top Secret" you have what
appears to be a different /tmp from when you are operating
After several years of development I'm happy to present a new version
of the configurable finger daemon. The original author and former
maintainer Ken Hollis has handed over development to me as stated
before. So this release is authorized.
I feel a need for this second posting because the new
Hi there,
At 1:55 +0200 10-08-1999, Simon Coggins wrote:
I'm sure your all on the list but just incase.
- Original Message -
From: [EMAIL PROTECTED]
qident does not check sucessfully for spaces and characters
as like *, ! and @.
When using an ident as like "@o ! ! !", o would be
At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
It involves a bug that allows a password recovery feature to be utilized
from the LAN or WAN instead of just the serial console port.
Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
allow you to get access to the box to do
On Tue, Aug 10, 1999 at 10:36:13AM -0500, Topher Hughes wrote:
at some point in time in the past either 1)netscape, 2) a patch or 3)me
set the set-gid bit on the /usr/spool/calendar directory. this
effectively stops it - the created files are all in the daemon group.
*shrug* as soon as I
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
Microsoft Security Bulletin (MS99-028)
17 matches
Mail list logo