On Wed, 26 Nov 1997 Eric Augustus ([EMAIL PROTECTED]) posted a message
on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP
connections from any host. As you know, this can be used to get a
login screen on any host and therefore get around access control
mechanisms like tcpwrapper
> >While testing IIS security, I was able to locate an old flaw which is
> >still present in many server services on Win32. The problem deals
> >with a compatibility issue with the old Win16/DOS file naming system
> >known as the 8.3 naming system.
>
> One well-known workaround for this issue
Sorry for that earlier exchange today. I thought I was pointing
out the fact that an exploit has been available in the underground
for a vulnerability whose details have been kept away from the
public and that this is an example as to why security through
obscurity does not work. Obviously Russ th
On Wed, Aug 18, 1999 at 06:09:23PM -0400, Russ wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> >Well it seems some people still believe in security through
> >obscurity. Three weeks after the vulnerability was announced
> >the people with the knowledge of the details have not
> >disclosed further
-BEGIN PGP SIGNED MESSAGE-
>Well it seems some people still believe in security through
>obscurity. Three weeks after the vulnerability was announced
>the people with the knowledge of the details have not
>disclosed further information (hi Russ).
Hi Elias. Why did you release this today?
Well it seems some people still believe in security through obscurity.
Three weeks after the vulnerability was announced the people
with the knowledge of the details have not disclosed further
information (hi Russ).
Now that same people are asking whether the information should
be disclosed at al
Aleph One <[EMAIL PROTECTED]> writes:
> We have received reports that the version of xmonisdn as distributed
> in the isndutils package from Debian GNU/Linux 2.1 has a security
> problem.
Note that other Linux distributions may be affected as well.
The makefile that comes with the (rather outdat
hi,
there is a really stupid bug in w3-msql cgi-bin developped
by Hughes Technology: http://www.Hughes.com.au
This bug is a bit old but seams to be always actual in the
last release of this software: mini-sql v 2.0.10.1
It's very simple to exploit the flaw; An intruder is able to
look at ever
On Fri, 13 Aug 1999, Jerry Carlin wrote:
> Has anyone hacked to run on Solaris 2.6:
Yeah, I did. Works at least with 2.6 and 2.7 sparc.
Attached is the patch to a clean bass-1.0.7.
This patch also includes David Luyer's (<[EMAIL PROTECTED]>) patch.
I also "ported" bass to run on FreeBSD (3.2 a
Description:
A vulnerbility exists in BSDi 4.0.1 Symmetric Multiprocessing
(SMP). During high CPU usage it is possible to cause BSDi 4.0.1
(possibly others but untested) with all current patches to stop
responding and 'lock up' when a call to fstat is made.
Repr
Hendrik Scholz <[EMAIL PROTECTED]> writes:
>The inetd.conf starts the identd with the options -w -t120 -e.
>This means that one identd process waits 120 seconds after
>answering the first request to answer later request.
>Lets say we start 100 requests in a short period.
>Due to the fact that it
11 matches
Mail list logo
