Jochen Bauer wrote:
On Wed, 26 Nov 1997 Eric Augustus ([EMAIL PROTECTED]) posted a message
on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP
connections from any host. As you know, this can be used to get a
login screen on any host and therefore get around access control
On Mon, 16 Aug 1999, Danton Nunes wrote:
Hendrik says:
The inetd.conf starts the identd with the options -w -t120
-e.
This means that one identd process waits 120 seconds after
answering the first request to answer later request.
No. accordint to inetd's man page:
The
Just a reminder, there are workarounds to solve this.
Cut-n-pasted from the vulnerability listing:
MDAC 2.1 includes the JET 4.0 driver which is not affected by this
vulnerability. It is available for download at:
http://www.microsoft.com/data/download.htm
Also, Wanderley J. Abreu Jr. [EMAIL
I don't particularly agree with the NTBug traq philosophy myself, yet
Mr.BrootForce did not originally discover this. I received source on this
issue from my friend rain.forest.puppy the day after it was announced. He
of
course got it from Juan Carlos G. Cuartango, as they were discussing the
Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
(1.5 years later) shipped with this default Xaccess file. It is somehow
ironic that e.g. SuSE now uses tcpwrappers by default on most TCP
services in it's distribution and describes the use of tcpwrappers in
the manual in a
At 06:40 PM 8/17/99 +0100, Kenn Humborg wrote:
While testing IIS security, I was able to locate an old flaw which is
still present in many server services on Win32. The problem deals
with a compatibility issue with the old Win16/DOS file naming system
known as the 8.3 naming system.
On Thu, 19 Aug 1999, Tymm Twillman wrote:
And as Chris Evans pointed out on linux-security, libncurses on RedHat
is built with -DPURE_TERMINFO, which keeps it from using the buggy
buffer code in libtermcap.
...not quite true - we're able to cause at least several SEGVs in ncurses'
tgetent()