Stack Shield is a new tool that add protection form "stack
smashing" attacks at compile time without changing a line of
code.
The home page is http://www.angelfire.com/sk/stackshield
It is still in beta.
Microsoft have now confirmed the problem:
-
From: Sunil Gopal
To: Roy Hills <[EMAIL PROTECTED]>
Subject: RE: NT 4.0 SP4 predictable initial TCP sequence numbers
Date: Tue, 24 Aug 1999 04:20:56 -0700
Hi Roy,
Sorry about the silence...
Though the TCP seque
> default some distributions of Linux like RedHat come with X
> configured to allow everyone in the outside world access to
> your X-server.
Red Hat comes set up using xauth off gdm/xdm and with host authentication
enabled and the xhosts table blank. If you have a xhost * somewhere I dont
think
-BEGIN PGP SIGNED MESSAGE-
WU-FTPD Security Update
The WU-FTPD Development Group has been informed there is a vulnerability in
some versions of wu-ftpd.
This vulnerability may allow local & remote users to gain root privileges.
Exploit information involving th
{Sorry if this is known... Aleph, feel free to discard this message.}
I've been looking for a M$ *w98* patch for these DoS bugs and I've
found nothing. I visited M$ web, used the site' search engine (tried
keywords like "kod", "igmp", etc), viewed w98 support section,
security bulletins, ... wit
Is it just me, or does the lack of real information in
this advisory and the apparent disconnect between the
description of the vulnerability and the patch annoy
anyone else?
Is there someone who can give details on what this
attack is? It sounds, from the fix, like it is the SSL
handshake bug t
Debian Security Advisory [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 26, 1999
-
On Wed, Aug 25, 1999 at 04:08:36PM -0400, X-Force wrote:
> Internet Security Systems (ISS) X-Force has discovered a vulnerability in
> the Netscape Enterprise Server and Netscape FastTrack Server. Netscape
> produces web servers and web browsers for individuals, small workgroups, and
> business pr
[Disclaimer: I didn't discover this... I'm just responding to it]
I took a look at the code today. It's the same problem that bit the
Linux mount daemon (I'm so glad I'm not the only stupid person on this
planet). It uses a logging function that happily sprintf's to a fixed
length string on the
The server gets to say, in the WWW-Authenticate challenge header field, for
which "realm" it wants credentials (name+password). If both www.company.com
and www.company.com:81 send the same realm, then the same password will
continue to work.
This behavior is as spec'd for HTTP Authentication, RFC
FYI
Patches mentioned by Darren Moffat for the Solaris 7 LC_MESSAGES
exploit are apparently available. 106541-06 and 106793-03 are
in the 7_Recommended patchset, and 107972-01 is available
separately to contract customers.
On Wed, Aug 25, 1999 at 09:17:20PM -0400, Bill Nottingham wrote:
> A buffer overflow exists in crond, the cron daemon. This
> could allow local users to gain privilege.
FYI, Caldera OpenLinux isn't vulnerable to this.
This problem was first discovered two years ago by someone at Debian.
Olaf
--
Comments within.
Erik Fichtner wrote:
> Is this vulnerability in other versions of Enterprise server?
We tested the vulnerability against the current releases of Enterprise
and Fasttrack. Earlier versions may be vulnerable, but they were not
tested against.
> Does it exist on all platfo
On Sun, 22 Aug 1999, Alan Cox wrote:
> The problem with telnetd is that you can pass a terminal name that indicates
> 'use a local file'. Now the ncurses library then goes 'ok leading slash
> all well and good', Im not suid uid==euid, lets open it as root and read a
> few bytes. You can't do much
On Wed, 25 Aug 1999, Bill Nottingham wrote:
> To the best of our knowledge, no known exploits exist at this time.
>
> Also, it was possible to use specially formatted 'MAILTO' environment
> variables to send commands to sendmail.
Oh, something from scratch:
[lcamtuf@onehost lcamtuf]$ crontab -l
Hi !
Tim Jones wrote:
> Well alot of dial up tools do this put your password in *
> so you can let other people use your
> computer and dial up and they wont know what your password
> is..
Such usage is strongly discouraged. See below.
> But in kppp all you have to do to fix out whats UNDER t
--- Forwarded message follows ---
Priority: normal
Date sent: Thu, 26 Aug 1999 21:56:31 -0400
Send reply to: Pegasus Mail Announcments <[EMAIL PROTECTED]>
From: Andrew Morrow <[EMAIL PROTECTED]>
Subject:Virus Propagated
/*
*** libtermcap xterm exploit***
***by m0f0 1999 ***
*** ***
*** it works for xterm/nxterm ***
***
This looks like the BSD libc fts.c bug discussed here in May.
OpenBSD is not vulnerable to this since it does not follow symlinks
when dumping core. Also, I committed a fix in OpenBSD to the fts.c
bug (based on the bugtraq posting) shortly after it was found.
As a result find did not get a SEGV o
> Michal Zalewski writes:
> First of all, something less or more personal - sorry to all secure@...pl
> people for this post. I'm really angry, as this stuff become well-known
> without my knowledge... so, only a few of my own observations, always
> trying to respect other's intellectual
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
My self and Eric Stevens today worked on an idea that allowed this
vulnerability to be executed reliably in default installations on the
following operating systems.
[Tested]
Windows NT v4 Terminal Server (SP3)
Windows 98
[Background]
Url to o
Hi,
the bug's finally public.. patching time:
i've made rh 4.2, 5.0 and 6.0 rpms(and srpms) available on
http://teso.scene.at/wuftpd/
i've also corrected lcamtuf's patch not to add a / to
mapped_path everytime client tries to CWD after mapped_path
is too long(this is just for beauty and no secur
The tool "bull_check" at the URL
http://www-frec.bull.com/docs/download.htm#y2k
has been updated to check if any of these updates need to be installed on
your AIX-4 system.
-- Forwarded message --
Date: Thu, 19 Aug 1999 12:39:07 -0500
From: AIX Service Mail Server <[EMAIL
|>
|> wu-ftpd 2.5, VR and BeroFTPD
|>
*** ftpd.c Sun Jun 6 15:20:21 1999
--- ftpd_patched.c Sun Jun 6 15:15:03 1999
***
*** 1245,1251
/* append the dir part with a leading / unless at root */
if
> This would probably work on NT machines if in the code the path referenced
> pointed at the startup directory of an existing NT profile. Unfortunately
> it's impossible to guess the username of the currently logged on user, and
> if you go with something "safe" (i.e. relatively likely to exist)
Haven't seen my message neither Mandrake's confirmation on subject
"Mandrake 6.0 .Xauthority"
Please, post my last message with more detail or this message.
I hope I did not just siply miss the post...
I re-checked this, Mandrake confirmed.
Problem is missing /etc/X11/xdm/authdir/
when this
Michal Zalewski writes:
>
>vlock -a
>
>
>Compromise: locally, unlocking VCs switching under certain conditions
>
>When 'vlock -a' is called, console switching is completely disabled using
>ioctl() call on /dev/ttyX device. Under certain conditions, this
>protection can be fooled. L
Michal Zalewski writes:
>First of all - doing /lib/ld-linux.so.2 /program/on/noexec/partition is
>the simpliest way to bypass noexec option, if only you have glibc 2.0.x.
Let's make sure we understand this correctly:
#!/bin/sh
/lib/ld-linux.so.2 "$@"
is roughly equivalent to:
#!/bin/sh
file=$1
On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:
> I'm really angry
So am I.
Did you ever think of contacting Linux distribution maintainers before
making these things public, especially if they have as much impact
as a remotable hole in wu-ftpd?
I'm all for full disclosure inte
does anyone know if they have made a Solaris_x86 patch for this? they
have the patches openly available on http://technet.oracle.com, however
the only 'Solaris' patch there was unlabeled and turned out to be for
sun.
On Tue, 17 Aug 1999, Elias Levy wrote:
> Content-Type: text/plain; charset=us-
win2000 rc1 build 2072 ie5 doesnt work. ie5.0.2919.800
it reports
security problem and this active x control doesnt allow objects of type blah
blah blah
-Original Message-
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of
Micheal Patterson
Sent: August 23, 1999 2:03 AM
To: [EM
Tom,
I really don't have access to a copy of FP2000. If someone does, and would
like to test the exploit, I'd appreciate any feedback possible. I would
suspect that the overflow still exists, being that most/all MS products are of
little worth. One thing that would really help in the se
-
Red Hat, Inc. Security Advisory
Synopsis: Buffer overflow in cron daemon
Advisory ID:RHSA-1999:030-02
Issue date: 1999-08-25
Updated on: 1999-08-27
Keywords:
INN versions 2.2 and earlier have a buffer overflow-related security
condition in the inews program.
inews is a program used to inject new postings into the news system.
It is used by many news reading programs and scripts. The default
installation is with inews setgid to the news group and world
Sorry for the briefness of this email, time refraints prohibit me from
fully analysing the situation. Hopefully others will be able to give
results on other httpd servers and how they resond to these requests.
Recently, while looking into Httpd/CGI security, I noticed that the
httpd did not log c
> > The problem with telnetd is that you can pass a terminal name that indicates
> > 'use a local file'. Now the ncurses library then goes 'ok leading slash
> > all well and good', Im not suid uid==euid, lets open it as root and read a
> > few bytes. You can't do much with it - you can rewind the
Roy Hills wrote:
>
> As many people will be aware, the Microsoft TCP/IP stack for NT 4.0 up to and
> including SP3 used a simple "one-per-millisecond" increment for the initial TCP
> sequence number. This was changed in SP4 to make the initial sequence number
> generation less predictable. Howev
> From: Przemyslaw Frasunek <[EMAIL PROTECTED]>
> Subject: FreeBSD (and other BSDs?) local root explot
> fix:
>- limit root's coredump size
>- patch libc
For those who did not read bugtraq closely: the patch is available
at http://sonet.crimea.ua/fts_patch/fts_patch
and it was poste
38 matches
Mail list logo
