- Forwarded message from [EMAIL PROTECTED] -
I'm pleased to announce that new version of INN is now available for general
consumption.
ftp://ftp.isc.org/isc/inn/inn-2.2.1.tar.gz
with MD5 checksum and PGP signature in the same directory. There is a patch
from 2.2 to 2.2.1
On Tue, 24 Aug 1999, Ben Pfaff wrote:
[ Debian uses a program called `mktemp' to create temporary files in
[ shell scripts. Other distributions might well adopt this or a similar
[ solution. An excerpt from its manpage is enclosed below.
RedHat includes a mktemp too, its a package by itself.
Red Hat has recently released a Security Advisory (RHSA-1999:030-01)
covering a reverse denial of service bug in the vixie cron package.
As user you could restart sendmail even if the host should not receive
mail through the SMTP port.
Further investigation discovered that it was even worse.
7. Problem description:
Also, it was possible to use specially formatted 'MAILTO'
environment variables to send commands to sendmail.
FWIW, this was fixed in FreeBSD in early 1995 by Andrey Chernov
in response to a similar hole in atrun(8) hole that I reported.
On Wed, 25 Aug 1999, Michael K. Johnson wrote:
Let's make sure we understand this correctly:
#!/bin/sh
/lib/ld-linux.so.2 "$@"
is roughly equivalent to:
#!/bin/sh
file=$1
shift
cp $file /tmp
/tmp/$file "$@"
rm /tmp/$file
No, it isn't equivalent. Noone said /tmp is mounted with exec
Microsoft didn't release a working* patch against the IGMP headers attack
yet. It usually takes them a couple of months to release a patch against a
DoS attack.
I personally don't like the idea that even the dumbest script kiddie in
the world could DoS me when I use Windows to connect to the
Hi!
If you want to disable this fast on your ProFTPD,
just add:
PathAllowFilter ".*/[A-Za-z0-9]+-$"
Greetz.
--
Krzysztof Anton, [EMAIL PROTECTED]
http://www.powernet.pl/~kloss
GSM/SMS: +48-601-276972
IRC: Mr_Kloss
"In Cyberspace No One Can Hear Your Scream..."
On Wed, 25 Aug 1999, Michael K. Johnson wrote:
To change this behaviour in the way Michal wants would require that
all console-switching activity be controlled only by root. This would
have a detrimental effect on security, because it would increase the
number of setuid applications on the
Okay, I haven't seen any interesting observations yet as to the value of
this exploit or the potential damage it contains. This exploit allows for
the OVERWRITING of any application you choose, WITHOUT the system objecting.
I haven't tested it against anything specific yet, except for a trial run
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
/*
* babcia padlina ltd. (poland, 17/08/99)
*
* your ultimate proftpd pre0-3 exploiting toolkit
*
* based on:
* - adm-wuftpd by duke
* - kombajn do czereni by Lam3rZ (thx for shellcode!)
*
* thx and greetz.
*/
#include
[EMAIL PROTECTED] wrote:
Stack Shield is a new tool that add protection form "stack
smashing" attacks at compile time without changing a line of
code.
The home page is http://www.angelfire.com/sk/stackshield
It is still in beta.
The home page say "Stack Shield uses a more secure protection
11 matches
Mail list logo