More repro reports etc:
From: Stephen Oberther <[EMAIL PROTECTED]>
Hmmm..it doesn't have the same affect on our machine. i386 with Debian
2.2 running a home compiled BIND-9.1.0 Must be something in the
configuration of the NetBSD package.
On Tue, Feb 06, 2001 at 05:00:07PM -0500,
Mark Krenz <[EMAIL PROTECTED]> rambled:
> Affected systems:
>
> I tested and confirmed this problem on a RedHat Linux 6.2 machine
> running RedHat SecureWebServer 3.2.1, which is basically Apache 1.3.9
> with mod_ssl. I am unable to test this o
===
Summary
===
Three issues with the ProFTPD FTP server have been reported to BUGTRAQ in
the past month. These issues have been addressed by the ProFTPD core team.
The following vulnerabilities are addressed in this advisory:
1. "SIZE memory leak"
http://www.securityfocus.com/archiv
#!/usr/local/bin/perl -w
# getcycle.pl
# (Copyright) Robert A. Lacroix, Feb. 6, 2001; Winnipeg, Canada
# This algorithm efficiently solves problems of the form 2^x = aN + 1,
# using O(log N) storage and O(log N)(log N) time.
# I am reinventing the wheel, or is it "Goodbye, RSA?"
# Input restricti
Forwarded from a reader who wishes to remain anonymous:
--
I just tried nmap O -sT -p 53 on a Cobalt RAQ running Linux 2.0.34 for MIPS,
stock out of the box RAQ rented from a colo vendor, with 9.1.0 compiled
on that machine, and nameservice stopped responding.
At the same time I was testing NMAP against BIND-9.1.0 it seems I wacked
my snmpd too (that was with 'nmap -O -sT proven'). The last thing it
uttered was:
Feb 6 13:28:18 proven ucd-snmp[285]: [smux_accept] accepted fd 11 - errno 0
That's from NET-SNMP 4.1.2 built from NetBSD's pkgsrc/net/ucd-s
Hmmm... I tried that little 'nmap -O -sT proven' trick, i.e. against my
development machine on which I run BIND-9.1.0, and what do you know but
named drops out almost immediately with a SIGBUS:
Feb 6 13:28:19 proven /netbsd: named: pid 14653 [eid 32771:40, rid 32771:40] sent
signal 6: was set-
Security hole in ChiliSoft ASP for Linux.
Overview:
ASP (Active Server Pages) are a technology initially developed by
Microsoft to tackle the "dynamic content on the web" problem. Chili!Soft
is a company that has released a piece of software called Chili!Soft ASP
that makes ASP functionality
>Those look really funny, anyone know the what algorythm is used, i >suppose
>it's the standard db2 function, but haven't tried that yet.
.. because of the column type this is just a hexadecimal representation ..
you can easily convert it to char ...
> > 3) "Password-Reminders"
>Actually these
On Tue, 6 Feb 2001 [EMAIL PROTECTED] wrote:
> Vulnerability in AOLserver
>
> Overview
>
> AOLserver v3.2 is a web server available from http://www.aolserver.com.
> A vulnerability exists which allows a remote user user to break out of the
> web root using relative paths (ie: '...').
>
> D
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated XEmacs packages available for Red Hat Powertools 6.2
Advisory ID: RHSA-2001:011-03
Issue date:2001-02-02
Updated on:200
On Tue, 6 Feb 2001, Emil Popov wrote:
Any thoughts, fixes, ideas??
The best way is to add 0 to the order_rn before using it. if the
operation passes, the input was an int. If it failed, then it wasnt and
something funky was attempted. This is obviously only going to prevent
munging of intege
Vulnerability in AOLserver
Overview
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
Details
AOLServer checks the requested virtual path for
hi,
the format issue of man seems harmless.
the bug lies inhere
/* XXX */
if (!display (NULL, argv[optind], NULL,
basename(argv[optind]))) {
error (0, errno, argv[optind]);
This appears to not be as big a problem as it might have seemed, based
on the original report.
---
From: Jonas Thambert <[EMAIL PROTECTED]>
I wasnt able to replicate this error on a
fully patched RH 7.0 with BIND 9.1.0.
---
Georgi Guninski security advisory #37, 2001
Windows client UDP exhaustion denial of service
Systems affected:
Windows 2000 Prof, Windows 98 probably other Windowses
Risk: Low
Date: 6 February 2001
Legal Notice:
This Advisory is Copyright (c) 2001 Georgi Guninski. You may distribute it unmodifi
> exploit:
>
>
> a few examples:
>
> 1) "HowTo find Administrator Accounts"
>
+http://shophost.com/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=9+union+select+s
+hlogid+as+mestname,0+from+shopper+where+shshtyp+%3d+'A';
>
> 2) "Passwords(crypted)"
>
+http://shophost.com/cgi-bin/nc
Megyer Ur wrote:
> /usr/bin/man is a simple binary, without any suid bit, BUT
> /usr/lib/man-db/man is suid man, and it's vulnerable to man -l
> attack. So anyone can get man uid by exploiting it.
>
> So we can overwrite the /usr/lib/man-db/man binary with any stuff we
> want, and when some user
Martin Schulze <[EMAIL PROTECTED]> writes:
> Please tell me what you gain from this. man does not run setuid root/man
> but only setgid man.
Debian man-db is setuid (not setgid) man[1] in the latest stable and unstable
incarnations.
Getting uid man is not immediate death, but bad enough. Bug 8
19 matches
Mail list logo