On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
+ log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
host '%.200s'.",
user, client_user, get_canonical_hostname());
I don't think this patch is a good idea. If a user accidentally
'Night all,
Should this not be fixed in copyout/copyin instead?
It probarly occurs at other places instead of sysctl as well.
Kind regards,
Joost Pol alias Nohican ([EMAIL PROTECTED])
:wq
On Sat, Feb 10, 2001 at 02:43:38PM -0800, Greg KH wrote:
On Sat, Feb 10, 2001 at 10:28:01AM +0100,
Summary
---
If the AppTrack feature is enabled, the default install of MicroFocus
Cobol 4.1 (Merant's commercial suite of cobol utilities) contains a
security hole which can lead to root compromise.
Specifics
-
In the default install, /var/mfaslmf is installed mode 777, and
On Sat, Feb, 2001, Florian Weimer wrote:
Chris Evans [EMAIL PROTECTED] writes:
There exists a Linux system call sysctl() which is used to query and
modify runtime system settings. Unprivileged users are permitted to query
the value of many of these settings.
The following trivial patch
The software Tiny Sheet, present in all versions of Palm Pilot, has a
function called IMPORT file.
Well when this function is use ALL FILES, including the hidden files
protetex with password, can be imported to a Sheet.
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
roberto@spike:~ mysql -ublaah (Note: 'blaah' obviously isn't a valid
username)
You seem to have a strange configuration of mysql. By
-- With the patch, the lifespan of the server key still does not go
below one minute. As mentioned in CORE SDI's advisory, the number
of server connections necessary to carry out the attack is
normally very large but "the number of connections given is for
the average case
Tatu Ylonen wrote:
It's real enough for most vendors to respond. I think you want
to make sure your servers have at least 1.2.30/2.4.0 or
openssh 2.3.0p1 at this point.
well, 1.2.30 does not contain a fix for this problem.
No, but the current version is ssh-2.4.0, which does not
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2001-001
=
Topic: Multiple BIND vulnerabilities
Version:All release versions of NetBSD, and NetBSD-current
Severity: Remote root execution of
Bug / DoS in LICQ (all versions) and Gnome-ICU (all versions)
The sending of a .rtf file/document (rich text file) to one of the versions
mentioned above will crash LICQ/Gnome-ICU on the target computer and it will
close itself down after that. The error is probable the problem that
Unix/Linux
Hi,
recent security problems in ssh protocol implementations require that
vulnerable ssh protocol servers be upgraded. As an administrator of a
large network, it can be difficult to efficiently determine which
implementations of the ssh protocols are running on a network.
To solve this
Name: "show files" Vulnerability with perl null bite bug.
Date: 28.01.2001
About: Way-board - is a popular korean board
(http://way.co.kr - official site).
Problem: Through this bug you can see any files, bug works
on every system were perl is installed. "%00" - means hex
symbol of the end of the
---UkR security team advisory #6
Vulnerability in Muscat Empower wich can print path to
DB-dir.
--
Name: Vulnerability in Muscat Empower wich can print path to
DB-dir.
Date: 03.02.2001
Problem: when the request invalid send to
=
Securax-SA-14 Security Advisory
belgian.networking.security Dutch
Name: Environment and Setup Variables can be Viewed through
webpage.cgi
Date: 28.01.2001
Problems:The script allows several environment variables to
be viewed by the attacker, who can gain useful information
on the site, making further attacks more feasible.
Analysis:webpage.cgi dumps useful
-=-=-=-=-=[ UkR security team - advisory n0. 7 ]=-=-=-=-=-
tdhttp transversal bug
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: 07.02.2001
Problem: possibility of arbitrary file retreival
and directory listing on remote host, running
tdhttp (http.c, probably all its versions).
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-029-1 [EMAIL PROTECTED]
http://www.debian.org/security/Michael Stone
February 11, 2001
-
Hi,
Due to this reply, i see no reason to delay this. No patch nor new version has
been released, for a quick fix, see below.
Regards,
Joao Gouveia
[EMAIL PROTECTED]
Francisco Burzi [EMAIL PROTECTED]
Joao Gouveia wrote:
Helo Francisco,
There is yet another security
Name: ROADS search system "show files" Vulnerability with
"null bite" bug
Date: 29.01.2001
About: The search.pl program is a Common Gateway Interface
(CGI) program used to provide an end user search front end
to ROADS databases. When accessed with no CGI query, the
program can return an HTML form
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
Hi,
MySql staff has been notified regarding this issues on 2001-01-26.
There still are some potential security flaws with MySql lastest stable
release.
Follows some tests i've made all with:
MySql v3.23.32
PHP v4.0.4pl1
Markus Friedl [EMAIL PROTECTED] writes:
[Logging user names harmful or not?]
While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out
---UkR security team advisory #8
HIS Auktion 1.62: "show files" vulnerability and remote
command execute.
--
Name: HIS Auktion 1.62: "show files" vulnurability.
Date: 11.02.2001
Author: UkR-XblP
About: script "HIS Auktion 1.62"
---UkR security team advisory #1
WebSPIRS CGI script "show files" Vulnerability.
--
Name: WebSPIRS CGI script "show files" Vulnerability.
Date: 27.01.2001
About: WebSPIRS is SilverPlatter's Information Retrieval
System for the
On Sat, Feb 10, 2001 at 03:08:11PM +0200, Tatu Ylonen wrote:
On Fri, 9 Feb 2001, Christophe Dupre wrote (on the [EMAIL PROTECTED] list):
I just read Razor's vulnerability advisory, as reported on slashdot.
Any truth to it, or is it another wannabe ?
I suppose you are referring to this one:
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-030-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
February 12, 2001
-
While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out of sync, e.g. I
have never seen a user enter
$ ssh -l mypasswd host
On Sun, 11 Feb 2001, Markus Friedl wrote:
On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
+ log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
host '%.200s'.",
user, client_user, get_canonical_hostname());
I don't think this
At 05:40 PM 2/10/2001, Konrad Rieck wrote:
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
roberto@spike:~ mysql -ublaah (Note: 'blaah' obviously isn't a valid
username)
You seem to
OpenSSH's client drops all privileges before the user is asked for a
password, so there is really no need to panic and send ads to this list
-- especially since this thread not at all related to SSH-1. However,
if you are afraid of SSH-1 you can simply turn off protocol 1 support
in OpenSSH
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
[snip]
- Quick fix (diff output for crontab.c):
146c146
strcpy(User, pw-pw_name);
---
strncpy(User, pw-pw_name, MAX_UNAME - 1);
Uhm, won't the user running crontab then get another user's crontab,
if the 'stripped'
Considering what overflows the buffer (your username), it would seem that
you'd need root access to begin with in order to craft an exploit. Am I
wrong?
Of course, maybe this could be some exotic new addition to a rootkit.
-Original Message-
From: Bugtraq List [mailto:[EMAIL
I am not certain of the need to send the memo internally.
There is a mail distribution option that allows the user to indicate that
the
recipient is a notes user, thus packaging the email in 'Notes Rich Text'
format. I have successfully sent and accepted meeting invitations this
way, as well as
On Sun, Feb 11, 2001 at 12:40:48AM +0100, Konrad Rieck wrote:
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
roberto@spike:~ mysql -ublaah (Note: 'blaah' obviously isn't a valid
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
The software Tiny Sheet, present in all versions of Palm Pilot,
http://www.iambic.com/pilot/tinysheet3/
To clarify: it's not included with PalmOS; it's 3rd-party software.
has a function called IMPORT file.
Well when this
Hmm, doesn't do anything weird/wrong on my RH6.2 server:
[aabbcc@obelix mark]$ crontab -e
no crontab for aabbaabbaab - using an empty one
crontab: installing new crontab
[aabbcc@obelix mark]$ crontab
crontab:
On Mon, Feb 12, 2001 at 02:34:43PM -0600, Tim Yardley wrote:
This is a nice example of bad code, but not a security issue, I could
show up a 100 of programs that simply don't care for *argv parameters.
You don't gain anything by exploiting such overflows in non-suid programs.
watch what you
I love the notification that you gave to the INN developers about this
problem (namely, absolutely none at all). If you'd mailed us first, I
could have pointed out to you that innfeed does no argument parsing of its
own and just execs innfeed with the passed arguments, which at the least
would
-- With the patch, the lifespan of the server key still does not go
below one minute. As mentioned in CORE SDI's advisory, the number
of server connections necessary to carry out the attack is
normally very large but "the number of connections given is for
the average
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
The software Tiny Sheet, present in all versions of Palm Pilot, has a
function called IMPORT file.
Well when this function is use ALL FILES, including the hidden files
protetex with password, can be imported to a Sheet.
One
Workaround for Unintended JSP Execution When Using Oracle Apache/JServ
Description
A potential security vulnerability has been discovered in Oracle JSP
Releases 1.0.x through 1.0.2 when using Oracle Apache/JServ only. This
vulnerability permits the execution of unintended (or incorrect) JSP
Patch for Potential Vulnerability in the execution of JSPs outside
doc_root
Description of the problem
A potential security vulnerability has been discovered in Oracle JSP
releases 1.0.x through 1.1.1 (in Apache/Jserv). This vulnerability
permits access to and execution of unintended JSP files
Sun, Feb 11, 2001 at 00:38:02, achter05 (Flatline) wrote about "vixie cron possible
local root compromise":
146c146
strcpy(User, pw-pw_name);
---
strncpy(User, pw-pw_name, MAX_UNAME - 1);
Or simply remove the setuid bit on /usr/bin/crontab until a vendor patch
has been
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
roberto@spike:~ mysql -ublaah (Note: 'blaah' obviously isn't a valid
username)
You seem to have a strange configuration of mysql.
43 matches
Mail list logo