Re: remote DoS against inetd and ssh

1999-09-10 Thread Jedi/Sector One
e it against any inetd service, inetd will shoutdown that > service for about 30 minutes (i did not checked, but it seems to be about > that time). This kind of DoS can be avoided by using G2S and IPLimit instead of Inetd. Check out http://www.jedi.claranet.fr for these programs. --

Re: Another small metacharacter bug in Penguin Traceroute v1.0

2002-06-18 Thread Jedi/Sector One
On Mon, Jun 17, 2002 at 07:26:33PM +0200, Andreas Beck wrote: > Allowed domain names should be within [a-zA-z-.]* - right? Don't forget digits, please. -- __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ \ '/http://www.PureFTPd.Org/&q

Apache mod_ssl off-by-one vulnerability

2002-06-26 Thread Jedi/Sector One
n 24 20:43:17 2002 @@ -309,7 +309,7 @@ * Extract directive name */ cp = (char *)oline; -for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; ) +for (i = 0; *cp != ' ' && *cp != '\t' &&

Re: Apache mod_ssl off-by-one vulnerability

2002-06-29 Thread Jedi/Sector One
All versions < 2.8.10 are affected. -- __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' / \/ http://www.Jedi.Claranet.Fr/";> Misc. free software \/

Fake Identd - Remote root exploit

2002-07-29 Thread Jedi/Sector One
fakeidentd exploit 3rd revision. * v1.4 http://software.freshmeat.net/projects/fakeidentd/ * v1.2 http://hangout.de/fakeidentd/ * * vuln found by Jedi/Sector One * Other people who worked on the same bug and shared ideas: * Charles "core" Stevenson, Solar Eclipse * * 7/25/02 *

Multiple vulnerabilities in phpRank

2002-10-10 Thread Jedi/Sector One
n verified in the professional version of phpRank. Other vulnerabilities haven't been verified. [ Vendor status ] phpRank author has been notified on September 3rd 2002. Mail bounced. A new mail was sent on 17 Sep 2002. That one was successfully delivered. No answer so

Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function

2003-04-04 Thread Jedi/Sector One
x27;t rely 100% on PHP userland security barriers, this is where tools like NetBSD/OpenBSD's systrace can really add another efficient layer of security. -- __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' / \/ http://www.Jedi.Claranet.Fr/";> Misc. free software \/

Buffer oveflow in FTPFS (linux kernel module)

2001-03-14 Thread Frank DENIS (Jedi/Sector One)
S aka Jedi/Sector One < [EMAIL PROTECTED] > -=- LINAGORA SA (Paris, France) : http://www.linagora.com

Multiple vendors FTP denial of service

2001-03-15 Thread Frank DENIS (Jedi/Sector One)
n) is not vulnerable. Result is "Simplified wildcard expression to *" and the 'ls *' output. Maintainers of vulnerable servers have been warned of this bug. -- -=- Frank DENIS aka Jedi/Sector One < [EMAIL PROTECTED] > -=- LINAGORA SA (Paris, France) : http://www.linagora.com