On Fri, Jul 06, 2001 at 09:32:36PM -, gregory duchemin wrote:
[snip]
the hash creation process is as follow:
==
say user toto has a password titan
then his client generate the string y.ytitan and the
according MD5 hash, say
On Fri, Jun 15, 2001 at 11:27:23AM -0400, Tony Lambiris wrote:
AFAIK its been fixed in -current, and it _will_ be in errata shortly..
in the meantime, there is a hotfix for the code itself, read the mailing
lists.. OR
in /etc/fstab, make /tmp nosuid and noexec, then mount -u /tmp (you did
On Fri, Jun 08, 2001 at 12:37:34AM -0700, Peter Ajamian wrote:
[snip]
computer. A new 1ghz computer could easily crank out 6 char passwords in
mere seconds, 8 char passwords in a few hours, and a 10 char password
probably in a week to a month or better.
crypt() passwords are never more than
On Mon, Apr 23, 2001 at 12:06:21PM +1300, Nick FitzGerald wrote:
The authors of TheBat! suggest above that this problem should not be
their concern because the message should never arrive in such a state
as it is clearly not standards-compliant. The same could be said of
They're wrong.
the
On Wed, Apr 18, 2001 at 10:01:51AM -0400, Bill Sommerfeld wrote:
seteuid(0); a = open("..", O_RDONLY); mkdir("adfa", 555);
chroot("adfa"); fchdir(a); for(cnt = 100; cnt; cnt--)
chdir("..");
chroot(".."); execve("/bin//sh", ..);
For the record, I blocked this way of breaking out of
On Sun, Feb 25, 2001 at 07:26:07PM +0300, Serega[linux] wrote:
Name: inetd DoS exploit
Author: Serega[Linux]
This is a *very* old and widely-known inetd DoS. It comes down making
inetd's ratelimiting kick in. Recent inetd's (like the one that comes
with FreeBSD) also have concurrencylimiting,
On Sat, Feb 10, 2001 at 03:08:11PM +0200, Tatu Ylonen wrote:
On Fri, 9 Feb 2001, Christophe Dupre wrote (on the [EMAIL PROTECTED] list):
I just read Razor's vulnerability advisory, as reported on slashdot.
Any truth to it, or is it another wannabe ?
I suppose you are referring to this one:
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
[snip]
- Quick fix (diff output for crontab.c):
146c146
strcpy(User, pw-pw_name);
---
strncpy(User, pw-pw_name, MAX_UNAME - 1);
Uhm, won't the user running crontab then get another user's crontab,
if the 'stripped'
On Sun, Feb 11, 2001 at 12:40:48AM +0100, Konrad Rieck wrote:
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
roberto@spike:~ mysql -ublaah (Note: 'blaah' obviously isn't a valid
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
The software Tiny Sheet, present in all versions of Palm Pilot, has a
function called IMPORT file.
Well when this function is use ALL FILES, including the hidden files
protetex with password, can be imported to a Sheet.
One
10 matches
Mail list logo
