This issue, as reported to us by Aditya, is being tracked at
http://code.google.com/p/chromium/issues/detail?id=2877. We would like to note
that we discovered the outlined behavior several weeks ago internally, and
publicly reported it to Webkit: https://bugs.webkit.org/show_bug.cgi?id=20661
Wh
>To add insult to injury: a week or two ago I attempted to
>contact him (also with no luck) about a nasty bug, when
>using Sophos (and likely other anti virus software) AMaViS
>was not picking up on the updates, that is the updated IDE
>files in /opt/ide, and defined as SAV_IDE=/opt/ide were
>not
ffing machine during invalid flood
> This sounds unreliable, but I'll wait to see it in action
Indeed; in the Computer Security class Dave Wagner and I taught at Berkeley
in Fall '98, a couple of groups did just this. For a quite good paper
describing the results, see
http://www.cs.berkeley.edu/~daw/classes/cs261/projects/final-reports/fredwong-davidwu.ps
- Ian
ich includes amanda 2.3.0
> and 2.4.1 as "additional packages" on the install CD and tar-1.11.2.
>
>
> EXPLOIT:
>
(snip)
If your amanda is properly installed, then it is as a user amanda, bin, or
operator, none of which should be accessible from a regular user. If this
account is compromised, then security is irrelevant because amanda need to
be able to read the raw disk files (to do backups) and thus would be able
to get /etc/shadow (or the local equivalent) without much work.
Ian Turner
ew.com -
You could create a more complicated exploit using ptty's. Basically su
checks if standard input is a tty because they don't want you using 'su'
in shell scripts. But you can still do it, it's just not as easy.
I'd contribute example code but I just
com/advisories/showcode.txt)
//Ian Vitek
[EMAIL PROTECTED]
---
Infosec is a Swedish based tigerteam that have worked with computer-related
security since 1982 and done penetration tests and technical revisions since
1996. Infosec is now searching for co-workers. Call Blume
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Can be so easy to DoS cryptographic software?
Yes. If you don't trust your users to not deplete the entropy, then don't
give them permission to read it.
Ian Turner
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.1 (GNU/Linux)
Comm
sted their new products, Axis StorPoint CD E100 and StorPoint NAS
100, and this vulnerability was not been found.
Recognition
---
Infosec would like to thank Peter Berggren and Johan Diedrichs at Axis for their
involvement with testing and supplying patch information.
//Ian Vitek
[EMAIL
ing into
> conflict with the quota system.
Which is why effective quota security should enable inode limits as well
as byte limits. If I can take up all the useable clusters with 0-byte
files, that is just as bad as being able to take up the useable space with
1-k files.
Ian Turner
-BEGIN PGP
ation
instructions, improvements, etc, for userv-utils would be very
welcome.
For more information, including the on-line specification and the
distribution files, visit
http://www.chiark.greenend.org.uk/~ian/userv/
userv is also available via the GNU FTP site and its mirrors.
1.0.0 will be available
traightforward to come up with a virus or trojan that had the magic of a
PDF file: Just have a JMP instruction at the beginning to skip over the
magic.
No, everything should be scanned, no matter what. Unfortunately there are
performance issues associated with this strategy.
Ian Turner
-BEGIN PG
!!
Regards,
Ian
Daniel Doèekal wrote:
>
> That's hardly overflow in FP, VHTTPD32 does not seem to be part of WindowsNT
> and more hardly of Frontpage (could be some old version of course), what
> operating system are you using?
>
> This seems to be overflow in HTTP (Web Serv
its
-
Greg Höglund, as always when it comes to NT buffer overflows.
Barnaby Jack, for another great paper on the subject.
David Litchfield, for yet another great paper.
Obecian & Qwerty of Subterrain and Caezar of the Ghettohackers.
-------
tions at all.
Take care
Ian
--- gzip.spec.orig Mon Mar 19 18:18:14 2001
+++ gzip.spec Mon Mar 19 18:37:55 2001
@@ -32,14 +32,37 @@
make gzip.info
%clean
+echo "
+As another user, type
+rm -rf $RPM_BUILD_ROOT
+and press enter"
+read WAIT
rm -rf $RPM_BUILD_ROOT
%install
on:
http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
TODO
- -
* Graphical interface (Planned Q4 2002)
* Basic Authentication (Planned Q3 2001)
- -
Ian Vitek, mailto:[EMAIL PROTECTED]
- -
iXsecur
On Friday 06 July 2001 23:24, Jair Pedro wrote:
> After reading the article, I went to oracle to download the patch and was
> very surprised that in order do download the patch I would have to Pay!!!
> To access the restrict area where I could get the patches I would have to
> had a contract with
ur
desktop, use Windows' Ctrl+Alt+Del function instead.
Ian
- Original Message -
From: "Brian Carpenter" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 13, 2002 5:33 AM
Subject: Password Hole Found In Webshots
> I have descovered a hol
if (zcontext) {
ZEND_FETCH_RESOURCE(context, php_stream_context*,
&zcontext, -1, "stream-context", le_stream_context);
}
There is almost certainly a better place to check this; I'm not that
familiar with the code. And, of course, there are probably at least a
hundred other points in the code where a patch like this needs to be
applied.
Ian Clelland
<[EMAIL PROTECTED]>
mplete.com/blog/geekery/pam_captcha_research.html
- ian
On 7/14/2010 10:04 PM, Jordan Sissel wrote:
> On Tue, Jul 6, 2010 at 11:04 AM, Ian Maguire wrote:
>
>> pam_captcha is visual text-based CAPTCHA challenge module for PAM that uses
>> figlet to generate the CAPTCHAs.
>>
>> Project site:
>> http://www.semicomple
There is no such thing as "Tomcat 4.1". Tomcat is at version
4.0.3. The next version is 4.0.4.
If you mean 4.0.1, did you check whether this is one of
the security fixes that brings 4.0.1 up to 4.0.3 before you
posted? It is, you know:
HTTP/1.1 404 />/index.jsp
Date: Fri, 19 Apr 2002 21:36:23 G
This isnt a security issue its a privacy issue.
-Original Message-
From: Thor (Hammer of God) [mailto:t...@hammerofgod.com]
Sent: 03 December 2009 22:27
To: bugtraq@securityfocus.com
Subject: RE: Millions of PDF invisibly embedded with your internal disk
paths
(Fixing rejected post)
Me
aris, Opera 7.20
(hmm better upgrade that) has no problems.
On the other hand, the "links" browser has memory problems dealing with
this. (Windows and UNIX)
Ian.
--
Code Monkey get up, get coffee
Code Monkey go to job
Code Monkey have boring meeting
Hi,
Just wanted to say thanks to James and Gulftech for the manner in which
they worked with the Zen Cart developers in identifying and fixing this
Exploit.
Ian C Wilson
Zen Cart Development Team
GulfTech Security Research wrote
s and
services
. Gain access to computer security decision-m
For more information, visit www.first.org/conference/2007/sponsors
We look forward to receiving your submissions.
Regards,
Ian Cook
Arjen De Landgraaf
- --
- -
Ian C Cook
Security
On May 16, 2007, at 10:42 AM, [EMAIL PROTECTED] wrote:
I too appear to be having difficulty relating this to a vulnerability.
Fair enough...
It works for:
the same user using ssh as is on the console;
If someone can remotely log in as you over ssh then they already
have your
password (o
26 matches
Mail list logo