,
ping resolution immediately failed again; just like it is supposed to.
As I requested in my previous post, please provide us with detailed
instructions on how to recreate this issue.
t
On 4/19/06 4:43 PM, John Biederstedt [EMAIL PROTECTED] spoketh to
all:
Actually, according to microsoft, the dns
The XP DNS client has other problems as well. It caches DNS failiures
(arguably out of spec with the RFC, BTW), screwing up VPNs if you're VPNed into
an internet network that has local domains which need to resolve to RFC1918
addresses. The cached failed lookups get prefered to forced entries
On 3/29/06, Jeff Rosowski [EMAIL PROTECTED] wrote:
It also doesn't affect all versions of PHP. on 5.0.5, it returns \0
followed by however many Ss you put after it. And your right you wouldn't
trust user imput like that.
___
I get this behaviour
as an
intermediate step.
.02
john
___
NEW Yahoo! Cars - sell your car and browse thousands of new and used cars
online! http://uk.cars.yahoo.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is kind of dumb, just a quick response to some of the stuff I've
been seeing floating around the past few days WRT sudo. I was toying
with the idea of equivalating access to the account to access to root.
Here is a simple hack to break sudo and
to be incorporated into the qmail-smtpd-auth patch
as soon as possible. the author of the patch seems to have not touched it
since may 2002.
--
---
| John Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/[EMAIL PROTECTED
I have verified this in Mozilla 1.0.1 (Gecko/20020826) on Windows XP Prof.
SP1. The browser stops responding, but can be closed without brute force.
-John
Hi, I'm new here so I don't know if I posted this in the correct
list...
I've found out that some simple CSS-code can crash Netscape 6
be prevented through user education
and methodical, secure, application development.
Regards,
John
-dataend();
$smtp-quit();
...No command execution at all, and no need to have the issue-prone
sendmail binary even installed on the system.
John
--
# John Madden [EMAIL PROTECTED]
# MailandFiles.com: Your mail, your files: http://www.mailandfiles.com
# FreeLists: Free mailing lists for all: http
to lead the way? I
can see it now: WARNING: By using Open Source code anyone can modify
the source, replace your binaries, and completely root your system!
John Howie CISSP MCSE
President, Security Toolkit LLC
to
lock/unlock the hard drive.
Regards,
John Howie CISSP MCSE
President, Security Toolkit LLC
+---+
| Advisory: lawson001 |
|Author(s): John Eisenschmidt [EMAIL PROTECTED] |
| George Lewis [EMAIL PROTECTED
I was able to duplicate this on 4 different Netscreen-100's with Software
Version 3.0.1r2.0
John
-Original Message-
From: Erik Parker [mailto:erik.parker;digitaldefense.net]
Sent: Friday, November 01, 2002 1:31 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Netscreen SSH1 CRC32
John C. Hennessy
Information security analyst
They that give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety. -- Benjamin Franklin, 1759
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple issues with windows XP. By John C. Hennessy [EMAIL
-pre11 two days ago).
cheers
john
Cerulean Studios on when a fix will be available. They were alerted
to this
problem on july 28th.
John C. Hennessy
Information security analyst
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
iQA
though stored procedures and embedded database
security.
Thoughts?
Thanks,
John
Unless the Voices are Mistaken, Stefan Hoelzner ([EMAIL PROTECTED]) Wrote:
SAP R/3 default password vulnerability
Summary
===
SAP R/3 ships with four default user accounts that are protected
the most recent version of postfix understand mime so in
older versions (pre 20020525) nested mime won't be blocked by this.
John
John Pettitt Email: [EMAIL PROTECTED]
Do what you feel in your heart to be right for you'll be criticized anyway
I agree with this. However, in the Snosoft case the facts has been smeared by
all the different stories going around. I will not get into it in detail but
we have been working with HP on this for 4+ months, bending over backwards
for them to keep everything out of the eyes of the public.
.
John Howie
-Original Message-
From: Riad S. Wahby [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 31, 2002 12:19 PM
To: [EMAIL PROTECTED]
Subject: Re: It takes two to tango
Chris Paget [EMAIL PROTECTED] wrote:
Does V still have the right to sue R?
Let's put this a different way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Problem:
Trillian's irc modules suffers from a buffer overflow. This allows an attacker to
execute code of their choice. I have attempted to contact the trillian developers
about this issue with no success.
John C. Hennessy
Information
from the Domain Users group.
That way, the only thing that that user would have access to would be
where Everyone or Authenticated Users have permission, which if we take
permissions on our servers correctly, that will be restricted.
Just a thought.
John Tolmachoff
IT Manager, Network Engineer
Just noticed this linked from freshmeat, didn't see it here yet. Sounds
bad.
http://www.debian.org/security/2002/dsa-134
--JW
a self-signed certificate is no less secure than one
issued by a CA whose Root CA certificate is included with your OS or
browser, it is just that it is not backed by a policy or insurance. And
it is cheaper.
John
-Original Message-
From: Pidgorny, Slav [mailto:[EMAIL PROTECTED]]
Sent
leaving a
dogs breakfast of an operating system when it boots, since qchain has not
had a chance to run. So you have to do them manually, declining reboots as
you go.
With this method, I don't need a network connection to upgrade anything. I
simply reboot after the DOS box closes.
-
John Airey
to help fix the issues?
Thanks,
John
--
# John Madden [EMAIL PROTECTED] ICQ: 2EB9EA
# FreeLists, Free mailing lists for all: http://www.freelists.org
# UNIX Systems Engineer, Ivy Tech State College: http://www.ivytech.edu
# Linux, Apache, Perl and C: All the best things in life are free!
Interrorem security announcement
Interrorem - protecting business
Software vulnerable: Snapstream PVS
Vendor website: http://www.snapstream.com
Workaround: Stop the snapstream server
Software synopsis:
Snapstream PVS is a Personal Video System for Windows Systems. It allows users to
schedule
web and mail
servers behind a Sonicwall on an AIX box. When we nmap scanned
the external interface of the Sonicwall, it showed up as an
AIX box.
-john
At 05:17 PM 7/25/2001 -0600, Dan Ferris wrote:
This may not seem bad, but to me it seems that this defeats the point of NAT
if somebody can steal
, allocating developers, build
personnel, and QA the fix before even they know when a fix will be out.
Sheesh.
John Schultz
[EMAIL PROTECTED]
--
The events which transpired five thousand years ago;
Five years ago or five minutes ago, have determined
what will happen five minutes from now; five years
From now or five thousand years from now.
All history is a current event.
- Dr John Henrik Clake -
. If the
connection and receiver's address could be spoofed, bursts of 1-byte
segments from the sender can be sent to an innocent victim as part of a
tinygram DoS attack.
John
, are:
http://wwp.icq.com/scripts/search.dll?to=42892594
aim:goim?screenname=jhpercivalmessage=Hi.+Are+you+there?
telnet:[EMAIL PROTECTED]
Anyway, a few more things to discuss and chew over there!
Regards,
John Percival
Product Manager, vBulletin
http://www.vbulletin.com/
mailto:[EMAIL PROTECTED
positive.
John Percival
Product Manager, vBulletin
http://www.vbulletin.com/
mailto:[EMAIL PROTECTED]
vBulletin: Community Instantly
Copyright 2001 Jelsoft Enterprises Ltd
Version: Unistalling the patch seems to have brought things back to
normal.
Does anyone know if a third version is in the works or if I should keep
trying to make the second version work on my machines?
jbh
John Hanks
Dept. of Biology
Utah State University
-Original Message-
From: Paul L
I just tested the previously posted vulnerability on a
Solaris 8 box with the April 3rd cluster patches and it
does produce a core file in the / directory.
John
___
Visit http://www.visto.com/info, your free web-based
any internet routable network.
Regards,
- John
--
John McInnes - Email: [EMAIL PROTECTED], Phone: +61 410 422 107
http://www.dissension.net/~john/
--
It will be advantag
that the community has to offer.
John
versions prior to Icecast 1.3.9 and
Libshout 1.0.4 are vulnerable.
Matt Messier ([EMAIL PROTECTED])
John Viega ([EMAIL PROTECTED])
PGP signature
r this to be a fault no matter how the
host is configured - see RFC 1122 comments below).
What about a virtual IP bound to the loopback interface, or a dummy
interface? This is precisely what many load balancing and high
availability failover clusters do, as previously mentioned.
--
John Cronin
There have been various issues related to security
brought to the attention of Chili!Soft.
While we are working as quickly as possible to
address the more detailed issues, we
would like to provide as much information as possible
on the current status to help
remove as much exposure as
receive replies bigger than 512 bytes, can't set
the aa flag on NS records, and refuses to resolve any host with IPv6
information in it's dns reply.
John Edwards
xed. No other format string
vulnerabilites were found.
More information, including patches, can be found at
http://bugs.proftpd.net/show_bug.cgi?id=430
--
John Morrissey _o/\ __o
[EMAIL PROTECTED]_- \_ / \ \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__
On my Debian 2.2 system 'man' was installed
suid root. I don't know about Debian 2.3 but,
Debian 2.2 does install 'man' suid root.
Robert van der Meulen wrote:
Hi,
Quoting StyX ([EMAIL PROTECTED]):
styx@SuxOS-devel:~$ man -l %n%n%n%n
man: Segmentation fault
styx@SuxOS-devel:~$
This
e GPG team if they have not implemented a
similar feature, but smells like FUD to me.
John Wiltshire
[root@vaio /root]#
John
We are still investigating, but there seems to be a major security problem
in at least some versions of reiserfs. Since reiserfs is shipped with
newer versions of SuSE Linux and the problem is too easy to reproduce and
VERY dangerous I think alerting pe
On Thu, 4 Jan 2001 20:32:01 -0800, Dan Harkless [EMAIL PROTECTED]
said:
Dan Guido Bakker [EMAIL PROTECTED] writes:
1.2.1 - reverse ident scanning
This technique involves issuing a response to the ident/auth
daemon, usually port 113 to query the service for the owner of
. The rev's are the same as
yours (G.08.x)
so it should work for you. I think the other isssue is why are printers running
all these services?
-John
# nmap -sT -PT 10.95.3.38
Starting nmap V. 2.30BETA20 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
Interesting ports on (10.95.3.38):
(The 1511 ports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sword Shield Enterprise Security, Inc. - Security Advisory
www.sses.net, Copyright (c) 2000
Advisory: TalentSoft Web+ Input Validation Bug Vulnerability
Release Date: April 12, 2000
Application:webpsvr
Severity: A remote user can
ot; after number
4) GET http://advice.networkice.com/advice/Intrusions/number/
5) page is sent.
Can you tell me which version you're running?
John Lampe
--
From: Brett Glass[SMTP:[EMAIL PROTECTED]]
Reply To: Brett Glass
Sent: Friday, February 25, 2000 8:17 PM
To: [EMAIL
I just put up a new version of ITS4. It's got a modified license
file, so it should now match RST's intentions toward the software (it
was previously too restrictive). There are some other changes that
were largely contributed, including support for VC++.
Here's the changelog from 1.0-1.0.1:
-
t up a mailing list for people who are interested in helping
out in any capacity. Hopefully we can get a good discussion going
that will improve the vulnerability database, and make ITS4 a far more
useful tool. The mailing list signup is available at:
http://www.list.org/mailman/
tilization to do so. Ingress filtering is really
just another routing decision, something that these kinds of boxes are
made to do all day, every day.
John Edwards
ing problems, Microsoft should consider
issuing a single, all inclusive, security patch. Each time a new fix comes
available, update it.
John
es and other vital system data, and seems to be extermely
dangerous. To make things even worse, some devices seems to tell that
write permission for given community is disabled, but you can still
successfully write to it - and other devices won't let you to set up snmp
access at all (eg. some modems
own
source filtering.
Even on the remaining 4700 access routers CPU hasn't been a problem
--
John Payne http://www.sackheads.org/jpayne/[EMAIL PROTECTED]
http://www.sackheads.org/uce/Fax: +44 870 0547954
Euro-folk register in the spam-fight - http://www.euro.cauce.org/
FireWall-1 FTP Server Vulnerability
Background Paper #1, data protect AG
John McDonald [EMAIL PROTECTED]
Thomas Lopatic [EMAIL PROTECTED]
References
--
Please reference the recent vuln-dev posting by Mikael Olsson entitled,
"Breaking through FTP ALGs -- is it possible?" A
Here is a patch for FreeBSD
--- tcp_input.c.origTue Apr 20 15:09:15 1999
+++ tcp_input.c Fri Jan 21 21:53:00 2000
@@ -398,12 +398,36 @@
"Connection attempt to TCP %s:%d from
%s:%d\n",
buf, ntohs(ti-ti_dport),
inet_ntoa(ti-ti_src),
Summary: Many people snmpwalking your border routers lately? SNMPc from
CastleRock Computing may be to blame; they responded promptly and
responsibly to my complaint - jc
John Sancho wrote:
I apologize for the inconvenience caused by our discovery mechanism. We are
currently in the process
, then install the tcpdump that comes
bundled with RH 6.0, or modify your scripts so that they can handle this
modification.
-- Renaud
(apologies if this was already known)
--
Renaud Deraison
The Nessus Project
http://www.nessus.org
--
John Comeau - Chief
. of last week. Trend
Micro patches can be found at
http://www.antivirus.com/download/patches/default.htm . RFC 2045 can be
found at http://www.ietf.org/rfc/rfc2045.txt
John Lampe
__
Get Your Private, Free Email at http://www.hotmail.com
der Mouse [EMAIL PROTECTED] wrote:
[symlink-paranoia code]
However, consider an average setuid root application, [...]. When
the application reaches the critical section of code between the
lstat and the open, you stop it by sending it a SIGSTOP.
If you can send it a SIGSTOP, either
that doesn't
have permission to execute the wrapper.
--John
-code used
to scan for OS9 Macintoshes, and the C-code to excite them into attack
mode.
John Copeland (please send email to 2 addresses, [EMAIL PROTECTED] and
[EMAIL PROTECTED]).
Voice Mail: 404 894-5177
=
The "Mac Dos Attack," a Scheme for Blocking Internet Connections
) We were unaware of the previous work, and Netscape didn't say "hey,
someone did this before" when we notified them. In fact, they
definitely reacted as if they knew the problem was there, but hoped no
one would ever bother to exploit it.
John
On Thu, Dec 16, 1999 at 09:07:32AM +0700, Van
On Fri, 12 Nov 1999, Matthew Kirkwood wrote:
On Thu, 11 Nov 1999, John D. Hardin wrote:
{massive snippage}
ftp://.../bind-8.2.2_P3-0.4.2.i386.rpm
-^^
There was mention on Bugtraq that patch 3 broke zone transfers and
that patch 4 should be used instead
On Wed, Sep 01, 1999 at 09:08:55PM +0400, Seva Gluschenko wrote:
man sendmail:
/-C
...skipping...
-Cfile Use alternate configuration file. Sendmail refuses to run
as root if an alternate configuration file is specified.
and it does, for sure %-).
Just tested this on
On Wed, 8 Sep 1999, Dylan Griffiths wrote:
John N Dvorak wrote:
Sven,
I have verified the following platforms:
BSDI 2.1
BSDI 3.1
BSDI 4.0
BSDI 4.0.1
Cobalt Linux (MIPS) - RedHat based
All vulnerable.
I am testing on other Linux platforms, but I presume all BSD and
Linux-based
write(p[1], crap, BUFFERSIZE);
}
exit(0);
}
- End forwarded message -
===
John N Dvorak | [EMAIL PROTECTED]
Director of Technology
CapuNet, LLC - Corporate Internet Solutions
(301) 881-4900 x8018
===
-- then you can load both
your own crypto code and all the standard MS stuff.
John
r Internet
http://www.ti.cz/ -- [EMAIL PROTECTED]
Everything I know in life I learnt from .sigs.
Regards:
John Horn
City of Tucson, IT Dept.
[EMAIL PROTECTED]
"patched versions" and "could be problematic"?
Andy.
--
John Hall Hostmaster, Postmaster, Network Manager
Internet Entertainment Group
I had contacted the person who posted this information. It
seems that AOL has contacted him and he refuses to talk
about this if you ask about it.
Does anyone have any information on how to make your own
programmable buttons for aol?
granny
About a year ago, I found out that by sending the
101 - 172 of 172 matches
Mail list logo