Hi,
this seems to be a new issue aside the known timing attack from Feb. 19th.
Anybody to confirm this?
Regards,
Leppo
-- Weitergeleitete Nachricht --
Subject: [ADVISORY] Timing Attack on OpenSSL
Date: Montag, 17. März 2003 09:47
From: Ben Laurie [EMAIL PROTECTED]
To: Bugtraq
Alan Cox apparently just made public a vulnerability in the stock
kernel which would permit a local user to gain root privileges (see e.g.
Linux Today, LWN, the LK mailing list...). Is a patched source package in
the making already or should we humble users, in the meantime, take the
Le mar 18/03/2003 à 13:04, Giacomo Mulas a écrit :
On Tue, 18 Mar 2003, Giacomo Mulas wrote:
Alan Cox apparently just made public a vulnerability in the stock
kernel which would permit a local user to gain root privileges (see e.g.
Linux Today, LWN, the LK mailing list...). Is a
His announcement is Slashdotted, and I'm seeing no notice of which versions
are affected! I'm running 2.4.18 on all my Debian servers, please tell me
what's going on.
--On Tuesday, March 18, 2003 12:04 PM +0100 Giacomo Mulas
[EMAIL PROTECTED] wrote:
Alan Cox apparently just made
On Tue, 2003-03-18 at 21:40, Jason Rashaad Jackson wrote:
His announcement is Slashdotted, and I'm seeing no notice of which versions
are affected! I'm running 2.4.18 on all my Debian servers, please tell me
what's going on.
Here's a cut and paste from Lwn.net :)
Ptrace
I have not seen any mention of this on this list. Is the current version
(0.9.6c-2.woody.2) vulnerable to this current RSA issue?
Tuesday, March 18 2003
-- | When a religion is good, I conceive
Timm Gleason| it will support itself; and when it
You could try this link
http://www.uwsg.iu.edu/hypermail/linux/kernel/0303.2/0226.html but I am not
sure if it meets your criteria of authoritive.
From: Phillip Hofmeister [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: ptrace vulnerability?
Date: Tue, 18 Mar 2003 17:09:10 -0500
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.462 / Virus Database: 261 - Release Date: 3/13/2003
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Correct me if I am wrong but is the ptrace vulnerability not a fairly old
one. By old I mean like a couple of years. Or is this a completely
different ptrace vulnerability. I know there was info about a ptrace
vulnerability at http://packetstormsecurity.com including the working
exploit
Hi
A friend just asked me this question and I got curious. say I'm equipped with a linux
laptop and some knowledge, I can walk into a company that uses NIS, find out the
settings (NISDOMAIN, free ip address, etc...) and join their domain. now I can login
as root on my computer, su to any user
On Tuesday 18 March 2003 04:13 pm, Haim Ashkenazi wrote:
Hi
Hello,
A friend just asked me this question and I got curious. say I'm equipped
with a linux laptop and some knowledge, I can walk into a company that uses
NIS, find out the settings (NISDOMAIN, free ip address, etc...) and join
Quoting Haim Ashkenazi ([EMAIL PROTECTED]):
A friend just asked me this question and I got curious. say I'm
equipped with a linux laptop and some knowledge, I can walk into a
company that uses NIS, find out the settings (NISDOMAIN, free ip
address, etc...) and join their domain. now I can
yes
NIS+ is a bit better, but basically its in-adequate security wise. It should
not be considered for a new system/network IMHO.
regards
Steven
-Original Message-
From: Haim Ashkenazi [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 19 March 2003 12:30
To: Debian Security
Subject: OT: Is
New one.
The attached module seems to block the currently circulating exploit, I didn't
write it so don't email me if it breaks your system.
On Tuesday 18 March 2003 17:39, Steve Meyer wrote:
Correct me if I am wrong but is the ptrace vulnerability not a fairly old
one. By old I mean like a
Does anyone know the ETA of the official patch?
_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Hi,
this seems to be a new issue aside the known timing attack from Feb. 19th.
Anybody to confirm this?
Regards,
Leppo
-- Weitergeleitete Nachricht --
Subject: [ADVISORY] Timing Attack on OpenSSL
Date: Montag, 17. März 2003 09:47
From: Ben Laurie [EMAIL PROTECTED]
To: Bugtraq
Alan Cox apparently just made public a vulnerability in the stock
kernel which would permit a local user to gain root privileges (see e.g.
Linux Today, LWN, the LK mailing list...). Is a patched source package in
the making already or should we humble users, in the meantime, take the
On Tue, 18 Mar 2003, Giacomo Mulas wrote:
Alan Cox apparently just made public a vulnerability in the stock
kernel which would permit a local user to gain root privileges (see e.g.
Linux Today, LWN, the LK mailing list...). Is a patched source package in
the making already or should we
Le mar 18/03/2003 à 13:04, Giacomo Mulas a écrit :
On Tue, 18 Mar 2003, Giacomo Mulas wrote:
Alan Cox apparently just made public a vulnerability in the stock
kernel which would permit a local user to gain root privileges (see e.g.
Linux Today, LWN, the LK mailing list...). Is a
check out flowscan
http://www.caida.org/tools/utilities/flowscan/
it gets close to what you want, assuming all the traffic is
passing through a cisco router.
Something like this for Linux would bei really cool !
Nik
His announcement is Slashdotted, and I'm seeing no notice of which versions
are affected! I'm running 2.4.18 on all my Debian servers, please tell me
what's going on.
--On Tuesday, March 18, 2003 12:04 PM +0100 Giacomo Mulas
[EMAIL PROTECTED] wrote:
Alan Cox apparently just made
Tuesday, March 18, 2003, 3:40:40 PM, Jason Rashaad Jackson (Jason) wrote:
Jason His announcement is Slashdotted, and I'm seeing no notice of which
versions
Jason are affected! I'm running 2.4.18 on all my Debian servers, please tell
me
Jason what's going on.
On Tue, 2003-03-18 at 21:40, Jason Rashaad Jackson wrote:
His announcement is Slashdotted, and I'm seeing no notice of which versions
are affected! I'm running 2.4.18 on all my Debian servers, please tell me
what's going on.
Here's a cut and paste from Lwn.net :)
Ptrace
On Tue, 2003-03-18 at 16:04, debian-security wrote:
check out flowscan
http://www.caida.org/tools/utilities/flowscan/
it gets close to what you want, assuming all the traffic is
passing through a cisco router.
A better choice (IMHO) would be flow-tools at
I usually make it a habit of only applying patches that come from
seemingly authoritive sites. Could anyone make a reference to an
authoritive site that would contain this patch? I have been snooping
around kernel.org with no success...
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
I have not seen any mention of this on this list. Is the current version
(0.9.6c-2.woody.2) vulnerable to this current RSA issue?
Tuesday, March 18 2003
-- | When a religion is good, I conceive
Timm Gleason| it will support itself; and when it
You could try this link
http://www.uwsg.iu.edu/hypermail/linux/kernel/0303.2/0226.html but I am not
sure if it meets your criteria of authoritive.
From: Phillip Hofmeister [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Subject: Re: ptrace vulnerability?
Date: Tue, 18 Mar 2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.462 / Virus Database: 261 - Release Date: 3/13/2003
Correct me if I am wrong but is the ptrace vulnerability not a fairly old
one. By old I mean like a couple of years. Or is this a completely
different ptrace vulnerability. I know there was info about a ptrace
vulnerability at http://packetstormsecurity.com including the working
exploit
Quoting Haim Ashkenazi ([EMAIL PROTECTED]):
A friend just asked me this question and I got curious. say I'm
equipped with a linux laptop and some knowledge, I can walk into a
company that uses NIS, find out the settings (NISDOMAIN, free ip
address, etc...) and join their domain. now I can
New one.
The attached module seems to block the currently circulating exploit, I didn't
write it so don't email me if it breaks your system.
On Tuesday 18 March 2003 17:39, Steve Meyer wrote:
Correct me if I am wrong but is the ptrace vulnerability not a fairly old
one. By old I mean like a
31 matches
Mail list logo