In some mail from gregory duchemin, sie said:
hello,
know if the TCP silly window syndrome might be used too ?
Uploading/downloading files byte per byte to/from a remote ftp server with a
stupid window size of one byte may generate a very high overhead.
Silly window sizes aren't so bad.
I confirmed this on Cobalt's, now Sun, Cube III.
Paul Marshall wrote:
At 08:41 05/07/2001, you wrote:
I just got a new Cobalt Cube today and I have been poking around at it
for security issues... I noticed this minor issue in the webmail system.
Your
users are not aloud to have shell
//tstot.c
/
zen-parse presents
tstot.c - remote portbinding exploit for
RedHat 7.0
Netscape 4.77
In some mail from Russ, sie said:
-BEGIN PGP SIGNED MESSAGE-
According to MSDN, NT 3.5/3.51/4.0 and Windows 2000 implement a
minimum MSS of 68 bytes (found under the discussion of PMTU and RFC
791 and 1191), as prescribed by RFC 791.
I think some people are not understanding the
hello
This is the exact same thing APOP does - server sends a string, client
appends password to string, takes MD5 hash and sends back. If your
cracker is what you say it is (I haven't checked) then APOP should be
just as vulnerable.
Greetz, Peter
yep,
looking briefly at the rfc 1939, i found
Jarno Huuskonen wrote:
After that I looked at the tripwire sources and confirmed the problem.
(See e.g. core/archive.cpp, core/unix/unixfsservices.cpp and
tw/textreportviewer.cpp).
If you noticed a few more lines down the file get's removed.
- TSTRING cUnixFSServices::MakeTempFilename(
On Mon, 9 Jul 2001, Jeffrey W. Baker wrote:
Uh huh. So you are saying that, given MD5(password), password may be
recovered by brute force. And this is new/interesting in what way?
The interesting thing is he can (allegedly) do it at 2.5e6 tries/second on
an affordable machine. Being able to
Jarno Huuskonen wrote:
I found out about the problem when I noticed a temporary file
/tmp/twtempa19212 left in /tmp. Out of curiosity I ran the tripwire
binary with strace and noticed that temporary files in /tmp are opened
without the O_EXCL flag.
Here a strace from tripwire 1.2
On Mon, 9 Jul 2001, sebi hegi wrote:
Hi!
After doing a check on my SuSE linux 7.0 x86 i found something interesting:
hegi@faust:~ ls -la /usr/sbin/dip
-rwsr-xr-- 1 root dialout 62056 Jul 29 2000 /usr/sbin/dip
DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
On Tue, Jul 10, Paul Starzetz wrote:
Jarno Huuskonen wrote:
I found out about the problem when I noticed a temporary file
/tmp/twtempa19212 left in /tmp. Out of curiosity I ran the tripwire
binary with strace and noticed that temporary files in /tmp are opened
without the O_EXCL
Darren Reed wrote:
Silly window sizes aren't so bad. If you have a window size of one then
you only ever have one outstanding piece of data sent at a time. So if
I have 16k of data, it might take 32k or more packets, but I can only send
one packet at a time.
With a window size of 1, a
According to Darren Reed:
stupid window size of one byte may generate a very high overhead.
Silly window sizes aren't so bad.
Oh no, they can be very bad and can choke performance measurably.
They are very subtle too because you will not see them if you are
close to the server. Once your
Hi sebi!
On Mon, 09 Jul 2001, sebi hegi wrote:
Hi!
After doing a check on my SuSE linux 7.0 x86 i found something interesting:
hegi@faust:~ ls -la /usr/sbin/dip
-rwsr-xr-- 1 root dialout 62056 Jul 29 2000 /usr/sbin/dip
note the rights
DIP: Dialup IP Protocol Driver version
OpenSSL Security Advisory [10 July 2001]
WEAKNESS OF THE OpenSSL PRNG IN VERSIONS UP TO OpenSSL 0.9.6a
-
CONTENTS:
- Synopsis
- Detailed problem description
- Solution
- Impact
- Source code patch [*]
- Acknowledgement
[*]
I'm running a modest Apache 1.3.19 server on Mandrake 7.2, with a 2.4
kernel. No cgi's or PHP support, though I do have server-info and
server-status enabled for local reference only.
I noticed some hits in the Apache access_log for two files, index.old
and index.older, which were backups of
From: Darren Reed [mailto:[EMAIL PROTECTED]]
In some mail from Russ, sie said:
I think some people are not understanding the difference between the
TCP MSS and IP's MTU. Either that or both you and David LeBlanc are
grasping at straws in order to make WindowsNT look better ;)
I
Kevin ...
I can tell you what's causing it, and how to disable it, but I can't
point you to specific documentation about it.
Kevin wrote:
Looking a bit deeper, I saw googlebot (and later, some ordinary vistors)
using this syntax:
http://handsonhowto.com/?M=A
On Mon, Jul 09, 2001 at 09:47:44PM -0400, Kevin wrote:
http://handsonhowto.com/?M=A
http://handsonhowto.com/?S=D
...and if you try this yourself in Internet Explorer, you'll find that
Apache is ignoring my index.html and is giving you a formatted directory
of the docroot
Since SSL certificates are tamper-evident as the cryptographic signature
is checked against the root certificates of the large CAs (Thawte,
Verisign, Global Trust etc.) this check gives assurance that the
requesting party is connected to the right host - i.e. you are safe from a
man-in-the-middle
The problem (at least in my case) has been resolved, so if you've been
checking my site you can stop now: ;-)
http://handsonhowto.com/?M=A
http://handsonhowto.com/?S=D
I now get the index.html page, as intended.
The fix was to take all the Indexes options out of my httpd.conf;
Georgi Guninski security advisory #48, 2001
FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
Systems affected:
FreeBSD 4.3 and probably earlier versions.
Risk: High
Date: 10 July 2001
Legal Notice:
This Advisory is Copyright (c) 2001 Georgi Guninski.
You may distribute it
FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
This problem was already reported to FreeBSD Security Officer about two
months ago, but it was totally ignored.
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: [EMAIL PROTECTED] ** PGP:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security Advisory July 09, 2001 |
| http://www.engardelinux.org/ ESA-20010709-01 |
|
try using '}' as a username without a password for cayman routers.
login: }
Password:
Terminal shell v1.0
Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub
Running GatorSurf version 5.3.0 (build R1)
(} completed login: user level)
Cayman-DSL{SNIP}
==
Please note that about 5% of the machines out there do not understand an
MTU different than 1500, because some firewalls blocks all ICMP packets
instead of sending back the ICMP packet with the recommended MTU.
I explain further.
You have a client machine A, a router A with MTU 576, another
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: New xloadimage packages available
Advisory ID: RHSA-2001:088-04
Issue date:2001-06-28
Updated on:2001-07-09
Product:
26 matches
Mail list logo
