On Mon, 15 Jan 2001, Hank Leininger wrote:
Hm. Joey's advisory listed a number of @trendmicro.com addresses he had
sent notifications to. He did not mention that the most obviously
appropriate of those had bounced :(
Hank Leininger [EMAIL PROTECTED]
Hey Hank, (...and other folks)
The
Title: RE: Veritas BackupExec (remote DoS)
Doesn't the agent only work on backup exec enterprise editions? That's what I'm using it with. If you tell them you are using the enterprise edition, maybe you can get a different response? Tell them you are evaluating it if need be.
I have
"Shaun O'Callaghan" [EMAIL PROTECTED] writes:
This is performed to the many Yahoo! servers by a
plain get request on the standard ports than YIM
uses. As far as I am aware, this is affecting all
clients on all operating systems. YIM passwords also
are used for mail, calenders, bill
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:04 Security Advisory
FreeBSD, Inc.
Topic: joe creates
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:03Security Advisory
FreeBSD, Inc.
Topic: bash1
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:05 Security Advisory
FreeBSD, Inc.
Topic: stunnel
Vulnerabilities in OmniHTTPd default installation
Overview
Two vulnerabilities exist within the 'statsconfig.pl' script that
comes with OmniHTTPd v2.07 and is installed by default. The first
allows a remote attacker to corrupt any file in the system. The second
allows arbitrary code to
Hello.
I have noticed that the buffer overflow discovered by Michal Zalewski
and covered extensively by the different unix distributions is still
present in netscape 4.76 even though they claim it is not.
Refer to these links for background information:
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:02 Security Advisory
FreeBSD, Inc.
Topic: syslog-ng
Dan Harkless writes:
Theo de Raadt just informed me via email that OpenBSD fixed their identd to
only report SS_CONNECTOUT sockets in 1996.
The MTA and the FTP server and many other daemons will make outgoing TCP
connections upon request. This bogus ``fix'' does not achieve the stated
goal of
This is a valid method, and known, to slow down a link between two hosts.
In my paper "ICMP Usage In Scanning" (currently version 2.5) Appendix B:
ICMP "Fragmentation Needed but the Don't Fragment Bit was set" and the Path
MTU Discovery Process (Page 132), I have outlined what should be done
On 12/Jan/2001, Zeev Suraski wrote:
[2] PHP supports the ability to be installed, and yet disabled, by setting
the configuration option 'engine = off'. Due to a bug in the Apache module
version of PHP, if one or more virtual hosts within a single Apache server
were configured with
On Monday 15 January 2001 07:15, antirez wrote:
SOLUTION
There isn't a clear solution.
PMTU Discovery can be disabled under linux,
echo 1 /proc/sys/net/ipv4/ip_no_pmtu_disc
On Mon, Jan 15, 2001 at 10:09:00PM -0800, Ofir Arkin wrote:
This is a valid method, and known, to slow down a link between two hosts.
Ok, I guess that someone tryed it first. As I stated it's trivial
since other ICMP types was already abused.
In my paper "ICMP Usage In Scanning" (currently
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:01 Security Advisory
FreeBSD, Inc.
Topic: Hostile
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:06 Security Advisory
FreeBSD, Inc.
Topic: zope
Hello everybody,
Crash was reproduced here also with Communicator for Linux ver 4.76.
Netscape 4.7 on Win95 did not crash. IE on WinME was not affected.
But some good news to users of non-MS platforms:
Mozilla as built from CVS today DID NOT crash on FreeBSD 5.0-CURRENT with
either page no
Frank v Waveren [EMAIL PROTECTED] wrote:
No dice, apart from a slight rendering bug if you go to the end of the
password field, it doesn't appear to have any problems here.
[/home/fvw] netscape -v
Netscape Lite 4.76/U.S., 06-Oct-00; (c) 1995-2000 Netscape Communications Corp.
[/home/fvw]
On Tue, Jan 16, 2001 at 12:19:43AM -0500, fish stiqz wrote:
All of the above advisories (and all that I've seen) state that netscape
versions up to and including 4.75 are vulnerable, not 4.76. I have
caused netscape 4.76 on both redhat 6.2 and slackware-current to segfault.
Below is the
Hello,
I am using Backup system from Veritas Software
(http://www.veritas.com/)
and its Linux agent. That agent is listening TCP-socket (8192 in my
system) and if someone makes connection to that socket, but
do not send
anything to it, the agent hangs forever, even if you close that
On 12/Jan/2001, Zeev Suraski wrote:
[2] PHP supports the ability to be installed, and yet disabled,
by setting
the configuration option 'engine = off'. Due to a bug in the
Apache module
version of PHP, if one or more virtual hosts within a single
Apache server
were configured with
It's recently come to our attention that some repackagers of INN have
mistakenly shipped INN packages configured to use the system temporary
directory (either /tmp or /var/tmp) for create temporary files. INN
expects its configured temporary directory to only be writeable by the
news user and
"Michael S. Fischer" wrote:
The third statement of this paragraph is untrue -- Almost every transaction
at Yahoo! involving money uses the Yahoo! wallet system, which uses a
separate password from the one used by YIM and the other "standard"
(non-financial) services.
You're assuming
Hello all,
There is a bug in SSH-1.2.30 involving Secure RPC. The patch for this is available at
http://www.ssh.com/patches.html.
The explanation and bug was submitted by Richard Silverman ([EMAIL PROTECTED]), and his
explanation of the bug is below. The SSH1 protocol is not formally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:temp file problems in inn
Advisory number:CSSA-2001-001.0
Issue date:
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: glibc local write access vulnerability
Advisory ID: RHSA-2001:002-03
Issue date:2001-01-15
Updated on:2001-01-16
Product:
26 matches
Mail list logo