Martin Schulze [EMAIL PROTECTED] writes:
Please tell me what you gain from this. man does not run setuid root/man
but only setgid man.
Debian man-db is setuid (not setgid) man[1] in the latest stable and unstable
incarnations.
Getting uid man is not immediate death, but bad enough. Bug
Megyer Ur wrote:
/usr/bin/man is a simple binary, without any suid bit, BUT
/usr/lib/man-db/man is suid man, and it's vulnerable to man -l formatstr
attack. So anyone can get man uid by exploiting it.
So we can overwrite the /usr/lib/man-db/man binary with any stuff we
want, and when some
exploit:
a few examples:
1) "HowTo find Administrator Accounts"
+http://shophost.com/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=9+union+select+s
+hlogid+as+mestname,0+from+shopper+where+shshtyp+%3d+'A';
2) "Passwords(crypted)"
Georgi Guninski security advisory #37, 2001
Windows client UDP exhaustion denial of service
Systems affected:
Windows 2000 Prof, Windows 98 probably other Windowses
Risk: Low
Date: 6 February 2001
Legal Notice:
This Advisory is Copyright (c) 2001 Georgi Guninski. You may distribute it
This appears to not be as big a problem as it might have seemed, based
on the original report.
---
From: Jonas Thambert [EMAIL PROTECTED]
I wasnt able to replicate this error on a
fully patched RH 7.0 with BIND 9.1.0.
hi,
the format issue of man seems harmless.
the bug lies inhere
/* XXX */
if (!display (NULL, argv[optind], NULL,
basename(argv[optind]))) {
error (0, errno, argv[optind]);
Vulnerability in AOLserver
Overview
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
Details
AOLServer checks the requested virtual path
On Tue, 6 Feb 2001, Emil Popov wrote:
Any thoughts, fixes, ideas??
The best way is to add 0 to the order_rn before using it. if the
operation passes, the input was an int. If it failed, then it wasnt and
something funky was attempted. This is obviously only going to prevent
munging of
On Tue, 6 Feb 2001 [EMAIL PROTECTED] wrote:
Vulnerability in AOLserver
Overview
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
Details
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated XEmacs packages available for Red Hat Powertools 6.2
Advisory ID: RHSA-2001:011-03
Issue date:2001-02-02
Updated on:
Those look really funny, anyone know the what algorythm is used, i suppose
it's the standard db2 function, but haven't tried that yet.
.. because of the column type this is just a hexadecimal representation ..
you can easily convert it to char ...
3) "Password-Reminders"
Actually these are
Security hole in ChiliSoft ASP for Linux.
Overview:
ASP (Active Server Pages) are a technology initially developed by
Microsoft to tackle the "dynamic content on the web" problem. Chili!Soft
is a company that has released a piece of software called Chili!Soft ASP
that makes ASP
#!/usr/local/bin/perl -w
# getcycle.pl
# (Copyright) Robert A. Lacroix, Feb. 6, 2001; Winnipeg, Canada
# This algorithm efficiently solves problems of the form 2^x = aN + 1,
# using O(log N) storage and O(log N)(log N) time.
# I am reinventing the wheel, or is it "Goodbye, RSA?"
# Input
===
Summary
===
Three issues with the ProFTPD FTP server have been reported to BUGTRAQ in
the past month. These issues have been addressed by the ProFTPD core team.
The following vulnerabilities are addressed in this advisory:
1. "SIZE memory leak"
On Tue, Feb 06, 2001 at 05:00:07PM -0500,
Mark Krenz [EMAIL PROTECTED] rambled:
Affected systems:
I tested and confirmed this problem on a RedHat Linux 6.2 machine
running RedHat SecureWebServer 3.2.1, which is basically Apache 1.3.9
with mod_ssl. I am unable to test this on
More repro reports etc:
From: Stephen Oberther [EMAIL PROTECTED]
Hmmm..it doesn't have the same affect on our machine. i386 with Debian
2.2 running a home compiled BIND-9.1.0 Must be something in the
configuration of the NetBSD package.
16 matches
Mail list logo