Security Update: [CSSA-2001-018.1] OpenLinux: samba /tmp problems

2001-06-27 Thread Support Info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ Caldera International, Inc. Security Advisory Subject:Linux - samba /tmp problems Advisory number:CSSA-2001-018.1 Issue date:

samba update -- Immunix OS 6.2, 7.0-beta, 7.0

2001-06-27 Thread Immunix Security Team
--- Immunix OS Security Advisory Packages updated: samba, samba-client, samba-common Affected products: Immunix OS 6.2, 7.0-beta, and 7.0 Bugs fixed: immunix/1649 Date: Tue Jun 26

Security Update: [CSSA-2001-SCO.2] UnixWare - su buffer overflow

2001-06-27 Thread sco-security
To: [EMAIL PROTECTED] [EMAIL PROTECTED] ___ Caldera International, Inc. Security Advisory Subject:UnixWare - su buffer overflow Advisory number:CSSA-2001-SCO.2 Issue date:

TSLSA-2001-0011 - Samba

2001-06-27 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2001-0011 Package name: Samba Severity: Possible root exploit Date: 2001-06-27 Affected versions: TSL

Cisco Security Advisory: Multiple SSH vulnerabilities

2001-06-27 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Security Advisory: Multiple SSH vulnerabilities Revision 1.0 - INTERIM For public release 2001 June 27 08:00 (UTC -0800) _

Cisco Security Advisory: IOS HTTP authorization vulnerability

2001-06-27 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Security Advisory: IOS HTTP authorization vulnerability Revision 1.0 - INTERIM For public release 2001 June 27 08:00 (UTC -0800) _

security bulletins digest

2001-06-27 Thread IT Resource Center
HP Support Information Digests === o IT Resource Center World Wide Web Service --- If you subscribed through the IT Resource Center and

reading from execve()ed setuid memory

2001-06-27 Thread zen-parse
Posted to bugzilla.redhat.com: Tue, 15 May 2001 06:43:27 -0400 This was then made unaccessable, and I've seen nothing that looks like a fix yet. A month and a half seems like long enough to work it out. Contents of https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=40658 as posted before the

gnats update

2001-06-27 Thread Joost Pol
Hia, I found a securityhole in gnatsweb. The author was contacted and a patch was provided within hours. People running the following versions should upgrade: - Gnatsweb 2.7 beta - Gnatsweb 2.8.0 - Gnatsweb 2.8.1 - Gnatsweb 3.95 for GNATS 4, versions from CVS prior to June 26 The patch, and

ISAPI and SECUREIIS

2001-06-27 Thread Crussaider
Hi all, after some testing I noticed that SecureIIS 1.0.6 does not protect IIS 5.0 from ISAPI DoS attack. In the attachment is isapi-dos2.c and isapi.exe cygwin compilation. After attack with this exploit IIS is down. In SecureIIS i have very

Re: smbd remote file creation vulnerability

2001-06-27 Thread Simple Nomad
The limit on the netbios name length must include the ../../../ as a part of the name, so you've blown 9 characters right there to get to the root dir. Otherwise you could get to /etc/crontab or something and the exploit would not require a symlink. So the file can be created remotely, but as for

Re: smbd remote file creation vulnerability

2001-06-27 Thread Wichert Akkerman
Previously Pavol Luptak wrote: Linux kernels with openwall patch (with restricted links in /tmp) are imunne to this type of attack (following symlinks does not work, link owner does not match with file's owner). If symlink don't work you can still use a hardlink though. Wichert. --

Re: Security_APARs (fwd)

2001-06-27 Thread Valdis . Kletnieks
On Tue, 26 Jun 2001 11:44:45 CDT, [EMAIL PROTECTED] said: This is from IBM. I don't know why they do not post to BUGTRAQ directly. I don't speak for IBM, but I think I know why... AIX 4.3: IY19897 (updated 6/2001) This is the 'packaging APAR' that rolls all these fixes up so you can do

Re: MacOSX 10.0.X Permissions uncorrectly set

2001-06-27 Thread Valdis . Kletnieks
On Tue, 26 Jun 2001 02:24:55 +0200, kangoo [EMAIL PROTECTED] said: Permissions of /Users/yourname/Desktop which show your desktop is xrwxrwxrwx, allowing every user to read/write on your own Desktop folder. Fix: chmod 755 or chmod 750 /Users/yourname/Desktop Apple have been warned long

Re: MacOSX 10.0.X Permissions uncorrectly set

2001-06-27 Thread Joerg Maximus Lentsch
On Tue, 26 Jun 2001, kangoo wrote: Permissions of /Users/yourname/Desktop which show your desktop is xrwxrwxrwx, allowing every user to read/write on your own Desktop folder. Fix: chmod 755 or chmod 750 /Users/yourname/Desktop Apple have been warned long ago and as of 10.0.4 it is stil not

Re: MacOSX 10.0.X Permissions uncorrectly set

2001-06-27 Thread Andrew Wellington
At 2:24 AM +0200 26/6/01, kangoo wrote: Permissions of /Users/yourname/Desktop which show your desktop is xrwxrwxrwx, allowing every user to read/write on your own Desktop folder. Fix: chmod 755 or chmod 750 /Users/yourname/Desktop Apple have been warned long ago and as of 10.0.4 it is stil

Re: smbd remote file creation vulnerability

2001-06-27 Thread Joachim Blaabjerg
Pavol Luptak [EMAIL PROTECTED] wrote: [wilder@lysurus wilder]$ cat /etc/redhat-release Linux Mandrake release 8.0 (Traktopel) for i586 [wilder@lysurus wilder]$ rpm -q pam pam-0.74-6mdk [wilder@lysurus wilder]$ egrep log file /etc/smb.conf # this tells Samba to use a separate log file

Re: crypto flaw in secure mail standards

2001-06-27 Thread Tollef Fog Heen
* Riad S. Wahby | Derek Atkins [EMAIL PROTECTED] wrote: | The problem is not at all with the crypto. The problem is with the | integration of the crypto with applications like e-mail. | | In this spirit, I have produced a patch for Mutt that adds an option | to include the To:, From:, CC:,

Security Update:[CSSA-2001-020.1] Linux - format bug in gnupg

2001-06-27 Thread Caldera Support Info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ Caldera International, Inc. Security Advisory Subject:Linux - format bug in gnupg Advisory number:CSSA-2001-020.1 Issue date: