-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera International, Inc. Security Advisory
Subject:Linux - samba /tmp problems
Advisory number:CSSA-2001-018.1
Issue date:
---
Immunix OS Security Advisory
Packages updated: samba, samba-client, samba-common
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed: immunix/1649
Date: Tue Jun 26
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
___
Caldera International, Inc. Security Advisory
Subject:UnixWare - su buffer overflow
Advisory number:CSSA-2001-SCO.2
Issue date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2001-0011
Package name: Samba
Severity: Possible root exploit
Date: 2001-06-27
Affected versions: TSL
-BEGIN PGP SIGNED MESSAGE-
Security Advisory: Multiple SSH vulnerabilities
Revision 1.0 - INTERIM
For public release 2001 June 27 08:00 (UTC -0800)
_
-BEGIN PGP SIGNED MESSAGE-
Security Advisory: IOS HTTP authorization vulnerability
Revision 1.0 - INTERIM
For public release 2001 June 27 08:00 (UTC -0800)
_
HP Support Information Digests
===
o IT Resource Center World Wide Web Service
---
If you subscribed through the IT Resource Center and
Posted to bugzilla.redhat.com: Tue, 15 May 2001 06:43:27 -0400
This was then made unaccessable, and I've seen nothing that looks like
a fix yet.
A month and a half seems like long enough to work it out.
Contents of https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=40658
as posted before the
Hia,
I found a securityhole in gnatsweb.
The author was contacted and a patch was provided within hours.
People running the following versions should upgrade:
- Gnatsweb 2.7 beta
- Gnatsweb 2.8.0
- Gnatsweb 2.8.1
- Gnatsweb 3.95 for GNATS 4, versions from CVS prior to June 26
The patch, and
Hi all,
after some testing I noticed that SecureIIS 1.0.6 does not
protect IIS 5.0 from ISAPI DoS attack. In the attachment is
isapi-dos2.c and isapi.exe cygwin compilation.
After attack with this exploit IIS is down. In SecureIIS i
have very
The limit on the netbios name length must include the ../../../ as a part
of the name, so you've blown 9 characters right there to get to the root
dir. Otherwise you could get to /etc/crontab or something and the exploit
would not require a symlink. So the file can be created remotely, but as
for
Previously Pavol Luptak wrote:
Linux kernels with openwall patch (with restricted links in /tmp) are
imunne to this type of attack (following symlinks does not work, link
owner does not match with file's owner).
If symlink don't work you can still use a hardlink though.
Wichert.
--
On Tue, 26 Jun 2001 11:44:45 CDT, [EMAIL PROTECTED] said:
This is from IBM. I don't know why they do not post to BUGTRAQ directly.
I don't speak for IBM, but I think I know why...
AIX 4.3: IY19897 (updated 6/2001)
This is the 'packaging APAR' that rolls all these fixes up so you can
do
On Tue, 26 Jun 2001 02:24:55 +0200, kangoo [EMAIL PROTECTED] said:
Permissions of /Users/yourname/Desktop which show your desktop is
xrwxrwxrwx, allowing every user to read/write on your own Desktop folder.
Fix: chmod 755 or chmod 750 /Users/yourname/Desktop
Apple have been warned long
On Tue, 26 Jun 2001, kangoo wrote:
Permissions of /Users/yourname/Desktop which show your desktop is
xrwxrwxrwx, allowing every user to read/write on your own Desktop folder.
Fix: chmod 755 or chmod 750 /Users/yourname/Desktop
Apple have been warned long ago and as of 10.0.4 it is stil not
At 2:24 AM +0200 26/6/01, kangoo wrote:
Permissions of /Users/yourname/Desktop which show your desktop is
xrwxrwxrwx, allowing every user to read/write on your own Desktop folder.
Fix: chmod 755 or chmod 750 /Users/yourname/Desktop
Apple have been warned long ago and as of 10.0.4 it is stil
Pavol Luptak [EMAIL PROTECTED] wrote:
[wilder@lysurus wilder]$ cat /etc/redhat-release
Linux Mandrake release 8.0 (Traktopel) for i586
[wilder@lysurus wilder]$ rpm -q pam
pam-0.74-6mdk
[wilder@lysurus wilder]$ egrep log file /etc/smb.conf
# this tells Samba to use a separate log file
* Riad S. Wahby
| Derek Atkins [EMAIL PROTECTED] wrote:
| The problem is not at all with the crypto. The problem is with the
| integration of the crypto with applications like e-mail.
|
| In this spirit, I have produced a patch for Mutt that adds an option
| to include the To:, From:, CC:,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera International, Inc. Security Advisory
Subject:Linux - format bug in gnupg
Advisory number:CSSA-2001-020.1
Issue date:
19 matches
Mail list logo