On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
> > + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
>host '%.200s'.",
> > user, client_user, get_canonical_hostname());
>
> I don't think this patch is a good idea. If a user accident
'Night all,
Should this not be fixed in copyout/copyin instead?
It probarly occurs at other places instead of sysctl as well.
Kind regards,
Joost Pol alias Nohican ([EMAIL PROTECTED])
:wq
On Sat, Feb 10, 2001 at 02:43:38PM -0800, Greg KH wrote:
> On Sat, Feb 10, 2001 at 10:28:01AM +0100, Flori
Summary
---
If the AppTrack feature is enabled, the default install of MicroFocus
Cobol 4.1 (Merant's commercial suite of cobol utilities) contains a
security hole which can lead to root compromise.
Specifics
-
In the default install, /var/mfaslmf is installed mode 777, and
/var/mfa
On Sat, Feb, 2001, Florian Weimer wrote:
> Chris Evans <[EMAIL PROTECTED]> writes:
> > There exists a Linux system call sysctl() which is used to query and
> > modify runtime system settings. Unprivileged users are permitted to query
> > the value of many of these settings.
>
> The following trivi
The software Tiny Sheet, present in all versions of Palm Pilot, has a
function called IMPORT file.
Well when this function is use ALL FILES, including the hidden files
protetex with password, can be imported to a Sheet.
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
> roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid
> username)
You seem to have a strange configuration of mysql. By d
> -- With the patch, the lifespan of the server key still does not go
> below one minute. As mentioned in CORE SDI's advisory, the number
> of server connections necessary to carry out the attack is
> normally very large but "the number of connections given is for
> the average ca
- Introduction:
Paul Vixie's crontab version 3.0.1-56 contains another buffer overflow
vulnerability.
I'm not sure whether it's exploitable or not, it needs to be fixed however.
- Platforms:
I've only tested it under Red Hat linux 7.0 which uses version 3.0.1-56,
although this condition almost
Tatu Ylonen wrote:
> > > It's real enough for most vendors to respond. I think you want
> > > to make sure your servers have at least 1.2.30/2.4.0 or
> > > openssh 2.3.0p1 at this point.
> >
> > well, 1.2.30 does not contain a fix for this problem.
>
> No, but the current version is ssh-2.4.0, wh
People administring Lotus Domino should still be aware that the default
settings for the ECL was VERY loose before Lotus Notes release 5.x (e.g.
permitted unsigned code to be run). This means that the suggested
"vunerability" could still be exploited at a site with an improberly
configured Lotus N
Introduction:
Commerce.cgi can have your store's catalog up and
running on the web in
literally a couple of hours. The easy to use Store
Manager will even allow
you to add and remove products from your inventory
right through your web
browser. Best of all, it's free, vulnerable & open
sour
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2001-001
=
Topic: Multiple BIND vulnerabilities
Version:All release versions of NetBSD, and NetBSD-current
Severity: Remote root execution of comma
Bug / DoS in LICQ (all versions) and Gnome-ICU (all versions)
The sending of a .rtf file/document (rich text file) to one of the versions
mentioned above will crash LICQ/Gnome-ICU on the target computer and it will
close itself down after that. The error is probable the problem that
Unix/Linux ha
Hi,
recent security problems in ssh protocol implementations require that
vulnerable ssh protocol servers be upgraded. As an administrator of a
large network, it can be difficult to efficiently determine which
implementations of the ssh protocols are running on a network.
To solve this problem,
Name: "show files" Vulnerability with perl null bite bug.
Date: 28.01.2001
About: Way-board - is a popular korean board
(http://way.co.kr - official site).
Problem: Through this bug you can see any files, bug works
on every system were perl is installed. "%00" - means hex
symbol of the end of the
---UkR security team advisory #6
Vulnerability in Muscat Empower wich can print path to
DB-dir.
--
Name: Vulnerability in Muscat Empower wich can print path to
DB-dir.
Date: 03.02.2001
Problem: when the request invalid send to d
=
Securax-SA-14 Security Advisory
belgian.networking.security Dutch
Name: Environment and Setup Variables can be Viewed through
webpage.cgi
Date: 28.01.2001
Problems:The script allows several environment variables to
be viewed by the attacker, who can gain useful information
on the site, making further attacks more feasible.
Analysis:webpage.cgi dumps useful infor
-=-=-=-=-=[ UkR security team - advisory n0. 7 ]=-=-=-=-=-
tdhttp transversal bug
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: 07.02.2001
Problem: possibility of arbitrary file retreival
and directory listing on remote host, running
tdhttp (http.c, probably all its versions).
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-029-1 [EMAIL PROTECTED]
http://www.debian.org/security/Michael Stone
February 11, 2001
- ---
Hi,
Due to this reply, i see no reason to delay this. No patch nor new version has
been released, for a quick fix, see below.
Regards,
Joao Gouveia
[EMAIL PROTECTED]
Francisco Burzi <[EMAIL PROTECTED]>
> Joao Gouveia wrote:
> >
> > Helo Francisco,
> >
> > There is yet another s
Name: PALS Library System "show files" Vulnerability and
remote command executiom.
Date: 02.02.2001
About: This script is derived from an idea originated at
St.Olaf College to provide a www interface to the PALS
Library System. This idea was then worked on at Georgia
State University. This version
1. Description
--
The 'startinnfeed' binary contains various format string bugs. Most of
the command line options passes user given arguments to 'syslog()' as
format string. For example:
paul@ps:/usr/home/paul > /usr/lib/news/bin/startinnfeed -a
"%x%x%n%n%n%n%n%n%n"
segmentation fau
Name: ROADS search system "show files" Vulnerability with
"null bite" bug
Date: 29.01.2001
About: The search.pl program is a Common Gateway Interface
(CGI) program used to provide an end user search front end
to ROADS databases. When accessed with no CGI query, the
program can return an HTML form
On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
> Hi,
>
> MySql staff has been notified regarding this issues on 2001-01-26.
>
> There still are some potential security flaws with MySql lastest stable
> release.
> Follows some tests i've made all with:
>
> MySql v3.23.32
> PHP v4.
Markus Friedl <[EMAIL PROTECTED]> writes:
[Logging user names harmful or not?]
> While I understand you concern, I am not sure whether this
> applies to SSH clients, since they are usually very
> different from telnet clients. You enter the usename when you
> start the client, so it's hard to ge
---UkR security team advisory #8
HIS Auktion 1.62: "show files" vulnerability and remote
command execute.
--
Name: HIS Auktion 1.62: "show files" vulnurability.
Date: 11.02.2001
Author: UkR-XblP
About: script "HIS Auktion 1.62" i
---UkR security team advisory #1
WebSPIRS CGI script "show files" Vulnerability.
--
Name: WebSPIRS CGI script "show files" Vulnerability.
Date: 27.01.2001
About: WebSPIRS is SilverPlatter's Information Retrieval
System for the
On Sat, Feb 10, 2001 at 03:08:11PM +0200, Tatu Ylonen wrote:
> On Fri, 9 Feb 2001, Christophe Dupre wrote (on the [EMAIL PROTECTED] list):
> > I just read Razor's vulnerability advisory, as reported on slashdot.
> > Any truth to it, or is it another wannabe ?
>
> I suppose you are referring to thi
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-030-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
February 12, 2001
- ---
> While I understand you concern, I am not sure whether this
> applies to SSH clients, since they are usually very
> different from telnet clients. You enter the usename when you
> start the client, so it's hard to get out of sync, e.g. I
> have never seen a user enter
> $ ssh -l mypasswd ho
On Sun, 11 Feb 2001, Markus Friedl wrote:
> On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
> > > + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
>host '%.200s'.",
> > > user, client_user, get_canonical_hostname());
> >
> > I don't
At 05:40 PM 2/10/2001, Konrad Rieck wrote:
>I am a little bit confused about this mail. Maybe the author
>can explain some issues to me...
>
>On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
> > roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid
> > username)
>
>Yo
> OpenSSH's client drops all privileges before the user is asked for a
> password, so there is really no need to panic and send ads to this list
> -- especially since this thread not at all related to SSH-1. However,
> if you are afraid of SSH-1 you can simply turn off protocol 1 support
> in Ope
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
[snip]
> - Quick fix (diff output for crontab.c):
>
> 146c146
> < strcpy(User, pw->pw_name);
> ---
> > strncpy(User, pw->pw_name, MAX_UNAME - 1);
Uhm, won't the user running crontab then get another user's crontab,
if the 'str
Considering what overflows the buffer (your username), it would seem that
you'd need root access to begin with in order to craft an exploit. Am I
wrong?
Of course, maybe this could be some exotic new addition to a rootkit.
> -Original Message-
> From: Bugtraq List [mailto:[EMAIL PROTECTE
I am not certain of the need to send the memo internally.
There is a mail distribution option that allows the user to indicate that
the
recipient is a notes user, thus packaging the email in 'Notes Rich Text'
format. I have successfully sent and accepted meeting invitations this
way, as well as ve
On Sun, Feb 11, 2001 at 12:40:48AM +0100, Konrad Rieck wrote:
> I am a little bit confused about this mail. Maybe the author
> can explain some issues to me...
>
> On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
> > roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a val
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
> The software Tiny Sheet, present in all versions of Palm Pilot,
http://www.iambic.com/pilot/tinysheet3/
To clarify: it's not included with PalmOS; it's 3rd-party software.
> has a function called IMPORT file.
> Well when this
Hmm, doesn't do anything weird/wrong on my RH6.2 server:
[aabbcc@obelix mark]$ crontab -e
no crontab for aabbaabbaab - using an empty one
crontab: installing new crontab
[aabbcc@obelix mark]$ crontab
crontab:
On Mon, Feb 12, 2001 at 02:34:43PM -0600, Tim Yardley wrote:
> >This is a nice example of bad code, but not a security issue, I could
> >show up a 100 of programs that simply don't care for *argv parameters.
> >You don't gain anything by exploiting such overflows in non-suid programs.
>
> watch wh
I love the notification that you gave to the INN developers about this
problem (namely, absolutely none at all). If you'd mailed us first, I
could have pointed out to you that innfeed does no argument parsing of its
own and just execs innfeed with the passed arguments, which at the least
would ha
> > -- With the patch, the lifespan of the server key still does not go
> > below one minute. As mentioned in CORE SDI's advisory, the number
> > of server connections necessary to carry out the attack is
> > normally very large but "the number of connections given is for
> > the
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
> The software Tiny Sheet, present in all versions of Palm Pilot, has a
> function called IMPORT file.
> Well when this function is use ALL FILES, including the hidden files
> protetex with password, can be imported to a Sheet.
On
Workaround for Unintended JSP Execution When Using Oracle Apache/JServ
Description
A potential security vulnerability has been discovered in Oracle JSP
Releases 1.0.x through 1.0.2 when using Oracle Apache/JServ only. This
vulnerability permits the execution of unintended (or incorrect) JSP
file
On Sun, Feb 11, 2001 at 12:07:39PM -0500, Andrew Brown wrote:
> > -- With the patch, the lifespan of the server key still does not go
> > below one minute. As mentioned in CORE SDI's advisory, the number
> > of server connections necessary to carry out the attack is
> > normally very
Patch for Potential Vulnerability in the execution of JSPs outside
doc_root
Description of the problem
A potential security vulnerability has been discovered in Oracle JSP
releases 1.0.x through 1.1.1 (in Apache/Jserv). This vulnerability
permits access to and execution of unintended JSP files ou
Sun, Feb 11, 2001 at 00:38:02, achter05 (Flatline) wrote about "vixie cron possible
local root compromise":
> 146c146
> < strcpy(User, pw->pw_name);
> ---
> > strncpy(User, pw->pw_name, MAX_UNAME - 1);
>
> Or simply remove the setuid bit on /usr/bin/crontab until a vendor patch
> h
On Mon, Feb 12, 2001 at 11:07:15AM -, Joao Gouveia wrote:
[snip]
> > > Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
You can actually insert any URL instead of "/etc/passwd" and have it
read. Depending on the server's configuration, this could be abused to
execute PHP cod
> I am a little bit confused about this mail. Maybe the author
> can explain some issues to me...
>
> On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
> > roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid
> > username)
>
> You seem to have a strange configuration
50 matches
Mail list logo
