On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
When crontab has determined the name of the user calling crontab (using
getpwuid()),
the login name is stored in a 20 byte buffer using the strcpy() function
(which does no bounds checking). 'useradd' (the utility used to add users
to
1){
2) static time_t last_kill_time = 0;
3) if (time(NULL) - last_kill_time 60 getppid() != 1)
4){
5) last_kill_time = time(NULL);
6) kill(SIGALRM, getppid());
7) }
8) fatal("Bad result from rsa_private_decrypt");
9)}
actually...if
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
the login name is stored in a 20 byte buffer using the strcpy() function
(which does no bounds checking). 'useradd' (the utility used to add users
to the system)
however allows usernames of over 20 characters (32 at most on my
-- Forwarded message --
Date: Tue, 13 Feb 2001 03:53:58 -0800 (PST)
From: IT Resource Center [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
When crontab has determined the name of the user calling crontab (using
getpwuid()),
the login name is stored in a 20 byte buffer using the strcpy() function
(which does no bounds checking). 'useradd' (the utility used to add users
to the system)
however allows usernames of over 20 characters (32
-/ RFP2101 /---/ rfp.labs / wiretrip/
RFPlutonium to fuel your PHP-Nuke
SQL hacking user logins in PHP-Nuke web portal
/ rain forest puppy / [EMAIL PROTECTED]
Table of contents:
-/ 1 /
On Monday 12 February 2001 18:22, you wrote:
- Original Message -
From: "Joao Gouveia" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 09, 2001 9:54 PM
Subject: Some more MySql security issues
Hi,
MySql staff has been notified regarding this issues on
Hello,
I done others tests...and didn't work here again in my 3 Server
linux...look:
http://192.168.151.100/../../../../../../../../../../etc/passwd
http://192.168.151.150/../../../../../../../../../../etc/passwd
http://192.168.151.1/../../../../../../../../../../etc/passwd
All return me this
SECURITY ADVISORY 13th February 2001
--
Program: analog (logfile analysis program)
Versions: all versions except 4.16 and 4.90beta3
Operating systems: all
Hi,
I'm the person responsible for maintaining Apache JServ (which is actually a
product that is not being developed further as a result of being deprecated
in favor of Tomcat and Jasper) and I like to just clarify that this problem
is strictly within Oracle's product and not within Apache JServ
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:24 Security Advisory
FreeBSD, Inc.
Topic: SSH1
I have just tried this with WebSpirs 3.1
The URL I tried is..
http://www.targethost.com/spirs/webspirs.cgi?sp.nextform=../../../../../etc/passwd
It worked.. I also tried this with WebSpirs 4.2 and it did NOT work.. I have not tried
WebSpirs 4.3 yet.. Maybe it is cause you have it in your
Solution for Potential Vulnerability in Granting FilePermission to
Oracle Java Virtual Machine
Versions Affected
Oracle8i Release 3 (8.1.7)
Oracle Application Server 9iAS Release 1.0.2.0.1
Platforms Affected
All
Description of the Problem
A potential vulnerability in Oracle JVM has been
Hi,
MySql version 3.23.33 has been released, addressing this latest problems.
Change log in http://www.mysql.com/doc/N/e/News-3.23.33.html
quote
Fixed buffer overrun in libmysqlclient library. Fixed bug in handling STOP
event after ROTATE event in replication.
Fixed another buffer overrun in
The newly announced FreSSH, when there is no /dev/urandom available,
uses a `fallback' to seed its PRNG that consists of:
int numfs, whichfs = 0;
struct statfs *mntbuf;
numfs = getmntinfo(mntbuf, MNT_NOWAIT);
Hi
Trustix has made available security updates for Trustix secure linux.
kernel:
Trustix specific: no
Distribution versions: All
A race condition in ptrace allows a malicious user to gain root. A
signedness error in the sysctl interface also potentially allows a user
to gain root.
proftpd:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greets.
This problem is known and fixed by the author and a patched
opendir.php file have been made availible for download from the
phpnuke home site.
phpnuke home: http://www.phpnuke.org/
Patched opendir.php:
You are so right!! Must have been very late or something...
I've checked whether it actually works...nope!
Crontab doesn't get more than 20 chars but somehow it copies them twice?
Strange
Mark
Mate Wierdl [EMAIL PROTECTED] wrote on 13-2-01 18:23:10:
On Mon, Feb 12, 2001 at 10:14:00PM +0100,
this is a just a proof of concept, i haven't included setgid call in the
shellcode:
/***
-
elm253-exploit.c
-
***/
#include stdlib.h
#define NOP 0x90
#define LEN 356
#define OFFSET 0
#define RET 0xba64
unsigned long dame_sp() {
__asm__("movl
* Andrew Brown [EMAIL PROTECTED] [010213 14:38] wrote:
When crontab has determined the name of the user calling crontab (using
getpwuid()),
the login name is stored in a 20 byte buffer using the strcpy() function
(which does no bounds checking). 'useradd' (the utility used to add users
to
On Mon, Feb 12, 2001 at 01:12:02PM -0500, gabriel rosenkoetter wrote:
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
When crontab has determined the name of the user calling crontab (using
getpwuid()),
the login name is stored in a 20 byte buffer using the strcpy() function
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
-
On Tue, Feb 13, 2001 at 03:54:00PM -0500, Alan DeKok wrote:
I find this attitude amazing. You don't understand why other people
would want to have usernames longer than 8 characters, so you're
willing to blame *their* systems for security problems when insecure
applications are executed on
Hello,
In light of the recent posts to bugtraq concerning the
CORE SDI advisory that describes the SSH1 session
key recovery vulnerability a few things needs to be
noted:
- CORE SDI does not provide support services to
SSH1 and does not maintain its source tree. However,
given the
24 matches
Mail list logo