To add to Shafik's statement, now all you have to do to is to put a system
under high (log) load for any attack to go possibly unlogged? This leaves
me somewhat sleepless...
--- Shafik Yaghmour [EMAIL PROTECTED] wrote:
So if you have a high system load it is okay to have some of the
HP Support Information Digests
===
o HP Electronic Support Center World Wide Web Service
---
If you subscribed through the HP Electronic
Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability
PROBLEM:
UssrLabs found multiple places in MDaemon v2.8.5.0 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.
affected services:
WorldClient: Port
On Tue, 23 Nov 1999, Crispin Cowan wrote:
I agree that configuration and operational issues are a hard problem to solve.
In general, I don't know how to solve them. My (crass commercial) solution is
that folks who don't really know what they're doing should buy appliances
I firmly agree and
At 17:21 23.11.99 -0500, Shafik Yaghmour wrote:
So if you have a high system load it is okay to have some of the
syslog messages lost? Hmm, I dunno, IMHO it is never okay, I mean why
should you open up the opportunity at all. You know, security based on
something being "not so prone to
Cobalt Networks -- Security Advisory -- 11.24.1999
Problem:
Sendmail up to the recent 8.9.x versions - allows any user with a shell
access to pass the '-bi' parameter to /usr/sbin/sendmail. This will
result in aliases database rebuild. The alias database is opened in the
following way:
5366
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CERT Summary CS-99-04
November 23, 1999
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident
On Wed, Nov 24, 1999 at 12:06:05PM +1100, Darren Reed wrote:
In some mail from Savochkin Andrey Vladimirovich, sie said:
I think that replacing stream sockets by datagram is a step in a wrong
direction. Datagram sockets are not only unreliable by definition.
Their use makes completely
Bindview Security Advisory
Cabletron SmartSwitch Router 8000 Firmware v2.x
Issue date: November 24, 1999
Contact: Scott Blake [EMAIL PROTECTED]
Topic:
Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR)
Overview:
Cabletron's SSR is a Layers 2-4 routing and