"m4 -G %n" will make m4 seg fault on SuSE 6.4 (without the "" ofcourse)
sorry for the mistake
feh
sj
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
In response to the debate on bugtraq, people should read this...
If Paul hasn't already forwarded a copy there, that is...
To: BIND-Members Forum Information:;
Subject: FREQUENTLY ASKED QUESTIONS ABOUT THE BIND-MEMBER FORUM
Date: Sat, 03 Feb 2001 22:32:01 -0800
From: Paul A Vixie [EMAIL
From: Peter Jeremy [EMAIL PROTECTED]
What does the community think of this change in direction?
Given the importance of BIND to the Internet, I can see the benefits
in having a closed group to handle security-related issues. As long
as the membership is intended to provide a forum where
Web root exposure in HSWeb Webserver
Overview
HSWeb v2.0 is a webserver available from http://www.jeffheaton.com and
http://www.download.com. Any remote user can discover the physical path
of the web root if directory browsing is enabled.
Details
If directory browsing is
- Original Message -
From: "Juergen P. Meier" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, February 03, 2001 4:51 AM
Subject: Re: Defending the (supposedly) indefensible...
[snip]
Ah, here i think you (and the ISC) overlooked something:
Although i believe the probability of
On Saturday 03 February 2001 14:54, Mike Gerber wrote:
confirmed for red hat linux 7.0:
[kerouac:mg:~]m4 -G %x
m4: 80499d9: Datei oder Verzeichnis nicht gefunden
[kerouac:mg:~]cat /etc/redhat-release
Red Hat Linux release 7.0 (Guinness)
[kerouac:mg:~]rpm -q m4
m4-1.4.1-3
Same here:
On Sat, Feb 03, Mike Gerber wrote:
confirmed for red hat linux 7.0:
[kerouac:mg:~]m4 -G %x
m4: 80499d9: Datei oder Verzeichnis nicht gefunden
[kerouac:mg:~]cat /etc/redhat-release
Red Hat Linux release 7.0 (Guinness)
[kerouac:mg:~]rpm -q m4
m4-1.4.1-3
I don't see this as a big problem,
In the profound words of Przemyslaw Frasunek:
On Fri, Feb 02, 2001 at 03:08:12PM -0800, Ted U wrote:
tested on qnx rtp as released on jan. 18 from get.qnx.com. doesn't work.
i tried significantly more a's and nothing happens. i get the normal
repsonse from stat.
Are you sure? This is
StyX wrote:
Joao Gouveia wrote:
Hi,
This issue has been discussed in vuln-dev (2001-01-26), see:
http://www.securityfocus.com/templates/archive.pike?end=2001-01-27tid=15872
4fromthread=0start=2001-01-21threads=1list=82
Posted also on suse security list, and aparently overlooked.
Hi,
Quoting StyX ([EMAIL PROTECTED]):
styx@SuxOS-devel:~$ man -l %n%n%n%n
man: Segmentation fault
styx@SuxOS-devel:~$
This was on my Debian 2.2 potato system (It doesn't dump core though).
Just for the record:
on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
this
Vulnerability in SEDUM HTTP Server
Overview
SEDUM HTTP Server v2.0 is a web server available from
http://www.frassetto.it and http://www.zdnet.com. A vulnerability exists
which allows a remote user to break out of the web root using relative
paths (ie: '..', '...').
Details
Vulnerability in Free Java Web Server
Overview
Free Java Web Server v1.0 is a Java web server available from
http://www.download.com. A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').
Details
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of Raju
Mathur
I'm no Microsoft lover, but
what if ISC decides that MS doesn't get to be part of the BMG (BIND
doesn't ship with Windows by default, does it?)?
Microsoft's implementation of DNS isn't based on BIND at all. IIRC, none of
On Sun, 4 Feb 2001, Martin Schulze wrote:
Please tell me what you gain from this. man does not run setuid
root/man but only setgid man. So all you can exploit this to is a
shell running under your ownl user ide.
sucker admins who m4 their sendmail.mc's as root, chiefly if you trick
them
On Sun, 04 Feb 2001 01:48:34 +0100, Robert van der Meulen [EMAIL PROTECTED] said:
Just for the record:
on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
this doesn't impose a security problem.
Although it may not apply to *this* *particular* issue, let's all not
On Sun, Feb 04, 2001 at 01:48:34AM +0100, Robert van der Meulen wrote:
Hi,
Quoting StyX ([EMAIL PROTECTED]):
styx@SuxOS-devel:~$ man -l %n%n%n%n
man: Segmentation fault
styx@SuxOS-devel:~$
This was on my Debian 2.2 potato system (It doesn't dump core though).
Just for the record:
16 matches
Mail list logo