confirmed for red hat linux 7.0:
[kerouac:mg:~]m4 -G %x
All folks tests it with -G, but it is not really needed.
FreeBSD ports:
netch@iv:~gm4 -G %x
gm4: bfbffb8c: No such file or directory
netch@iv:~gm4 %x
gm4: bfbffb8c: No such file or directory
netch@iv:~gm4 %d
gm4: -1077937268: No such
Vulnerability in Picserver
Overview
Picserver is a specialized webserver available from http://www.informs.com
and http://www.zdnet.com. A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').
Details
Jose Nazario writes:
On Sun, 4 Feb 2001, Martin Schulze wrote:
Please tell me what you gain from this. man does not run setuid
root/man but only setgid man. So all you can exploit this to is a
shell running under your ownl user ide.
sucker admins who m4 their sendmail.mc's as
To Ben Greenbaum:
Please post this advisory instead of the last. I needed to
make a minor change to the 'Vendor Status' section. Thanks.
--
Vulnerabilities in BiblioWeb Server
Overview
BiblioWeb Server 2.0 is a web server available from
http://www.biblioscape.com. A
On my Debian 2.2 system 'man' was installed
suid root. I don't know about Debian 2.3 but,
Debian 2.2 does install 'man' suid root.
Robert van der Meulen wrote:
Hi,
Quoting StyX ([EMAIL PROTECTED]):
styx@SuxOS-devel:~$ man -l %n%n%n%n
man: Segmentation fault
styx@SuxOS-devel:~$
This
On Sun, Feb 04, 2001 at 01:48:34AM +0100, Robert van der Meulen wrote:
I don't know about Suse/Redhat/others.
On RH 7.0 and 6.2 it does not seem to matter as far as the
vulnerability is concerned since
$ man -l %x%x%x%x 21 |head -1
man: invalid option -- l
on both systems.
Also,
$ ls -l
The following link was sent to me this morning.
Has anybody heard about this, gotten any more info?
Is this TRUE? :-)
http://www.mb.com.ph/INFO/2001-02/IT020201.asp
Andre
--
andre.delafontaine at echostar.com
F20 DSS: BD75 66D9 5B2C 66CE 9158 BB27 B199 59CE D117 4E9F
F16
hola friends,
while i was participating on the openhack contest
i found a couple of serious security-holes within ibm s
so called "netcommerce" thing which seems to be a mixture of
websphere, net.data, servlets, jsp s and db2?
however..summary:
class: input validation error
remote: yes
local:
There is an extension to theis, explaining the thinking, at
http://www.mb.com.ph/INFO/2001-02/IT020601.asp
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!"
On Mon, 5 Feb 2001,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Feb 05, 2001 at 09:01:33AM -0700, Andre Delafontaine wrote:
The following link was sent to me this morning.
Has anybody heard about this, gotten any more info?
Is this TRUE? :-)
http://www.mb.com.ph/INFO/2001-02/IT020201.asp
In what
Cisco Systems Product Security Incident Response Team [EMAIL PROTECTED]
writes:
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use
of the vulnerabilities described in this advisory. These
styx@SuxOS-devel:~$ man -l %n%n%n%n
man: Segmentation fault
styx@SuxOS-devel:~$
This was on my Debian 2.2 potato system (It doesn't dump core though).
Just for the record:
on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
this doesn't impose a security
Crimelabs, Inc. www.crimelabs.net
Security Note
Crimelabs Security Note CLABS200101
Title: SSH-1 Brute Force Password Vulnerability
Date: 5 February, 2001
Vendors: Any supported by
url: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
Be careful with your wireless networks.
cheers,
--dr
--
Dragos Ruiu [EMAIL PROTECTED] dursec.com ltd. / kyx.net - we're from the future
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
CanSecWest/core01: March
Hi,
Doing an 'nmap O -sT' on my FreeBSD 4.2-STABLE box running Bind 9.1.0 as
a cacheing namserver, resulted in this:
Feb 5 22:30:35 tel named[50956]: netaddr.c:231: INSIST(0) failed
Feb 5 22:30:35 tel named[50956]: exiting (due to assertion failure)
Feb 5 22:30:35 tel /kernel: pid 50956
yes, but the attack does not work (efficiently). We analyzed
it together with Ariel Futoransky and Calos Sarraute and
judged it highly impractical (no complexity estimates could
be found on the post/news). Later we read a mail which was
signed by Rivest himself in which he said that the attack
I doubt it...
http://www.seedmuse.com/rsa_edit.htm
-Original Message-
From: Andre Delafontaine [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 05, 2001 11:02 AM
To: [EMAIL PROTECTED]
Subject: Pinoy math enthusiast finds fast way to decode RSA encryption
The following link was sent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : glibc
SUMMARY : Local root vulnerability in
On Mon, Feb 05, 2001 at 06:34:47AM -0500, John wrote:
On my Debian 2.2 system 'man' was installed
suid root. I don't know about Debian 2.3 but,
Debian 2.2 does install 'man' suid root.
Are you certain? In Debian stable (2.2, potato), man is installed setgid man.
In Debian unstable and
Hello, bugtraq readers,
Ix me decided to post this exploit for recently discovered
bugs in named. This exploit is pretty much broken, because of
the impact it might have. Due to sufficient information available
on the net (about the TSIG bug, and about the IQUERY INFOLEAK bug),
anyone should
On Mon, Feb 05, 2001 at 11:17:28PM +0100, Roman Drahtmueller wrote:
SuSE ships the /usr/bin/man command suid man.
After exploiting the man command format string vulnerability, the attacker
can then replace the /usr/bin/man binary with an own program - since the
man command is supposed to
This was on my Debian 2.2 potato system (It doesn't dump core though).
Just for the record:
on a lot of systems (including Debian), 'man' is not suid/sgid anything,
and
this doesn't impose a security problem.
I don't know about Suse/Redhat/others.
SuSE ships the /usr/bin/man command suid
* Darren Moffat [EMAIL PROTECTED] [010205 19:24]:
Exactly what is it that man MUST do to perform the job of turning nroff
man pages into viewable text ?
Given the replies I got that are similar to the one below I should have
been move explicit - I knew this but was trying to hint that it
* Darren Moffat [EMAIL PROTECTED] [010205 19:24]:
Exactly what is it that man MUST do to perform the job of turning nroff
man pages into viewable text ?
It is setuid some user in order to store pre-formatted manpages
around, so that future invocations do not have to format the manpage. It
is
Darren Moffat [EMAIL PROTECTED] writes:
I'm having a hard time working out why the man command is setuid to any
user.
Exactly what is it that man MUST do to perform the job of turning nroff
man pages into viewable text ?
Isn't it an issue with caching that viewable text in catN directories?
Darren Moffat wrote:
I'm having a hard time working out why the man command is setuid to any
user.
Exactly what is it that man MUST do to perform the job of turning nroff
man pages into viewable text ?
Two operations are done where SUID is useful; firstly maintaining the manual
page index
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux-Mandrake Security Update Advisory
Package name: cups
Date:
27 matches
Mail list logo