So, the version of my patch for 2.0.34 didn't need to fix this any
more. Of course, future updates of the patch I was making based on
the latest one, and never bothered to check for this bug again.
Now, after your post, I am looking at patch-2.0.35.gz:
- return 0;
+ return 1;
Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
(1.5 years later) shipped with this default Xaccess file. It is somehow
ironic that e.g. SuSE now uses tcpwrappers by default on most TCP
services in it's distribution and describes the use of tcpwrappers in
the manual in a
Btw. the example given for IE is a classic example of what is so wrong
with Javascript: you can do anything with it - including e.g. trivial
stealing of passwords by popping up fake login dialogs - _even if it
doesn't make sense in the context_. This alone is a reason to
completely block and
a function (if you are using an ATX power supply) to remotely turn on the
computer if anything is received on either the LAN or modem ports. It seems
Wake-On-Lan.
1)am I correct in assuming that anyone who sends a packet to you over the
Internet will appear on the LAN port if you have
This exploit does not affect Linux 2.0.36, or any version of NetBSD.
I have not tested Linux versions =2.1 (which have a different
implementation of the equivalent code from 2.0.36), but based on code
inspection, I do not believe it to be vulnerable to this particular
attack.
Linux actually
Virtually any program using the GNOME libraries is vulnerable to a
buffer overflow attack. The attack comes in the form:
/path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer
I can duplicate this for gnome-libs 1.0.8 but not with gnome-libs 1.0.15
tried it on (the irony)
On Mon, 27 Sep 1999 11:35:44 EDT, Dan Astoorian [EMAIL PROTECTED] said:
A trivial demo program that demonstrates the problem is attached. (It
needs no special privileges; run it as an unprivileged user in any
writable directory.) The program reports "okay" under Solaris 2.5.1 and
IRIX
It is NOT a requirement of the PAM framework that application be running as
root. There are two cases though that make login type applications need to
run as root.
1) The password is stored in /etc/shadow which only root can read
If the password was in NIS/NIS+/LDAP then the
Taking a guess, I would say that the panic is caused by instability of
the linux select() implementation, and could therefore be abused in other
programs that manage an unlimited amount of connections using the select
syscall.
its an old bug in 2.0 kernels with garbage collection on Unix
It isn't clear for me what can be done to protect the whole system inside
syslogd. Does anybody knows what SuSE really changed?
Their source package isn't very helpful.
There were two notable problems
1. Syslogd defaulted to stream sockets which means you have resource
control
The danger in this problem arises from the fact that many perimeter defenses
(firewalls) permit ICMP through, which means that remote, anonymous
attackers
Note that perimiter firewalls that don't let some ICMP through are broken
(If anyone from certain large search/net companies beginning
I would check with Alan on the SYN cookies, iirc, there is a good reason why
SYN cookies are not turned on by default. In 2.3.x it is not turned on by
default in the kernel compile and again must be explicitly enabled in /proc
after adding it to the kernel.
SYN cookies don't default to on
The Internet Service Providers (ISPs) must take action to drop long ICMP
packets in the backbone networks (any packet longer than 1499 bytes, at
least).
This will break existing "good behaviour" legal systems and potentially
disrupt MTU discovery proceedure. It isnt a feasible option without
check to prevent such large sizes from crashing X and/or the X Font
Server, I'm alarmed by (1) the way the X font server allows itself to be
crashed like this, and (2) the way the entire Linux kernel seems to have
been unable to handle the situation. While having a central company or
So turn
About 7 weeks ago an automated mailing list spewed a large but valid email
containing a lot of URLS and other formatting. When this email is fed into
evolution the behaviour it causes leads evolution to expand dramatically in
size and eat vast amounts of CPU time. If you've got a lot of patience
15 matches
Mail list logo