Re: Administrivia: Real domain names in PoC/exploit examples

: *.test, *.example, and *.invalid. Unfortunately, www.foo.example is less obviously a host name compared to www.example.com. - Some other place-holder that is not a valid domain such as victim, etc. That works too. -- Nate Eldredge n...@thatsmathematics.com

Re: Solaris telnet vulnberability - how many on your network?

people should go back and read Casper's email where he explained that it came about with a Kerberos project. I presume that refers only to the telnetd bug, and not to login -f. -- Nate Eldredge [EMAIL PROTECTED]

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

for bringing it up. -- Nate Eldredge [EMAIL PROTECTED]

Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

are identical, period. And unless crypt() and /etc/shadow are both broken, it will stop at the right place. I realize it goes against the reflexive only strn* functions are safe idea, but that shouldn't substitute for thinking... -- Nate Eldredge [EMAIL PROTECTED]

Re: Multiple vendors FTP denial of service

arbitrary limits on globbing. -- Nate Eldredge [EMAIL PROTECTED]

Re: SuSe / Debian man package format string vulnerability

e argument. If you can sucker them into processing an untrustworthy .mc file, they are in trouble anyway: #! /usr/bin/m4 syscmd(chmod 04755 /home/hax0r/sh) -- Nate Eldredge [EMAIL PROTECTED]

Re: Corel Linux 1.0 dosemu default configuration: Local root vuln

in the configuration files. (Note that I haven't tested this as I can't reproduce the vulnerability with my current dosemu configuration.) -- Nate Eldredge [EMAIL PROTECTED]