MDKSA-2001:021 - proftpd update

2001-02-09 Thread Linux Mandrake Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linux-Mandrake Security Update Advisory Package name: proftpd Date:

Re: Immunix OS Security update for kernel

2001-02-09 Thread Greg KH
On Thu, Feb 08, 2001 at 02:52:45PM -0800, Greg KH wrote: Chris Evans has discovered a security problem in the kernel select() This should have read "sysctl()". Sorry for any confusion. greg k-h -- greg@(kroah|wirex).com http://immunix.org/~greg PGP signature

Re: XMail CTRLServer remote buffer overflow vulnerability

2001-02-09 Thread davidel
SUMMARY I discovered all versions of XMailhttp://www.mycio.com/davidel/xmail have buffer overflow vulnerabilities in CTRLServer.These holes is NOT same as APOP,USER command buffer overflow vulnerability discovered beforetime.And this problem allows a remote attacker to execute arbitrary

Smoothwall SSH Vulnerability fix

2001-02-09 Thread Dan Cuthbert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ++ Smoothwall Security Advisory SSA-0902-1 [EMAIL PROTECTED] February 9th 2001 Dan Cuthbert

Re: Vulnerability in AOLserver

2001-02-09 Thread bugtraq
AOLserver v3.2 is a web server available from http://www.aolserver.com. A vulnerability exists which allows a remote user user to break out of the web root using relative paths (ie: '...'). AOLserver v3.2 on Linux (RH 6.0) does not appear to be vulnerable. OS-dependent code?

Palm Pilot - Palm Desktop Version 4 - Password bypass

2001-02-09 Thread Secret Ivan
I've only tested this with version 4.0 of the Palm Desktop software. Palm allows you set a password on the desktop software. Without a password you are not able to view the data. There is a way to bypass and get rid of the desktop password. On an existing Palm Desktop make sure the

Bug in ssh client (open ssh 2.3.0)

2001-02-09 Thread Tomasz Kuniar
hi, When Michal Zalewski found bug in ssh, most people tried to reinstall their ssh. They usualy install openssh 2.3.0 or higher, or ssh2.com Well, it could not be the best fix using openssh client 2.3.0p1 (i dont check other ver.). I've compile it from sources, so look at it:

Re: Bug in Bind 9.1.0?

2001-02-09 Thread Maarten de Vries
On Wednesday, February 07, 2001, 11:15:48 PM, I wrote: I believe ISC is still investigating this. Haven't heard from the FreeBSD people yet, altough they were the first I reported this to... In the meantime, I was informed by Doug Barton (who maintains the Bind port in FreeBSD) that

Re: Palm Pilot - Palm Desktop Version 4 - Password bypass

2001-02-09 Thread skelly
v3.1 seems to be safe. The password is requested @ the splashscreen, before the rest of the interface loads. Alt-F does nothing, and Alt-H brings up help, which explains what a password is. NOTE: This may be a modified version. It's the updated Handsping Visor version, but it still has the Palm

Re: [CORE SDI ADVISORY] SSH1 session key recovery vulnerability

2001-02-09 Thread Iván Arce
Hello, Yet another error in the advisory released last Wednesday. - Original Message - From: "Ivn Arce" [EMAIL PROTECTED] Newsgroups: core.lists.bugtraq To: [EMAIL PROTECTED] Sent: Wednesday, February 07, 2001 6:25 PM Subject: [CORE SDI ADVISORY] SSH1 session key recovery vulnerability

Re: SSHD-1 Logging Vulnerability

2001-02-09 Thread Florian Weimer
jose nazario [EMAIL PROTECTED] writes: - debug("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.", + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.", user, client_user,

Linux kernel sysctl() vulnerability

2001-02-09 Thread Chris Evans
Hi, OVERVIEW There exists a Linux system call sysctl() which is used to query and modify runtime system settings. Unprivileged users are permitted to query the value of many of these settings. The unprivileged user passes in a buffer location and the length of this buffer. Unfortunately, by

Advanced Remote OS Detection Methods/Concepts using Perl

2001-02-09 Thread f0bic
Here's a paper about Advanced remote OS detection with a focus on its implementation in Perl. -- f0bic. -- lowlevel - network coding/network security http://www.low-level.net - [EMAIL PROTECTED] --

Local man exploit

2001-02-09 Thread Paul Starzetz
Hi @ll the attached script will create suid man shell on vulnerable systems (man -l bug). ihq. manexpl.sh

Re: Bug in ssh client (open ssh 2.3.0)

2001-02-09 Thread rafal wiosna
* Tomasz Kuniar wrote: Ssh client is suid, so it could be real problem. Must check source... SUID is only needed when using rhosts or rshost-rsa authentication. Many installations don't need it. Just set this option [taken from man ssh]: UsePrivilegedPort Specifies

Re: [RHSA-2001:013-05] Three security holes fixed in new kernel

2001-02-09 Thread Solar Designer
On Thu, Feb 08, 2001 at 06:03:00PM -0500, [EMAIL PROTECTED] wrote: Thanks to Solar Designer for finding the sysctl bug, and for the versions of the sysctl and ptrace patches we used. Thanks for crediting me, but actually it's Chris Evans who found the sysctl bug that affects Linux 2.2. I only

Lotus Notes Stored Form Vulnerability

2001-02-09 Thread Chris Jones
_ Security Advisory:Lotus Notes Stored Form Vulnerability Date: 8th February 2001 Author: Chris Jones (aka dp) [EMAIL PROTECTED] Versions Affected:At present only Lotus

severe error in SSH session key recovery patch

2001-02-09 Thread Matt Power
http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm includes the line of code: kill(SIGALRM, getppid()); This is contained within what is listed as an "unsupported and untested patch" developed by SSH.com. The problem is that the arguments to "kill" are in the wrong order. In