On Sat, Feb 10, 2001 at 03:08:11PM +0200, Tatu Ylonen wrote:
> On Fri, 9 Feb 2001, Christophe Dupre wrote (on the [EMAIL PROTECTED] list):
> > I just read Razor's vulnerability advisory, as reported on slashdot.
> > Any truth to it, or is it another wannabe ?
>
> I suppose you are referring to thi
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
[snip]
> - Quick fix (diff output for crontab.c):
>
> 146c146
> < strcpy(User, pw->pw_name);
> ---
> > strncpy(User, pw->pw_name, MAX_UNAME - 1);
Uhm, won't the user running crontab then get another user's crontab,
if the 'str
On Sun, Feb 11, 2001 at 12:40:48AM +0100, Konrad Rieck wrote:
> I am a little bit confused about this mail. Maybe the author
> can explain some issues to me...
>
> On Sat, Feb 10, 2001 at 12:54:33AM -, Joao Gouveia wrote:
> > roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a val
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
> The software Tiny Sheet, present in all versions of Palm Pilot, has a
> function called IMPORT file.
> Well when this function is use ALL FILES, including the hidden files
> protetex with password, can be imported to a Sheet.
On
On Mon, Feb 12, 2001 at 11:07:15AM -, Joao Gouveia wrote:
[snip]
> > > Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
You can actually insert any URL instead of "/etc/passwd" and have it
read. Depending on the server's configuration, this could be abused to
execute PHP cod
On Sun, Feb 25, 2001 at 07:26:07PM +0300, Serega[linux] wrote:
> Name: inetd DoS exploit
> Author: Serega[Linux]
This is a *very* old and widely-known inetd DoS. It comes down making
inetd's ratelimiting kick in. Recent inetd's (like the one that comes
with FreeBSD) also have concurrencylimiting
On Wed, Apr 18, 2001 at 10:01:51AM -0400, Bill Sommerfeld wrote:
> seteuid(0); a = open("..", O_RDONLY); mkdir("adfa", 555);
> chroot("adfa"); fchdir(a); for(cnt = 100; cnt; cnt--)
> chdir("..");
> chroot(".."); execve("/bin//sh", ..);
>
> For the record, I blocked this way of breaking o
On Mon, Apr 23, 2001 at 12:06:21PM +1300, Nick FitzGerald wrote:
> The authors of TheBat! suggest above that this problem should not be
> their concern because the message should never arrive in such a state
> as it is clearly not standards-compliant. The same could be said of
They're wrong.
>
On Fri, Jun 08, 2001 at 12:37:34AM -0700, Peter Ajamian wrote:
[snip]
> computer. A new 1ghz computer could easily crank out 6 char passwords in
> mere seconds, 8 char passwords in a few hours, and a 10 char password
> probably in a week to a month or better.
crypt() passwords are never more tha
On Fri, Jun 15, 2001 at 11:27:23AM -0400, Tony Lambiris wrote:
> AFAIK its been fixed in -current, and it _will_ be in errata shortly..
> in the meantime, there is a hotfix for the code itself, read the mailing
> lists.. OR
>
> in /etc/fstab, make /tmp nosuid and noexec, then mount -u /tmp (you d
On Fri, Jul 06, 2001 at 09:32:36PM -, gregory duchemin wrote:
[snip]
> the hash creation process is as follow:
> ==
>
> say user toto has a password "titan"
> then his client generate the string "y.ytitan" and the
> according MD5 hash, say
on that handles bounces
in some really broken way.
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | [EMAIL PROTECTED] |
nognikz - As the sun|Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
en successful.
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | [EMAIL PROTECTED] |
nognikz - As the sun|Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
ourse, anything helps. It'll stop standard exploits. It'll stop
scriptkiddies, even (I like your idea, despite of the problems it creates).
Well.. find someone crazy enough to implement it. I'm curious to the
results :)
Greetz, Peter
--
| 'He broke my heart, |
14 matches
Mail list logo