very first example
given in linux/Documentation/more-than-900MB-RAM.txt):
Searching for the descriptor... found at 0x8f9068ac
Extending its limit... done
Searching for task_struct... found at 0x9157d810
Patching the UID... done
uid=0(root) gid=0(root)
Signed,
Solar Designer
man pages are the same.
Signed,
Solar Designer
.false.com/security/linux/
I must also thank Nergal for testing the patch.
Signed,
Solar Designer
all 2.0.38 security issues
that are any serious, in my patches, for a few months more.
Signed,
Solar Designer
$10
mov -18, $16
call_pal 0xAA # gentrap
L$10:
[ ... some code skipped: the loop got unrolled and large ... ]
addq$sp, $5, $8
ldq_u $16, ($8)
I wouldn't say that the option did "nothing at all" to SSH -- it must
have added quite a few checks, which made the binary 5 KB larger.
Signed,
Solar Designer
, and a few more.
Signed,
Solar Designer
Aleph, please kill my article if someone else says it better/first. I've been
waiting in silence for Solar Designer to speak up and end the debate about how
to do this, but I guess he's away from his e-mail.
I was simply unsure if we really need to repeat this discussion (it's
been
On Mon, Jan 29, 2001 at 03:17:17PM -0500, Matt Zimmerman wrote:
On Sat, Jan 27, 2001 at 05:55:25AM +0300, Solar Designer wrote:
The glibc 2.2 RESOLV_HOST_CONF bug which prompted this search for bugs was
reported to Debian by Dale Thatcher but apparently wasn't kept private. The
remaining
On Thu, Feb 08, 2001 at 06:03:00PM -0500, [EMAIL PROTECTED] wrote:
Thanks to Solar Designer for finding the sysctl bug, and
for the versions of the sysctl and ptrace patches we used.
Thanks for crediting me, but actually it's Chris Evans who found the
sysctl bug that affects Linux 2.2. I only
On Wed, Feb 28, 2001 at 10:16:47AM +0100, Olaf Kirch wrote:
Here's something I haven't seen before which I find sort of cool
(rate limiting grouped by source IP network)...
I've been considering this for popa3d's standalone mode and for
xinetd (both already have a per source IP limit). xinetd
On Sat, Mar 03, 2001 at 04:12:46AM -0800, Dan Kaminsky wrote:
There's no memory consumption problem with implementing this feature
like the Bugtraq post implied.
Sure there is. To cover the ground of a single /16 ACL, 256 /24 ACLs are
required. To cover 256 /16's, 65536 /24's are
http://www.monkey.org/~dugsong/dsniff/
The raw IP networking libraries required by SSHOW may be obtained at:
http://www.tcpdump.org/release/
http://www.packetfactory.net/Projects/Libnet/
http://www.packetfactory.net/Projects/Libnids/
++ sshow.c
/*
* SSHOW.
*
On Tue, Mar 27, 2001 at 02:05:54PM +0200, Wojciech Purczynski wrote:
Hi,
Here is exploit for ptrace/execve race condition bug in Linux kernels up
to 2.2.18.
Thanks for not releasing this before Linux 2.2.19 is out. It would
be even better if you delayed this until the vendor updates are
On Wed, Mar 28, 2001 at 01:32:15AM +0200, Mariusz Woloszyn wrote:
Anyway: here is a fast way to fix the problem (but intoduces new one), the
kernel module that disables ptrace syscall.
Don't forget that the race isn't only against ptrace. There's
procfs. Fortunately, get_task() in
On Thu, Apr 11, 2002 at 01:29:28PM +0200, Przemyslaw Frasunek wrote:
default root crontab entry looks like:
# do daily/weekly/monthly maintenance
# on monday only (techie)
30 1 * * 1 /bin/sh /etc/daily 21 | tee /var/log/d
aily.out | mail -s
Hi,
For those who don't know yet, Openwall GNU/*/Linux (or Owl) is a
security-enhanced operating system with Linux and GNU software as its
core, intended as a server platform. And, of course, it's free. More
detailed information is available on the web site:
On Wed, Nov 27, 2002 at 01:04:04PM +1100, Paul Szabo wrote:
Back in March 2002, Wojciech Purczynski [EMAIL PROTECTED] wrote (original
article at http://online.securityfocus.com/archive/1/264117 ):
Name: Linux kernel
Version:up to 2.2.20 and 2.4.18
...
In case of
On Thu, May 29, 2003 at 03:33:06PM -0500, Scott A Crosby wrote:
They exploit the difference between 'typical case' behavior versus
worst-case behavior. For instance, in a hash table, the performance is
usually O(1) for all operations. However in an adversarial
environment, the attacker
Hi,
This is to announce the first mature version of crypt_blowfish and the
minor security fix that this version adds.
crypt_blowfish is a public domain implementation of a modern password
hashing algorithm based on the Blowfish block cipher, provided via the
crypt(3) and a reentrant interface.
Hi,
This is to announce several related items at once. :-)
After 7+ years of development snapshots only (yes, I know, that was
wrong), John the Ripper 1.7 release is out:
http://www.openwall.com/john/
John the Ripper is a fast password cracker, currently available for
many flavors of
Hi,
For those few who don't know yet, Openwall GNU/*/Linux (or Owl) is a
security-enhanced operating system with Linux and GNU software as its
core, intended as a server platform. More detailed information is
available on the web site:
http://www.openwall.com/Owl/
After many
On Fri, Aug 08, 2008 at 11:20:15AM -0700, Eric Rescorla wrote:
Why do you say a couple of megabytes? 99% of the value would be
1024-bit RSA keys. There are ~32,000 such keys. If you devote an
80-bit hash to each one (which is easily large enough to give you a
vanishingly small false positive
On Mon, Nov 27, 2006 at 06:13:02PM +0100, Werner Koch wrote:
+n = strlen(s) + (defname?strlen (defname):0) + 10;
prompt = xmalloc(n);
if( defname )
sprintf(prompt, %s [%s]: , s, defname );
...
Note, that using snprintf would not have helped in
this case. How I wish
Hi,
Here's a summary of relevant postings to oss-security and bug-wget.
Unofficial patch for wget, by Florian Weimer:
http://www.openwall.com/lists/oss-security/2010/05/17/2
PoC attack on a wget cron job resulting in a .bash_profile overwrite:
Hi,
I am pleased to announce that we have made a new major release of
Openwall GNU/*/Linux, version 3.0. ISO images of the CDs for i686
and x86-64 are available for download via direct links from:
http://www.openwall.com/Owl/
The ISOs include a live system, installable packages, the installer
Hi,
This is almost 0-day. In a sense.
I wrote this for a pentesting company. I found it ethically OK to do
since the FreeBSD advisory was already out for a couple of weeks.
It turns out I was not alone to write an exploit for this bug, and to
publish the exploit this year.
Timeline:
Designer so...@openwall.com -
Date: Tue, 25 Jan 2011 17:51:43 +0300
From: Solar Designer so...@openwall.com
To: Theodore Ts'o ty...@mit.edu
Subject: pwgen: non-uniform distribution of passwords
Hi Ted,
I did some testing of pwgen-2.06's pronounceable passwords, and I
think they might be weaker
On Tue, Jan 17, 2012 at 02:01:38PM +0400, Solar Designer wrote:
Time running (D:HH:MM) - Keyspace searched - Passwords cracked
0:00:02 - 0.0008% - 6.0%
0:01:00 - 0.025% - 19.5%
0:20:28 - 0.5% - 39.1%
1:16:24 - 1.0% - 47.1%
3:00:48 - 1.8% - 55.2%
3:21:44 - 2.3% - 59.4%
5:05:17 - 3.1% - 64.2
On Thu, Jan 19, 2012 at 09:21:17AM +0100, valentino.angele...@enel.com wrote:
may ask you what software (and how it works brute force ecc) you used?
John the Ripper, indeed - generating a custom .chr file (which is based
on trigraph frequencies) from a sample of 1 million of pwgen'ed
passwords
On Thu, Jan 19, 2012 at 11:34:12PM +0400, Solar Designer wrote:
$ ./pwgen -1cn 8 10 | dd obs=10M 1g
...
$ time ~/john/john-1.7.9-jumbo-5/run/unique -v -mem=25 1gu 1g
Total lines read 10 Unique lines written 697066573
Here's some further analysis of the 1 billion sample used
Hi,
As stated in the timeline below (thanks!), this issue was handled in
part using the Openwall-hosted distros list (which currently notifies
many Linux distro vendors, FreeBSD, and NetBSD/pkgsrc with PGP
re-encryption to individual recipients):
On Fri, Jun 08, 2012 at 12:04:49AM +, p...@freebsd.org wrote:
The LinkedIn password incompetence has resulted in a number of just use
md5crypt and you'll be fine pieces of advice on the net.
Since I no longer consider this to be the case, I have issued an official
statement, as the
looks like a mistake on
the part of Wordpress, so I'm not sure the bug is in phpass, strictly
speaking. However, have you considered contacting upstream
(Solar Designer/OpenWall) about this?
Web apps (like WordPress) were indeed not supposed to expose the ability
for untrusted users to specify
33 matches
Mail list logo