glsa-check is working fine, it was a slotted issue. Still curious
about a way to check for statically linked packages.
There is no simple solution for this... USE flags static and
static-libs handle cases where there is a choice between static and
non-static version. In theory it is
Do they need telnet or ssh access,
Not telnet shell but this could be triggered with telnet/nc or even nmap,
hping, or tcpreplay - all of which could send an arbitrary payload to tcp
or udp ports.
For clarity, its probably best to specify if we're talking about client or
server end. The
On Jan 31, 2015 11:57 PM, Adam Carter adamcart...@gmail.com wrote:
Do they need telnet or ssh access,
Not telnet shell but this could be triggered with telnet/nc or even nmap,
hping, or tcpreplay - all of which could send an arbitrary payload to tcp
or udp ports.
I don't understand this
Do they need telnet or ssh access,
I don't understand this obsession with ssh or telnet. Remote code
execution means that malicious party can execute any code on
affected system.
To elaborate, since exim is an SMTP server it will be listening on TCP/25.
All the attacker needs to do is run
Hello Andrew,
Thank you for your response. For example, Exim implements reverse lookup.
How is malicious activity used against it? Do they need telnet or ssh
access,
or buy some freak of nature can exploit the vulnerability in other ways?
N
Hi,
On Fri, 30 Jan 2015 10:11:52 -0500 symack wrote:
Hello,
From my understanding this is only an issue if a person is able to telnet
or ssh
to an effected system? Please confirm.
Are you talking about ghost issue or about GLSA I mentioned above?
If about ghost, then NO. Any applicaton
Just got the email in my box. Updating now
On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote:
Hello Andrew,
Thank you for your response. For example, Exim implements reverse lookup.
How is malicious activity used against it?
Exim uses vulnerable function depending on its configuration, that's
why it may be possible to remotely execute
On Jan 30, 2015 12:53 PM, Andrew Savchenko birc...@gentoo.org wrote:
On Fri, 30 Jan 2015 12:19:01 -0500 symack wrote:
or buy some freak of nature can exploit the vulnerability in other ways?
Considering how old one's setup should be to be affected to this
issue, it is likely that such
Hello,
From my understanding this is only an issue if a person is able to telnet
or ssh
to an effected system? Please confirm.
N.
On Thu, 29 Jan 2015 20:53:31 -0500 Rich Freeman wrote:
On Thu, Jan 29, 2015 at 7:53 PM, Grant emailgr...@gmail.com wrote:
glsa-check is working fine, it was a slotted issue. Still curious
about a way to check for statically linked packages.
False positives in glsa data aren't unheard
Does anybody know more about this security flaw in the open-source Linux
GNU C Library
http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1
I updated a system of mine that was using an old version of glibc and
On Thu, 29 Jan 2015 08:52:57 -0800 Grant wrote:
Does anybody know more about this security flaw in the open-source Linux
GNU C Library
http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1
I updated a system
Does anybody know more about this security flaw in the open-source Linux
GNU C Library
http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1
I updated a system of mine that was using an old version of glibc and
Does anybody know more about this security flaw in the open-source Linux
GNU C Library
http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1
I updated a system of mine that was using an old version of glibc and
On Thu, Jan 29, 2015 at 7:53 PM, Grant emailgr...@gmail.com wrote:
glsa-check is working fine, it was a slotted issue. Still curious
about a way to check for statically linked packages.
False positives in glsa data aren't unheard of - log those as bugs -
vulnerable versions should be masked,
On Thu, 29 Jan 2015 16:53:43 -0800 Grant wrote:
glsa-check is working fine, it was a slotted issue. Still curious
about a way to check for statically linked packages.
There is no simple solution for this... USE flags static and
static-libs handle cases where there is a choice between static
On Tue, Jan 27, 2015 at 7:25 PM, Philip Webb purs...@ca.inter.net wrote:
I'm running 2.19-r1 , installed 140802 ; vulnerable are 2.18 .
Linux systems are at risk only when admins don't keep versions upto-date.
Unless the patch was backported, distros like debian stable are
potentially
150127 Joseph wrote:
Does anybody know more about this security flaw
in the open-source Linux GNU C Library :
http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1
Acc to this, it was patched 2013 today threatens
19 matches
Mail list logo