similar to: NLSPATH Stack Overwrite

At this point, I've been through 4 AMD64 motherboards. Commonly, AE_BAD_CHARACTER stops ACPI (or apic?) from figuring out the system --- this has happened on 3 out of four boards. On this latest board, it can turn off APIC. If I do that, FreeBSD hangs after detecting the disks. The only "wrong" thing on the screen is module_register_init: MOD_LOAD (amr_linux,

[Mod: Forwarded from bugtraq -- alex] Hi! I''m sorry if the information I''m going to tell about was already known, but I hope it wasn''t... I just occasionally found a vulnerability in Linux libc (actually, some of the versions seem not to be vulnerable; my Slackware 3.1 box was though). Unfortunately, I have no time for a real investigation right now, but

There is a serious problem with the makewhatis cronjob under Redhat Linux 4.0/3.0.3. You can use it to overwrite any file on the system. Redhat is aware of the problem, and said they would have some kind of fix by next week which should be plenty of time before this bug is exploitable again. #!/bin/sh # # blowitawaysam # # makewhatis is a shellscript that stores a tmp copy of the whatis #

On Wed, Jan 4, 2012 at 12:10 PM, David Gardner <daveg at xmos.com> wrote: > Jianzhou Zhao <jianzhou <at> seas.upenn.edu> writes: >> The documents say that all the aa analysis are chained, and give an >> example like opt -basicaa -ds-aa -licm. In this case, does ds-aa >> automatically call basicaa for the case when ds-aa can only return >> MayAlias? This

Hello! Attempt to scan a network with any method except plain ping results in an error: truss nmap -sT -p 21 '172.19.17.*' [...] sendto(0x4,0x8094200,0,0x0,{ AF_INET 172.19.17.0:0 },0x10) ERR#49 'Can't assign requested address' [...] What's strange that man on send(2) doesn't state that EADDRNOTAVAIL can ever be returned from sendto(). Quick look at nmap's site

This was posted not too long ago on sci.crypt... Enjoy... I think the most relevant information is near the top, but it''s all quite good... :-) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is no intrinsic difference between algorithm and data, the same information can be viewed as data in one context and as algorithm in another. Why then do so many people claim that encryption algorithms

> Some versions (the util-linux version, but not the netwrite or netkit > versions) of /usr/bin/write have a buffer overrun problem that is > almost certainly exploitable. Note that this gives access to the tty > group, but not (directly) root. > > The fix is to change the two sprintfs to snprintfs. Patches have been > mailed to the maintainer. While I agree that routines

/* vixie crontab buffer overflow for RedHat Linux * * I dont think too many people know that redhat uses vixie crontab. * I didn''t find this, just exploited it. * * * Dave G. * <daveg@escape.com> * http://www.escape.com/~daveg * * */ #include <stdio.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #define

Is anybody working on implementing CreateNamedPipeA/WaitNamedPipeA (KERNEL32.168 , KERNEL32.725) or can anybody comment on how much needs to be done to implement these ? Some applications seem to use this to communicate with a license manager process - even freely available product catalogs that apparently create a pro forma license file during the installation process. Martin -- Dr. Martin

Hi, I tried to run viewdraw application (schematic capture from Innoveda's eProduct Designer). The problem that I am stuck with is making wine/application to recognize dongle. Here is an error: vsec: Error 8037: License node restriction does not match client's node for product Viewdraw. +vsec: Error 8031: Flex/LM Error: Invalid host (-9,57). Any help is appreciated. Genady Veytsman

[Mod: in a disk crash I lost the original of this message posted by Dave to linux-security so this one is from bugtraq, reposted with author''s permission -- alex] This old problem refuses to die. #!/bin/sh # # yankpw # # Under a lot of linux distributions(I know Redhat 3.0.3 and Slackware 3.0) # /var/log/messages is world readable. If a user types in his password at # the login prompt,

> -------- Original Message -------- > Subject: dvd+rw-format -force problem > Date: Thu, 31 Jul 2003 21:30:00 +0200 > From: Melvyn Sopacua <freebsd-stable@webteckies.org> > Organization: WebTeckies.org > To: stable@freebsd.org > > I haven't felt the need to fully blank a DVD+RW for a while untill today. Formally speaking blanking is not appicable to DVD+RW.

Hello, I have confirmed that the recently-reported vulnerability in Elm is also present in Elm-ME+ and thus also in Debian GNU/Linux version 1.2, prerelease version 1.3, and development tree "unstable". Below is a short diff to correct the problem. Debian GNU/Linux 1.2.x uses stock Elm 2.4pl25. Users of that version of Elm should upgrade to Elm-ME+ as detailed below. Debian 1.3

Is theora based on Floating Point or Integer. I haven't looked at it much, but would like to help make sure it runs on other architectures ok. (especially: StrongARM (Zaurus) and DEC Alphas) Also as of now how efficient is the player compared to mpeg4? Aside from constant rewrite (as theora changes), why would someone not want to write a plugin to test it? Just new to theora, and

I''m trying to install CiscoWorks 2.5 on Solaris 10 update 1, and after the install when I try to start the daemon, it errors: # /opt/CSCOpx/objects/dmgt/dmgtd.sol ERROR: open file dmgtd failedERROR >>>>>>>>>>>>> open msg catalog failed. NLSPATH incorrect or objects/share/nls/C/dmgtd.cat is missing. # echo $NLSPATH

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have made some ebuilds that build libtheora (as well as libogg & libvorbis) from cvs for gentoo, and was wondering if anyone was interested in them. If so, I can put them up online. James L -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAUlvqMf2EplKLPrwRAqYMAJwIxkUSN+yfQgCaCR2LSre9xoEwFACfeF53 0U0GAmUZB8RiXrtCI+pEy10=

[Mod: Sent to linux-security instead of linux alert -- alex] Dave G. <daveg@ESCAPE.COM> wrote: > /* vixie crontab buffer overflow for RedHat Linux > * > * I dont think too many people know that redhat uses vixie crontab. > * I didn''t find this, just exploited it. The vulnerability involves an unguarded sscanf call in env.c. Enlarging the buffer to the largest

Why does a vlan created against em0 have a mtu of 1496. This is on 4.8-STABLE (cvsup'd this afternoon). Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://daveg.ca |

On Tue, 12 May 1998, Andi Kleen wrote on BUGTRAQ: > I assumed the libc would ignore NLSPATH when the app runs suid (similar > like it does with LD_LIBRARY_PATH etc.). If it doesn''t that is a bad bug. > > [... clickety click ... ] > > At least glibc 2.1 uses __secure_getenv() for NLSPATH. Don''t know about 2.0, > separate GNU gettext, or libc5. I have

I run "net join -U Administrator -w CISL.CO.UK -d10" which fails to join the domain with the error "Unable to find a suitable server" net appears to fail because it cannot load a file that does not exist. [2008/01/13 09:19:52, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.50.20.2 [2008/01/13 09:19:52, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: