search for: bindview

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski <lcamtuf at razor.bindview.com> Contact: Scott Blake <blake at razor.bindview.com> CVE: CAN-2001-0144 Topic: Remotely exploitable vulnerability condition exists in most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Tested against: ** Vulnerable: SSH 1.2.x (ssh.com) -- all recen...

...2.0 style smbpasswd file [2]. But I would like to use the smbpasswd on a Samba-2.2.x machine. I've read that smbpasswd format changed . Is there a tool to convert smbpasswd from 2.0 to 2.2 ? I cannot find one. Any URL or HOWTO will be greatly appreciated. Thanks in advance. [1] http://razor.bindview.com/tools/desc/pwdump2_readme.html [2] http://www.coruscant.demon.co.uk/mike/samba/PDC_migration_HOWTO.txt Salut, Sinner -- http://www.ibiblio.org/sinner/ Linux User # 89976 Linux Machine # 38068

...at is not entirely out of the question for the attack to succeed within one minute. If that risk is not appropriate in one's environment, then other measures (which may include inetd/tcpserver but may also include desupporting use of SSH protocol 1.5) are needed. Matt Power BindView Corporation, RAZOR Team mhpower at bos.bindview.com

...unsigned char *c; --------------------- end deattack patch ------------------- Vendors notified on: 2001-02-07 This advisory has been released early due to the disclosure of information regarding the problem in public forums. Credits: This vulnerability was found by Michal Zalewski of the Bindview RAZOR Team. We thank Scott Blake and Steve Manzuik of the Bindview RAZOR Team for their cooperation coordinating the report and release process of this advisory. This advisory and other CORE SDI security advisories can be obtained from http://www.core-sdi.com/publications.htm Technical D...

recently, netect / bindview posted a review of the syskey system and how the RC4 cypher stream was reset each time. standard RC4 attack analysis shows that XORing two obfuscated passwords together results in the XOR cypher stream dropping out, and you have the two XORed password. further attack analysis can decrypt the pas...

...= FreeBSD-SA-01:45 Security Advisory FreeBSD, Inc. Topic: samba Category: ports Module: samba Announced: 2001-07-10 Credits: Michal Zalewski <lcamtuf@bos.bindview.com> Affects: Ports collection prior to the correction date. Corrected: 2001-06-23 Vendor status: Updated version released FreeBSD only: NO I. Background Samba is an implementation of the Server Message Block (SMB) protocol. II. Problem Description The samba ports, versions...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

I am so stoked I just had to share this with y'all. I just "SEAMLESSLY" migrated all of my machines and users over to my new Gentoo Linux Server. I even kept the same: domain name and old PDC NetBios name. The trickiest part was getting all of the users to keep their same profile, but I managed that by cloning the RID and Lanman/NT hashes for the user accounts. Free at last! #

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...vo_Vegas@colltech.com ** * ** * Collective Technologies **** * ===========================================+=========================== God is real, unless declared integer. ===========================================+=========================== Return-Path: <lcamtuf@bos.bindview.com> Delivered-To: samba@samba.org Received: from nimue.bos.bindview.com (unknown [216.41.50.187]) by lists.samba.org (Postfix) with ESMTP id EC4FB47A0 for <samba@samba.org>; Fri, 22 Jun 2001 14:41:16 -0700 (PDT) Received: from localhost (lcamtuf@localhost) by nimue.bos.bindview.com...

...----------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...

...--------------------------- - The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is availa...