search for: bugtraq

...kups > /tmp/rsync.out 2> /tmp/rsync.err rsync.out contains: sending incremental file list dati/Documenti/Gabriele/Maildir/.Bozze/tmp/ rsync.err cointains 119Mb of data, I'm trying to strip most significant part (last 100 lines): [pid 3083] lstat64("dati/Documenti/Gabriele/Maildir/.Bugtraq.2006/cur/1196954597.M629924P20705V0000000000000906I00053A8C_3331.transylvania,S=5064:2,S", {st_mode=S_IFREG|0644, st_size=5064, ...}) = 0 [pid 3083] lstat64("dati/Documenti/Gabriele/Maildir/.Bugtraq.2006/cur/1196953847.M191213P20668V0000000000000906I0001C424_5433.transylvania,S=2406:2,S&...

X-PMC-CI-e-mail-id: 13726 Hi, I have been a successful user of Openssh for some time. I am attaching two articles from BugTraq. Hopefully, they show exactly the security problems reported in the BugTraq mailing list. [Pity that no one seemed to have bothered to contact the mailing list(s) for openssh development.] I am not sure what the right fixes would be. But at least, people need to be made aware of the problem first....

...uffer overflow in icecast, is there any "official" security patch against 1.3.11 ? I am reluctant to take any un-official patch like this one ;-) There is nothing on www.icecast.org/releases, maybe it's somewhere else ? Thanks. Alfredo <p><p>>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscr...

Can anyone provide more details about the posting below ? >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscr...

...d place to start: / /usr (nosuid,nodev,ro) /usr/local (nosuid,nodev,ro) /usr/local/sbin (nodev,ro) /tmp (nosuid,noexec,nodev) /var (nosuid,noexec,nodev) /opt (nosuid,nodev,ro) /services (nosuid,noexec,nodev) /home (nosuid,nodev) Alex ------- Forwarded Message Return-Path: owner-bugtraq@netspace.org Reply-To: C0WZ1LL4@netspace.org Sender: Bugtraq List <BUGTRAQ@netspace.org> From: C0WZ1LL4@netspace.org Approved: alex@yuriev.com To: BUGTRAQ@netspace.org Hello fellow mongoloids Try this: Make hard link of /etc/passwd to /var/tmp/dead.letter Telnet to port 25, send mail from so...

You probably know this already, but the following notice appeared to bugtraq. As a side note the protocol on bugtraq seems to be designed to make a fix available before the announcement by providing one yourself or giving the maintainer a week's advance warning (M$ gets a lot longer warning and *still* fails to fix the bugs before bugtraq knows). Having said that M...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [This came over BUGTRAQ this morning. Note the call for volunteers vis-a-vis rssh.] - ----- Forwarded message from Jason Wies <jason at xc.net> ----- List-Id: <bugtraq.list-id.securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com> To: bugtraq at securityfocus.com Cc: rssh-d...

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url:

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit...

does anyone have a comment to make about this? (cert picked it up and we're being asked for a vendor response) http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0 do we have an "official" response yet? thanks, wendy -- wendy palm Cray Open Software Development, Cray Inc. wendyp at cray.com, 651-605-9154

Hi, This is FYI. Lets not start discussion on a topic of "my fingerd is better than yours". Alex ------- Forwarded Message Return-Path: owner-bugtraq@NETSPACE.ORG Message-ID: <199705240145.WAA11413@morcego.linkway.com.br> Date: Fri, 23 May 1997 22:45:04 -0300 Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> From: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR> Appr...

Hi, This advisory has a bit more than the Red Hat one.... Roger. ----- Forwarded message from Alfred Huger ----- >>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999 Approved-By: aleph1@SECURITYFOCUS.COM Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com> Date: Mon, 22 Nov 1999 09:08:08 -0800 X-Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM> Sender: Bugtraq List <BUGTRAQ@S...

...network); 27 Jul 1999 19:14:06 -0000 Received: from lists.securityfocus.com (216.102.46.4) by lists.securityfocus.com with SMTP; 27 Jul 1999 19:14:06 -0000 Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 202945 for BUGTRAQ@LISTS.SECURITYFOCUS.COM; Tue, 27 Jul 1999 12:12:44 -0700 Approved-By: aleph1@SECURITYFOCUS.COM Received: from securityfocus.com (216.102.46.2) by lists.securityfocus.com with SMTP; 27 Jul 1999 16:56:31 -0000 Received: (qmail 2198 invoked by alias); 27 Jul 1999 16:56:31 -0000 Delivered-To:...

hello, maybe an outdated question: there was a message on the securityfocus mailing list (bugtraq) today (and several month before) about a remote buffer overflow in icecast v1.3.10 (which seems to be a package in debian). does this affect 1.3.11 too or is the version at http://www.icecast.org/download.html fixed? thanks, uno <p>--- >8 ---- List archives: http://www.xiph.org/archive...

For all of us who don't regularly read the BUGTRAQ list and, like me :-( , tend to forget: [mod: Like me :-( -- REW] It has been pointed out, on a mail to BUGTRAQ, that the ADMw0rm is pretty old stuff, already reported by CERT: http://www.cert.org/advisories/CA-98.05.bind_problems.html Searchable BUGTRAQ archives are ava...

Hello, I see in BugTraq that there's yet another problem with Wu-ftpd, but I see no mention of it in the freebsd-security mailing list archives...I have searched the indexes from all of June and July. Wu is pretty widely used, so I'm surprised that nobody seems to have mentioned this problem in this forum. The...

Hello, Anyone have information on whether RedHat-5.0+ is affected by the recent (today's) CERT advisory regarding QPOP? thanks, -bp -- B. James Phillippe <bryan@terran.org> Linux Software Engineer, WGT Inc. http://earth.terran.org/~bryan

------- start of forwarded message (RFC 934 encapsulation) ------- From: Joe Zbiciak <im14u2c@cegt201.bradley.edu> Approved: alex@bach.cis.temple.edu Sender: Bugtraq List <BUGTRAQ@netspace.org> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org> Subject: Buffer overflow in Linux''s login program Date: Sun, 22 Dec 1996 09:27:24 -0600 Reply-To: Joe Zbiciak <im14u2c@cegt201.bradley.edu> Hello all, I was browsing through...

...d recommend everyone to just look over their daemons, and run something like nessus against theirselves... Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Thu, 25 Mar 1999 16:26:59 -0700 From: "Ben Cantrick (Macky Stingray)" <mackys@MACKY.RONIN.NET> To: BUGTRAQ@NETSPACE.ORG Subject: ADM Worm. Worm for Linux x86 found in wild. 1. Summary On the week of 3/7, a polite mail from a system administrator at a company in Russia tipped me off to one of our Redhat boxes portscanning one of their subnets. Subsequent investigation found that a worm had infected t...

The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these vulnerabilities to corrupt memory, and read or write arbi...