search for: denials

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. >

On 9/20/19 8:58 AM, Eric Blake wrote: > On 9/12/19 12:41 PM, Richard W.M. Jones wrote: >> We have discovered a potential Denial of Service / Amplification Attack >> in nbdkit. > > Unfortunately, our fix for this issue cause another potential Denial of > Service attack: > >> >> Lifecycle >> --------- >> >> Reported: 2019-09-11 Fixed:

...w and audit2why binaries which can help you generate a policy to avoid this denial if you want. Also, I often find that to truly diagnose the issue, I need to run the following: # semodule --disable_dontaudit --build # setenforce permissive # tail -f /var/log/audit/audit.log | grep denied | tee ~/denials.out ... then reproduce the problem, and kill the tail. The resulting denials.out file will have a lot of unrelated denials, but if you run audit2allow against the entire file, you'll be able to determine which ones are not relevant by the comments produced (much like above where it told us th...

TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote DESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in

Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** Similar to how AllowUsers denials are ignored, also ignore AllowGroups: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT...

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Hello, I was wondering if any one has seen issues with selinux name_bind denials that result from having IP:PORT bindings for services to specific IP addresses managed on an interface under NetworkManager's control? I do realize that people will probably say stop using NetworkManager, and I may, but the behavior is strange, and I'd like to have a better understanding o...

For those who haven't yet received this warning yet. Anybody from the core can tell about the background and possible fixes? <p>Regards, Stefan ------- Forwarded message follows ------- Date sent: Wed, 12 May 2004 13:50:17 +0200 To: secunia_security_advisories@stefan-neufeind.de Subject: [SA11578] Icecast Basic Authorization Denial of Service Vulnerability

Hi, I''ve been writing a login application to utilize the features of both PAM and libpwdb. Not surprisingly, this has meant looking at some old code.. The following denial of service attack seems to work quite nicely on my ancient Red Hat 3.0.3 system with the standard login application. Perhaps this is not a problem with 4.0? Does anyone know about other distributions? joe$ nvi

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: BitchX denial of service vulnerability Advisory ID: RHSA-2000:042-01 Issue date: 2000-07-06 Updated on: 2000-07-06 Product: Red Hat Powertools Keywords: DoS Cross references: N/A

Asterisk Project Security Advisory - AST-2013-002 Product Asterisk Summary Denial of Service in HTTP server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2013-002 Product Asterisk Summary Denial of Service in HTTP server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Major

I setup postfix/dovecot on a new machine and now all works well with the small exception of dovecot triggering selinux avc denials on some temp... files here is a sample alert: Summary SELinux is preventing /usr/libexec/dovecot/deliver (dovecot_deliver_t) "link" to temp.localhost.678.40caaf5592891c46 (user_home_dir_t). Detailed Description SELinux denied access requested by /usr/libexec/dovecot/deliver...

We have discovered a potential Denial of Service / Amplification Attack in nbdkit. Lifecycle --------- Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Credit ------ Reported and patched by Richard W.M.

There are conflicting reports about wether or not Red Hat 4.0 is vulnerable to the login-lockout described earlier. I have the impression that if you install the updates it will have been fixed. Approval of messages about this subject is now restricted to "here is a patch", and a vendors "We have made a patch available". Roger.

Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote

...rafted SIP packets which were sent to a older versions of Asterisk that caused errors stopping Asterisk. The packets were crafted based on packetdumps from Wireshark with flags set for pseudo-spoofing, ranDUMBized extensions, etc.. The purpose of the tool was to help me understand SIP security and Denials of Service attacks on the SIP protocol. Originally I had intended on testing out my nCite Session Border Controller but after watching nCite crash and burn on its own, it made little sense for me to point it at it. I have found that by sending a certain sequence of these packets, in a certain orde...

Hello Everyone, ISC has released new versions of BIND 8 which address a remotely exploitable denial-of-service vulnerability that may allow an attacker to perform `negative cache poisoning'--- convincing a name server that certain RRs do not exist (even though they may). I do not know of any workaround at this time. I have committed fixes to the RELENG_5_1 and RELENG_4_9 security branches.

...It is not expected that this access is required by qemu-kvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /dev/zero, restorecon -v '/dev/zero' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs...