search for: infodrom

...ted memory dynamically, but it doesn't. RedHat immediately issued a "fix" to their current package: sysklogd-1.3-26 This "fix" is merely my patch (and nothing more). My patch DOES NOT fix the problem. As discussed by the package co-maintainer (Martin Schulze (joey@FINLANDIA.INFODROM.NORTH.DE)) the bug is fixed in the latest sysklogd package (1.3-30). In fact, the bug was fixed in 1996. What this comes down to is that any Linux distribution running an old sysklogd package (namely RedHat all versions) STILL has a potential (rather obscure) buffer overflow. They need to upgrade t...

Unfortunately we have our first problem that could really be counted as security hole. Giving "1 LIST .. *" IMAP command allows the user to see all files and directories under the mbox root's parent directory, so potentially you could see other users' mailbox names. Nothing can be done with them though, so it's not possible to read or modify them. There are also some other

Unfortunately we have our first problem that could really be counted as security hole. Giving "1 LIST .. *" IMAP command allows the user to see all files and directories under the mbox root's parent directory, so potentially you could see other users' mailbox names. Nothing can be done with them though, so it's not possible to read or modify them. There are also some other

The following announcement was made by the Debian security team: Paul Slootman Date: Thu, 4 Dec 2003 17:09:35 +0100 (CET) To: Debian Security Announcements <debian-security-announce@lists.debian.org> From: Martin Schulze <joey@infodrom.org> Subject: [SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 404-1 security@debian.org h...