Displaying 13 results from an estimated 13 matches for "kankovski".
Did you mean:
kaniovski
2000 Sep 25
2
off-by-one errors in getnameinfo()
Description:
getnameinfo() (confirmed for CVS version 1.14.2.1) does this sort of
buffer size checks (these is just two of many cases):
if (strlen(sp->s_name) > servlen)
return ENI_MEMORY;
strcpy(serv, sp->s_name);
...
if (strlen(hp->h_name) > hostlen) {
2001 Aug 15
1
ProxyCommand broken in SNAP-20010814
For some odd reason, one line was removed from the handling of
ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string)
when it parses this option.
--- readconf.c:X Mon Aug 6 23:35:52 2001
+++ readconf.c Wed Aug 15 16:11:44 2001
@@ -475,6 +475,7 @@
case oProxyCommand:
charptr = &options->proxy_command;
+ string = xstrdup("");
while ((arg =
1998 May 19
1
Beware of dangerous enviroment (Re: Overflows in minicom)
On Tue, 12 May 1998, Andi Kleen wrote on BUGTRAQ:
> I assumed the libc would ignore NLSPATH when the app runs suid (similar
> like it does with LD_LIBRARY_PATH etc.). If it doesn''t that is a bad bug.
>
> [... clickety click ... ]
>
> At least glibc 2.1 uses __secure_getenv() for NLSPATH. Don''t know about 2.0,
> separate GNU gettext, or libc5.
I have
2007 Nov 27
2
[PATCH] Make xenstored EOF-safe
As bug 968 suggests, xenstored must properly handle EOF from clients.
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
Signed-off-by: Samuel Thibault <samuel.thibault@citrix.com>
diff -r 6fd17d0dcbcd tools/xenstore/xenstored_core.c
--- a/tools/xenstore/xenstored_core.c Tue Nov 27 12:49:16 2007 +0000
+++ b/tools/xenstore/xenstored_core.c Tue Nov 27 14:56:35 2007 +0000
@@ -1266,7
1998 May 29
5
Configuration for binding to "secure" ports?
[Note to R. Wolff -- thanks for the pointers and the program. As I
understand its workings, it would run as root and bind a listen port
to a particular program -- with a list being supplied in
/etc/portadmin or other file. Basically, a listen wrapper. Hopefully
this message will address your cleanup concerns in my previous
message. Thanks. Also, you may want to provide a moderator''s
1999 Nov 19
2
[RHSA-1999:055-01] Denial of service attack in syslogd
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Denial of service attack in syslogd
Advisory ID: RHSA-1999:055-01
Issue date: 1999-11-19
Updated on: 1999-11-19
Keywords: syslogd sysklogd stream socket
Cross references: bugtraq id #809
---------------------------------------------------------------------
1. Topic:
A
1998 Feb 03
0
serious security problem in XKB
The Neverending Story of X11 Insecurity continues...
Summary:
On a system where X11R6.3-based Xserver with XKEYBOARD extension (R6.1 is
probably affected too) is run in setuid or setgid enviroment (e.g. typical
XFree86 installation has XF86_* installed setuid root), local users can
exploit a "feature" of XKB implementation to execute arbitrary commands
with the extra privileges.
1997 Nov 13
0
another buffer overrun in sperl5.003
Summary:
Any user can gain root privileges on a Intel Linux system with suidperl
5.003 (having the suid bit, of course) even if "SUIDBUF" and "two suidperl
security patches" have been applied. Non-Intel / non-Linux platforms may
be affected as well.
Quick fix:
chmod u-s /usr/bin/sperl5.003 (what else?)
Details:
There is a nasty bug in mess() (util.c): it is possible to
1998 Aug 13
0
summary of replies to [strange stuff in 'last' command]
Sheldon E. Newhouse writes:
> Anyone have ideas on what this output from the 'last' command means?
>
> TIA,
> -sen
>
> xF*@**** otify ***@ Sat Aug 1 20:52 still logged in
> xF*@**** otify ***@ Sat Aug 1 20:52 - 20:52 (00:00)
> xF*@**** otify ***@ Sat Aug 1 20:52 - 20:52 (00:00)
>
1998 Mar 12
1
Re: message rejected: Re: Re: Towards a solution of tmp-file problems.
G''day Roger,
Forwarding a message from wolff@BitWizard.nl:
> Passing by fd means coding changes.
>
> The C compiler classically compiles you C program to preprocessed C
> code in /tmp/ccxxxxx.i, throws that at the first compiler pass, ends
> up with /tmp/ccxxxxx.s, throws the assembler at that file, gets
> /tmp/ccxxxxxx.o and finally throws a linker at that file to
1998 May 26
0
Re: Beware of dangerous enviroment (Re: Overflows in minicom)
On Sat, 23 May 1998, Torkil Zachariassen wrote:
> >I have browsed various versions of libc and found a handful of weak points
> >where the value of an enviroment variable is trusted more than necessary.
>
[1]
> Could you explain to programming novices on linux-security - people like
> myself 8) - hwo this could affect security on a firewall (proxy and/or
> IP-router,
1998 Mar 09
2
Towards a solution of tmp-file problems.
Introduction.
------------
Every now and then a new "exploit" turns up of some program that uses
tmp files. The first solution was "sticky bits", but since links exist
(that''s a LONG time), that solution is inadequate.
Discussion.
----------
The problem is that you put an object (link/pipe) in the place where
you expect a program to put its tempfile, and wait for
2000 Sep 16
15
Snapshot
Quite a few changes here, please test.
http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gz
-d
20000916
- (djm) New SuSE spec from Corinna Vinschen <corinna at vinschen.de>
- (djm) Update CygWin support from Corinna Vinschen <vinschen at cygnus.com>
- (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
Patch from Larry Jones <larry.jones at