search for: kankovski

Description: getnameinfo() (confirmed for CVS version 1.14.2.1) does this sort of buffer size checks (these is just two of many cases): if (strlen(sp->s_name) > servlen) return ENI_MEMORY; strcpy(serv, sp->s_name); ... if (strlen(hp->h_name) > hostlen) {

For some odd reason, one line was removed from the handling of ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string) when it parses this option. --- readconf.c:X Mon Aug 6 23:35:52 2001 +++ readconf.c Wed Aug 15 16:11:44 2001 @@ -475,6 +475,7 @@ case oProxyCommand: charptr = &options->proxy_command; + string = xstrdup(""); while ((arg =

On Tue, 12 May 1998, Andi Kleen wrote on BUGTRAQ: > I assumed the libc would ignore NLSPATH when the app runs suid (similar > like it does with LD_LIBRARY_PATH etc.). If it doesn''t that is a bad bug. > > [... clickety click ... ] > > At least glibc 2.1 uses __secure_getenv() for NLSPATH. Don''t know about 2.0, > separate GNU gettext, or libc5. I have

As bug 968 suggests, xenstored must properly handle EOF from clients. From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> Signed-off-by: Samuel Thibault <samuel.thibault@citrix.com> diff -r 6fd17d0dcbcd tools/xenstore/xenstored_core.c --- a/tools/xenstore/xenstored_core.c Tue Nov 27 12:49:16 2007 +0000 +++ b/tools/xenstore/xenstored_core.c Tue Nov 27 14:56:35 2007 +0000 @@ -1266,7

[Note to R. Wolff -- thanks for the pointers and the program. As I understand its workings, it would run as root and bind a listen port to a particular program -- with a list being supplied in /etc/portadmin or other file. Basically, a listen wrapper. Hopefully this message will address your cleanup concerns in my previous message. Thanks. Also, you may want to provide a moderator''s

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID: RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 --------------------------------------------------------------------- 1. Topic: A

The Neverending Story of X11 Insecurity continues... Summary: On a system where X11R6.3-based Xserver with XKEYBOARD extension (R6.1 is probably affected too) is run in setuid or setgid enviroment (e.g. typical XFree86 installation has XF86_* installed setuid root), local users can exploit a "feature" of XKB implementation to execute arbitrary commands with the extra privileges.

Summary: Any user can gain root privileges on a Intel Linux system with suidperl 5.003 (having the suid bit, of course) even if "SUIDBUF" and "two suidperl security patches" have been applied. Non-Intel / non-Linux platforms may be affected as well. Quick fix: chmod u-s /usr/bin/sperl5.003 (what else?) Details: There is a nasty bug in mess() (util.c): it is possible to

Sheldon E. Newhouse writes: > Anyone have ideas on what this output from the 'last' command means? > > TIA, > -sen > > xF*@**** otify ***@ Sat Aug 1 20:52 still logged in > xF*@**** otify ***@ Sat Aug 1 20:52 - 20:52 (00:00) > xF*@**** otify ***@ Sat Aug 1 20:52 - 20:52 (00:00) >

G''day Roger, Forwarding a message from wolff@BitWizard.nl: > Passing by fd means coding changes. > > The C compiler classically compiles you C program to preprocessed C > code in /tmp/ccxxxxx.i, throws that at the first compiler pass, ends > up with /tmp/ccxxxxx.s, throws the assembler at that file, gets > /tmp/ccxxxxxx.o and finally throws a linker at that file to

On Sat, 23 May 1998, Torkil Zachariassen wrote: > >I have browsed various versions of libc and found a handful of weak points > >where the value of an enviroment variable is trusted more than necessary. > [1] > Could you explain to programming novices on linux-security - people like > myself 8) - hwo this could affect security on a firewall (proxy and/or > IP-router,

Introduction. ------------ Every now and then a new "exploit" turns up of some program that uses tmp files. The first solution was "sticky bits", but since links exist (that''s a LONG time), that solution is inadequate. Discussion. ---------- The problem is that you put an object (link/pipe) in the place where you expect a program to put its tempfile, and wait for

Quite a few changes here, please test. http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gz -d 20000916 - (djm) New SuSE spec from Corinna Vinschen <corinna at vinschen.de> - (djm) Update CygWin support from Corinna Vinschen <vinschen at cygnus.com> - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. Patch from Larry Jones <larry.jones at