search for: linuxsecurity

...l-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow Date: Wed, 06 Jul 2005 16:23:20 +0200 From: Thierry Carrez <koon at gentoo.org> Organization: Gentoo Linux To: gentoo-announce at lists.gentoo.org CC: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com, security-alerts at linuxsecurity.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - -...

On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN > http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/ipta > bles-tutorial.html#NEWNOTSYN > > If the section titled " State NEW packets but no SYN bit set" doesn''t appear > do a search for "feature in iptables". > > It describes a bug in the Microsoft IP st...

hi, here is my question: let''s say i have some users logged on the messenger right now, what can i do to reset their sessions? supposing that i reloaded a rule denying messenger access?? thanks Alberto Sierra

FYI On the ISN vulnerability I found a really good article on Initial Sequence Numbers (ISN) vulnerability and according to this article all Linux Kernels after 1996 are not affected by this vulnerability. http://www.linuxsecurity.com/articles/security_sources_article-2968.html I found another article that stated : Operating systems that have been reported to be safe from practical attacks are: Cisco IOS, OpenBSD 2.8-current, FreeBSD 4.3-RELEASE, AIX, HP/UX 11i, and all Linux Kernels after 1996. It did say that Red Hat L...

What does mean this bizarre msgid? maillog: Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>, size=1737, class=0, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf, proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219] -- Nikolaj I. Potanin, SA http://www.drweb.ru ID

OpenSSH 3.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Important Changes: ================== - /etc/ssh/ now default

OpenSSH 3.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Important Changes: ================== - /etc/ssh/ now default

...t list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN > http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/ipta > bles-tutorial.html#NEWNOTSYN > Thanks. > > I didn''t notice where the actual ACCEPT was for these connections but I > assume they are on a Port by port basis. > Yes. > PS: I believe there may be some similar i...

...----------------------------------------------------------------------+ Port name: mpack Affected: versions < mpack-1.5_2 Status: Fixed Buffer overflow which might be triggered when mpack is used to process data from a remote source (email, news, and so on). <URL:http://www.linuxsecurity.com/advisories/debian_advisory-2241.html> +------------------------------------------------------------------------+ Port name: mozilla, linux-mozilla Affected: versions < mozilla-1.0.rc1_2,1 (mozilla) versions < linux-mozilla-1.0_1 (linux-mozilla) Status:...

...erity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: rlebar at erac.com The URL is a link to the Google Group (Usenet News) post I made. No relevant response to this yet and I double checked against http://cookbook.linuxsecurity.com/sp/ssh-part2.html#Host-based%20trusts. Without any clue to indicate otherwise, I have to consider that I have stumbled across a bug. The contents of the Usenet News post follow. In addition, evereska is running Solaris 8 and Endeavor is running Solaris 7. Evereska is an Ultra-10 (333 MHz)...

...own version of zlib or are linked statically to the system-wide copy of zlib. Engarde EnGarde Secure Linux Community and Professional are both vulnerable to the zlib bugs. Guardian Digital addressed this vulnerability in ESA-20020311-008 which may be found at: http://www.linuxsecurity.com/advisories/other_advisory-1960.html EnGarde Secure Professional users may upgrade their systems using the Guardian Digital Secure Network. FreeBSD FreeBSD is not vulnerable, as the FreeBSD malloc implementation detects and complains about several programming errors inclu...

Hi everybody, I'm testing asterisk@home 0.4, looks great so far I was working when I have been alerted by a bip comming from the * pc... I connected a screen to it and saw that there was a message which looked like : Message from syslogd@asterisk1 at Thu Feb 10 09:01:00 2005 ... asterisk1 so I stopped asterisk, type mail and got a strange mail saying that user xxxx@yahoo.com could