search for: mhpower

...rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.openbsd.org/security.html#27 Thanks to Matt Power <mhpower@MIT.EDU> for making us aware of this vulnerability. Copyright(c) 2000 Red Hat, Inc.

...ory October 21, 1997 SNI-19.BSD.lpd.vulnerabilities update This is an update to the advisory SNI-19.BSD.lpd.vulnerabilities which was released on October 2, 1997. Issue 1 ~~~~~~~ A problem was pointed out in the recommended fixes by Matt Power <mhpower@MIT.EDU>, which would still allow an attacker using the recommended fixes to remove any file on the remote system. This problem was present due to the fact that when lpd exited due to receiving invalid characters in the filename, the error routine would continue to remove the specified file. A...

...stion for the attack to succeed within one minute. If that risk is not appropriate in one's environment, then other measures (which may include inetd/tcpserver but may also include desupporting use of SSH protocol 1.5) are needed. Matt Power BindView Corporation, RAZOR Team mhpower at bos.bindview.com