Displaying 20 results from an estimated 85 matches for "okir".
Did you mean:
oki
1999 Nov 10
0
Re: undocumented bugs - nfsd
...ory exported read/write to you in order to exploit it (or you're
able to impersonate a host with this kind of access).
Appended you'll find a patch against 2.2beta46 that rectifies this problem.
The full source for 2.2beta47 can be found at
ftp://mathematik.tu-darmstadt.de/pub/linux/people/okir
Another version (2.2.48) that has some additional, non-security related
fixes I have been working on can be found in the dontuse subdirectory.
Olaf
>>From okir@monad.swb.de Wed Nov 10 10:54:31 1999
Received: (from okir@localhost)
by monad.swb.de (8.9.3/8.9.3) id KAA01061;
Wed, 10 Nov 199...
1999 Aug 26
2
[RHSA-1999:030-01] Buffer overflow in cron daemon
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Buffer overflow in cron daemon
Advisory ID: RHSA-1999:030-01
Issue date: 1999-08-25
Updated on:
Keywords: vixie-cron crond MAILTO
Cross references:
---------------------------------------------------------------------
1. Topic:
A buffer overflow exists in crond, the cron
1998 Aug 28
0
Linux UNFSD Security Problems
I've got egg on my face... There is a nasty security hole in the
User-space NFS servers. If you are running an NFS server, please
upgrade as soon as possible to the latest release,
nfs-server-2.2beta35.tar.gz, which can be found at
ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir
All previous releases are vulnerable.
<Taking off his okir hat and putting on his caldera hat>
Caldera will, after they have passed testing, release fixed RPMs.
They will be available from
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/
Olaf
--
Olaf Kirch | --- o --- Nous som...
1997 Feb 13
0
Avoiding setuid applications
...g the file descriptor
over a UNIX domain socket.
The protocol also provides for some kind of authentication, but it''s
not really good. Recent 2.1 kernels provide SCM_CREDENTIALS passing,
which could be used here.
The source can be found on
ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/modemmgr-0.2.tar.gz
Feedback welcome,
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de +-------------------- Why Not?! -----------------------
1997 Jul 22
0
ld.so vulnerability
...40etAQGTawP/Srnw8tmTTkLuZrxsx49qEw3jP3hM8DdM
qeiVd8DyztiphIpIgPpWYr79e6z4/6tViDA0Cpb+ZbJ2axe7k0Dg9Ypd8k6C1cC5
L6qKo+pHbTBn7F31OEerrqniaYyVuVWdsD3tDWsItKsYqBJy5+jiRvMC3RzFqUNk
mpdo1mnqJiw=
=I/YT
-----END PGP SIGNATURE-----
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de +-------------------- Why Not?! -----------------------
finger okir@brewhq.swb.de for PGP key
2011 Feb 10
2
[PATCH] virtio_net: Add schedule check to napi_enable call
...top receiving packets. With this patch applied we no longer see any
problems in the driver while performing these tests for extended periods
of time.
Make sure napi is scheduled subsequent to each napi_enable.
Signed-off-by: Bruce Rogers <brogers at novell.com>
Signed-off-by: Olaf Kirch <okir at suse.de>
Cc: stable at kernel.org
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
---
drivers/net/virtio_net.c | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
--- a/drivers/n...
2011 Feb 10
2
[PATCH] virtio_net: Add schedule check to napi_enable call
...top receiving packets. With this patch applied we no longer see any
problems in the driver while performing these tests for extended periods
of time.
Make sure napi is scheduled subsequent to each napi_enable.
Signed-off-by: Bruce Rogers <brogers at novell.com>
Signed-off-by: Olaf Kirch <okir at suse.de>
Cc: stable at kernel.org
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
---
drivers/net/virtio_net.c | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
--- a/drivers/n...
1997 Sep 22
1
rwhod is naive
It seems that when you send rwhod an rwho packet, it blindly assumes
you are who the packet says you are. That is to say, it looks as if
any host can inject false rwho data for any other host.
I''m not convinced this is worth fixing. Opinions?
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino
1996 Nov 19
0
Yet another attempt at /tmp spoof protection
...flip it to /.tmp/nfs/cdf:uid after nfsd is running.
Oh, I almost forgot to mention this: to enable CDF support in nfsd, you
must edit the Makefile and add -DSUPPORT_CDF to the NFSD_DEFS variable.
The complete source for nfsd-2.2beta23 can be found on
ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir .
Criticism and suggestions welcome, but please allow for some days before
I find the time to reply.
Happy hacking
Olaf
<A HREF="; mailx -s ''youve been hacked'' $LOGNAME">Test your mailer!</A>
- ---------------------------------------------------------------...
1998 Oct 14
0
The poisoned NUL byte
...mp; *path != ''/'') {
- if (path > max_path) {
+ if (new_path > max_path) {
errno = ENAMETOOLONG;
return NULL;
}
------------------------------------------------------------------
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
1999 Nov 19
2
[RHSA-1999:055-01] Denial of service attack in syslogd
...reset after the syslog daemon is restarted.
3. Problem description:
The syslog daemon by default used unix domain stream sockets for receiving
local log connections. By opening a large number of connections to
the log daemon, the user could make the system unresponsive.
Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the vulnerability
and providing patches.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
libc updates are needed for Red Hat Linux 4.2 for the Intel and Sparc
architectures so that logg...
1997 Oct 20
1
LPRng security
...is can be solved using
the SCM_CREDENTIALS stuff in 2.1.x kernels. Lpr can authenticate itself
with the local lpd via a unix socket, and have lpd forward the job to
the remote printer using a privileged port. Any takers?
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.com +-------------------- Why Not?! -----------------------
2000 Jul 27
1
rh62 suid files
Hi,
I believe having less root setuid binaries on system is The Way ...
so:
Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
are for sysadmins, not for regular users I hope.
Is /sbin/unix_chkpwd really used and what is it used for? I haven't find
anything about it in pam documentation.
Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does
1998 Mar 09
2
Towards a solution of tmp-file problems.
Introduction.
------------
Every now and then a new "exploit" turns up of some program that uses
tmp files. The first solution was "sticky bits", but since links exist
(that''s a LONG time), that solution is inadequate.
Discussion.
----------
The problem is that you put an object (link/pipe) in the place where
you expect a program to put its tempfile, and wait for
1997 Apr 29
9
Yet Another DIP Exploit?
I seem to have stumbled across another vulnerability in DIP. It
appears to allow any user to gain control of arbitrary devices in /dev.
For instance, I have successfully stolen keystrokes from a root login as
follows... (I could also dump characters to the root console)
$ whoami
cesaro
$ cat < /dev/tty1 <------ root login here
bash: /dev/tty1: Permission denied
2010 Jun 03
0
[PATCH 3/3][STABLE] KVM: add schedule check to napi_enable call
...s. With this patch applied we no longer see any
problems in the driver while performing these tests for extended periods
of time.
Make sure napi is scheduled subsequent to each napi_enable.
Signed-off-by: Bruce Rogers <brogers at novell.com>
Signed-off-by: Olaf Kirch <okir at suse.de>
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -388,6 +388,20 @@ static void skb_recv_done(struct virtque
}
}
+static void virtnet_napi_enable(struct virtnet_info *vi)
+{
+ napi_enable(&vi->napi);
+
+ /* If all buffers were filled by ot...
2010 Jun 03
0
[PATCH 3/3][STABLE] KVM: add schedule check to napi_enable call
...s. With this patch applied we no longer see any
problems in the driver while performing these tests for extended periods
of time.
Make sure napi is scheduled subsequent to each napi_enable.
Signed-off-by: Bruce Rogers <brogers at novell.com>
Signed-off-by: Olaf Kirch <okir at suse.de>
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -388,6 +388,20 @@ static void skb_recv_done(struct virtque
}
}
+static void virtnet_napi_enable(struct virtnet_info *vi)
+{
+ napi_enable(&vi->napi);
+
+ /* If all buffers were filled by ot...
2000 May 31
1
[RHSA-2000:005-05] New majordomo packages available
...ach package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
Thanks to Brock Tellier at btellier@USA.NET for noting the vulnerability in resend, to Shevek at shevek@anarres.org and Olaf Kirch at okir@monad.swb.de for noting the vulnerability in the wrapper.
2017 Jun 02
2
NFS mount on Centos 7 crashing
On 2/6/2017 10:40 ??, Philippe BOURDEU d'AGUERRE wrote:
> Reverting to rpcbind-0.2.0-38.el7 solves the problem for me
Thank you very much Philippe,
I notice that I have upgraded to rpcbind-0.2.0-38.el7_3.x86_64 on May 26.
Have you checked if this bug/behavior has been reported or should we
file a bug report?
Nick
1999 Nov 10
0
[RHSA-1999:053-01] new NFS server pacakges available (5.2, 4.2)
...ary
code could be executed as the user the NFS server runs
as (root). Exploiting this buffer overflow does require
read/write access to a share on an affected server.
4. Solution:
It is recommended that all users of Red Hat Linux 4.x
and 5.x update to the fixed packages.
Thanks go to Olaf Kirch (okir@monad.swb.de) for providing
a fix.
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):
6. Obsoleted by:
7. Conflicts with:
8. RPMs required:
Red Hat Linu...