search for: okir

...ory exported read/write to you in order to exploit it (or you're able to impersonate a host with this kind of access). Appended you'll find a patch against 2.2beta46 that rectifies this problem. The full source for 2.2beta47 can be found at ftp://mathematik.tu-darmstadt.de/pub/linux/people/okir Another version (2.2.48) that has some additional, non-security related fixes I have been working on can be found in the dontuse subdirectory. Olaf >>From okir@monad.swb.de Wed Nov 10 10:54:31 1999 Received: (from okir@localhost) by monad.swb.de (8.9.3/8.9.3) id KAA01061; Wed, 10 Nov 199...

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in cron daemon Advisory ID: RHSA-1999:030-01 Issue date: 1999-08-25 Updated on: Keywords: vixie-cron crond MAILTO Cross references: --------------------------------------------------------------------- 1. Topic: A buffer overflow exists in crond, the cron

I've got egg on my face... There is a nasty security hole in the User-space NFS servers. If you are running an NFS server, please upgrade as soon as possible to the latest release, nfs-server-2.2beta35.tar.gz, which can be found at ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir All previous releases are vulnerable. <Taking off his okir hat and putting on his caldera hat> Caldera will, after they have passed testing, release fixed RPMs. They will be available from ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/ Olaf -- Olaf Kirch | --- o --- Nous som...

...g the file descriptor over a UNIX domain socket. The protocol also provides for some kind of authentication, but it''s not really good. Recent 2.1 kernels provide SCM_CREDENTIALS passing, which could be used here. The source can be found on ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/modemmgr-0.2.tar.gz Feedback welcome, Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir@lst.de +-------------------- Why Not?! -----------------------

...40etAQGTawP/Srnw8tmTTkLuZrxsx49qEw3jP3hM8DdM qeiVd8DyztiphIpIgPpWYr79e6z4/6tViDA0Cpb+ZbJ2axe7k0Dg9Ypd8k6C1cC5 L6qKo+pHbTBn7F31OEerrqniaYyVuVWdsD3tDWsItKsYqBJy5+jiRvMC3RzFqUNk mpdo1mnqJiw= =I/YT -----END PGP SIGNATURE----- -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir@lst.de +-------------------- Why Not?! ----------------------- finger okir@brewhq.swb.de for PGP key

...top receiving packets. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by: Bruce Rogers <brogers at novell.com> Signed-off-by: Olaf Kirch <okir at suse.de> Cc: stable at kernel.org Signed-off-by: Rusty Russell <rusty at rustcorp.com.au> --- drivers/net/virtio_net.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c --- a/drivers/n...

...top receiving packets. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by: Bruce Rogers <brogers at novell.com> Signed-off-by: Olaf Kirch <okir at suse.de> Cc: stable at kernel.org Signed-off-by: Rusty Russell <rusty at rustcorp.com.au> --- drivers/net/virtio_net.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c --- a/drivers/n...

It seems that when you send rwhod an rwho packet, it blindly assumes you are who the packet says you are. That is to say, it looks as if any host can inject false rwho data for any other host. I''m not convinced this is worth fixing. Opinions? -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

...flip it to /.tmp/nfs/cdf:uid after nfsd is running. Oh, I almost forgot to mention this: to enable CDF support in nfsd, you must edit the Makefile and add -DSUPPORT_CDF to the NFSD_DEFS variable. The complete source for nfsd-2.2beta23 can be found on ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir . Criticism and suggestions welcome, but please allow for some days before I find the time to reply. Happy hacking Olaf <A HREF="; mailx -s ''youve been hacked'' $LOGNAME">Test your mailer!</A> - ---------------------------------------------------------------...

...mp; *path != ''/'') { - if (path > max_path) { + if (new_path > max_path) { errno = ENAMETOOLONG; return NULL; } ------------------------------------------------------------------ -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir@caldera.de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.

...reset after the syslog daemon is restarted. 3. Problem description: The syslog daemon by default used unix domain stream sockets for receiving local log connections. By opening a large number of connections to the log daemon, the user could make the system unresponsive. Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the vulnerability and providing patches. 4. Solution: For each RPM for your particular architecture, run: rpm -Uvh <filename> where filename is the name of the RPM. libc updates are needed for Red Hat Linux 4.2 for the Intel and Sparc architectures so that logg...

...is can be solved using the SCM_CREDENTIALS stuff in 2.1.x kernels. Lpr can authenticate itself with the local lpd via a unix socket, and have lpd forward the job to the remote printer using a privileged port. Any takers? -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir@caldera.com +-------------------- Why Not?! -----------------------

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

Introduction. ------------ Every now and then a new "exploit" turns up of some program that uses tmp files. The first solution was "sticky bits", but since links exist (that''s a LONG time), that solution is inadequate. Discussion. ---------- The problem is that you put an object (link/pipe) in the place where you expect a program to put its tempfile, and wait for

I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1: Permission denied

...s. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by: Bruce Rogers <brogers at novell.com> Signed-off-by: Olaf Kirch <okir at suse.de> --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -388,6 +388,20 @@ static void skb_recv_done(struct virtque } } +static void virtnet_napi_enable(struct virtnet_info *vi) +{ + napi_enable(&vi->napi); + + /* If all buffers were filled by ot...

...s. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by: Bruce Rogers <brogers at novell.com> Signed-off-by: Olaf Kirch <okir at suse.de> --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -388,6 +388,20 @@ static void skb_recv_done(struct virtque } } +static void virtnet_napi_enable(struct virtnet_info *vi) +{ + napi_enable(&vi->napi); + + /* If all buffers were filled by ot...

...ach package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Thanks to Brock Tellier at btellier@USA.NET for noting the vulnerability in resend, to Shevek at shevek@anarres.org and Olaf Kirch at okir@monad.swb.de for noting the vulnerability in the wrapper.

On 2/6/2017 10:40 ??, Philippe BOURDEU d'AGUERRE wrote: > Reverting to rpcbind-0.2.0-38.el7 solves the problem for me Thank you very much Philippe, I notice that I have upgraded to rpcbind-0.2.0-38.el7_3.x86_64 on May 26. Have you checked if this bug/behavior has been reported or should we file a bug report? Nick

...ary code could be executed as the user the NFS server runs as (root). Exploiting this buffer overflow does require read/write access to a share on an affected server. 4. Solution: It is recommended that all users of Red Hat Linux 4.x and 5.x update to the fixed packages. Thanks go to Olaf Kirch (okir@monad.swb.de) for providing a fix. For each RPM for your particular architecture, run: rpm -Uvh <filename> where filename is the name of the RPM. 5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6. Obsoleted by: 7. Conflicts with: 8. RPMs required: Red Hat Linu...