search for: openwall

Hello. Is it possible to run wine on openwall-patched linux kernel? Invoking /opt/wine/bin/wine.bin /home/ftp/pub/windows/telnet/putty.exe ... err:win32:do_relocations Standard load address for a Win32 program not available - patched kernel ? err:win32:do_relocations FATAL: Need to relocate Z:\home\ftp\pub\windows\telnet\putty.exe, but no rel...

https://bugzilla.mindrot.org/show_bug.cgi?id=1982 Bug #: 1982 Summary: different behavior compared to php (openwall version of bcrypt) Classification: Unclassified Product: jBCrypt Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Default AssignedT...

Package: xen Severity: grave Tags: security Justification: user security hole Please see the following links: http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.openwall.com/lists/oss-security/2012/09/05/10 http://www.openwall.com/lists/oss-security/2012/09/05/9 http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.openwall.com/lists/oss-security/2012/09/05/7 http://www.openwall.com/lists/oss-sec...

...child 28870 (login) returned error 84 (exec() failed) Mar 31 21:04:04 test-box dovecot: child 28869 (login) returned error 84 (exec() failed) Mar 31 21:04:04 test-box dovecot: execv(imap-login) failed: Resource temporarily unavailable System is redhat6.2 (with all updates), kernel is 2.2.25 (with openwall patch). Under rh7.3 dovecot launches fine.

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Summary: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576) Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

...checks on the HELO and EHLO commands ("helo_verify_hosts" or "helo_try_verify_hosts" option, or "verify = helo" ACL); we developed a reliable and fully-functional exploit that bypasses all existing protections (ASLR, PIE, NX) on 32-bit and 64-bit machines. http://www.openwall.com/lists/oss-security/2015/01/27/9 --------------------------------- "- We identified a number of factors that mitigate the impact of this bug. In particular, we discovered that it was fixed on May 21, 2013 (between the releases of glibc-2.17 and glibc-2.18). Unfortunately, it was not...

...(which resembles what is latest on public mirror I maintain, and I checked randomly a couple of other mirrors - the same). If I read numbers correctly, we all are one minor (very minor ;-) number behind RHEL. > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 > > Note that in the openwall.com URL you provided > (http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a > simple program (in section 4 - Case Studies) to test whether a given > machine's vulnerable. And when I check the machine with glibc-2.12-1.149.el6_6.4.x86_64 (fully updated CentOS 6) indeed...

I am looking at adding some tests based on John the Ripper to the test suite repository. http://www.openwall.com/john/ Does anyone have a problem with this? Are there specific algorithms people would like to see benchmarked? Thx Chris Matthews chris.matthews@.com (408) 783-6335 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-de...

Package: xen Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2012/07/26/4 Cheers, Moritz

...st on public mirror I maintain, and I checked randomly a > couple of other mirrors - the same). If I read numbers correctly, we all > are one minor (very minor ;-) number behind RHEL. > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 > > > > Note that in the openwall.com URL you provided > > (http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a > > simple program (in section 4 - Case Studies) to test whether a given > > machine's vulnerable. > > And when I check the machine with > glibc-2.12-1.149.el6_6.4.x86_64 &g...

...s WHERE user_email='%u'; user_query = SELECT 501 as uid, 501 as gid,'maildir:storage=51200' as quota FROM wp_users WHERE user_email = '%u' I can see that the query is being procecessed according to the logs. Wordpress and others are using phpass to authenticate (http://www.openwall.com/phpass/), it is basically a salted md5 hash. Basically, after the process, a hash like this is obtained. $P$BiWISc3IsqRHxeEjq4VJP1Vi8gy4mg1 (for test123 password) I would like to know if dovecot would be able to read this, otherwise I could still make a custom checkpassword function but that...

...=========== * Security: corrected linking problem on AIX/gcc. AIX users are advised to upgrade immediately. For details, please refer to separate advisory (aixgcc.adv). * Corrected build problems on Irix * Corrected build problem when building with AFS support * Merged some changes from Openwall Linux Checksums: ========== - MD5 (openssh-3.6p1.tar.gz) = f3879270bffe479e1bd057aa36258696 Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves...

...=========== * Security: corrected linking problem on AIX/gcc. AIX users are advised to upgrade immediately. For details, please refer to separate advisory (aixgcc.adv). * Corrected build problems on Irix * Corrected build problem when building with AFS support * Merged some changes from Openwall Linux Checksums: ========== - MD5 (openssh-3.6p1.tar.gz) = f3879270bffe479e1bd057aa36258696 Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves...

Hello! I have trouble with multipath routing. Those options are enabled in kernel: [*] IP: policy routing [*] IP: equal cost multipath [*] IP: equal cost multipath with caching support (EXPERIMENTAL) <*> MULTIPATH: round robin algorithm But issuing: ip r a 1.2.3.0/23 scope global equalize nexthop via 80.245.176.11 \ dev eth0 weight 1 nexthop via 80.245.176.13 dev eth0

https://bugzilla.mindrot.org/show_bug.cgi?id=1471 Summary: sshd can block if authorized_keys is a named pipe Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: bitbucket at

...twork pings and services responded, but trying to ssh failed (just hanged there before opening session but after giving last login info). telneting to pop3 port worked, but upon authenticating it also hang - so I'm assuming VFS or specific ext3 filesystem is hanging. kernel is 2.2.19pre7 (with openwall patches, although it should not matter), ext3 is 0.05e. All filesystems are ext3 (in journal data mode). Machine is PIII/600 with 128MB RAM, 300MB swap. Journals are 5-15MB in size. Partitions are 150MB to 7,5GB. Feb 5 12:28:28 blue kernel: Buffer locked in journal_write_metadata_buffer, flags 0x...

Following up on these threads: - https://marc.info/?l=kvm&m=151929803301378&w=2 - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18 I lost the original emails so I couldn't reply to them, and also sorry for being late, it was the end of semester exams. I was adviced on #qemu and #kernelnewbies IRCs to ask here as it will help having better insights. To wrap things up, the basic de...

Following up on these threads: - https://marc.info/?l=kvm&m=151929803301378&w=2 - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18 I lost the original emails so I couldn't reply to them, and also sorry for being late, it was the end of semester exams. I was adviced on #qemu and #kernelnewbies IRCs to ask here as it will help having better insights. To wrap things up, the basic de...

Be careful about license issues. I.e. gpl. On 07/11/2013 05:00 PM, Chris Matthews wrote: > I am looking at adding some tests based on John the Ripper to the test > suite repository. > > http://www.openwall.com/john/ > > Does anyone have a problem with this? > > Are there specific algorithms people would like to see benchmarked? > > Thx > > Chris Matthews > chris.matthews@.com > (408) 783-6335 > > > > _______________________________________________ > LLVM...

...tler <rkotler at mips.com> wrote: > Be careful about license issues. > > I.e. gpl. > > > On 07/11/2013 05:00 PM, Chris Matthews wrote: >> I am looking at adding some tests based on John the Ripper to the test >> suite repository. >> >> http://www.openwall.com/john/ >> >> Does anyone have a problem with this? >> >> Are there specific algorithms people would like to see benchmarked? >> >> Thx >> >> Chris Matthews >> chris.matthews@.com >> (408) 783-6335 >> >> >> >...