search for: osvdb

...versal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not? # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data into logfiles, which could pose a threat when logs are viewed/parsed. CAN-2003-0020. OSVDB-4382. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain input data. CAN-2004-0493. OSVDB-7269. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential infinite loop. CAN-2004-0748. OSVDB-9523. # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 an...

...stat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic... "Ignored RSTs in the window" isn't the best description. FWIW, I've been testing with the exploit code (reset-tcp-rfc31337-compliant.c from osvdb-4030-exploit.zip), and this change does indeed defeat the attack. It took me a while to get the code working, they really munged up the libnet calls, but I guess that was the intent. Mike "Silby" Silbersack -------------- next part -------------- diff -u -r /usr/src/sys.old/netinet/tcp_...

...segregated into unique virtual LANs for >data and voice transmission. > >However, Nagiel cautioned that security managers should resist using >shared Ethernet network segments for voice. > > > >_________________________________________ >ISN mailing list >Sponsored by: OSVDB.org