search for: roessler

Executive summary: /usr/bin/suidexec gives every user a root shell. Remove it. tlr ----- Forwarded message from Thomas Roessler <roessler@guug.de> ----- Date: Tue, 28 Apr 1998 15:21:17 +0200 From: Thomas Roessler <roessler@guug.de> Subject: suidmanager: SECURITY BREACH: /usr/bin/suidexec gives root access to every user on the system To: submit@bugs.debian.org Package: suidmanager Version: 0.18 [This report al...

...elies on snprintf(3) to do it''s bounds checking doesn''t have any bounds checking at all. Note that recent linux C libraries contain an snprintf(3) function of their own which does it''s job properly. Thus, the fix is to simply remove snprintf.o from libdb. tlr -- Thomas Roessler ? 74a353cc0b19 ? dg1ktr ? http://home.pages.de/~roessler/ 1280/593238E1 ? AE 24 38 88 1B 45 E4 C6 03 F5 15 6E 9C CA FD DB

...for Linuxtag 2005. We ourseleves can contribute or demo-installation and manpower for organizing things. Have a nice day :-) -- Thilo R??ler Linup Front Robert-Koch-Strasse 9 64331 Weiterstadt Tel: 06151/9067-0 Fax: 06151/9067-299 Mobil: 0151/18242584 http://www.linupfront.de E-Mail: thilo.roessler@linupfront.de

...e may be the wrong thing to do. The wrapper reads a configuration file named /etc/wrapper.cfg; see the comments in wrapper.c for the file''s format. Flame, comment, or use at will. tlr ------------------------------ wrapper.c ------------------------------ /* * wrapper.c (c) 1997 Thomas Roessler <roessler@guug.de> * $Id: wrapper.c,v 1.2 1997/05/26 17:39:09 roessler Exp $ * * This program is free software. You may use, modify or distribute it * at will as long as you give credit to the original author. * * format of /etc/wrapper.cfg: * - leading white space is ignored. * - lin...

How can I efficiently search for programs and packages that are available as part of the CentOs4.3 distribution? I am using CentOs4.3 and need to install packages that are apparently not part of this distribution. What RedHat version do I have to consider if I want to use rpm's for RedHat instead? Dirk

...kflow under Linux, but I don't know how to get R to recognize the svg() command under Windows. I have loaded RsvgDevice, Cairo, and cairoDevice in my attempts. The problem seems to me to be directly related to enabling R to produce svg output on Windows, rather than related to ggplot2. Michael Roessler, CFA michael.roesler@keyevent.com [[alternative HTML version deleted]]

...ecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/2019082...

...cot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20190828...

...dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 484 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20190828...

...roper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers (before and after login) Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.7.2, 2.2.36.4 Researcher credits: Nick Roessler and Rafi Rubin, University of Pennsylvania Vendor notification: 2019-04-13 Solution date: 2019-06-05 Public disclosure: 2019-08-28 CVE reference: CVE-2019-11500 CVSS: 8.1 (CVSS3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ? Vulnerability Details: IMAP and ManageSieve protocol parsers do not properly ha...

....4.24.2.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20190828/6748...

...ecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/2019082...

...cot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20190828...

...dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 484 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20190828...

...where to ask this question. Is there anyone who can tell if Asterisk will be present at CeBIT this year? Kind regards Thilo -- Thilo R??ler Linup Front Pallaswiesenstrasse 203 64293 Darmstadt Tel: 06151/9067-0 Fax: 06151/9067-299 Mobil: 0151/18242584 http://www.linupfront.de E-Mail: thilo.roessler@linupfront.de

...py to find others joining us at the booth somewhere between 10th and 16th of March in Hannover, Germany :-) Kind regards ... -- Thilo R??ler Linup Front Pallaswiesenstrasse 203 64293 Darmstadt Tel: 06151/9067-0 Fax: 06151/9067-299 Mobil: 0151/18242584 http://www.linupfront.de E-Mail: thilo.roessler@linupfront.de

I need to install libMrm.so.3 on my computer that has Centos4.3. However, I am not experienced with Centos4.3 so far. I do not know where to find this library for Centos4.3 and how to install it. Is there something like apt? Using system-config-packages I cannot find any intelligent way to search for programs and package. Dirk

Dear, I have a set of ascii-grids. For each gridcell I want to count all values that lie between 15 and 6. Therefore I combined the ascii-grids in an array and used result<- apply(temp,2,sum((temp <=15)&(temp > 6)), na.rm=TRUE) But, this doesn`t work. It seems that the combination apply with sum(...) is not working, since the pure apply(object,2,sum) does work. May you help me

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

I don''t know if this has made it to you yet, so here it is... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Kirk Bauer Georgia Tech gt5918a@prism.gatech.edu or Finger for PGP Key --> kirk@kaybee.gt.ed.net http://www.kaybee.gt.ed.net/~kirk/html/index.html Resnet RTA (Residence Technical Advisor) GTRI Co-Op ----------