Displaying 14 results from an estimated 14 matches for "secnet".
Did you mean:
decnet
1997 Oct 21
0
SNI-19: BSD lpd vulnerabilities (UPDATE)
...lem was present due to the fact that when lpd exited due to
receiving invalid characters in the filename, the error routine
would continue to remove the specified file.
An updated version of the recommended fixes has been placed in
the same location as the original fixes:
ftp://ftp.secnet.com/pub/patches/lpd.tar.gz
Issue 2
~~~~~~~
There has been some confusion over an alternative print spooler
called LPRng. LPRng is not vulnerable to any of the problems which
were discussed in SNI-19.BSD.lpd.vulnerabilities. LPRng is an
alternative print spooler written by Patrick Powell
<pa...
2005 Jun 26
1
A VPN is switched mode
...I can think of
the VPN as a virtual switch where each of the routers is plugged into.
Lets reduce the number of networks to 2, for brevity's sake.
And for example the private network behind router A is 192.168.10.0/24
and B is 192.168.12.0/24
etc.
--- NETWORK A : router Koe
# cat /etc/tinc/secnet/tinc.conf
Name = koe
Device = /dev/tun
ConnectTo = jupiter
ConnectTo = proto3
PrivateKeyFile = /etc/tinc/secnet/rsa_key.priv
AddressFamily = ipv4
Mode = switch
# cat /etc/tinc/secnet/tinc-up
#!/bin/sh
ifconfig $INTERFACE 192.168.20.1 netmask 255.255.255.0
--- NETWORK B : router Jupiter
$ cat...
1997 Oct 02
2
SNI-19:BSD lpd vulnerabilities
...he ftp-data
port (port 20).
iii. Disable print services until a suitable fix has been made availible
for your operating system.
iv. Install a fixed version of the BSD print software. A fixed version
of the BSD print software is availible at the following ftp site:
ftp://ftp.secnet.com/pub/patches/lpd.tar.gz
This package fixes numerous other problems present in the BSD
printing suite, including numerous buffer overflows present in both
the client programs and the server. This package has been
provided by OpenBSD.
v. Contact your vendor for patch infor...
1998 Jan 20
0
SNI-23: SSH - Vulnerability in ssh-agent
...ion of SSH, please see http://www.cs.hut.fi/ssh
Commercial versions of ssh are marketed by Data Fellows Inc. For
information about the F-secure ssh derivatives sold by Data Fellows Inc,
please see http://www.DataFellows.com/f-secure
This vulnerability was discovered by David Sacerdote <davids@secnet.com>.
For more information regarding this advisory, contact Secure Networks
Inc. as <sni@secnet.com>. A PGP public key is provided below if
privacy is required.
Type Bits/KeyID Date User ID
pub 1024/9E55000D 1997/01/13 Secure Networks Inc. <sni@secnet.com>...
1997 Oct 22
1
SNI-20: Telnetd tgetent vulnerability
...1.7 and FreeBSD 2.2.2 are NOT
vulnerable.
OpenBSD
Versions of OpenBSD newer than 2.0 are NOT vulnerable to this problem.
Additional Information
~~~~~~~~~~~~~~~~~~~~~~
This problem was discovered by Theo de Raadt <deraadt@openbsd.org>
You can contact Secure Networks Inc. at <sni@secnet.com> using
the following PGP key:
Type Bits/KeyID Date User ID
pub 1024/9E55000D 1997/01/13 Secure Networks Inc. <sni@secnet.com>
Secure Networks <security@secnet.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzLaFzIAAAEEA...
1997 Apr 22
1
SNI-12: BIND Vulnerabilities and Solutions (fwd)
...freebsd-security@freebsd.org
Subject: SNI-12: BIND Vulnerabilities and Solutions (fwd)
Hello!
Is fbsd 2.2.1 vulnerable? If yes are there any patches available specially
for FreeBSD?
---------- Forwarded message ----------
Date: Tue, 22 Apr 1997 04:36:17 -0600
From: Oliver Friedrichs <oliver@SECNET.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: SNI-12: BIND Vulnerabilities and Solutions
-----BEGIN PGP SIGNED MESSAGE-----
###### ## ## ######
## ### ## ##
###### ## # ## ##...
1996 Nov 19
0
Serious BIND resolver problems.
...fd_set reads;
On further testing, and implementation of exploitation code, we can verify
that this is indeed possible via the rlogin service. In order to exploit the
problem, we first start a program to send a fake DNS replies.
[root@ariel] [Dec 31 1969 11:59:59pm] [~]% ./dnsfake
oakmont.secnet.com(4732)->idoru.secnet.com(53) : lookup: random-domain.com (1:1)
sent packet fake reply: 270 bytes
idoru.secnet.com(53)->oakmont.secnet.com(4732) : reply: random-domain.com (1:1)
We then cause rcmd() within rlogin to do a host lookup and response with
our false data.
[oliver@oakmont] [Dec...
1997 Feb 24
1
libX11
...rograms stored in other system directories. Keep in mind that that the
use of this workaround will result in reduced functionality for non-root
users.
Additional Information
~~~~~~~~~~~~~~~~~~~~~~
If you have any questions about this advisory, feel free to contact me,
David Sacerdote, at davids@secnet.com. If you should wish to encrypt
traffic for me, my pgp key is:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzJ4qJAAAAEEAOgB7mooQ6NgzcUSIehKUufGsyojutC7phVXZ+p8FnHLLZNB
BLQEtj5kmfww2A2pR29q4rgPeqEUOjWPlLNdSLby3NI8yKz1AQSQLHAwIDXt/lku
8QXClaV6pNIaQSN8cnyyvjH6TYF778yZhYz0mwLqW6dU5whH...
1997 Mar 02
1
imapd and ipop3d hole
...se(tmp));
Or, as a final option, you can switch to the IMAP 4.1 beta distribution,
which can be found at ftp://ftp.cac.washington.edu/mail/imap.tar.Z.
Additional Information
~~~~~~~~~~~~~~~~~~~~~~
If you have any questions about this advisory, feel free to contact me,
by sending mail to davids@secnet.com If you wish to encrypt your
messages to me, feel free to use the following PGP public key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzJ4qJAAAAEEAOgB7mooQ6NgzcUSIehKUufGsyojutC7phVXZ+p8FnHLLZNB
BLQEtj5kmfww2A2pR29q4rgPeqEUOjWPlLNdSLby3NI8yKz1AQSQLHAwIDXt/lku
8QXClaV6pNIaQSN8cny...
1996 Nov 20
2
About DNS again
//////////////////////////////////////////////////////////////////////////
I have got a couple of messages stating that I am wrong and that the
resolver vulnerability sent to list by Oliver Friedrichs (oliver@secnet.com)
is a new one. Our discussion with Oliver outlined that even though it is
possible that this vulnerability was discussed during BOFs at conferences
such as LISA, SANS and NETSEC, neither a summary was ever made public, nor a
detailed description of attack was ever given.
The SNI Security Advis...
1997 Feb 04
0
In regards to the Linux ''Bliss'' Virus.
...s concerned that some programs on my linux systems might have become
infected, I wrote a tool to determine which programs, if any, had
been infected by the bliss virus. For those who lack md5 checksums
of all their binaries, this is likely to be a useful tool. You can
obtain a copy at:
ftp://ftp.secnet.com/pub/tools/abliss.tar.gz
[mod: deleted "have" between "lack" and "md5". What''s wrong with
"cat /tmp/.bliss"? --rew]
/*************************************************************************
Alfred Huger...
1997 Jan 12
0
Security release: Apache 1.1.2
...within the
next week.
Many thanks to Secure Networks Inc. for finding the hole in mod_cookies
and providing the patch, and the members of the BugTraq mailing list for
bringing the directory indexing hole to our attention. An advisory on
the first hole may be found starting Monday at
ftp://ftp.secnet.com/pub/advisories/APACHE_MOD.advisory.1.13.97
*How to use the attached patches*
Attached to this message are two patches. Save them into your "src"
subdirectory of your Apache installation, and then do the following:
patch < mod_cookies_security.patch
patch < directoryinde...
1999 Apr 30
0
SAMBA digest 2073
Why is www.secnet.com down ? i'm looking for the samba-audit-tool and
didn't find any mirror.
Thomas
On Fri, 30 Apr 1999 samba@samba.org wrote:
> SAMBA Digest 2073
>
> For information on unsubscribing see http://samba.org/listproc/
> Topics covered in this issue include:
>
&g...
1997 Jan 12
0
Apache 1.1.1 overflow
[Mod: header changed -- alex]
###### ## ## ######
## ### ## ##
###### ## # ## ##
## ## ### ##
###### . ## ## . ######.
Secure Networks Inc.
Security Advisory