search for: securityreason

...by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. This looks to have been corrected in NetBSD, but I don't know how portable their fix is. Here are some references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755 http://securityreason.com/achievement_securityalert/89 http://cxib.net/stuff/glob-0day.c http://securityreason.com/exploitalert/9223 http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1 http...

hi, i.m. newbie in asterisk. asterisk 1.0.3 is my current version. i like to store usernames and passwords in a sql database. i like to log failed authentification-passwords, to create a blacklist for securityreasons. i thingk a sql-database is a good way to log these actions. i don.t find debugging-options to output invalid login-passwords. Ok, i have made the following: debian is my OS. mysql is installed and working. i has compiled astersk as follows: Modefying: /usr/src/asterisk-1.0.3/channels/Makefile...