search for: staszic

...wider (and more funny) than I expected. Here''s my proggy which allows hiding files of any kind and size into crontab entries (remember, quota is ignored ;-): -- cron_put -- #!/bin/bash echo "Vixie cron 3.0.1 file storage - put utlility" echo "by Michal Zalewski <lcamtuf@staszic.waw.pl>" echo if [ "$1" = "" ]; then echo usage: $0 file_to_hide echo exit 0 fi if [ ! "`ulimit`" = "unlimited" ]; then echo Warning, filesize limit is set to `ulimit`. echo fi echo Installing fake crontab... echo echo "* * * * * # w...

...FILE is not sufficient and may be extremally harmful!!! You should at least use mktemp to create temporary files, or|and prevent from creating anything in /tmp directly. _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

...rnel config (same for dom0 and domU) PS "script" prefix in domU vbd config is custom patch to libxl which implement xend behaviour of using hotplug script for VBD setup. -- Pozdrawiam / Best Regards, Marek Marczykowski | RLU #390519 marmarek at mimuw edu pl | xmpp:marmarek at staszic waw pl _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

...168.91.202.223 > 10.0.0.1.47825: R [tcp sum ok] 0:0(0) ack 1355768058 win 0 This is fully reproducible on vanilla 2.6.16.14. I also checked 2.6.15.4 and 2.6.14.3 - they work as expected (ie. tcptraceroute output is the same in both cases). Kernel config files are available at http://szpajder.w.staszic.waw.pl/netfilter/ -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...9;. Almost any symlink-vunerable program, which stores any data (even PIDs) in their temporary files, may be exploited in that way (eg. not so easy to fix gzexe problem). _______________________________________________________________________ Michał Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl] Iterować jest rzeczą ludzką, wykonywać rekursywnie - boską [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

...rving other processes for CPU resulting in a denial of service attack. This does not allow for any compromise of the server. The fixed version of the no2slash() function is O(n) and does not allow for this attack. Thanks to Michal Zalewski <lcamtuf@boss.staszic.waw.pl> for discovering this bug and reporting it on the BUGTRAQ mailing list along with the "beck" script that can be used to exploit it. IV. Possible buffer overflow in "logresolve" program. RISK: low The logresolve program is us...