search for: vulnerabilty

I am currently blocking out netbios UDP port 137 on my firewall and was wondering what the following means in terms of security: Jul 9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137 MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111 I have gottena few 100 of these and was wondering if there are some vulnerabilties related to netbios out there?? What do the S/I/F/L fields stand for?? I

Puppet 3.2.4 is now available. 3.2.4 addresses two security vulnerabilties discovered in the 3.x series of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and CVE-2013-4761. All users of Puppet 3.2.3 and earlier are strongly encouraged to upgrade to 3.2.4. For more information on these vulnerabilities, please visit http://puppetlabs.com/security/cve/cve-2013-4761

Hi, A bit off-topic, but I''m about to set up a remote Linux server for Rails, with postgres and probably Lighttpd. The server has two 120GB hard drives, one of which will just be for nightly backups of the other. I don''t intend to have any untrusted user accounts on the server. The server will be dedicated to my own applications. I''ll want to support lots of www

Does anyone know off hand what the longest known serious security issue (i.e. remote compromise) has been with FreeBSD that went unpatched ? e.g. security hole is reported to security-officer@FreeBSD.org. X days later, fix and advisory committed. What has been the largest X ? My jaw dropped when I saw http://www.eeye.com/html/Research/Upcoming/index.html ---Mike

...will not exit the process - the terminal really does appear to lock up. However... $ echo "touch i-woz-ere" | ssh-copy-id dimwit at localhost # This rapidly completes $ su dimwit $ ls ~ i-woz-ere It is still possible to interact with this shell. This does not present any real security vulnerabilty, in fact it is caused by a complete lack of any security on the user's part, however spawning an interactive shell does not appear to be intended behaviour. Replacing the call with "ssh -v -o PreferredAuthentications=',' < /dev/null" resolves this issue. -- You are recei...

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of