search for: vulnerabl

...t Mandriva upgraded last year. I believe C6 will include an updated Bind. > An attempt to install bind-9.7.2-P3 from source yields the warning > below the sig for both 4.8 and 5.5 machines. > WARNING WARNING WARNING WARNING WARNING .......... > > Your OpenSSL crypto library may be vulnerable to ..... > one or more of the the following known security .... > flaws: > > CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and > CVE-2006-2940. > > It is recommended that you upgrade to OpenSSL > version 0.9.8d/0.9.7l (or greater). Well, on my C 5.5 desktop my OpenSSL is (y...

...d-linux.so buf is automatic. Oops... 2) as you surely know, ld-linux.so 1.9.2 is broken completely, as it deals with LD_PRELOAD variable even when linking a suid binary. An exploit based on this "feature" was composed by Dan McGuirk, I guess. In this article, we''re not using this vulnerablity. 3) Julian Assange (proff@SUBURBIA.NET) mentioned on bugtraq that he was able to attack the linker with resource starvation ( for file descriptors ). I assume it was possible on a system with artificially lowered file descriptors limit; you can look at his a bit vague report at the URL mentioned...