search for: vulnerablity

> From: Larry Vaden <vaden at texoma.net> > Date: Sun, Jan 23, 2011 at 8:03 PM > Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5? > Our site running Centos 4.8 and 5.5 name servers was hacked with > the result that www.yahoo.com is now within our /19 and causing > some grief. Don't understand what you mean by 'within our /19'. Have your IP

...d-linux.so buf is automatic. Oops... 2) as you surely know, ld-linux.so 1.9.2 is broken completely, as it deals with LD_PRELOAD variable even when linking a suid binary. An exploit based on this "feature" was composed by Dan McGuirk, I guess. In this article, we''re not using this vulnerablity. 3) Julian Assange (proff@SUBURBIA.NET) mentioned on bugtraq that he was able to attack the linker with resource starvation ( for file descriptors ). I assume it was possible on a system with artificially lowered file descriptors limit; you can look at his a bit vague report at the URL mentioned at...