Displaying 20 results from an estimated 24 matches for "vuner".
Did you mean:
vuser
1998 Mar 14
1
Vunerable shell scripts
I made a list of /usr/bin scripts which allows /tmp races. Following
ones creates /tmp/something.$$, then, with no
permission/ownership checking, /tmp/something.$$.x (x may vary
;), or even performs suitable checks, but gives enough time to alter /tmp
contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp,
gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,
2014 Oct 15
0
SSLv3 vunerability and Nautilus
CentOS-6.5
Apache httpd-2.2.15
We have a webdav folder accessible only by https. In conformance with the
advisory we removed SSLv3 from the SSLProtocol directive of the Apache server
on that webdav host, so that it now looks like this:
SSLProtocol +TLSv1
Now I cannot connect to the webdav service from my gnome desktop. When I open
the webdav folder I get a window with the following error
2010 Aug 04
1
Optimising the Rsync algorithm for speed by reverting to MD4 hashing
Hi,
From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other
1999 Mar 26
3
*ALERT*: ADM Worm. Worm for Linux x86 found in wild.
...Other infection symptoms include a ".w0rm0r/" subdir and suid root copy
of /bin/sh named ".w0rm" in /tmp, and possibly a
"w0rm::2666:777:ADM Inet w0rm:/:/bin/sh" entry in your passwd file.
As far as I can tell, the worm is capable of detecting several well-known
vunerabilities. The logs the Russian company sent us, and the logs that the
worm itself kept, would seem to indicate it's scanning IMAP ports. It
also seems to be scanning POP, rsh/rlogin, telnet and FTP ports, finger,
gopher, etc...
Once it's into your system, the worm presumably begins to sc...
2002 Jul 19
0
[Bug 362] New: Loss of change password functionality
...Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: dirk.bockmann at customs.gov.au
Because of the reported root compromise vunerability we have upgraded our
Solaris servers to the latest current version of ssh. It all works fine
thanks, except the PAM interface with Solaris. The impact is that users can no
longer be notified that their password needs to be changed. Instead they are
locked out. I raised this issue w...
2010 Jun 10
0
No subject
...iscredited algorithm.
See http://tools.ietf.org/html/draft-turner-md4-to-historic-00.</font>
<br>
<br><font size=2 face="sans-serif">Creating secure hashing functions is
notoriously difficult. Several times algorithms previously thought secure
have been shown to be vunerable to certain attacks. MD5 has also been discovered
to be vunerable. See the article "MD5 considered harmful today"
at http://www.win.tue.nl/hashclash/rogue-ca.</font>
<br>
<br><font size=2 face="sans-serif">So the question is, does rsync need
a...
2006 Aug 23
2
Re: Double-clicking Windows .exe's (was "What apps work in Wine")
...to windows virii, so you should really stick to the standard.
On my Debian Sid system, I CAN double click. I did not do anything I recall to
enable this. I assume (maybe incorrectly) that binfmt package is what enables
this.
So how does one configure this correctly?
1. The above-mentioned virus vunerability--is this true. (RULE--never click on
anything in emails would apply in linux as well, even if proper
security/permissions would stop a virus).
2. Some .exe's should NOT run with WINE! .net programs should go through mono.
2006 Nov 06
1
pptp, ipsec and vpn
Hi All,
This is a general VPN question;
PPTP VPNs seem to be very easy to set up with CentOS as the VPN server
and the built-in windose client, but how do list members feel about the
security vunerabilities reported with the MS implementation?
Specifically the 6 problems reported here :
http://www.schneier.com/pptp-faq.html
or maybe im being paranoid?
Would any of you roll this solution out using the MS client for business
use?
I generally dont trust anything MS does, especially when secur...
2011 Mar 24
1
Workaround for CVE-2010-3933
...in/cvename.cgi?name=CVE-2010-3933
My application models: http://pastie.org/1709174
On my departments form, when user selects a health unit, I copy all health
unit attributes including address and street.
The parameters hash looks like this: http://pastie.org/1709217
But this was considered a vunerability issue, the CVE-2010-3933.
How I can do that on newer versions of rails? I need to set the address for
the new department but I should be able to edit this attributes (nested
form).
Suggestions?
--
You received this message because you are subscribed to the Google Groups "Ruby on...
1998 Feb 20
0
"not-so-dangerous symlink bugs" - a better look
Typical "[symbolic|hard] link bug" is a vunerability, which allows
user X to overwrite files owned by Y (with useless portion of junk)
when Y launchs buggy program. But this trivial (and often ignored)
attack method can be easily turned into a cute, powerful weapon. Here''s
an example how to perform advanced exploitation of gcc symlink...
2004 Aug 06
0
[PATCH] Configurable privileges and chroot jail
...############### Server Privileges ###################################
+# Some options to increase security of unattended servers.
+#
+# If the server is run automatically on boot, then the chances are it is
+# running as root. This is unnecessary, and a bad thing, because if there is a
+# security vunerability in the server, then an attacker can gain control of
+# your system. If the option "icecast_user" is set, then these privileges will
+# be dropped in favour of the user specified.
+#
+# If you set the "chroot_dir" option, then early in startup the icecast server
+# will c...
2006 May 07
1
Find records not in join with has_many_and_belongs_to
...topics_users.user_id = #{@user.id}",
:conditions => ["topics_users.topic_id is null"])
Is there a cleaner way of doing this? First of all, the biggest ugliness of
it is the fact that you have to embed the user.id in join string. It
doesn''t open up a SQL injection vunerability in this case, but it would be
nice to be able to do this:
@user = User.find(params[:id])
@topics = Topic.find(:all,
:joins => ["LEFT OUTER JOIN topics_users ON topics.id =
topics_users.topic_id "+
"AND topics_users.user_id = ?", @user.id],...
2005 May 06
0
Re: imap on Centos 4 -- UW IMAP 2004b for FC3/RHEL4
...mes with FC2+/RHEL4.
One of these days I'll break the client from the server portion in the SPEC
file, and host my own APT/YUM repository so it will work with APT/YUM and
not generate conflict. But until then, if anyone wants my version, let me
know.
I try to keep up with UW IMAP releases as vunerabilities are found.
The SPEC file only needs to be modified slightly on each new version.
--
Bryan J. Smith mailto:b.j.smith at ieee.org
2002 Jul 08
0
"Help with EVP_CipherInit"
Hello,
I am working on a bounds checking gcc(based on Richard Jones work)
with a low enough overhead that will make it acceptable in production code.
And i obtained openssh-3.2.2p1 with the view of testing the effectiveness
of my code detecting the recently reported vunerability,but my code fails
on with an error report of a use of memcpy with overlapping source and
destination regions. I have being able to narrow it down to a call to
EVP_CipherInit in cipher.c:224(function cipher_init).
I checked but couldn't find any man page of EVP_CipherInit.
I will apprecia...
2005 Nov 28
0
ports/89596 : PORT UPDATE: www/joomla 1.0.3 -> 1.0.4
Note: Joomla 1.0.4 Contains fixes for 6 Security Vunerabilities.
--
Sem.
2003 Jun 10
2
user can't member more than 15 group
Hello All !
why freebd user can't member more than 15 group ?
my system is FreeBSD 4.8-RC
I need that scripts running
from user "master" make some changes if files that owned by other users.
Shurely i can set UID of master to "0" but this increace vunerability
of system.
in /etc/group I add
user1:*:1001:master
...
user15:*:1015:master
--- all work Ok user master member of all user1-user15 groups
(this user "master" with ID!=0 , in server polisy reasons, must have
additional right for access to fises that belong
user1 - userXX, if 775...
1997 Feb 14
3
NLSPATH Stack Overwrite
Here are my preliminary tests:
5.2.18 is vulnerable (stock Redhat 3.0.3)
5.3.12 does not appear vulnerable (stock Redhat 4.0, I think)
Dave G.
<daveg@escape.com>
http://www.escape.com/~daveg
2003 Aug 20
1
ATA-186 locking: implausible unlock method
For those of you wanting to salvage your Cisco ATA-186 after
inadvertent locking, or after recovering your devices from a vendor
who has locked them, here is a rainy-day project for you:
http://www.sst.com/downloads/datasheet/S71077.pdf
The above document gives exact specifications on the 4mb flash EEPROM
that stores all program and configuration data on the ATA-186 (aka
Komodo.) If you
2003 Jun 30
9
Huh... 2.2.8 exploit?!
... By my mistake a 2.2.8a-1 running on RH8 was exposed to the Internet. It
was cracked in a matter of hours. I noticed it because they've deleted my
smbd. :-|
I'm ready to reinstall the machine, if there are any logs that anybody is
interested into please say it now.
1999 Nov 27
1
Re: Programming ...
...py or send a
> file to the wrong location. A race condition is called that due to the
> winner being the first one to win the "race." Basically, if your program
> checks permissions and then decides to do something with the information
> it gathered, then does it, it will be vunerable to a race.
A fairly crude way of checking for this is at
http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz
Better to think about how you write the code though.
> To handle this, you must put in a lot of thought. Generally, a file
> operation is a serial resource that...