search for: vuner

I made a list of /usr/bin scripts which allows /tmp races. Following ones creates /tmp/something.$$, then, with no permission/ownership checking, /tmp/something.$$.x (x may vary ;), or even performs suitable checks, but gives enough time to alter /tmp contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp, gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,

CentOS-6.5 Apache httpd-2.2.15 We have a webdav folder accessible only by https. In conformance with the advisory we removed SSLv3 from the SSLProtocol directive of the Apache server on that webdav host, so that it now looks like this: SSLProtocol +TLSv1 Now I cannot connect to the webdav service from my gnome desktop. When I open the webdav folder I get a window with the following error

Hi, From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other

...Other infection symptoms include a ".w0rm0r/" subdir and suid root copy of /bin/sh named ".w0rm" in /tmp, and possibly a "w0rm::2666:777:ADM Inet w0rm:/:/bin/sh" entry in your passwd file. As far as I can tell, the worm is capable of detecting several well-known vunerabilities. The logs the Russian company sent us, and the logs that the worm itself kept, would seem to indicate it's scanning IMAP ports. It also seems to be scanning POP, rsh/rlogin, telnet and FTP ports, finger, gopher, etc... Once it's into your system, the worm presumably begins to sc...

...Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: dirk.bockmann at customs.gov.au Because of the reported root compromise vunerability we have upgraded our Solaris servers to the latest current version of ssh. It all works fine thanks, except the PAM interface with Solaris. The impact is that users can no longer be notified that their password needs to be changed. Instead they are locked out. I raised this issue w...

...iscredited algorithm. See http://tools.ietf.org/html/draft-turner-md4-to-historic-00.</font> <br> <br><font size=2 face="sans-serif">Creating secure hashing functions is notoriously difficult. Several times algorithms previously thought secure have been shown to be vunerable to certain attacks. MD5 has also been discovered to be vunerable. See the article &quot;MD5 considered harmful today&quot; at http://www.win.tue.nl/hashclash/rogue-ca.</font> <br> <br><font size=2 face="sans-serif">So the question is, does rsync need a...

...to windows virii, so you should really stick to the standard. On my Debian Sid system, I CAN double click. I did not do anything I recall to enable this. I assume (maybe incorrectly) that binfmt package is what enables this. So how does one configure this correctly? 1. The above-mentioned virus vunerability--is this true. (RULE--never click on anything in emails would apply in linux as well, even if proper security/permissions would stop a virus). 2. Some .exe's should NOT run with WINE! .net programs should go through mono.

Hi All, This is a general VPN question; PPTP VPNs seem to be very easy to set up with CentOS as the VPN server and the built-in windose client, but how do list members feel about the security vunerabilities reported with the MS implementation? Specifically the 6 problems reported here : http://www.schneier.com/pptp-faq.html or maybe im being paranoid? Would any of you roll this solution out using the MS client for business use? I generally dont trust anything MS does, especially when secur...

...in/cvename.cgi?name=CVE-2010-3933 My application models: http://pastie.org/1709174 On my departments form, when user selects a health unit, I copy all health unit attributes including address and street. The parameters hash looks like this: http://pastie.org/1709217 But this was considered a vunerability issue, the CVE-2010-3933. How I can do that on newer versions of rails? I need to set the address for the new department but I should be able to edit this attributes (nested form). Suggestions? -- You received this message because you are subscribed to the Google Groups "Ruby on...

Typical "[symbolic|hard] link bug" is a vunerability, which allows user X to overwrite files owned by Y (with useless portion of junk) when Y launchs buggy program. But this trivial (and often ignored) attack method can be easily turned into a cute, powerful weapon. Here''s an example how to perform advanced exploitation of gcc symlink...

...############### Server Privileges ################################### +# Some options to increase security of unattended servers. +# +# If the server is run automatically on boot, then the chances are it is +# running as root. This is unnecessary, and a bad thing, because if there is a +# security vunerability in the server, then an attacker can gain control of +# your system. If the option "icecast_user" is set, then these privileges will +# be dropped in favour of the user specified. +# +# If you set the "chroot_dir" option, then early in startup the icecast server +# will c...

...topics_users.user_id = #{@user.id}", :conditions => ["topics_users.topic_id is null"]) Is there a cleaner way of doing this? First of all, the biggest ugliness of it is the fact that you have to embed the user.id in join string. It doesn''t open up a SQL injection vunerability in this case, but it would be nice to be able to do this: @user = User.find(params[:id]) @topics = Topic.find(:all, :joins => ["LEFT OUTER JOIN topics_users ON topics.id = topics_users.topic_id "+ "AND topics_users.user_id = ?", @user.id],...

...mes with FC2+/RHEL4. One of these days I'll break the client from the server portion in the SPEC file, and host my own APT/YUM repository so it will work with APT/YUM and not generate conflict. But until then, if anyone wants my version, let me know. I try to keep up with UW IMAP releases as vunerabilities are found. The SPEC file only needs to be modified slightly on each new version. -- Bryan J. Smith mailto:b.j.smith at ieee.org

Hello, I am working on a bounds checking gcc(based on Richard Jones work) with a low enough overhead that will make it acceptable in production code. And i obtained openssh-3.2.2p1 with the view of testing the effectiveness of my code detecting the recently reported vunerability,but my code fails on with an error report of a use of memcpy with overlapping source and destination regions. I have being able to narrow it down to a call to EVP_CipherInit in cipher.c:224(function cipher_init). I checked but couldn't find any man page of EVP_CipherInit. I will apprecia...

Note: Joomla 1.0.4 Contains fixes for 6 Security Vunerabilities. -- Sem.

Hello All ! why freebd user can't member more than 15 group ? my system is FreeBSD 4.8-RC I need that scripts running from user "master" make some changes if files that owned by other users. Shurely i can set UID of master to "0" but this increace vunerability of system. in /etc/group I add user1:*:1001:master ... user15:*:1015:master --- all work Ok user master member of all user1-user15 groups (this user "master" with ID!=0 , in server polisy reasons, must have additional right for access to fises that belong user1 - userXX, if 775...

Here are my preliminary tests: 5.2.18 is vulnerable (stock Redhat 3.0.3) 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think) Dave G. <daveg@escape.com> http://www.escape.com/~daveg

For those of you wanting to salvage your Cisco ATA-186 after inadvertent locking, or after recovering your devices from a vendor who has locked them, here is a rainy-day project for you: http://www.sst.com/downloads/datasheet/S71077.pdf The above document gives exact specifications on the 4mb flash EEPROM that stores all program and configuration data on the ATA-186 (aka Komodo.) If you

... By my mistake a 2.2.8a-1 running on RH8 was exposed to the Internet. It was cracked in a matter of hours. I noticed it because they've deleted my smbd. :-| I'm ready to reinstall the machine, if there are any logs that anybody is interested into please say it now.

...py or send a > file to the wrong location. A race condition is called that due to the > winner being the first one to win the "race." Basically, if your program > checks permissions and then decides to do something with the information > it gathered, then does it, it will be vunerable to a race. A fairly crude way of checking for this is at http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz Better to think about how you write the code though. > To handle this, you must put in a lot of thought. Generally, a file > operation is a serial resource that...