Displaying 20 results from an estimated 24 matches for "vunerabilities".
Did you mean:
vulnerabilities
1998 Mar 14
1
Vunerable shell scripts
I made a list of /usr/bin scripts which allows /tmp races. Following
ones creates /tmp/something.$$, then, with no
permission/ownership checking, /tmp/something.$$.x (x may vary
;), or even performs suitable checks, but gives enough time to alter /tmp
contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp,
gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,
2014 Oct 15
0
SSLv3 vunerability and Nautilus
CentOS-6.5
Apache httpd-2.2.15
We have a webdav folder accessible only by https. In conformance with the
advisory we removed SSLv3 from the SSLProtocol directive of the Apache server
on that webdav host, so that it now looks like this:
SSLProtocol +TLSv1
Now I cannot connect to the webdav service from my gnome desktop. When I open
the webdav folder I get a window with the following error
2010 Aug 04
1
Optimising the Rsync algorithm for speed by reverting to MD4 hashing
Hi,
From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other
1999 Mar 26
3
*ALERT*: ADM Worm. Worm for Linux x86 found in wild.
...Other infection symptoms include a ".w0rm0r/" subdir and suid root copy
of /bin/sh named ".w0rm" in /tmp, and possibly a
"w0rm::2666:777:ADM Inet w0rm:/:/bin/sh" entry in your passwd file.
As far as I can tell, the worm is capable of detecting several well-known
vunerabilities. The logs the Russian company sent us, and the logs that the
worm itself kept, would seem to indicate it's scanning IMAP ports. It
also seems to be scanning POP, rsh/rlogin, telnet and FTP ports, finger,
gopher, etc...
Once it's into your system, the worm presumably begins to scan and lo...
2002 Jul 19
0
[Bug 362] New: Loss of change password functionality
http://bugzilla.mindrot.org/show_bug.cgi?id=362
Summary: Loss of change password functionality
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
2010 Jun 10
0
No subject
from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS).
My understanding is that MD5 is a more secure, slower version of MD4 but I
am not convinced that the added security of MD5 would alone have merited
the change from MD4 (particularly since MD4 is ~30% faster than MD5). I
wonder if I am missing other reasons which made the change
necessary/desirable?
I am looking at ways
2006 Aug 23
2
Re: Double-clicking Windows .exe's (was "What apps work in Wine")
On Wednesday 23 August 2006 07:25, wine-users-request@winehq.org wrote:
> you can't double click an exe, you have
> to run it with wine, ie "wine game.exe". there is a way to make it so that
> you can double click exe files, but that way makes your system vulnerable
> to windows virii, so you should really stick to the standard.
On my Debian Sid system, I CAN double
2006 Nov 06
1
pptp, ipsec and vpn
Hi All,
This is a general VPN question;
PPTP VPNs seem to be very easy to set up with CentOS as the VPN server
and the built-in windose client, but how do list members feel about the
security vunerabilities reported with the MS implementation?
Specifically the 6 problems reported here :
http://www.schneier.com/pptp-faq.html
or maybe im being paranoid?
Would any of you roll this solution out using the MS client for business
use?
I generally dont trust anything MS does, especially when security is
c...
2011 Mar 24
1
Workaround for CVE-2010-3933
Hi,
First look this vulnerability issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933
My application models: http://pastie.org/1709174
On my departments form, when user selects a health unit, I copy all health
unit attributes including address and street.
The parameters hash looks like this: http://pastie.org/1709217
But this was considered a vunerability issue, the
1998 Feb 20
0
"not-so-dangerous symlink bugs" - a better look
Typical "[symbolic|hard] link bug" is a vunerability, which allows
user X to overwrite files owned by Y (with useless portion of junk)
when Y launchs buggy program. But this trivial (and often ignored)
attack method can be easily turned into a cute, powerful weapon. Here''s
an example how to perform advanced exploitation of gcc symlink bug (I
choosen that one, because this
2004 Aug 06
0
[PATCH] Configurable privileges and chroot jail
Hi,
This patch (against the current CVS tree) is intended to add secure
configuration to icecast 'out of the box'. It adds two configuration
directives, 'icecast_user' and 'chroot_dir'. These are intended to be
used together to reduce the privileges icecast runs under to the
minimum necessary. When this is enabled and run as root icecast will
enter the specified chroot
2006 May 07
1
Find records not in join with has_many_and_belongs_to
I have a User and Topic model. A user subscribes to a topic, so there is a
many-to-many relationship between User and Topic. So my User model object
is using has_many_and_belongs_to :topics and vice versa. I want to find all
the topics that a user has *not* subscribed to. This is what I''ve got:
@user = User.find(params[:id])
@topics = Topic.find(:all,
:conditions =>
2005 May 06
0
Re: imap on Centos 4 -- UW IMAP 2004b for FC3/RHEL4
...mes with FC2+/RHEL4.
One of these days I'll break the client from the server portion in the SPEC
file, and host my own APT/YUM repository so it will work with APT/YUM and
not generate conflict. But until then, if anyone wants my version, let me
know.
I try to keep up with UW IMAP releases as vunerabilities are found.
The SPEC file only needs to be modified slightly on each new version.
--
Bryan J. Smith mailto:b.j.smith at ieee.org
2002 Jul 08
0
"Help with EVP_CipherInit"
Hello,
I am working on a bounds checking gcc(based on Richard Jones work)
with a low enough overhead that will make it acceptable in production code.
And i obtained openssh-3.2.2p1 with the view of testing the effectiveness
of my code detecting the recently reported vunerability,but my code fails
on with an error report of a use of memcpy with overlapping source and
destination regions. I have
2005 Nov 28
0
ports/89596 : PORT UPDATE: www/joomla 1.0.3 -> 1.0.4
Note: Joomla 1.0.4 Contains fixes for 6 Security Vunerabilities.
--
Sem.
2003 Jun 10
2
user can't member more than 15 group
Hello All !
why freebd user can't member more than 15 group ?
my system is FreeBSD 4.8-RC
I need that scripts running
from user "master" make some changes if files that owned by other users.
Shurely i can set UID of master to "0" but this increace vunerability
of system.
in /etc/group I add
user1:*:1001:master
...
user15:*:1015:master
--- all work Ok user master member
1997 Feb 14
3
NLSPATH Stack Overwrite
Here are my preliminary tests:
5.2.18 is vulnerable (stock Redhat 3.0.3)
5.3.12 does not appear vulnerable (stock Redhat 4.0, I think)
Dave G.
<daveg@escape.com>
http://www.escape.com/~daveg
2003 Aug 20
1
ATA-186 locking: implausible unlock method
For those of you wanting to salvage your Cisco ATA-186 after
inadvertent locking, or after recovering your devices from a vendor
who has locked them, here is a rainy-day project for you:
http://www.sst.com/downloads/datasheet/S71077.pdf
The above document gives exact specifications on the 4mb flash EEPROM
that stores all program and configuration data on the ATA-186 (aka
Komodo.) If you
2003 Jun 30
9
Huh... 2.2.8 exploit?!
... By my mistake a 2.2.8a-1 running on RH8 was exposed to the Internet. It
was cracked in a matter of hours. I noticed it because they've deleted my
smbd. :-|
I'm ready to reinstall the machine, if there are any logs that anybody is
interested into please say it now.
1999 Nov 27
1
Re: Programming ...
From: Wade Maxfield <maxfield@ctelcom.net>
> Many thanks to the moderator who pointed out errors and suggested the
> correct information on this post. Over half the ideas are due to him. ;)
> 1. Programs put data in local variables in functions. These variables
> are on the computer stack. Feeding data to those variables (usually
> string variables) causes the