search for: vunerable

Displaying 20 results from an estimated 24 matches for "vunerable".

Did you mean: vulnerable
1998 Mar 14
1
Vunerable shell scripts
I made a list of /usr/bin scripts which allows /tmp races. Following ones creates /tmp/something.$$, then, with no permission/ownership checking, /tmp/something.$$.x (x may vary ;), or even performs suitable checks, but gives enough time to alter /tmp contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp, gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,
2014 Oct 15
0
SSLv3 vunerability and Nautilus
CentOS-6.5 Apache httpd-2.2.15 We have a webdav folder accessible only by https. In conformance with the advisory we removed SSLv3 from the SSLProtocol directive of the Apache server on that webdav host, so that it now looks like this: SSLProtocol +TLSv1 Now I cannot connect to the webdav service from my gnome desktop. When I open the webdav folder I get a window with the following error
2010 Aug 04
1
Optimising the Rsync algorithm for speed by reverting to MD4 hashing
Hi, From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other
1999 Mar 26
3
*ALERT*: ADM Worm. Worm for Linux x86 found in wild.
...ogs the Russian company sent us, and the logs that the worm itself kept, would seem to indicate it's scanning IMAP ports. It also seems to be scanning POP, rsh/rlogin, telnet and FTP ports, finger, gopher, etc... Once it's into your system, the worm presumably begins to scan and look for vunerable machines again. How it picks the IP addresses to scan is not presently known to me. Presumably, the "gimmieip" binary takes care of that. Someone with more time can dissect it and post the results. Here is a file I found on the infected machine called "/tmp/outro" - it appear...
2002 Jul 19
0
[Bug 362] New: Loss of change password functionality
...vsep architecture which has been designed is not compatible with PAM, and is outside the scope of how PAM is normally used. ie: It breaks the PAM standard. An alternative is to upgrade to Solaris 9 which ships with SunSSH (a product based on OpenSSH which does not have privsep and by default is not vunerable to the security exploit which privsep resolves). Also, for your reference if there is any feature in OpenSSH 3.3 or newer which does not exist in SunSSH you can log a request for enhancement for the new feature to be included in future releases. Let me know if you require any further information/a...
2010 Jun 10
0
No subject
...iscredited algorithm. See http://tools.ietf.org/html/draft-turner-md4-to-historic-00.</font> <br> <br><font size=2 face="sans-serif">Creating secure hashing functions is notoriously difficult. Several times algorithms previously thought secure have been shown to be vunerable to certain attacks. MD5 has also been discovered to be vunerable. See the article &quot;MD5 considered harmful today&quot; at http://www.win.tue.nl/hashclash/rogue-ca.</font> <br> <br><font size=2 face="sans-serif">So the question is, does rsync need a hash...
2006 Aug 23
2
Re: Double-clicking Windows .exe's (was "What apps work in Wine")
On Wednesday 23 August 2006 07:25, wine-users-request@winehq.org wrote: > you can't double click an exe, you have > to run it with wine, ie "wine game.exe". there is a way to make it so that > you can double click exe files, but that way makes your system vulnerable > to windows virii, so you should really stick to the standard. On my Debian Sid system, I CAN double
2006 Nov 06
1
pptp, ipsec and vpn
Hi All, This is a general VPN question; PPTP VPNs seem to be very easy to set up with CentOS as the VPN server and the built-in windose client, but how do list members feel about the security vunerabilities reported with the MS implementation? Specifically the 6 problems reported here : http://www.schneier.com/pptp-faq.html or maybe im being paranoid? Would any of you roll this solution out
2011 Mar 24
1
Workaround for CVE-2010-3933
Hi, First look this vulnerability issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933 My application models: http://pastie.org/1709174 On my departments form, when user selects a health unit, I copy all health unit attributes including address and street. The parameters hash looks like this: http://pastie.org/1709217 But this was considered a vunerability issue, the
1998 Feb 20
0
"not-so-dangerous symlink bugs" - a better look
...g VIRUS, which infects every file which is beign compiled. How to protect yourself? In this case, it''s quite simple, this problem has been already discussed on BUGTRAQ. But that''s just an well-known example of ''not-so-interesting symlink bug''. Almost any symlink-vunerable program, which stores any data (even PIDs) in their temporary files, may be exploited in that way (eg. not so easy to fix gzexe problem). _______________________________________________________________________ Michał Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl] Iterować jest rz...
2004 Aug 06
0
[PATCH] Configurable privileges and chroot jail
Hi, This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot
2006 May 07
1
Find records not in join with has_many_and_belongs_to
I have a User and Topic model. A user subscribes to a topic, so there is a many-to-many relationship between User and Topic. So my User model object is using has_many_and_belongs_to :topics and vice versa. I want to find all the topics that a user has *not* subscribed to. This is what I''ve got: @user = User.find(params[:id]) @topics = Topic.find(:all, :conditions =>
2005 May 06
0
Re: imap on Centos 4 -- UW IMAP 2004b for FC3/RHEL4
From: Matt Hyclak <hyclak at math.ohiou.edu> > Actually, the more direct replacement would be Dovecot. > Cyrus can be complicated to set up and get running. I actually modified the old UW IMAP 2002 SPEC file from RHL9/FC1, and modified a few config files, to support UW IMAP 2004b. I made one with both RFC3501 (no text passwords over SSL) and non-RFC3501 (legacy, text passwords
2002 Jul 08
0
"Help with EVP_CipherInit"
Hello, I am working on a bounds checking gcc(based on Richard Jones work) with a low enough overhead that will make it acceptable in production code. And i obtained openssh-3.2.2p1 with the view of testing the effectiveness of my code detecting the recently reported vunerability,but my code fails on with an error report of a use of memcpy with overlapping source and destination regions. I have
2005 Nov 28
0
ports/89596 : PORT UPDATE: www/joomla 1.0.3 -> 1.0.4
Note: Joomla 1.0.4 Contains fixes for 6 Security Vunerabilities. -- Sem.
2003 Jun 10
2
user can't member more than 15 group
Hello All ! why freebd user can't member more than 15 group ? my system is FreeBSD 4.8-RC I need that scripts running from user "master" make some changes if files that owned by other users. Shurely i can set UID of master to "0" but this increace vunerability of system. in /etc/group I add user1:*:1001:master ... user15:*:1015:master --- all work Ok user master member
1997 Feb 14
3
NLSPATH Stack Overwrite
Here are my preliminary tests: 5.2.18 is vulnerable (stock Redhat 3.0.3) 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think) Dave G. <daveg@escape.com> http://www.escape.com/~daveg
2003 Aug 20
1
ATA-186 locking: implausible unlock method
For those of you wanting to salvage your Cisco ATA-186 after inadvertent locking, or after recovering your devices from a vendor who has locked them, here is a rainy-day project for you: http://www.sst.com/downloads/datasheet/S71077.pdf The above document gives exact specifications on the 4mb flash EEPROM that stores all program and configuration data on the ATA-186 (aka Komodo.) If you
2003 Jun 30
9
Huh... 2.2.8 exploit?!
... By my mistake a 2.2.8a-1 running on RH8 was exposed to the Internet. It was cracked in a matter of hours. I noticed it because they've deleted my smbd. :-| I'm ready to reinstall the machine, if there are any logs that anybody is interested into please say it now.
1999 Nov 27
1
Re: Programming ...
...py or send a > file to the wrong location. A race condition is called that due to the > winner being the first one to win the "race." Basically, if your program > checks permissions and then decides to do something with the information > it gathered, then does it, it will be vunerable to a race. A fairly crude way of checking for this is at http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz Better to think about how you write the code though. > To handle this, you must put in a lot of thought. Generally, a file > operation is a serial resource that is...