Displaying 20 results from an estimated 29 matches for "yuriev".
1997 Mar 24
1
More sendmail problems... Partition your disks!
...id,noexec,nodev)
/opt (nosuid,nodev,ro)
/services (nosuid,noexec,nodev)
/home (nosuid,nodev)
Alex
------- Forwarded Message
Return-Path: owner-bugtraq@netspace.org
Reply-To: C0WZ1LL4@netspace.org
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: C0WZ1LL4@netspace.org
Approved: alex@yuriev.com
To: BUGTRAQ@netspace.org
Hello fellow mongoloids
Try this:
Make hard link of /etc/passwd to /var/tmp/dead.letter
Telnet to port 25, send mail from some bad email address to some unreacheable hoost.
Watch your message get appended to passwd.
ie:
cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh
This is...
1997 Sep 18
0
[MOD] About "Security concern"
...derful things. Links to
archives of this list as well as information about LSF updates is available
under http://www.aoy.com/Linux/Security/
[Moderator''s hat off]
Best wishes,
Alex
-----------------------------------------------------------------------------
Alex "Mr. Worf" Yuriev Nationwide ISP Bandwidth: [www.netaxs.net ]
Net Access Outsourced News Reading: [www.newsread.com ]
alex@{netaxs.com|yuriev.com} Outsourced Shell Accounts: [shellaccounts.com]
RIP is irrelevant. Spoofing is futile. Your routes will be aggregated.
--------------...
1997 Jul 31
0
Re: Attack feeling ??
...semble packet from fragments first and only after that apply firewalling
rulesets. Unless you have a really good reason not to do this ( and I am yet
to hear one ), it should be set t yes.
Alex
-----------------------------------------------------------------------------
Alex "Mr. Worf" Yuriev Nationwide ISP Bandwidth: [www.netaxs.net ]
Net Access Outsourced News Reading: [www.newsread.com ]
alex@{netaxs.com|yuriev.com} Outsourced Shell Accounts: [shellaccounts.com]
RIP is irrelevant. Spoofing is futile. Your routes will be aggregated.
--------------...
1997 Feb 24
0
ADMIN: Change of address
-----BEGIN PGP SIGNED MESSAGE-----
As I am sure you noticed from my messages to linux-{security|alert}, I have
changed my primary email address from alex@bach.cis.temple.edu to
alex@yuriev.com. Linux Security WWW will be moved from bach.cis.temple.edu
in the nearest future and while I will continue to mirror pages to make them
accessible at http://bach.cis.temple.edu/linux/linux-security/, please start
using the master URL ( which probably will be on one of a systems at my
apartment...
1998 Apr 11
0
Linux libc5.4.33 dumbness w/ mk[s]temp()
...39;'t ever do anything that you can''t later justify with "It seemed like a
good idea at the time."
-- Greg''s Bible
From mail@mail.redhat.com Apr 02:04:14 1998 (EDT) -0400
Received: (qmail 12662 invoked from network); 14 Apr 1998 06:03:36 -0000
Received: from ding.yuriev.com (HELO ding.mailhub.com) (207.106.66.2)
by mail2.redhat.com with SMTP; 14 Apr 1998 06:03:36 -0000
Received: (from alex@localhost)
by ding.mailhub.com (8.8.7/8.8.5) id CAA10819;
Tue, 14 Apr 1998 02:04:14 -0400 (EDT)
Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247])
by ding....
1997 May 29
1
Vulnerability of suid/sgid programs using libXt
-----BEGIN PGP SIGNED MESSAGE-----
Buffer overflow in the resource handling code of the libXt (X11R6)
Thu May 29, 1997
Distribution of this document is unlimited
Copyright (C) Alexander O. Yuriev (alex@yuriev.com)
Net Access
Abstract
A buffer overflow was found in the resource handling section of the X11
system (libXt). As this is a problem with libXt iself, every program
using libXt is affected, including core programs such as xterm and...
1997 Dec 05
3
New Program: Abacus Sentry - Port Scan Detector
Hello,
I just made available a beta version of a port scan detector that I''ve
been working on. The program, called Abacus Sentry, is a port scan/probe
detector that offers what I think are a number of unique and useful
features:
- Runs on TCP or UDP sockets. Configurable by the user to bind to
multiples of sockets for increased detection coverage.
- Adjustable scan detection value with
1998 May 09
4
Apparent SNMP remote-root vulnerability.
...an idiot for
posting this, but it should still not be possible to open up a system to
remote root access simply by installing a standard RPM.
--
Dan
From mail@mail.redhat.com May 14:14:44 1998 (EDT) -0400
Received: (qmail 6450 invoked from network); 10 May 1998 18:13:41 -0000
Received: from ding.yuriev.com (HELO ding.mailhub.com) (207.106.66.2)
by mail2.redhat.com with SMTP; 10 May 1998 18:13:41 -0000
Received: (from alex@localhost)
by ding.mailhub.com (8.8.7/8.8.5) id OAA19497;
Sun, 10 May 1998 14:14:44 -0400 (EDT)
Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247])
by ding....
1996 Nov 22
0
LSF Update#14: Vulnerability of the lpr program.
-----BEGIN PGP SIGNED MESSAGE-----
$Id: lpr-vulnerability-0.6-linux,v 1.1 1996/11/22 21:42:46 alex Exp $
Linux Security FAQ Update
lpr Vulnerability
Thu Nov 21 22:24:12 EST 1996
Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
TEMPLE UNIVERSITY
U.S.A.
=============================================================================
This is an official Update of the Linux Security FAQ, a...
1999 Jun 07
2
RedHat 6.0, /dev/pts permissions bug when using xterm (fwd)
[Mod: forwarded from BUGTRAQ -- alex]
---------- Forwarded message ----------
Date: Sun, 6 Jun 1999 19:15:05 +0000
From: noc-wage <wage@IDIRECT.CA>
To: BUGTRAQ@NETSPACE.ORG
Subject: RedHat 6.0, /dev/pts permissions bug when using xterm
Once again I''ve come up with another trivial Denial of Service flaw,
(wow,
I seem to be good at this Conseal Firewall, +++ath0, ppp byte-stuffing)
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl...
1997 May 26
1
FYI: Possible information disclosure in cfingerd.
...RG
Message-ID: <199705240145.WAA11413@morcego.linkway.com.br>
Date: Fri, 23 May 1997 22:45:04 -0300
Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR>
Approved: alex@yuriev.com
Subject: cfingerd vulnerability
To: BUGTRAQ@NETSPACE.ORG
Hello,
i don''t know if it has been noticed before, but cfingerd installs,
by default, a search service. You can use it as:
finger search.username@host
Thats ok, but you can use keymasks. And if you do:
finger sea...
1997 Mar 23
0
ADMIN: undeliverable email
...s that return "host unknown" and similiar will be placed
into removal queue for 1 week from which they would be removed upon
successful delivery. Otherwise, if after 1 week the error does not go away,
the address will be unsubscribed.
Please send your comments about this proposal to alex@yuriev.com
Best wishes,
Alex
1997 Mar 24
0
Re: [linux-alert] More sendmail problems... Partition your disks!
[Mod: redirected to linux-security --alex]
On Mon, 24 Mar 1997, Alexander O. Yuriev wrote:
>This is yet-another reason to _partition_ your disks. Of course hard links
>do not work accross filesystems. Even thought it is a pain in the neck to do
>when installing your operating system, think about separating critical
>system files from non-critical and non-system files f...
1996 Nov 18
0
New moderator, linux-alert lists'' consolidation.
...o copies of linux-alert postings in the
future then it''s quite likely because you were subscribed to both
linux-alert and linux-alert-digest with slightly different e-mail
addresses. You should probably unsubscribe one of the two addresses if
the duplicate messages annoy you.
Also: Alex Yuriev <alex@bach.cis.temple.edu> has now officially replaced
me as Rogier Wolff''s co-moderator for both linux-security and
linux-alert. As many of you no doubt know, Alex has been very active on
the Linux security lists since their creation. He has also been the
author of the numerous &q...
1997 Mar 06
1
SuperProbe and others
Hi,
Recently once again an exploit for SuperProbe was posted to the
bugtraq. That message was forwarded to linux-security and Rogier Wolff
rejected it on the basis of the author of the SuperProbe (David Wexelblatt)
comment that it was never intended to be suid.
In general, there is absolutely no reason for programs that are
supposed to be run only by root to be suid to root!
If your
1996 Nov 25
0
LSF Update#14 v1.2 "lpr vulnerability"
-----BEGIN PGP SIGNED MESSAGE-----
$Id: lpr-vulnerability-0.6-linux,v 1.2 1996/11/25 22:39:20 alex Exp $
Linux Security FAQ Update
lpr Vulnerability
Mon Nov 25 16:56:59 EST 1996
Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
TEMPLE UNIVERSITY
U.S.A.
=============================================================================
This is an official Update of the Linux Security FAQ, a...
1997 Sep 16
0
Re: Re: Security Concern..
In message <199709161652.MAA31468@ding.mailhub.com>, "Alexander O. Yuriev" writ
es:
>
> [Mod: This message is a reason *why* linux-security is moderated list. This
> is also a reason why Rogier, myself, Alan Cox and others really do not want
> to have completely open lists that deal with security related aspects of
> running a system as way too many p...
1999 Jun 04
0
Forw: 2.2.x kernel vulnerability
...for <linux-security@redhat.com>; Mon, 7 Jun 1999 15:43:12 -0400
Received: (qmail 9480 invoked by uid 500); 7 Jun 1999 19:32:17 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
by localhost with SMTP; 7 Jun 1999 19:32:17 -0000
Date: Mon, 7 Jun 1999 15:32:17 -0400 (EDT)
From: <alex@yuriev.com>
X-Sender: alex@cathy.uuworld.com
To: linux-security@redhat.com
Subject: RedHat 6.0, /dev/pts permissions bug when using xterm (fwd)
Message-ID: <Pine.LNX.3.96.990607153153.9294D-100000@cathy.uuworld.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-moderate: yes
[M...
2010 Apr 16
2
[RFC] btrfs, udev and btrfs
Hi all,
below a configuration for udev/initramfs which I propose to scan the block
devices looking for a multi-volume btrfs filesystem.
Btrfs has the capability to span a file-system on multiple device. In order to
do that, the involved devices have to be "registered" in the kernel.
In order to do that there are two options:
# btrfs device scan <device> (or the old