Displaying 20 results from an estimated 200 matches similar to: "Potentially insecure format string handling in PAM support"
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2000 Sep 05
3
[2.2.0p1] patch: generic detection of correct getpgrp() invocation
Hi.
Several OSes have a getpgrp() function that takes an argument, unlike
what POSIX mandates. NeXT was covered, but SunOS wasn't. This
provides a generic solution through autoconf.
Charles
========================================================================
--- configure.in.orig-2.2.0p1 Wed Aug 30 18:20:05 2000
+++ configure.in Tue Sep 5 10:48:20 2000
@@ -284,6 +284,8 @@
)
fi
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
This patch allows the OpenSSH client to make connections over SCTP,
and allows the OpenSSH server to listen for connections over SCTP.
SCTP is a robust transport-layer protocol which supports, amongst other things,
the changing of endpoint IPs without breaking the connection.
To connect via SCTP, pass -H or set "ConnectViaSCTP yes".
To listen via SCTP as well as TCP, set
2002 Jun 25
1
use libcrypt before libcrypto
these days many unix-based systems contain crypt() with more than
DES support (for instance, MD5 in freebsd/openbsd/netbsd, bcrypt in
openbsd/netbsd). we need to use crypt() in libcrypt, not in licrypto,
as much as possible.
itojun
--- configure.ac.orig Tue Jun 25 10:56:47 2002
+++ configure.ac Tue Jun 25 10:57:25 2002
@@ -697,6 +702,9 @@
)
fi
+# use libcrypt if there is
2007 Mar 24
0
configure/makefile cleanup: remove LIBSELINUX, LIBWRAP and LIBPAM
Hi all.
Now that we have SSHDLIBS for the libraries required by sshd only, it's
possible to remove some of the single-purpose variables from Makefile.
If this is worth doing, the next step would probably be to move the
OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't
need to be linked with libcrypto.
Index: Makefile.in
2023 Jun 17
2
[PATCH] ssh-agent: add systemd socket-based activation
This adds support for systemd socket-based activation in the ssh-agent.
When using socket activation, the -a flag value must match the socket
path provided by systemd, as a sanity check. Support for this feature is
enabled by the --with-systemd configure flag.
---
Something tells me upstream would not be interested in this patch, but
as it may be useful on linux, I'm submitting it here.
2002 Jul 01
3
patch: readline support for sftp
Hello,
I hope this is the right place to post this.
I added readline support to the sftp client. It adds optional
--with-readline parameter for configure to enable this feature. You'll
of course need to re-run autoheader and autoconf after applying this
patch.
It's patched against 3.4p1 but should work with any recent openssh. It
works fine for me (GNU/Linux) - feel free to test it and
1998 Oct 21
0
Insecure /tmp handling in isdnlog
The isdnlog program (provided by isdn4k-utils.tar.gz) creates a
root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and
no checking for symbolic links is done. The file is opened append only,
a user can make a symbolic from /tmp/isdnctrl to any file and mess
things up.
example: ln -s /var/spool/mail/root /tmp/isdnctrl
-- dentoir
Fart Foundation
Security through immaturity
2008 Dec 15
0
insecure: can't modify hash
A weird problem occurs (only on the prod server, not locally), when i
try to register a new user with restful_authentication.
Once in a while, i get the following error when trying to sign up as a
new user:
Insecure: can''t modify hash
usr/lib/ruby/gems/1.8/gems/activerecord-2.2.2/lib/active_record/attribute_methods.rb:309:in
`delete''
2007 Oct 23
0
Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss
Package: xen-utils-3.0.3-1
Version: 3.0.3-0-3
Severity: grave
Tags: security
Justification: user security hole
Xen versions 3.x, and 3.1 contain a tool for processing Xen trace
buffer information.
This tool uses the static file /tmp/xenq-shm insecurely allowing
a local user to truncate any local file when xenbaked or xenmon.py
are invoked by root.
Sample session:
# setup.
skx
2013 Oct 17
0
ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket
This issue has been assigned CVE-2013-4419.
https://bugzilla.redhat.com/show_bug.cgi?id=1016960
(Note this bug is private, but will be made public shortly)
----------------------------------------------------------------------
When using the guestfish --remote or guestfish --listen options,
guestfish would create a socket in a known location
(/tmp/.guestfish-$UID/socket-$PID).
The location has
2005 Aug 26
1
realtime sip channel configuration -> insecure option
Hi all
I'm trying to figure out what values are valid for the "insecure" option in a
realtime configuration table. The table field is 4 chars long and the actual
valid values for this is longer. Can I modify the field length or has this
changed? Below is where I looked, if I'm not looking in the right place
please let me know.
the field on the table is:
...
`insecure`
2007 Feb 23
1
default "insecure" setting
Hello, everyone.
I'm having a small problem when using asterisk with GUI. For every
provider I create I have to set "insecure=invite,port" in users.conf. Is
there a way to make it a default setting?
Thanks in advance.
2009 Apr 18
1
Insecure=
Who knows who decided to put insecure as the name for that option ?
Not only does it confuse noobs, it really has nothing to do with security,
as iirc its to accept calls from a device regg'ed or authed even if on diff
ports, and for the invite..
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2017 Nov 02
2
pjsip insecure=port,invite
Hello!
Looks like faq, but...
Could you , please, point me on how to convert this
[cisco]
type=friend
host=192.168.22.253
insecure=port,invite
to pjsip?
as you can see another side is very old cisco router, so I can't change
anything there.
I don't see any examples here
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Over the next month I have to setup a new network in a local school, and
> I wonder if I should use NIS/NFS. I still have my own documentation,
> it's simple and somewhat bone-headed to setup, and it just works.
In my opionion, there is a serious gap in this area. It's either NIS, simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management server at a complexity at
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info at microlinux.fr> wrote:
> Hi,
>
> In the past I've setup simple centralized authentication with NIS and
> NFS, without bothering about possible security implications.
>
> Over the next month I have to setup a new network in a local school, and
> I wonder if I should use NIS/NFS. I still have my own
2018 Mar 26
1
How insecure is NIS ? Possible alternatives ?
Am 2018-03-26 10:46, schrieb Clint Dilks:
> Hi, as you why it is insecure the biggest reason is that it is trivial
> for
> a user to get sensitive information about other users. Particularly
> things
> like password hashes, and with the compute power available today
> cracking a
> hash is not impractical.
You don't even need to crack them yourself.
If you have the
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs <info at microlinux.fr>:
>
> Le 26/03/2018 ? 10:28, isdtor a ?crit :
>> In my opionion, there is a serious gap in this area. It's either NIS,
>> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management
>> server at a complexity at least one order of magnitude beyond NIS.
>
> I gave FreeIPA a