similar to: Potentially insecure format string handling in PAM support

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi. Several OSes have a getpgrp() function that takes an argument, unlike what POSIX mandates. NeXT was covered, but SunOS wasn't. This provides a generic solution through autoconf. Charles ======================================================================== --- configure.in.orig-2.2.0p1 Wed Aug 30 18:20:05 2000 +++ configure.in Tue Sep 5 10:48:20 2000 @@ -284,6 +284,8 @@ ) fi

This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set

these days many unix-based systems contain crypt() with more than DES support (for instance, MD5 in freebsd/openbsd/netbsd, bcrypt in openbsd/netbsd). we need to use crypt() in libcrypt, not in licrypto, as much as possible. itojun --- configure.ac.orig Tue Jun 25 10:56:47 2002 +++ configure.ac Tue Jun 25 10:57:25 2002 @@ -697,6 +702,9 @@ ) fi +# use libcrypt if there is

Hi all. Now that we have SSHDLIBS for the libraries required by sshd only, it's possible to remove some of the single-purpose variables from Makefile. If this is worth doing, the next step would probably be to move the OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't need to be linked with libcrypto. Index: Makefile.in

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

Hello, I hope this is the right place to post this. I added readline support to the sftp client. It adds optional --with-readline parameter for configure to enable this feature. You'll of course need to re-run autoheader and autoconf after applying this patch. It's patched against 3.4p1 but should work with any recent openssh. It works fine for me (GNU/Linux) - feel free to test it and

The isdnlog program (provided by isdn4k-utils.tar.gz) creates a root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and no checking for symbolic links is done. The file is opened append only, a user can make a symbolic from /tmp/isdnctrl to any file and mess things up. example: ln -s /var/spool/mail/root /tmp/isdnctrl -- dentoir Fart Foundation Security through immaturity

A weird problem occurs (only on the prod server, not locally), when i try to register a new user with restful_authentication. Once in a while, i get the following error when trying to sign up as a new user: Insecure: can''t modify hash usr/lib/ruby/gems/1.8/gems/activerecord-2.2.2/lib/active_record/attribute_methods.rb:309:in `delete''

Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any local file when xenbaked or xenmon.py are invoked by root. Sample session: # setup. skx

This issue has been assigned CVE-2013-4419. https://bugzilla.redhat.com/show_bug.cgi?id=1016960 (Note this bug is private, but will be made public shortly) ---------------------------------------------------------------------- When using the guestfish --remote or guestfish --listen options, guestfish would create a socket in a known location (/tmp/.guestfish-$UID/socket-$PID). The location has

Hi all I'm trying to figure out what values are valid for the "insecure" option in a realtime configuration table. The table field is 4 chars long and the actual valid values for this is longer. Can I modify the field length or has this changed? Below is where I looked, if I'm not looking in the right place please let me know. the field on the table is: ... `insecure`

Hello, everyone. I'm having a small problem when using asterisk with GUI. For every provider I create I have to set "insecure=invite,port" in users.conf. Is there a way to make it a default setting? Thanks in advance.

Who knows who decided to put insecure as the name for that option ? Not only does it confuse noobs, it really has nothing to do with security, as iirc its to accept calls from a device regg'ed or authed even if on diff ports, and for the invite.. -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello! Looks like faq, but... Could you , please, point me on how to convert this [cisco] type=friend host=192.168.22.253 insecure=port,invite to pjsip? as you can see another side is very old cisco router, so I can't change anything there. I don't see any examples here

> Over the next month I have to setup a new network in a local school, and > I wonder if I should use NIS/NFS. I still have my own documentation, > it's simple and somewhat bone-headed to setup, and it just works. In my opionion, there is a serious gap in this area. It's either NIS, simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management server at a complexity at

On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info at microlinux.fr> wrote: > Hi, > > In the past I've setup simple centralized authentication with NIS and > NFS, without bothering about possible security implications. > > Over the next month I have to setup a new network in a local school, and > I wonder if I should use NIS/NFS. I still have my own

Am 2018-03-26 10:46, schrieb Clint Dilks: > Hi, as you why it is insecure the biggest reason is that it is trivial > for > a user to get sensitive information about other users. Particularly > things > like password hashes, and with the compute power available today > cracking a > hash is not impractical. You don't even need to crack them yourself. If you have the

> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Le 26/03/2018 ? 10:28, isdtor a ?crit : >> In my opionion, there is a serious gap in this area. It's either NIS, >> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management >> server at a complexity at least one order of magnitude beyond NIS. > > I gave FreeIPA a