similar to: Potentially insecure format string handling in PAM support

Displaying 20 results from an estimated 200 matches similar to: "Potentially insecure format string handling in PAM support"

2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",
2000 Sep 05
3
[2.2.0p1] patch: generic detection of correct getpgrp() invocation
Hi. Several OSes have a getpgrp() function that takes an argument, unlike what POSIX mandates. NeXT was covered, but SunOS wasn't. This provides a generic solution through autoconf. Charles ======================================================================== --- configure.in.orig-2.2.0p1 Wed Aug 30 18:20:05 2000 +++ configure.in Tue Sep 5 10:48:20 2000 @@ -284,6 +284,8 @@ ) fi
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set
2002 Jun 25
1
use libcrypt before libcrypto
these days many unix-based systems contain crypt() with more than DES support (for instance, MD5 in freebsd/openbsd/netbsd, bcrypt in openbsd/netbsd). we need to use crypt() in libcrypt, not in licrypto, as much as possible. itojun --- configure.ac.orig Tue Jun 25 10:56:47 2002 +++ configure.ac Tue Jun 25 10:57:25 2002 @@ -697,6 +702,9 @@ ) fi +# use libcrypt if there is
2007 Mar 24
0
configure/makefile cleanup: remove LIBSELINUX, LIBWRAP and LIBPAM
Hi all. Now that we have SSHDLIBS for the libraries required by sshd only, it's possible to remove some of the single-purpose variables from Makefile. If this is worth doing, the next step would probably be to move the OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't need to be linked with libcrypto. Index: Makefile.in
2023 Jun 17
2
[PATCH] ssh-agent: add systemd socket-based activation
This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.
2002 Jul 01
3
patch: readline support for sftp
Hello, I hope this is the right place to post this. I added readline support to the sftp client. It adds optional --with-readline parameter for configure to enable this feature. You'll of course need to re-run autoheader and autoconf after applying this patch. It's patched against 3.4p1 but should work with any recent openssh. It works fine for me (GNU/Linux) - feel free to test it and
1998 Oct 21
0
Insecure /tmp handling in isdnlog
The isdnlog program (provided by isdn4k-utils.tar.gz) creates a root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and no checking for symbolic links is done. The file is opened append only, a user can make a symbolic from /tmp/isdnctrl to any file and mess things up. example: ln -s /var/spool/mail/root /tmp/isdnctrl -- dentoir Fart Foundation Security through immaturity
2008 Dec 15
0
insecure: can't modify hash
A weird problem occurs (only on the prod server, not locally), when i try to register a new user with restful_authentication. Once in a while, i get the following error when trying to sign up as a new user: Insecure: can''t modify hash usr/lib/ruby/gems/1.8/gems/activerecord-2.2.2/lib/active_record/attribute_methods.rb:309:in `delete''
2007 Oct 23
0
Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss
Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any local file when xenbaked or xenmon.py are invoked by root. Sample session: # setup. skx
2013 Oct 17
0
ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket
This issue has been assigned CVE-2013-4419. https://bugzilla.redhat.com/show_bug.cgi?id=1016960 (Note this bug is private, but will be made public shortly) ---------------------------------------------------------------------- When using the guestfish --remote or guestfish --listen options, guestfish would create a socket in a known location (/tmp/.guestfish-$UID/socket-$PID). The location has
2005 Aug 26
1
realtime sip channel configuration -> insecure option
Hi all I'm trying to figure out what values are valid for the "insecure" option in a realtime configuration table. The table field is 4 chars long and the actual valid values for this is longer. Can I modify the field length or has this changed? Below is where I looked, if I'm not looking in the right place please let me know. the field on the table is: ... `insecure`
2007 Feb 23
1
default "insecure" setting
Hello, everyone. I'm having a small problem when using asterisk with GUI. For every provider I create I have to set "insecure=invite,port" in users.conf. Is there a way to make it a default setting? Thanks in advance.
2009 Apr 18
1
Insecure=
Who knows who decided to put insecure as the name for that option ? Not only does it confuse noobs, it really has nothing to do with security, as iirc its to accept calls from a device regg'ed or authed even if on diff ports, and for the invite.. -------------- next part -------------- An HTML attachment was scrubbed... URL:
2017 Nov 02
2
pjsip insecure=port,invite
Hello! Looks like faq, but... Could you , please, point me on how to convert this [cisco] type=friend host=192.168.22.253 insecure=port,invite to pjsip? as you can see another side is very old cisco router, so I can't change anything there. I don't see any examples here
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Over the next month I have to setup a new network in a local school, and > I wonder if I should use NIS/NFS. I still have my own documentation, > it's simple and somewhat bone-headed to setup, and it just works. In my opionion, there is a serious gap in this area. It's either NIS, simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management server at a complexity at
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info at microlinux.fr> wrote: > Hi, > > In the past I've setup simple centralized authentication with NIS and > NFS, without bothering about possible security implications. > > Over the next month I have to setup a new network in a local school, and > I wonder if I should use NIS/NFS. I still have my own
2018 Mar 26
1
How insecure is NIS ? Possible alternatives ?
Am 2018-03-26 10:46, schrieb Clint Dilks: > Hi, as you why it is insecure the biggest reason is that it is trivial > for > a user to get sensitive information about other users. Particularly > things > like password hashes, and with the compute power available today > cracking a > hash is not impractical. You don't even need to crack them yourself. If you have the
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Le 26/03/2018 ? 10:28, isdtor a ?crit : >> In my opionion, there is a serious gap in this area. It's either NIS, >> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management >> server at a complexity at least one order of magnitude beyond NIS. > > I gave FreeIPA a