similar to: (from BugTraq) openssh2.2.p1 - Re: scp file transfer hole

Another from Bugtraq. I've also forwarded this one on to our contact at Red Hat (Stephen Smoogen) and he tells me it's in their QA currently. Dan _______________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Computing Division OSS/FSS | Fax: (630) 840-6345 .~. L Fermi National Accelerator

More patch-o-rama :-( ---Mike >From: Michal Zalewski <lcamtuf@dione.ids.pl> >To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>, > <full-disclosure@netsys.com> >X-Nmymbofr: Nir Orb Buk >Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) >[CAN-2003-0694] >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere:

On Tue, Nov 09, 1999 at 11:39:39AM +0100, Mariusz Marcinkiewicz wrote: > After reading lcamtuf's posts I decided write this one. Few months ago one > of my friends - digit - found bug in linux nfsd daemon. I made example > sploit about IV 1999. Now in distributions is new nfsd and nowhere was > information about security weaknes of old version! Well, one gets used to people

Typical "[symbolic|hard] link bug" is a vunerability, which allows user X to overwrite files owned by Y (with useless portion of junk) when Y launchs buggy program. But this trivial (and often ignored) attack method can be easily turned into a cute, powerful weapon. Here''s an example how to perform advanced exploitation of gcc symlink bug (I choosen that one, because this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [This came over BUGTRAQ this morning. Note the call for volunteers vis-a-vis rssh.] - ----- Forwarded message from Jason Wies <jason at xc.net> ----- List-Id: <bugtraq.list-id.securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com> To: bugtraq at securityfocus.com Cc: rssh-discuss at

[Mod: headers removed -- alex] ------- Forwarded Message Reply-To: Marc Slemko <marcs@ZNEP.COM> Sender: alan@cymru.net From: Marc Slemko <marcs@ZNEP.COM> Approved: alex@yuriev.com Subject: Apache security advisory X-To: apache-announce@apache.org To: BUGTRAQ@NETSPACE.ORG [ Copies of this are being sent to BUGTRAQ, apache-announce, comp.infosystems.www.servers.unix, and

The problem with vixie cron is wider (and more funny) than I expected. Here''s my proggy which allows hiding files of any kind and size into crontab entries (remember, quota is ignored ;-): -- cron_put -- #!/bin/bash echo "Vixie cron 3.0.1 file storage - put utlility" echo "by Michal Zalewski <lcamtuf@staszic.waw.pl>" echo if [ "$1" = "" ];

I''ll just include the letter that I sent to John Carmack and Dave "Zoid" Kirsch concerning this problem. ---------------------------------------------------------------------- From: Greg Alexander <galexand@sietch.bloomington.in.us> Approved: R.E.Wolff@BitWizard.nl To: zoid@threewave.com cc: johnc@idsoftware.com Subject: Security hole in squake. Please respond with this

http://bugzilla.mindrot.org/show_bug.cgi?id=856 ------- Additional Comments From rngadam at yahoo.com 2005-02-18 09:36 ------- Just thought I'd drop in to ask for this bug to be solved and add another vote to solving this bug... I was trying to copy my CrossOver Office config (about 470M worth of data) using scp to another machine configured as follows: The source: kernel 2.6.10

I made a list of /usr/bin scripts which allows /tmp races. Following ones creates /tmp/something.$$, then, with no permission/ownership checking, /tmp/something.$$.x (x may vary ;), or even performs suitable checks, but gives enough time to alter /tmp contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp, gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,

does anyone have a comment to make about this? (cert picked it up and we're being asked for a vendor response) http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0 do we have an "official" response yet? thanks, wendy -- wendy palm Cray Open Software Development, Cray Inc. wendyp at cray.com, 651-605-9154

Section I. Overview Hello, About a half year ago there was some rumour on bugtraq concerning a buffer overflow in Linux dynamic linkers, ld.so and ld-linux.so. You can take a look at the beginning of the thread at http://www.geek-girl.com/bugtraq/1997_3/0089.html to refresh old memories; I''ll capitalize anyway. Briefly, there exists a buffer overrun in ld-linux.so versions 1.7.14,

>---------- Forwarded message ---------- >Date: Tue, 13 May 1997 21:18:33 +0200 >From: Wojciech Swieboda <wojtek@ajax.umcs.lublin.pl> >To: BUGTRAQ@NETSPACE.ORG > >Hello, > I''ve lately found an overflow vulnerability in Elm (Elm is setgid >mail on linux, and perhaps on some other platforms aswell). I''ve tested >this bug on versions 2.3 and

Hi, while testing racoon on Linux (based on the ported ipsec-tools) the following issue appeared: Racoon did not verify the RSA Signatures during Phase 1 in either main or aggressive mode. Authentication was possible using a correct certificate and a wrong private key. I have verified the below problem using racoon-20030711 on FreeBSD 4.9. I will test it using the SNAP Kit but suspect it to be

X.Org Security Advisory: March 17, 2015 More BDF file parsing issues in libXfont ======================================== Description: ============ Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more

https://bugzilla.samba.org/show_bug.cgi?id=5695 Summary: rsync local timeout Product: rsync Version: 3.0.3 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: gabriele.tozzi@gmail.com QAContact:

Hi There, re. the recently reported buffer overflow in icecast, is there any "official" security patch against 1.3.11 ? I am reluctant to take any un-official patch like this one ;-) There is nothing on www.icecast.org/releases, maybe it's somewhere else ? Thanks. Alfredo <p><p>>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:45 Security Advisory FreeBSD, Inc. Topic: samba Category: ports Module: samba Announced: 2001-07-10 Credits: Michal Zalewski

Can anyone provide more details about the posting below ? >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe:

Hi All, During scp, I am seeing this message protocol error : expected control record This message came because scp sink was expecting the message starting from 'C' or 'D' , something like C0644 299 group or D0755 0 docs but during dns query we were printing "Using IP address" message on the stdout. So , the message in the buffer was "Using IP address" and