similar to: Authentication By-Pass Vulnerability in OpenSSH 2.3.1 (devel snapshot) (fwd)

Please, check http://www.openssh.com/security.html for a full summary of security related issues in OpenSSH. ---------------------------------------------------------------------------- OpenBSD Security Advisory February 8, 2001 Authentication By-Pass Vulnerability in OpenSSH-2.3.1

Hi, I'm just learning about poison links for the glm function. One of the data sets I'm playing with has several of the variables as factors (i.e. month, group, etc.) When I call the glm function with a formula that has a factor variable, R automatically converts the variable to a series of variables with unique names and binary values. For example, with this pseudo data: y

As of Sunday evening, OpenSSH has an interactive sftp client. It should be in the more recent snapshots. It would be appreciated if you could test new client and find all the bugs :) Please also have a read of the manpage and ensure that it matches what is implemented. I am working on fixing the ones that I know about, so please try to stay up to date with the snapshots. Thanks, Damien

OpenSSH 3.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.2.3: ============================

Does someone understand this? I do not. Niels. ----- Forwarded message from laurent Protois <protois at ensea.fr> ----- Subject: NVIDIA and Privilege Separation From: laurent Protois <protois at ensea.fr> To: provos at citi.umich.edu X-Mailer: Ximian Evolution 1.0.7-1mdk Date: 10 Jul 2002 09:29:45 +0200 Hi Niels, i have a little problem with openssh 3.4 and Nvidia kernel driver:

Is this a known problem? Niels. ----- Forwarded message from Judah Levine <jlevine at utcnist.colorado.edu> ----- Date: Fri, 5 Jul 2002 08:58:46 -0600 (MDT) From: Judah Levine <jlevine at utcnist.colorado.edu> To: provos at citi.umich.edu Subject: Privilege separation Hello, I have just installed openssh-3.4p1 on a COMPAQ/DEC/HP Alpha running True64 UNIX v4.0F. The privilege

All, How can I get at the daily snapshots? When I go to the website, www.openssh.com, and follow the Linux link to portable.html and then go to request the daily snapshot from http://bass.directhit.com/openssh_snap/, I get prompted for a user id and password. Needless to say, I ain't got. That's real useful. Use to be, I could get the snapshots from the ftp site. Then things

OpenSSH 3.2.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Security Changes: ================= - fixed buffer overflow

I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1. I'm sending him the diffs to integrate into his distribution. I'd also like to submit them to someone with FreeBSD for consideration, and hopefully inclusion as a port or whatever you prefer. Who could I send them to, or what would you prefer me to do with regard to FreeBSD? Thanks, Rich Murphey

Hi, the anonymous CVS server for portable OpenSSH does not want to talk to me: > % cvs upd -Pd > cvs [update aborted]: connect to bass.directhit.com:2401 failed: Connection refused Looking at http://www.openssh.com/portable.html, ":pserver:cvs at bass.directhit.com:/cvs" is still the recommended repository. Is this a known problem? -- Kent Engstr?m, Link?ping University

Can interested users please test the latest snapshot at http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz It contains quite a few fixes for small problems that have been reported in the last few weeks. Pending feedback it is going to become 2.1.1p3 Regards, Damien Miller --------------- Changelog: 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson

I have just tarred up a snapshot and uploaded it to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20000823.tar.gz The snapshot incorporates the last month's fixes and enhancements from the openssh-unix-dev mailing list and from the OpenBSD developers. In particular: - ssh-agent and ssh-add now handle DSA keys. NB. this does not interop with ssh.com's ssh-agent. (Markus Friedl)

Hi, at least for three days now I can't update my sources from CVS. When connecting to the CVS server I'm getting a cvs [update aborted]: connect to bass.directhit.com:2401 failed: Connection refused message. I'd like to make a `cvs diff' since I have an important patch related to a SEGV in the Cygwin sshd. What's the problem with bass.directhit.com? Corinna -- Corinna

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all

Hi, I've had a heads up from a user that catppt did not work at all on semi-recent PowerPoint files (ppt, not pptx). I checked, and indeed it misses most of the content on many files. After looking around, I found Python code from the libreoffice project which makes a nice ppt text extractor after adding a very thin command line wrapper:

------- Forwarded Message Subject: Re: Dubious use of BN_num_bits in sshconnect1.c From: Niels Provos <provos at citi.umich.edu> In-Reply-To: alex at foogod.com, Sun, 18 Feb 2001 19:38:56 PST To: alex at foogod.com Cc: openssh-unix-dev at mindrot.org Date: Mon, 19 Feb 2001 10:07:24 -0500 Sender: provos at citi.umich.edu Hi Alex, there is no problem in OpenSSH. In message

hi for all, someone have any experiencie with dovecot and postfix with 200 users in /etc/passwd as local user? is a funcionatly, or have some errors in the future?, and how the users can change they passwords?, now for change passowrd I have to use the #passwd usuerx and to add a user # adduser, the populars commando, please some recomendation? -------------- next part -------------- An HTML

Hello, I just managed to compile openssh-3.6.1p1 on Ultrix/MIPS. One of the fixes needed for this is the following. It's because of: --- According to the Changelog - markus at cvs.openbsd.org 2002/12/10 19:26:50 [packet.c] move tos handling to packet_set_tos; ok provos/henning/deraadt --- This IP_TOS is now nicely stuffed in a function, but that function should be #defined

A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow.

A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow.