similar to: 3.6.1p2 plus buffer overflow vulnerabilities patch, sufficient?

Hello Samba people, I have been successfully using Samba for several years, across many minor versions of Samba across many minor versions of Linux kernel 2.4.x and 2.6.x, against a Windows 2000 and then in the past couple of years 2003 AD Domain. This morning, something broke... Setting the stage: RedHat Fedora based Linux box, FC8, updated over time using 'yum update'...,

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New telnet packages available to fix buffer overflow vulnerabilities Advisory ID: RHSA-2001:099-06 Issue date: 2001-08-02 Updated on: 2001-08-09 Product: Red Hat Linux Keywords: telnet buffer overflow Cross

Dear Sir/Madam, We are two graduate students from Auburn University, working with Professor Munawar Hafiz. We are working on an empirical study project to understand the software engineering practices that go in companies that produce secure software; in particular, we are concentrating on how developers write code to prevent buffer overflow and integer overflow vulnerabilities. We are interested

I compiled OpenSSH 3.6.1p1 on NCR MP-RAS v4.3 (or at least "uname -a"'s output of 4.0.3.0 suggests v4.3, I'm not positive). I was able to compile zlib (1.1.4) and openssl (0.9.7a) with little trouble. OpenSSH took hand-hacking the includes.h file as follows: diff -cr openssh-3.6.1p1/includes.h openssh-3.6.1p1-customized/includes.h *** openssh-3.6.1p1/includes.h Sun Oct 20

I got a packet capture of one of the SSH2 sessions trying to log in as a couple of illegal usernames. The contents of one packet suggests an attempt to buffer overflow the SSH server; ethereal's SSH decoding says "overly large value". It didn't seem to work against my system (I see no strange processes running; all files changed in past ten days look normal). I am

Good day. Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports, but no sign of the issue in the VuXML. The entry is attached. One thing that is a bit strange is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at

Forbes.com - Magazine Article <http://www.forbes.com/technology/2007/08/02/voip-security-flaws-tech-internet-cx_ag_0802techvoip.html> LAS VEGAS - Internet Security VoIP Vandals Andy Greenberg, 08.02.07, 12:32 AM ET Internet telephone services like Skype and Vonage are starting to look less like digital gimmicks and more like the next generation of voice communication. They're cheaper

Hi, We're running samba 3.0.25a as a PDC on FreeBSD 6.1 in our office and few weeks ago, our samba PDC (and soon all the service hosted on this server) stop responding suddenly :-/ Everything went back to normal as soon as we disconnected from the network, all the hosts that were in the same room as the 10.0.0.20 host (after asking the domain user connected at that moment to this host, do

FYI >Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm >List-Post: <mailto:vulnwatch@vulnwatch.org> >List-Help: <mailto:vulnwatch-help@vulnwatch.org> >List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org> >List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org> >Delivered-To: mailing list vulnwatch@vulnwatch.org

This affects only 3.7p1 and 3.7.1p1. The advice to leave PAM disabled is far from heartening, nor is the semi-lame blaming the PAM spec for implementation bugs. I happen to like OPIE for remote access. Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1

I'm accustomed to systems where even the first failed login attempt incurs a 5 second delay. I don't think that's too harsh, but everyone has their own needs and considerations. This could be made configurable. -Jay -----Original Message----- From: Rick Jones [mailto:rick.jones2 at hp.com] Sent: Wednesday, December 15, 2004 8:09 PM To: Jay Libove Cc: openssh-unix-dev at

Due to unpleasant (but arguably valid) policy changes at work, any SSH server within the work firewall must accept only PKI authentication. Unless we can convince the higher-ups otherwise, we will also have to use the commercial SSH server within the firewall. Of course, I should be able to use whatever client I like. Unfortunately, it is not clear that I can get OpenSSH to use PKI authentication.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 X.Org security advisory, June 11th, 2008 Multiple vulnerabilities in X server extensions CVE IDs: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, ~ CVE-2008-2362 Overview Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can

For those who are unaware... [mod: This whole bind affair has gone a bit out of hand. Elias from Bugtraq found "public" info indicating the problem. ISC/CERT were working on releasing the bugfix together with the fix. Now everybody is scurrying to get fixes out now that "the public" knows about this. As far as I know, Red Hat (& Caldera) made a new RPM, based on the most

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Multiple local imwheel vulnerabilities Advisory ID: RHSA-2000:016-03 Issue date: 2000-04-20 Updated on: 2000-07-03 Product: Red Hat Powertools Keywords: imwheel buffer imwheel-solo Cross references: N/A

The Drupal project announced several security vulnerabilities for the 4.7.x and 5.x releases of the Drupal package. These effect two current ports: www/drupal4 and www/drupal5. The following are the security advisories that were posted: 4.7.x: * DRUPAL-SA-2007-024: http://drupal.org/node/184315 * DRUPAL-SA-2007-026: http://drupal.org/node/184320 * DRUPAL-SA-2007-030:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot:

Dear sir; i am using redhat 9 on a production server and i plan to migrate to centos 3.1. the issue now is redhat 9 vulnerable to LHA package security vulnerabilities . and if so how can i solve this vulnerabilities till i implemment the upgrade. thanks in advance.

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory