similar to: Bugs in openssh

Hi, I have a question about the code for version openssh 3.7.1p1. In the file ssh.cc you address ssh_session2_setup in some way: channel_register_confirm(c->self, ssh_session2_setup); Do you address the function: static void ssh_session2_setup(int id, void * args) in the same file or is it something else you address? If it is that function please tell me why the ssh_session2_setup function

HI, Can I run a openssh 3.7.1p2 client against a openssh 2.3.0 server and vice versa when using SSH2? Regards, Carin Andersson Software Developer Ericsson AB

Will there be a BIND patch available for this vulnerability, for CentOS 3.9? http://www.kb.cert.org/vuls/id/800113

Any information on when (or if) the following timestamp vulnerability will be fixed for 4.X? Any information would be appreciated. http://www.kb.cert.org/vuls/id/637934 Thanks. Richard Coleman rcoleman@criticalmagic.com

TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote DESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in

We have just released version 3.4.0 of rsync. This release fixes 6 security vulnerabilities found by two groups of security researchers. You can find the new release links here: - https://rsync.samba.org/ - https://download.samba.org/pub/rsync/src/ For details on the vulnerabilities please see this CERT advisory: https://kb.cert.org/vuls/id/952657 The various distros should be doing

We have just released version 3.4.0 of rsync. This release fixes 6 security vulnerabilities found by two groups of security researchers. You can find the new release links here: - https://rsync.samba.org/ - https://download.samba.org/pub/rsync/src/ For details on the vulnerabilities please see this CERT advisory: https://kb.cert.org/vuls/id/952657 The various distros should be doing

Here yau go: root at dc01:~# cat /etc/bind/named.conf.options // Defined ACL Begin acl thisserverip { 192.168.16.54; }; acl all-networks { 192.168.16.0/24; }; // Defined ACL End options { directory "/var/cache/bind"; version "0.0.7"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple //

Hi All ! I have a little question about the shell that is run when establishing a connection towards an SSH server. The client(OpenSSH) displays a prompt(as usual) when a command is executed, but my question is, where does the prompt come from. Is it sent by the remote shell or is it handled in the client ?? The reason I ask is that we have developed a product that redirects stdin/stdout/stderr

Hello I'm a bit confused about the "tcp time stamp validation bug" mentioned in the http://www.kb.cert.org/vuls/id/637934 advisory. FreeBSD has fixed this issue in -current (2005-04-10) and in RELENG_5 (2005-04-19). Is this also already fixed in 5.4? The CVS ID for tcp_input.c does not look like this. But I'm not sure. Regards, Thomas

There are known Collision Attacks for the MD5SUM method of hashing, so it is possible to modify a file and make it have the same MD5SUM as another file. See this link for details on Collision Attacks: http://en.wikipedia.org/wiki/Collision_attack Recommendation from the US-CERT concerning MD5SUM hashes: http://www.kb.cert.org/vuls/id/836068 Based on the above information, the CentOS team will

There are known Collision Attacks for the MD5SUM method of hashing, so it is possible to modify a file and make it have the same MD5SUM as another file. See this link for details on Collision Attacks: http://en.wikipedia.org/wiki/Collision_attack Recommendation from the US-CERT concerning MD5SUM hashes: http://www.kb.cert.org/vuls/id/836068 Based on the above information, the CentOS team will

On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some

A new dependency was added since 3.3, alloca(), which is not portable. Is there a way around this? Thanks, Randall From: rsync <rsync-bounces at lists.samba.org> On Behalf Of rsync.project via rsync Sent: January 14, 2025 2:49 PM To: rsync-announce at lists.samba.org Cc: rsync at lists.samba.org Subject: new release 3.4.0 - critical security release We have just released version

Hello, I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is CBC therefore considered as broken and unsecure (in general or SSH implementation)? I also read a lot of references (see below) but still not clear to me what's the actual "security status" of CBC and why it has been removed in general. http://www.openssh.com/txt/release-6.7 sshd(8): The default set

I have a few questions: 1) Is OpenSSH 2.9p2 (or any other version of OpenSSH) vulnerable to the same problem as SSH3.0.0? (described here: http://www.kb.cert.org/vuls/id/737451 ) 2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this patch to each new version is growing more difficult as time goes on. Would you consider merging this

OK! I'm sorry about this. As I wrote earlier I'm totally lost... but I will try to explain the problem in steps bellow, ok. 1. I installed the rpm's for samba, Version 2.0.2a-ssl I think this is the version distributed with redhat linux 7.0 2. Then I changed the parameters in the /etc/samba/smb.conf file, and in this file I added the folowing parameters. [global] netbios name

All, There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data: https://hiddenlayer.com/research/r-bitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-27322 https://www.kb.cert.org/vuls/id/238194 Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report: https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html

the alloca comes from the new popt release. What system are you having an issue with? On Wed, 15 Jan 2025 at 07:16, <rsbecker at nexbridge.com> wrote: > A new dependency was added since 3.3, alloca(), which is not portable. Is > there a way around this? > > Thanks, > > Randall > > > > *From:* rsync <rsync-bounces at lists.samba.org> *On Behalf Of

The diagnostis.txt file don't seem to solve this problem. Now my samba server is now available for browsing, I dont know how I should solve this actually I'm totally lost I even tried to erase the rpm file and compiled a source file. Mvh / Best regards Daniel Andersson ------------------------------------------------------------ REJLERS INGENJ?RER AB R?dhusgatan 15, S-541 30 SK?VDE,