similar to: Is there a fix available for CAN-2003-0190

fyi (i'm behind in following the passord expire efforts). ----- Forwarded message from Logu <logsnaath at gmx.net> ----- Date: Sat, 7 Dec 2002 02:42:52 +0530 From: "Logu" <logsnaath at gmx.net> To: <stevesk at cvs.openbsd.org> Cc: <kumaresh_ind at gmx.net> Subject: Password expiry related clarification in OpenSSH3.5p1 Hello Stevesk, We are using

The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these

http://www.securityfocus.com/bid/12825/info/ no patch or anything, is there any action on this?

Hi, Please advice me about the below reported vulnerability. High OpenSSH X Connections Session Hijacking Vulnerability Risk: High Application: ssh Port: 22 Protocol: tcp ScriptID: 100584 Overview: OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges

Hi Group, Here is some data. p <- runif(1000) # sample data groups <- rep(c(1,2),each=500) #conditioning variable mydata <- cbind(p,groups) n <- length(p) u <- (1:n)/(n + 1) # uniform distribution reference for qqplot logp <- -log(p,base=10) logu <- -log(u,base=10) qqplot(logp,logu) How can I make the above qqplot in lattice and/or ggplot2. The sample is uniform, and I take

Hello all... I am just starting to teach myself Bayesian methods, and am interested in learning how to use UMacs. I've read the documentation, but the single example is a bit over my head at the level I am at right now. I was wondering if anyone has any simple examples they'd like to share. I've successfully done a couple of simple gibbs examples, but have had a hard time

I am trying to use shfs to mount a remote root filesystem for a diskless workstation. The system downloads its kernel and initrd from a server. I have tried repeatedly to get a working installation of ssh on the initrd with no success. I finally got ssh to connect to the server. Normally when I use ssh the session goes as follows [arrummzen at localhost LFS-BOOK-6.0-HTML]$ ssh 192.168.11.10 -l

it was said: >>On Fri, Mar 18, 2005 at 08:52:30AM +1000, Timothy Smith wrote: >> http://www.securityfocus.com/bid/12825/info/ > >That URL doesn't seem to have any details. > >> openbsd and netbsd have taken action on this, but i see no >>movment in >> the freebsd camp.... > >Well, you wouldn't, on the freebsd-questions list. Security

SSH.COM says their SSH2 is not vulnerable to the ZLIB problem even though they use the library (details below). Can OpenSSH say the same thing? In either case, it seems like there ought to be an openssh-unix-announce message about what the situation is. I may have missed it, but I don't believe there was one. Yes, openssh doesn't have its own copy of zlib source but it would still be

Hello security gurus, yesterday, I mistakenly posted a question on the questions list about this article : http://www.securityfocus.com/bid/13676/info/ which talks about a form of DOS vulnerability. I was curious as to the possibility of FreeBSD 5.x being affected, and if anyone was working on this or not. Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch : in

Hi, Whenever i boot the machine, the sshd started using rc script is not accepting ssh connection from a normal user. However it connects as root user and also connects as a user when the sshd is restarted. The error message is "fatal: PAM session setup failed[6]: Permission denied" What would be the reason for this behaviour ? I am using Linux-2.6.5-1.358 (Fedora Core release 2) and

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable: Yes Locally Exploitable: Yes Release Mode:

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

Hi all, Given below ia the simple network diagram. I need to control uplink for the individual private network IPs as depicted in the diagram. Is this possible in a NATed environment using CBQ or HTB. I learnt that we can control only outgoing traffic. So if I control in the eth1 interface the source IP will be masqueraded, and it may not result in the desired behaviour. Is there a solution to

Hi, I would like to know the significance of trying `none` method during authentication sequence. Is there any way to avoid unnecessary trying of this none authentication method first. We are writing a patch to log bad login into btmp for all traditional authentication methods supported by SSH. The `none` method increments the authctx-failures and we are facing problems with this. -logu

Hi, For each user connection when privilege separation is enabled, 3 processes are of interest for this topic. 1. sshd:[priv] - privileged user process. 2. sshd:user at pts/0 - user process. 3. shell - shell process. Openssh code writes the #2. sshd:user at pts/0 - user process to the utmp/wtmp file. Is this the correct behaviour.? Or should it write the #3. shell

Hi, In loginrec.c, the 'line' string utility function line_abbrevname() returns the last four characters of the terminal file path. This returned value is assigned to the utmp structure member ut_id[4]. Some sample ut_id values are shown below: /dev/pts/1 will have ut_id set to ts/1 /dev/pts/2 will have ut_id set to ts/2 . . /dev/pts/9 will have ut_id set to ts/9 /dev/pts/10

Hello All, I'm using OpenSSH 4.3p2. I'm getting few messages in my syslog and it is shown below, Aug 02 11:15:19 foo sshd[4381]: Received window adjust for non-open channel 0. I found that sshd received a SSH_MSG_CHANNEL_WINDOW_ADJUST and it executes the function channel_input_window_adjust() in channels.c. I like to know how this can happen for a non-open channel. Is anything

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:05 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-08-28 I. Introduction Several ports in the FreeBSD Ports