Displaying 20 results from an estimated 2000 matches similar to: "Is there a fix available for CAN-2003-0190"
2002 Dec 08
1
Password expiry related clarification in OpenSSH3.5p1
fyi (i'm behind in following the passord expire efforts).
----- Forwarded message from Logu <logsnaath at gmx.net> -----
Date: Sat, 7 Dec 2002 02:42:52 +0530
From: "Logu" <logsnaath at gmx.net>
To: <stevesk at cvs.openbsd.org>
Cc: <kumaresh_ind at gmx.net>
Subject: Password expiry related clarification in OpenSSH3.5p1
Hello Stevesk,
We are using
2004 Jun 28
2
Security Vulnerability in Asterisk
The following is pasted from SecurityFocus Newsletter #254:
-------------------------
Asterisk PBX Multiple Logging Format String Vulnerabilities
BugTraq ID: 10569
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10569
Summary:
It is reported that Asterisk is susceptible to format string
vulnerabilities in its logging functions.
An attacker may use these
2005 Mar 17
1
no patch, is there a problem
http://www.securityfocus.com/bid/12825/info/
no patch or anything, is there any action on this?
2011 May 21
1
OpenVAS Vulnerability
Hi,
Please advice me about the below reported vulnerability.
High
OpenSSH X Connections Session Hijacking Vulnerability
Risk: High
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100584
Overview:
OpenSSH is prone to a vulnerability that allows attackers to hijack
forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary
shell commands with the privileges
2009 Feb 08
2
how to make this qq plot in lattice and/or ggplot2
Hi Group,
Here is some data.
p <- runif(1000) # sample data
groups <- rep(c(1,2),each=500) #conditioning variable
mydata <- cbind(p,groups)
n <- length(p)
u <- (1:n)/(n + 1) # uniform distribution reference for qqplot
logp <- -log(p,base=10)
logu <- -log(u,base=10)
qqplot(logp,logu)
How can I make the above qqplot in lattice and/or ggplot2. The sample
is uniform, and I take
2007 Oct 31
1
Simple Umacs example help..
Hello all...
I am just starting to teach myself Bayesian methods, and am
interested in learning how to use UMacs. I've read the
documentation, but the single example is a bit over my head at the
level I am at right now. I was wondering if anyone has any simple
examples they'd like to share. I've successfully done a couple of
simple gibbs examples, but have had a hard time
2005 Apr 23
7
OpenSSH is not asking for passwords.
I am trying to use shfs to mount a remote root filesystem for a
diskless workstation. The system downloads its kernel and initrd from
a server. I have tried repeatedly to get a working installation of ssh
on the initrd with no success. I finally got ssh to connect to the
server.
Normally when I use ssh the session goes as follows
[arrummzen at localhost LFS-BOOK-6.0-HTML]$ ssh 192.168.11.10 -l
2005 Mar 17
1
no patch whats going on
it was said:
>>On Fri, Mar 18, 2005 at 08:52:30AM +1000, Timothy Smith wrote:
>> http://www.securityfocus.com/bid/12825/info/
>
>That URL doesn't seem to have any details.
>
>> openbsd and netbsd have taken action on this, but i see no
>>movment in
>> the freebsd camp....
>
>Well, you wouldn't, on the freebsd-questions list. Security
2002 Mar 22
1
Is OpenSSH vulnerable to the ZLIB problem or isn't it?
SSH.COM says their SSH2 is not vulnerable to the ZLIB problem even though
they use the library (details below). Can OpenSSH say the same thing?
In either case, it seems like there ought to be an openssh-unix-announce
message about what the situation is. I may have missed it, but I don't
believe there was one. Yes, openssh doesn't have its own copy of zlib
source but it would still be
2005 May 20
1
Possible PAWS security vulnerability
Hello security gurus,
yesterday, I mistakenly posted a question on the questions list about
this article :
http://www.securityfocus.com/bid/13676/info/
which talks about a form of DOS vulnerability.
I was curious as to the possibility of FreeBSD 5.x being affected, and
if anyone was working on this or not.
Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch :
in
2005 Apr 27
1
openssh-3.6.1p2 server did not accept user connection.
Hi,
Whenever i boot the machine, the sshd started using rc script is not
accepting ssh connection from a normal user. However it connects as root
user and also connects as a user when the sshd is restarted. The error
message is
"fatal: PAM session setup failed[6]: Permission denied"
What would be the reason for this behaviour ?
I am using Linux-2.6.5-1.358 (Fedora Core release 2) and
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
CORE SDI
http://www.core-sdi.com
SSH1 CRC-32 compensation attack detector vulnerability
Date Published: 2001-02-08
Advisory ID: CORE-20010207
Bugtraq ID: 2347
CVE CAN: CAN-2001-0144
Title: SSH1 CRC-32 compensation attack detector vulnerability
Class: Boundary Error Condition
Remotely Exploitable: Yes
Locally Exploitable: Yes
Release Mode:
2005 Apr 21
6
Information disclosure?
Hello,
For some reason, I thought little about the "clear" command today..
Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
a file containing a password, running vipw, etc) .. then runs clear and
logout. Then anyone can press the scroll-lock command, scroll back up
and read the sensitive information.. Isn't "clear" ment to clear the
2004 Jun 08
1
Is it possible to control uplink in a NATted environment
Hi all,
Given below ia the simple network diagram. I need to control uplink for the
individual private network IPs as depicted in the diagram. Is this possible
in a NATed environment using CBQ or HTB. I learnt that we can control only
outgoing traffic. So if I control in the eth1 interface the source IP will
be masqueraded, and it may not result in the desired behaviour.
Is there a solution to
2004 Dec 17
1
why openssh tries `none` authentication method
Hi,
I would like to know the significance of trying `none` method during
authentication sequence. Is there any way to avoid unnecessary trying of
this none authentication method first. We are writing a patch to log bad
login into btmp for all traditional authentication methods supported by SSH.
The `none` method increments the authctx-failures and we are facing problems
with this.
-logu
2005 May 03
1
which PID should be written to utmp/wtmp file
Hi,
For each user connection when privilege separation is enabled, 3 processes
are of interest for this topic.
1. sshd:[priv] - privileged user process.
2. sshd:user at pts/0 - user process.
3. shell - shell process.
Openssh code writes the #2. sshd:user at pts/0 - user process to the utmp/wtmp
file. Is this the correct behaviour.? Or should it write the #3. shell
2005 Jun 29
1
inconsistent ut_id values in the utmp(x) file
Hi,
In loginrec.c, the 'line' string utility function line_abbrevname() returns
the last four characters of the terminal file path. This returned value is
assigned to the utmp structure member ut_id[4].
Some sample ut_id values are shown below:
/dev/pts/1 will have ut_id set to ts/1
/dev/pts/2 will have ut_id set to ts/2
.
.
/dev/pts/9 will have ut_id set to ts/9
/dev/pts/10
2006 Aug 03
1
Suspicious sshd log messages in my syslog
Hello All,
I'm using OpenSSH 4.3p2. I'm getting few messages in my syslog and it is
shown below,
Aug 02 11:15:19 foo sshd[4381]: Received window adjust for non-open channel
0.
I found that sshd received a SSH_MSG_CHANNEL_WINDOW_ADJUST and it executes
the function channel_input_window_adjust() in channels.c. I like to know how
this can happen for a non-open channel. Is anything
[da@securityfocus.com: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd)]
2003 Sep 23
2
[da@securityfocus.com: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd)]
Recent proftpd security vulnerability release FYI. Ports has latest
patched proftpd distribution.
--
Jez
http://www.munk.nu/
-------------- next part --------------
An embedded message was scrubbed...
From: Dave Ahmad <da@securityfocus.com>
Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise
Vulnerability (fwd)
Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT)
Size: 4588
Url:
2002 Aug 28
0
FreeBSD Security Notice FreeBSD-SN-02:05
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SN-02:05 Security Notice
The FreeBSD Project
Topic: security issues in ports
Announced: 2002-08-28
I. Introduction
Several ports in the FreeBSD Ports