similar to: CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)

For those who are unaware... [mod: This whole bind affair has gone a bit out of hand. Elias from Bugtraq found "public" info indicating the problem. ISC/CERT were working on releasing the bugfix together with the fix. Now everybody is scurrying to get fixes out now that "the public" knows about this. As far as I know, Red Hat (& Caldera) made a new RPM, based on the most

-------- Is this old? I couldn''t find it in the linux-security archives. If so, please disregard. Dan ------- Forwarded Message Return-Path: cppm_reg_sysadmins-owner@fnal.gov Received: from FNAL.FNAL.Gov (fnal.fnal.gov [131.225.9.8]) by sapphire.fnal.gov (8.8.7/8.8.7) with ESMTP id LAA27322 for <yocum@sapphire.fnal.gov>; Tue, 13 Oct 1998 11:12:23 -0500 Received: from raven

>Date: Tue, 11 Aug 1998 13:21:06 -0400 >From: CERT Advisory <cert-advisory@cert.org> >To: cert-advisory@coal.cert.org >Subject: CERT Advisory CA-98.10 - mime_buffer_overflows >Reply-To: cert-advisory-request@cert.org >Organization: CERT(sm) Coordination Center - +1 412-268-7090 > >-----BEGIN PGP SIGNED MESSAGE----- >

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.21 Original issue date: September 19, 1996 Last revised: -- Topic: TCP SYN Flooding and IP Spoofing Attacks - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:01. *** Two

I figured that someone reading this list might want to take a look at the proceeding, considering that the version of Snort in FreeBSD ports -is- affected. -----Forwarded Message----- > From: CERT Advisory <cert-advisory@cert.org> > To: cert-advisory@cert.org > Subject: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors > Date: 17 Apr 2003 11:30:47 -0400

Attached is a zlib advisory and a debug dump of ssh with compression enabled. Most of the debug is superflous, so I have underlined the two points to look at. When creating an ssh connection, compression on the line is done *before* authentication -- This means an unauthorized attacker could, conceivable, leverage root access by connecting with to the ssh server requesting zlib compression and

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-21 GNU Project FTP Server Compromise Original issue date: August 13, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised. I. Description

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.20 Original issue date: September 18, 1996 Last revised: -- Topic: Sendmail Vulnerabilities - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:05 *** The CERT Coordination Center

Adding this SHA256 code made me read the BSD license once again. It says: * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. Then there are a few files from Cyrus as well which contain: * 4. Redistributions of any form

Hi everyone, I'm going to try to install samba on a Compaq (Digital) alphaserver 400 running Digital UNIX 4.0d (formerly OSF/1). I've never used samba before. I have been reading the documentation and wonder if anyone can help answer a question or two... The bundled book "Using Samba" (as well as at least one FAQ I believe), suggests I may need to run the configure script using

I a PhD student here at Carnegie Mellon. I have ten years of experience working in C in industry. I am working on a research project here at Carnegie Mellon that needs to integrate a database with mail clients. We are planning to use the IMAP protocol to communicate with the mail client. After I spent some time looking at the code of various IMAP server implementations, I got very interested in

I''ve got qualcomm''s qpopper2.2, and am not sure if its vulnerable. The advisory mentions pop and imap servers, but only says: version of IMAP (Section B). If your POP server is based on the University of Washington IMAP server code, you should also upgrade to the latest version of IMAP. Until you can take one of these actions, I installed the new imapd about 3

Is there a way to force certain formula parameters to be nonnegative? What I want to do is to estimate student capacity over time, namely by > capacity ~ Student + Student:Day I add this formula to a glm call and obtain negative learning slope estimates (Student:Day) in some cases. However, I don't want to allow for that. In such a case, glm should solve > capacity ~ Student and

Hey everyone, What am I doing wrong? I loaded the MASS package with library(MASS), and now when I type library() I get > library() Packages in library `F:\r\rw0651/library': MASS Main Library of Venables and Ripley's MASS base The R base package . . . That's fine. The problem is that when I try to use a function that I know is built

Hi folks: Does anyone know of a way to do (linear) hypothesis tests of parameters after fitting a maximum-likelihood model w/ optim? I can't seem to find anything like a Wald test whose documentation says it applies to optim output. Also, thanks again to everyone who gave me feedback on the robustness of ML estimation in R! Peter ********************************

Hi, I hope this is the right list for my posting, since I've never posted to any R list before. I'm quite extensively using the xfig graphics device and as far as I figured out this device writes all the objects into xfig layer 100 (based on what I saw in the devPS.c file -if this is the file to output to xfig format - depth 100 is hardcoded). Are the any plans to implement xfig layer

On 02/22/2013 07:51 AM, Sean Silva wrote: > Do you have any suggestions about how to address this? > > -- Sean Silva Ideally we would define an ascii representation for DAGS. It should be possible to start the compiler from the DAGS as opposed to LLVM assembler bitcode. It should also be possible to compile a C file or LLVM assembler bitcode file and save off the DAGS ascii file.

Currently, ~/.ssh/environment can set static environment variables, and ~/.ssh/rc can run initialization routines. But there is no way for sshrc to propagate changes to the environment to the user's shell or command. There is, however, a possible way to do this. If the PermitUserEnvironment option is set, sshd could treat the stdout of sshrc as additional assignment lines of the form

Hi, I am a Masters student from Carnegie Mellon University. I am looking for a research topics for an Advanced OS & DS course we have. I wanted to know what is the current support for NUMA on Xen ? Does it support the IBM x440 and AMD64 Opteron ? Also, does the Xen scheduler do NUMA aware scheduling so it does not degrade the VM performace ? My group is currently looking into Scheduling