Displaying 20 results from an estimated 300 matches similar to: "Fwd: Re: [Full-Disclosure] new ssh exploit?"
2003 Sep 17
0
Fwd: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
More patch-o-rama :-(
---Mike
>From: Michal Zalewski <lcamtuf@dione.ids.pl>
>To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>,
> <full-disclosure@netsys.com>
>X-Nmymbofr: Nir Orb Buk
>Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one)
>[CAN-2003-0694]
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere:
2003 Sep 16
0
two potentially troubling posts to full-disclosure
I haven't seen anything about this here and thought I should pass it along.
christopher neitzert <chris at neitzert.com> made two postings to the
full-disclosure list earlier today. They stated, in part:
*****
Does anyone know of or have source related to a new, and unpublished ssh
exploit? An ISP I work with has filtered all SSH connections due to
several root level incidents
2003 Sep 16
1
OpenSSH Security Advisory: buffer.adv
This is the 1st revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.
2. Solution:
Upgrade to OpenSSH
2003 Sep 16
5
OpenSSH Security Advisory: buffer.adv
This is the 1st revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.
2. Solution:
Upgrade to OpenSSH
2009 Apr 21
4
RELENG_7 crash
The box has a fairly heavy UDP load. Its RELENG_7 as of today and
took 3hrs for it to dump core.
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x68
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0637146
stack pointer = 0x28:0xe766eaac
frame pointer = 0x28:0xe766eb54
code segment
2005 Feb 09
2
full-d] Administrivia: List Compromised due to Mailman Vulnerability (fwd)
Sorry for the cross post, but this is an important one
potentially affecting all recipients.
This just crossed the Full Disclosure mailman moderated
mailing list. It bears a careful read, and thought about
whether a response is needed.
The implication is that if there is any use of a mailman
password in common with a password you 'care' about, you need
to take appropriate action at
2012 Mar 08
3
[PATCH 0/3] kinit: Allow mount options
This patch series allows user-specified mount commands to be
sent in via kernel command line ("kinit_mount=...") or via
an embedded /etc/fstab file.
The first patch is a cleanup of a patch sent last November
by San Mehat (http://web.archiveorange.com/archive/v/EazJNBMORV2U7E0coh5h);
the next two are small improvements or bug fixes.
2004 Apr 20
3
[Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Forwarded message:
> From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004
> To: full-disclosure@lists.netsys.com
> From: Darren Bounds <dbounds@intrusense.com>
> Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability
> Date: Tue, 20 Apr 2004 18:19:58 -0400
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2003 Sep 16
9
OpenSSH heads-up
OK, an official OpenSSH advisory was released, see here:
<URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
applied to the security branches as well today. Attached are patches:
buffer46.patch -- For FreeBSD 4.6-RELEASE and later
buffer45.patch -- For FreeBSD 4.5-RELEASE and
2004 Aug 01
1
SSH login attempts: tcpdump packet capture
I got a packet capture of one of the SSH2 sessions trying to log in as a
couple of illegal usernames. The contents of one packet suggests an
attempt to buffer overflow the SSH server; ethereal's SSH decoding says
"overly large value".
It didn't seem to work against my system (I see no strange processes
running; all files changed in past ten days look normal).
I am
2003 Jul 14
1
[Bug 617] /etc/services disregarded
http://bugzilla.mindrot.org/show_bug.cgi?id=617
Summary: /etc/services disregarded
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: tiaan at netsys.co.za
2006 Aug 10
0
Browse list only shows Samba server
Hi all,
I'm having a small problem with browsing. I've got a network full of
Windows (2000 and XP) machines and I've installed a Samba server in it.
The server is configured to be Domain Master Browser (DMB), Local Master
Browser (LMB) and WINS server for a workgroup. The Win machines are
configured to use the WINS server.
Name resolution works perfectly, but browsing
2012 Oct 18
10
[PATCH 0/10] Add a mini-library for running external commands.
Inspired by libvirt's virCommand* internal mini-library, this adds
some internal APIs for running commands.
The first patch contains the new APIs. The subsequent patches change
various parts of the library over to use it.
Rich.
2003 Sep 17
0
FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:13.sendmail Security Advisory
The FreeBSD Project
Topic: a third sendmail header parsing buffer overflow
Category: contrib
Module:
2003 Sep 17
0
FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:13.sendmail Security Advisory
The FreeBSD Project
Topic: a third sendmail header parsing buffer overflow
Category: contrib
Module:
2009 Aug 28
8
[Bug 1637] New: Change the context when starting internal-sftp
https://bugzilla.mindrot.org/show_bug.cgi?id=1637
Summary: Change the context when starting internal-sftp
Product: Portable OpenSSH
Version: 5.2p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs at mindrot.org
2012 Jul 02
0
[klibc:master] [MEMALLOC] Avoid gcc warning: variable ' oldstackp' set but not used
Commit-ID: cf9ea962f1fb310a92efd184f14df2c04b30f75a
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=cf9ea962f1fb310a92efd184f14df2c04b30f75a
Author: Jim Meyering <meyering at redhat.com>
AuthorDate: Fri, 8 Jul 2011 16:12:20 +0800
Committer: maximilian attems <max at stro.at>
CommitDate: Mon, 2 Jul 2012 10:44:23 +0200
[klibc] [MEMALLOC] Avoid gcc warning:
2020 Mar 28
0
[klibc:update-dash] dash: memalloc: Avoid looping in growstackto
Commit-ID: 21ceb151c758eb2384962b9ee8abc33b5bd674e9
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=21ceb151c758eb2384962b9ee8abc33b5bd674e9
Author: Herbert Xu <herbert at gondor.apana.org.au>
AuthorDate: Thu, 31 May 2018 01:51:48 +0800
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Sat, 28 Mar 2020 21:42:55 +0000
[klibc] dash: memalloc: Avoid