similar to: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed

The instructions in RHSA-2000:037-01 (2.2.16 kernel update) tell you: 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. These instructions are incomplete and may result in a system that is unbootable. After updating the RPM files, you should also: (1) run mkinitrd to create a new initial ramdisk image

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: - --------------------------------------------------------------------- 1. Topic:

--vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New netscape packages available Advisory ID: RHSA-1999:039-01 Issue date: 1999-10-04 Updated on: Keywords: netscape 4.7 communicator navigator Cross references:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: wu-ftpd vulnerability Advisory number: CSSA-2000-020.0 Issue date: 2000 June, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description There is

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New sendmail packages available which fix a local root exploit Advisory ID: RHSA-2001:106-06 Issue date: 2001-08-28 Updated on: 2001-09-06 Product: Red Hat Linux Keywords: sendmail local root input validation

[Fra: bugzilla@redhat.com] --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New sendmail packages available which fix a local root exploit Advisory ID: RHSA-2001:106-08 Issue date: 2001-08-28 Updated on: 2001-10-22 Product: Red Hat Linux Keywords: sendmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:12.ftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in ftpd(8) Category: core Module: ftpd Announced:

Package: logcheck Version: 1.2.34 Severity: normal the patterns for pure-ftpd in ignore.d.server are not matching a user with a trailing whitespace. here a some examples: Feb 18 13:02:33 web1 pure-ftpd: (stupid-pure-ftpd @84.56.131.73) [NOTICE] /example/example.txt downloaded (5908 bytes, 152196.03KB/sec) Feb 18 13:16:14 web1 pure-ftpd: (stupid-pure-ftpd @84.56.131.73) [INFO] Logout. every

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:03 Security Advisory FreeBSD, Inc. Topic: Three ftp daemons in ports vulnerable to attack. Category: ports Module: wu-ftpd and proftpd

Hi , this probably was asked many times before , but here it goes.. Until now i was using dsl_qos_queue - http://www.sonicspike.net/software/ Which limits outbound traffic and does packet priorites with iptables using MARKed packets.. works very well , I run a ftpserver + webserver so it''s usefull to set these 2 with lowest priority and my multiplayer gaming running on certain UDP ports

Package: logcheck Version: 1.2.69 Severity: normal In the file /etc/logcheck/ignore.d.server/wu-ftpd ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ should be ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ There is a number after "wu-ftpd" -- System

Hi, we have been using pure-ftpd to authenticate via PAM from our ldap-server for some time (the ldap-server was built in 2006...). I've got the following in /etc/pam.d/pure-ftpd auth sufficient /usr/local/lib/pam_ldap.so auth required pam_nologin.so auth required pam_unix.so nullok account required pam_permit.so session required

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:33 Security Advisory FreeBSD, Inc. Topic: globbing vulnerability in ftpd Category: core Module: ftpd/libc Announced: 2001-04-17 Credits:

I've been trying for a couple of weeks to get FreeBSD + winbindd + PAM working, without success. I'm hoping that someone here has bumped into my problem before and has some advice to give. My current setup is winbindd from Samba 2.8.8a on both FreeBSD 4.8-RELEASE and 5.1-BETA. I've configured Samba with the following options: syslog, nocups, utmp, msdfs, quota, recycle, audit,

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

I having been trouble by this for a few days now and was wondering if anyone else has had any luck with this? I am currently running Samba 2.2.6pre2 on FreeBSD 4.7-RELEASE I have successfully set up samba to be the PDC I am unsuccessfully trying to change the passwords on the W2k box and I am recieving the error that the user name/password are incorrect make sure the caps lock is not on. When I

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

After installing redhat4.1 I found that a few serious bug fixes announced in Jan 97 was not included in the distribution. First of them -- a SERIOUS SECURITY BUG in wu-ftpd allowing any user gain a root acces to files. Patch was posted in redhat-announce list and included in wu-ftpd-2.4.2b11-9. Second: a bug in wu-ftpd -- ftpd doesn''t perform any log for real user and ignores