Displaying 20 results from an estimated 300 matches similar to: "Re: [Security - intern] Re: ssh and chroot..."
1999 Aug 19
1
[RHSA-1999:029-01] Denial of service attack in in.telnetd
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Denial of service attack in in.telnetd
Advisory ID: RHSA-1999:029-01
Issue date: 1999-08-19
Updated on:
Keywords: telnet telnetd
Cross references:
---------------------------------------------------------------------
1. Topic:
A denial of service attack has been fixed in
1999 Mar 26
2
Re: [Security - intern] *ALERT*: ADM Worm. Worm for Linux x86 found in wild.
On Fri, 26 Mar 1999, Thomas Biege wrote:
> Date: Fri, 26 Mar 1999 09:34:10 +0100 (MET)
> From: Thomas Biege <thomas@suse.de>
> To: Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl>
> Cc: linux-security@redhat.com
> Subject: Re: [Security - intern] [linux-security] *ALERT*: ADM Worm. Worm for
Linux x86 found in wild.
> The worm just exploits old security holes, so
2001 Aug 13
0
Security Update: [CSSA-2001-30.0] Linux - Telnet AYT remote exploit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux - Telnet AYT remote exploit
Advisory number: CSSA-2001-030.0
Issue date: 2001, August 10
Cross reference:
______________________________________________________________________________
1. Problem
2002 Jul 12
4
tftp-hpa 0.28, 0.29 interoperability problem
Hi,
I have a tftp client which loads quite happily from a tftpd built
from netkit-tftp-0.16 but which fails to load from from a tftpd built
from tftp-hpa 0.29. In both cases, tftpd was built from pristine
sources and run from xinetd under Redhat 7.3.
[netkit-tftp-0.16 is the ancestor of tftp-hpa, predating HPA's
maintenance of same]
[the tftp client also..
.. fails with the prebuilt tftpd
1996 Nov 25
0
LSF Update#14 v1.2 "lpr vulnerability"
-----BEGIN PGP SIGNED MESSAGE-----
$Id: lpr-vulnerability-0.6-linux,v 1.2 1996/11/25 22:39:20 alex Exp $
Linux Security FAQ Update
lpr Vulnerability
Mon Nov 25 16:56:59 EST 1996
Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
2008 Aug 01
2
Cisco 7970, CTLSEP<mac>.tlv
I just wanted to post this so that it was out there and Googleable. Hopefully
it will save other people a bit of time.
If you have a Cisco phone (I was testing with a 7970, though presumably it would
affect 7960 and others as well) that is looping trying to fetch the CTL tlv file
- it may be because you are using Debians 'tftpd' (should be
netkit-tftpd...*cough*hey, Debian
2010 Jun 14
5
cooked mode sessions
Picking up on a couple really old threads (e.g.
http://osdir.com/ml/ietf.secsh/2001-09/msg00003.html ) I've finally gotten
around to this. The EXTPROC support on Linux is missing, but you can find
kernel patches for that here
http://lkml.org/lkml/2010/6/11/403
I've also fixed up the netkit telnet / telnetd code to work with EXTPROC /
LINEMODE on Linux, those patches are here
1997 Jan 12
9
dos-attack on inetd.
Hi.
I don''t know if this one is known, but I can''t recall seeing anything
about it. If it is old news I apologize.
I discovered a bug in the inetd that comes with NetKit-B-0-08 and older.
If a single SYN is sent to port 13 of the server, inetd will die of Broken
Pipe:
write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---
1996 Nov 22
0
LSF Update#14: Vulnerability of the lpr program.
-----BEGIN PGP SIGNED MESSAGE-----
$Id: lpr-vulnerability-0.6-linux,v 1.1 1996/11/22 21:42:46 alex Exp $
Linux Security FAQ Update
lpr Vulnerability
Thu Nov 21 22:24:12 EST 1996
Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl code seems to allow the setting of the flag
> > >only by init (PID=1)
1999 Nov 23
0
DoS with sysklogd, glibc (Caldera) (fwd)
Hi,
This advisory has a bit more than the Red Hat one....
Roger.
----- Forwarded message from Alfred Huger -----
>>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999
Approved-By: aleph1@SECURITYFOCUS.COM
Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com>
Date: Mon, 22 Nov 1999 09:08:08 -0800
X-Reply-To: Alfred Huger
2015 Mar 18
1
multiple memcached buckets in CentOS 7
Hi Alberto,
With systemd it will be as easy as creating additional unit files ( one for
> each memcached instance) with its corresponding config file. That should
> allow to stop / start / restart each memcache instance individually while
> also being systemd compliant.
Thanks for the info and for the examples. It really does make sense the way
you explain it. Thanks for letting me
2005 Mar 14
1
colinux fresh install, zaptel does not compile, size_t error
Hi,
I followed the instructions on http://www.asterisk.org/index.php?menu=download.
I picked the latest version using CVS.
Things went fine until I cd zaptel ; make clean ; make install.
I then get an error when compiling zaptel.c
/usr/src/linux/include/linux/kernel.h:75: error: parse error before "size_t"
This happens very early on and I suspect that it is actually an
issue with the
2012 Dec 04
3
Print properties are not saved
Hi,
I'm struggling to get a laser color printer working correctly. At first I
wasn't able to save print properties with Ubuntu 10.04. As I read of a bug
[1] that affected samba 3.4 up to 3.5.8 I upgraded to ubuntu 12.04 and samba
3.6.3. Now I'm not even able to upload drivers in the way I always did as
described in [2] and [3] (Italian).
My conf::
[printers]
comment = All
1999 Nov 09
0
Nasty ping with pattern '+++ATH0' - how to stop?
Hello!
Well-known thing is abusive use of ping abillity to fill out the ICMP
packet with '+++ATH0', which will cause hangup on 'bad' modems. The
defense, at the clinet side, is to add 'S2=255' to modem settings.
This 'technique' is used in irc wars, and other abusive attacks, and shell
providers have a lot of problems with that. There are two ways to forbid
users
1997 Jan 18
0
write(1) leak
Some versions (the util-linux version, but not the netwrite or netkit
versions) of /usr/bin/write have a buffer overrun problem that is
almost certainly exploitable. Note that this gives access to the tty
group, but not (directly) root.
The fix is to change the two sprintfs to snprintfs. Patches have been
mailed to the maintainer.
--
- David A. Holland | VINO project home page:
1997 Jan 20
0
Re: write(1) security problem
> Some versions (the util-linux version, but not the netwrite or netkit
> versions) of /usr/bin/write have a buffer overrun problem that is
> almost certainly exploitable. Note that this gives access to the tty
> group, but not (directly) root.
>
> The fix is to change the two sprintfs to snprintfs. Patches have been
> mailed to the maintainer.
While I agree that routines
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
1998 Jun 08
27
Services not required?
I''m in the process of locking down as much of my systems here
as possible as to available ports. I am down to only a handful
but am not sure how much of a security risk they pose and was
wondering if anyone here might be able to comment, or suggest
secure versions to run:
21/FTP (WU-ftpd v2.4.2 BETA 14)
22/SSH (1.22)
23/TELNET (Netkit 0.09)
25/SMTP (Sendmail
2000 Aug 09
0
Security Update: sperl vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: sperl vulnerability
Advisory number: CSSA-2000-026.0
Issue date: 2000 August, 7
Cross reference:
______________________________________________________________________________
1. Problem Description
sperl is