similar to: ICMP

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New majordomo packages available Advisory ID: RHSA-2000:005-05 Issue date: 2000-01-20 Updated on: 2000-05-31 Product: Red Hat Powertools Keywords: majordomo Cross references: N/A

Woops... this didn't show up here but it did on BugTraq. Questions answered! -- Chuck Mead, CTO, MoonGroup Consulting, Inc. <http://moongroup.com> Mail problems? Send "s-u-b-s-c-r-i-b-e mailhelp" (no quotes and no hyphens) in the body of a message to mailhelp-request@moongroup.com. Public key available at: wwwkeys.us.pgp.net ----------

Attention all List Members: We are in the process of migrating all Red Hat lists from the current list manager software/server running qmail/Smartlist to a new server running postfix and GNU Mailman (*). Within the next week you will receive more information about this migration including information on how to access your membership, including subscribe/unsubscribe information and instructions on

We just had a security application vendor come in. We asked about Linux support and he said that putting a security application on top of an insecure OS was useless. When I asked what he meant by insecure he replied that Linux does not have a true Auditing capability - as opposed to HP-UX & Solaris which they do support. Can anyone explain to me what he was talking about? Thanks, Marty

Hi, I was wondering how a linux box configured as a firewall stacked up against some of the commercial products like checkpoint-1 and gauntlet. Can someone direct me to a good book or online doc that compares linux to some other firewall methods? Mind you, I''m not talking about a firewall in the classical sense, ie ip forwarding turned off and used as a proxy, but the typical Linux box

Well, last night, my box was hit again.. same symptoms: All attempts to connect remotely receive a connection, but a login prompt never comes up. When I went to the console and turned on the monitor, I had the login prompt, but written on to the screen was the message IPMASQ: Reverse ICMP: Checksum error from xxx.xxx.xxx.xxx So, on this occasion, I thought I would post a summary of the

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Netscape 4.73 available Advisory ID: RHSA-2000:028-02 Issue date: 2000-05-19 Updated on: 2000-05-19 Product: Red Hat Linux Keywords: netscape SSL telnet rlogin Cross references:

I would be surprised if someone hasn''t encountered this already, but I haven''t found any discussion of the nature of this problem. I run RehHat 5.0. If a user makes a mistake in the login process such as the following: login: mistake password: xxx Login incorrect! login: username password xxxx bash$ a ps will show, among other things, 2333 /bin/login --mistake. Since

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: mirror-2.8.f4 Date: Fri Oct 01 22:21:15 MEST 1999 Affected: all Linux distributions using mirror <= 2.8.f4 _____________________________________________________________________________ A

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Zope update Advisory ID: RHSA-2000:052-04 Issue date: 2000-08-11 Updated on: 2000-08-18 Product: Red Hat Powertools Keywords: Zope Cross references: N/A

At 01:59 PM 6/29/98 +0000, Kokoro Security Administrator wrote: >Hello everyone - > >I am looking for the name of a piece of hardware, and don''t know what it >is called. I am told that there exists such a thing (a switch? a router? >a special hub?) that will only send me traffic that is destined for me. simple definitions: --router: looks at a layer 3 address (such as

Hey all. I have a color-capable console (color ls works, and I can run any color-smart program like naim and bitchX), but for some reason the color in the console for asterisk, whether started with -c or safe_asterisk, isn't working for me. Any ideas as to why? I don't think it's my termcap, although I could post that if y'all really wanted it. Asterisk was built, and is

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: ircii buffer overflow Advisory ID: RHSA-2000:008-01 Issue date: 2000-03-29 Updated on: 2000-03-29 Product: Red Hat Linux Keywords: N/A Cross references: ircii 4.4M buffer dcc

https://bugzilla.samba.org/show_bug.cgi?id=10445 Summary: flag to suppress link_stat error messages Product: rsync Version: 3.1.1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: core AssignedTo: wayned at samba.org ReportedBy: mij at bitchx.it

---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: Security Patches for Slackware 7.0 Available There are several security updates available for Slackware 7.0. We will always post bug fixes and security fixes to the /patches subdirectory on the ftp site:

Hi, I get my Email from my own SMTP server on the internet using "fetchmail". Some time ago I did the smart thing and configured dovecot to use SSL and the letsencrypt certificate that automatically renews. Welllll..... a few days ago my certificate expired and the fetchmail deamon running in the background had nowhere to complain. So I didn't notice. It turns out that dovecot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: local ROOT exploit in BRU Advisory number: CSSA-2000-018.0 Issue date: 2000 June, 14 Cross reference: ______________________________________________________________________________ 1. Problem Description

Back in June when I was fooling around with some programs I was writing, I found a serious buffer overflow in WindowMaker 0.60.0 and 0.52, but I assume previous versions are vulnerable as well. By replacing argv[0] of a program with a string longer than 249 characters, it is possible to overflow one of the programs buffers, causing it, and possibly X as well to crash. It is assumed this can

below. Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

This may be, or may not be a security issue, however, since alot of people still use tripwire-1.2 or lesser versions(this is what shipped with R.H. Linux 5.2 at least), they might be interested in following detail: Chuck Campbell (campbell@neosoft.com) pointed me out that tripwire dies with coredump on R.H. linux, if it hits a filename containing 128-255 characters. Playing a bit with debugger I