Displaying 20 results from an estimated 1000 matches similar to: "Security Patches for Slackware 7.0 Available (fwd)"
1999 May 07
3
php3 module and security
Hi,
When php3 module is compiled in apache, files in any directory will
be interpreted by the parser and executed. This is a security breach.
There is a way to correct this? Any comments?
Thanks,
lacj
---
<levy@null.net>
Levy Carneiro Jr.
Linux & Network Admin
From mail@mail.redhat.com Sat May 8 02:32:02 1999
Received: (qmail 28372 invoked from network); 8 May 1999 07:05:57
1999 Jun 04
0
Forw: 2.2.x kernel vulnerability
below.
Dan
___________________________________________________________________________
Dan Yocum | Phone: (630) 840-8525
Linux/Unix System Administrator | Fax: (630) 840-6345
Computing Division OSS/FSS | email: yocum@fnal.gov .~. L
Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I
P.O. Box 500 |
1998 Dec 03
2
interactions between OPIE-ftpd and RH5.2
Ran into a weird problem, and this seemed a good forum to toss it out into
-- if I've gaffed, please let me know.
Just upgraded my RH5.0 box to RH5.2. Went well, worked nearly seamlessly.
When running 5.0, though, I'd installed the opie-fied ftpd that comes with
the most recent opie package (ftp://ftp.inner.net/pub/opie/opie-2.32.tar.gz)
and had it work without a hitch. I'd also
1999 Jan 04
0
Tripwire mess..
This may be, or may not be a security issue, however, since alot of people
still use tripwire-1.2 or lesser versions(this is what shipped with R.H.
Linux 5.2 at least), they might be interested in following detail:
Chuck Campbell (campbell@neosoft.com) pointed me out that tripwire dies with
coredump on R.H. linux, if it hits a filename containing 128-255 characters.
Playing a bit with debugger I
1999 Sep 02
0
SECURITY: RHSA-1999:033 Buffer overflow problem in the inews program
-----BEGIN PGP SIGNED MESSAGE-----
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Buffer overflow problem in the inews program
Advisory ID: RHSA-1999:033-01
Issue date: 1999-09-01
Keywords: inn inews buffer overflow
- ---------------------------------------------------------------------
1. Topic:
New packages for INN
1998 Oct 29
0
Digest.
Hi,
There have been a bunch of useful submissions for the compare /contrast
thread.
To reduce the load on your mailbox, they are gathered here in one go...
Roger.
Date: Wed, 28 Oct 1998 15:11:37 +0000
From: "David L. Sifry" <dsifry@linuxcare.com>
To: "Matthew S. Crocker" <matthew@crocker.com>
CC: Rob Bringman <rob@trion.com>,
1999 Oct 04
0
SuSE Security Announcement - mirror
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: mirror-2.8.f4
Date: Fri Oct 01 22:21:15 MEST 1999
Affected: all Linux distributions using mirror <= 2.8.f4
_____________________________________________________________________________
A
1998 Aug 02
0
ipportfw - security
Hi
Are there any known security holes or necessary precautions in using port
forwarding with ipportfw?
I'm planning on forwarding ports from an outer firewall/router (connected
to the Internet) to a host in the DMZ, then on from the DMZ host to the
inner firewall, and finally from the inner firewall to some host on the
inside.
Thanks,
Jens
jph@strengur.is
From mail@mail.redhat.com Wed
1998 Jun 30
1
Patched Qpopper2.5 release Notification. (fwd)
Hi,
well, swift response!
Qualcomm has a patched qpopper (2.5)
Greetings,
Jan-Philip Velders
<jpv@jvelders.tn.tudelft.nl>
---------- Forwarded message ----------
Date: Mon, 29 Jun 1998 21:43:18 -0700
From: Praveen Yaramada <pyaramad@QUALCOMM.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Patched Qpopper2.5 release Notification.
Hello Folks,
As you are already aware that qpopper
2000 Mar 15
0
Re: IPMASQ and lock-up of all terminals ---- Sum mary and update
Well, last night, my box was hit again.. same symptoms:
All attempts to connect remotely receive a connection, but a login prompt
never comes up.
When I went to the console and turned on the monitor, I had the login
prompt, but written on to the screen was the message
IPMASQ: Reverse ICMP: Checksum error from xxx.xxx.xxx.xxx
So, on this occasion, I thought I would post a summary of the
2000 Aug 18
0
[RHSA-2000:052-04] Zope update
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Zope update
Advisory ID: RHSA-2000:052-04
Issue date: 2000-08-11
Updated on: 2000-08-18
Product: Red Hat Powertools
Keywords: Zope
Cross references: N/A
1996 Nov 14
0
setgid binaries
Hi,
I''ve been thinking about group membership and the corresponding (weak)
restrictions to system resources. Consider the following:
% cat > gsh.c
main()
{
system("/bin/sh");
}
% cc -o gsh gsh.c
% id
uid=100(joe) gid=500(users) groups=14(floppy),15(sound)
% chgrp sound gsh
% chmod g+s gsh
% mail abuser
Subject: You owe me $5...
1999 Dec 03
0
Re: Programming ...
Hi,
While looking for holes in the utility script, that Glynn Clements sent, I
have realized that using "~/" may be dangerous. The original script:
On Wed, 1 Dec 1999, Glynn Clements wrote:
[---cut---]
> cp ~/static-rm ~/rm # installing the "rm" binary needs to be
> mv -f ~/rm /tmp/rm # safe against symlink games
> cd /tmp
> chroot /tmp
1996 Nov 14
1
Security hole in Debian 1.1 dosemu package
In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos
setuid root. This is a serious security hole which can be exploited
to gain access to any file on the system.
Package: dosemu
Version: 0.64.0.2-9
------- start of cut text --------------
$ cat /etc/debian_version
1.1
$ id
uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom)
[quinlan:~]$ ls -al
1997 Jan 16
0
/bin/login
>Their is a buffer overrun in /bin/login which has the potential to
>allow any user of your system to gain root access. util-linux-2.5-29
>contains a fix for this and is available for Red Hat Linux 4.0 on
>all four platforms. We strongly recommend that all of Red Hat 4.0
>usres apply this fix.
Does this bug affect the ''login'' that is distributed
with shadow
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl code seems to allow the setting of the flag
> > >only by init (PID=1)
2000 Feb 29
4
ICMP
After the recent attacks on the major servers on the web my ISP has
decided to stop all ICMP messages from his ISP.
I have red the RFCs and it seems that he cant do that... As a result
pings and traceroutes will not work.
I need a friendly person out there to tell me a way to break the news to
him that he has to allow ICMP packets
through his network... any suggestions would be helpfull
[mod:
1999 Nov 12
1
[RHSA-1999:054-01] Security problems in bind (fwd)
Woops... this didn't show up here but it did on BugTraq. Questions answered!
--
Chuck Mead, CTO, MoonGroup Consulting, Inc. <http://moongroup.com>
Mail problems? Send "s-u-b-s-c-r-i-b-e mailhelp" (no quotes and no
hyphens) in the body of a message to mailhelp-request@moongroup.com.
Public key available at: wwwkeys.us.pgp.net
----------
1998 Oct 13
5
compare / contrast of linux fw and others
Hi,
I was wondering how a linux box configured as a firewall stacked up
against some of the commercial products like checkpoint-1 and gauntlet.
Can someone direct me to a good book or online doc that compares linux
to some other firewall methods?
Mind you, I''m not talking about a firewall in the classical sense, ie
ip forwarding turned off and used as a proxy, but the typical Linux box
1999 Jul 28
6
You got some 'splaininn to do Lucy ;-)
We just had a security application vendor come in. We asked about Linux
support and he said that putting a security application on top of an
insecure OS was useless. When I asked what he meant by insecure he replied
that Linux does not have a true Auditing capability - as opposed to HP-UX &
Solaris which they do support. Can anyone explain to me what he was talking
about?
Thanks,
Marty