similar to: CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND (fwd)

The following advisory was issued by CERT yesterday. Because it affects FreeBSD systems as well, we are forwarding it to the appropriate FreeBSD mailing lists. We would like to thanks CERT for cooperation with the FreeBSD security officer on this subject. -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-98-13-tcp-denial-of-service Original Issue Date: December 21, 1998 Last Revised

>Date: Tue, 11 Aug 1998 13:21:06 -0400 >From: CERT Advisory <cert-advisory@cert.org> >To: cert-advisory@coal.cert.org >Subject: CERT Advisory CA-98.10 - mime_buffer_overflows >Reply-To: cert-advisory-request@cert.org >Organization: CERT(sm) Coordination Center - +1 412-268-7090 > >-----BEGIN PGP SIGNED MESSAGE----- >

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.20 Original issue date: September 18, 1996 Last revised: -- Topic: Sendmail Vulnerabilities - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:05 *** The CERT Coordination Center

-------- Is this old? I couldn''t find it in the linux-security archives. If so, please disregard. Dan ------- Forwarded Message Return-Path: cppm_reg_sysadmins-owner@fnal.gov Received: from FNAL.FNAL.Gov (fnal.fnal.gov [131.225.9.8]) by sapphire.fnal.gov (8.8.7/8.8.7) with ESMTP id LAA27322 for <yocum@sapphire.fnal.gov>; Tue, 13 Oct 1998 11:12:23 -0500 Received: from raven

I figured that someone reading this list might want to take a look at the proceeding, considering that the version of Snort in FreeBSD ports -is- affected. -----Forwarded Message----- > From: CERT Advisory <cert-advisory@cert.org> > To: cert-advisory@cert.org > Subject: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors > Date: 17 Apr 2003 11:30:47 -0400

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: - --------------------------------------------------------------------- 1. Topic:

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-21 GNU Project FTP Server Compromise Original issue date: August 13, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised. I. Description

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.21 Original issue date: September 19, 1996 Last revised: -- Topic: TCP SYN Flooding and IP Spoofing Attacks - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:01. *** Two

Attached is a zlib advisory and a debug dump of ssh with compression enabled. Most of the debug is superflous, so I have underlined the two points to look at. When creating an ssh connection, compression on the line is done *before* authentication -- This means an unauthorized attacker could, conceivable, leverage root access by connecting with to the ssh server requesting zlib compression and

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

Adding this SHA256 code made me read the BSD license once again. It says: * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. Then there are a few files from Cyrus as well which contain: * 4. Redistributions of any form

---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 12:13:36 -0800 (PST) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: Security Fixes for Slackware 4.0 Available There are several security updates available for Slackware 4.0. These patches should work on any libc5 Slackware system, but we have not tested them on each of the previous

---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: Security Patches for Slackware 7.0 Available There are several security updates available for Slackware 7.0. We will always post bug fixes and security fixes to the /patches subdirectory on the ftp site:

I a PhD student here at Carnegie Mellon. I have ten years of experience working in C in industry. I am working on a research project here at Carnegie Mellon that needs to integrate a database with mail clients. We are planning to use the IMAP protocol to communicate with the mail client. After I spent some time looking at the code of various IMAP server implementations, I got very interested in

Is there a way to force certain formula parameters to be nonnegative? What I want to do is to estimate student capacity over time, namely by > capacity ~ Student + Student:Day I add this formula to a glm call and obtain negative learning slope estimates (Student:Day) in some cases. However, I don't want to allow for that. In such a case, glm should solve > capacity ~ Student and

Hey everyone, What am I doing wrong? I loaded the MASS package with library(MASS), and now when I type library() I get > library() Packages in library `F:\r\rw0651/library': MASS Main Library of Venables and Ripley's MASS base The R base package . . . That's fine. The problem is that when I try to use a function that I know is built

Hi folks: Does anyone know of a way to do (linear) hypothesis tests of parameters after fitting a maximum-likelihood model w/ optim? I can't seem to find anything like a Wald test whose documentation says it applies to optim output. Also, thanks again to everyone who gave me feedback on the robustness of ML estimation in R! Peter ********************************

Hi, I hope this is the right list for my posting, since I've never posted to any R list before. I'm quite extensively using the xfig graphics device and as far as I figured out this device writes all the objects into xfig layer 100 (based on what I saw in the devPS.c file -if this is the file to output to xfig format - depth 100 is hardcoded). Are the any plans to implement xfig layer