similar to: [RHSA-1999:030-01] Buffer overflow in cron daemon

It seems that when you send rwhod an rwho packet, it blindly assumes you are who the packet says you are. That is to say, it looks as if any host can inject false rwho data for any other host. I''m not convinced this is worth fixing. Opinions? -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID: RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 --------------------------------------------------------------------- 1. Topic: A

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

Introduction. ------------ Every now and then a new "exploit" turns up of some program that uses tmp files. The first solution was "sticky bits", but since links exist (that''s a LONG time), that solution is inadequate. Discussion. ---------- The problem is that you put an object (link/pipe) in the place where you expect a program to put its tempfile, and wait for

I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1: Permission denied

On Tue, Nov 09, 1999 at 11:39:39AM +0100, Mariusz Marcinkiewicz wrote: > After reading lcamtuf's posts I decided write this one. Few months ago one > of my friends - digit - found bug in linux nfsd daemon. I made example > sploit about IV 1999. Now in distributions is new nfsd and nowhere was > information about security weaknes of old version! Well, one gets used to people

I've got egg on my face... There is a nasty security hole in the User-space NFS servers. If you are running an NFS server, please upgrade as soon as possible to the latest release, nfs-server-2.2beta35.tar.gz, which can be found at ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir All previous releases are vulnerable. <Taking off his okir hat and putting on his caldera

Hi all, I just looked into LPRng to see to what extent it is affected by the problems recently reported for the BSD lpd. It seems that it is fairly safe from those mentioned in the SNI advisory. > Problem 1: File creation > > Individuals with access to the line printer daemon from a privileged > port on a valid print client can tell lpd to create a file, providing > the name of

Summary: you can exploit a single-byte buffer overrun to gain root privs. When, half a day after releasing version 2.2beta37 of the Linux nfs server, I received a message from Larry Doolittle telling me that it was still vulnerable to the root exploit posted to bugtraq, I was ready to quit hacking and start as a carpenter... Tempting as that was, I didn''t, and started looking for the

Hi there, some of the recent holes discussed on this list, and David Holland''s suggestion for a utmp manager daemon got me thinking. I ended up coding a sample program that demonstrates how a `resource manager'' can be used to allow applications access to certain resources while not giving them any privileges. The sample program is a primitve modem manager that hands out open

-----BEGIN PGP SIGNED MESSAGE----- ld.so Vulnerability A buffer overflow problem was reported on bugtraq affecting the ELF and a.out program loaders on Linux. This problem can possibly be exploited by malicious users to obtain root access. On Linux, programs linked against shared libraries execute some code contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for ELF

On 2/6/2017 10:40 ??, Philippe BOURDEU d'AGUERRE wrote: > Reverting to rpcbind-0.2.0-38.el7 solves the problem for me Thank you very much Philippe, I notice that I have upgraded to rpcbind-0.2.0-38.el7_3.x86_64 on May 26. Have you checked if this bug/behavior has been reported or should we file a bug report? Nick

From: "Bruce Rogers" <brogers at novell.com> Under harsh testing conditions, including low memory, the guest would stop receiving packets. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by: Bruce Rogers <brogers at

From: "Bruce Rogers" <brogers at novell.com> Under harsh testing conditions, including low memory, the guest would stop receiving packets. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by: Bruce Rogers <brogers at

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New majordomo packages available Advisory ID: RHSA-2000:005-05 Issue date: 2000-01-20 Updated on: 2000-05-31 Product: Red Hat Powertools Keywords: majordomo Cross references: N/A

Hoping that this is not OT.. Hi I want to write a simple perl script to see if my system supports des or md5 as the password encryption scheme..what is the easiest way.. one of course is to look at the /etc/shadow file and then parsing the passwd field, any better way..?? Thx, Arni

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Netscape 4.73 available Advisory ID: RHSA-2000:028-02 Issue date: 2000-05-19 Updated on: 2000-05-19 Product: Red Hat Linux Keywords: netscape SSL telnet rlogin Cross references:

[Mod: Sent to linux-security instead of linux alert -- alex] Dave G. <daveg@ESCAPE.COM> wrote: > /* vixie crontab buffer overflow for RedHat Linux > * > * I dont think too many people know that redhat uses vixie crontab. > * I didn''t find this, just exploited it. The vulnerability involves an unguarded sscanf call in env.c. Enlarging the buffer to the largest

CentOS Errata and Security Advisory CESA-2007:0345 vixie-cron security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2007-0345.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/vixie-cron-4.1-19.EL3.i386.rpm source: updates/SRPMS/vixie-cron-4.1-19.EL3.src.rpm You may update your CentOS-3 i386 installations by