similar to: OpenLinux 2.2: LISA install leaves root access without password

Hi, When php3 module is compiled in apache, files in any directory will be interpreted by the parser and executed. This is a security breach. There is a way to correct this? Any comments? Thanks, lacj --- <levy@null.net> Levy Carneiro Jr. Linux & Network Admin From mail@mail.redhat.com Sat May 8 02:32:02 1999 Received: (qmail 28372 invoked from network); 8 May 1999 07:05:57

(I almost didn''t post this cause I hope you would notice it immediately after installing the OS... It''s here for the people that don''t/won''t use Caldera OpenLinux 1.2 ) Hello to all! By default, Caldera OpenLinux 1.2 adds the currrent working directory to the end of the $PATH on login. This of course gives a normal user the possibility of gaining a root shell

Hello. I am looking to get the parameters that the Caldera RPM was made with. I have noticed that it is not being updated and would like to get the current ver. on my system, but need to have the same links to various files. Can anyone help me to find the parameters? I would be interested in making the RPMs but need to know how to make them first, maybe some direction to info on making RPMs.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: serious bug in setuid() Advisory number: CSSA-2000-014.0 Issue date: 2000 May, 31 Cross reference:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: wu-ftpd vulnerability Advisory number: CSSA-2000-020.0 Issue date: 2000 June, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description There is

Hi all: I'm running Caldera OpenLinux with kernel 2.0.29, shadow password and quotas. The shadow kit is 980403 and is working fine. Well, when I try to compile I got this output : ------------------------- Begin Compile output ------------------------ Using CFLAGS = -O -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr /local/samba/var/log.nmb"

Hi all. I asked a similiar question a few days ago, but either missed it or got no responses. The archive also turned up empty... Anyway, no matter what I've tried, I can't disable visibility of dot files in my home directory, or elsewhere. What exactly do I need to do to hide dot files? I've tried 'hide dot files = true' as well as 'hid files = .*' and various

On Fri, 27 Mar 1998 samba@samba.anu.edu.au wrote: > Date: Thu, 26 Mar 1998 09:54:21 -0500 > From: "W.J. McEachran" <billjr@penny.com> > Subject: Re: What shares are mounted on client ? > > On Wed, Mar 25, 1998 at 09:51:07PM -0500, Charlie Brady wrote: > > > WFW can be configured to delay the connect on shares until it is actually > > required. I

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New majordomo packages available Advisory ID: RHSA-2000:005-05 Issue date: 2000-01-20 Updated on: 2000-05-31 Product: Red Hat Powertools Keywords: majordomo Cross references: N/A

Hi, I am truly sorry if my question has a very easy answer somewhere in the docs or given to everyone else at birth but... I have posted a couple of times about my (just my?) problem with samba not recognizing newly added unix users without restarting samba and not gotten any response. I don't remember having to do this under 1.7.x but I could be wrong... If someone knows the answer to my

On Sat, 28 Aug 1999 15:38:25 Thomas Lumley <thomas@biostat.washington.edu> wrote: > On Sat, 28 Aug 1999 jnf@pcisys.net wrote: > > > > > > I am attempting to compile R-0.64.2 under Caldera OpenLinux 2.2. I have > > KDE installed but not gnome. When I ran configure, it correctly > > indicated that gnome is not installed. However when I then ran make, I

Available in the usual place. ftp://ftp.linuxsys.com/pub/releases/CentOS-4.0 This release includes minor spec changes, spandsp 0.0.2pre23, a new Sangoma wanpipe RPM for use with the LSE kernel rpm and an AMP installation document. Best Regards, -- Andrew McRory - President/CTO Linux Systems Engineers, Inc. - http://www.linuxsys.com Located in beautiful Tallahassee, Florida Office

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: sperl vulnerability Advisory number: CSSA-2000-026.0 Issue date: 2000 August, 7 Cross reference: ______________________________________________________________________________ 1. Problem Description sperl is

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: DoS on gpm Advisory number: CSSA-2000-024.0 Issue date: 2000 July, 6 Cross reference: ______________________________________________________________________________ 1. Problem Description There are security

asterisk-1.8.13.0 iksemel-1.4 I have a client who setup a gvoice account using their domain in the login name: username=client at theirdomain@gmail.com This appears to have caused a problem with authentication. I've tried escaping the @ and quoting the login string, etc. but it simply won't authenticate. I don't believe my configuration is bad as the same server /

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: flaws in the SSL transaction handling of Netscape Advisory number: CSSA-2000-017.0 Issue date: 2000 June, 09 Cross reference:

safe_asterisk used to work fine but with v1.0.3 I am getting all kinds of permission errors, intermittant failures, etc. Even with file permissions relaxed and ownership set to asterisk it craps out. Seems to work fine when run as root. Comments??? -- Andrew McRory - President/CTO Linux Systems Engineers, Inc. - http://www.linuxsys.com Located in beautiful Tallahassee, Florida Office

System is built on a SuperMicro motherboard with Serverworks chipset, IRQ is not shared. Have a dialplan that worked for 8 months without errors, tried reverting to older release then upgraded to 1.0.3 stable release, currently running on fedora core 1 kernel 2.4.22-nptl.2199 (have tried plain jayne), telco says "it's not us", HDLC abort seems to occur when when a Zap channel hangs

I am compiling 2.2.8 on a Caldera Openlinux box that was running 2.0.5 or some such. It already has a working config and uses samba.d dirs for it's files: /etc/samba.d /var/lock/samba.d /var/log/samba.d etc During compile I use following switches --with-piddir=/var/lock/samba.d --with-lockdir=/var/lock/samba.d However the pid files are ending up in /var/run/samba instead of

Greetings list, It's been a while since I've been able to focus on asterisk packaging but this weekend I took some time to audit and recompile packages for CentOS 4.2. You can find them here. ftp://ftp.linuxsys.com/ftp/pub/releases/CentOS-4.0 You have your choice of 1.2.1 or 1.0.10 releases. If you need zaptel modules then install this kernel as well: