similar to: Linux UNFSD Security Problems

On Tue, Nov 09, 1999 at 11:39:39AM +0100, Mariusz Marcinkiewicz wrote: > After reading lcamtuf's posts I decided write this one. Few months ago one > of my friends - digit - found bug in linux nfsd daemon. I made example > sploit about IV 1999. Now in distributions is new nfsd and nowhere was > information about security weaknes of old version! Well, one gets used to people

Summary: you can exploit a single-byte buffer overrun to gain root privs. When, half a day after releasing version 2.2beta37 of the Linux nfs server, I received a message from Larry Doolittle telling me that it was still vulnerable to the root exploit posted to bugtraq, I was ready to quit hacking and start as a carpenter... Tempting as that was, I didn''t, and started looking for the

Hi there, some of the recent holes discussed on this list, and David Holland''s suggestion for a utmp manager daemon got me thinking. I ended up coding a sample program that demonstrates how a `resource manager'' can be used to allow applications access to certain resources while not giving them any privileges. The sample program is a primitve modem manager that hands out open

-----BEGIN PGP SIGNED MESSAGE----- ld.so Vulnerability A buffer overflow problem was reported on bugtraq affecting the ELF and a.out program loaders on Linux. This problem can possibly be exploited by malicious users to obtain root access. On Linux, programs linked against shared libraries execute some code contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for ELF

Hi all, I just looked into LPRng to see to what extent it is affected by the problems recently reported for the BSD lpd. It seems that it is fairly safe from those mentioned in the SNI advisory. > Problem 1: File creation > > Individuals with access to the line printer daemon from a privileged > port on a valid print client can tell lpd to create a file, providing > the name of

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in cron daemon Advisory ID: RHSA-1999:030-01 Issue date: 1999-08-25 Updated on: Keywords: vixie-cron crond MAILTO Cross references: --------------------------------------------------------------------- 1. Topic: A buffer overflow exists in crond, the cron

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID: RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 --------------------------------------------------------------------- 1. Topic: A

It seems that when you send rwhod an rwho packet, it blindly assumes you are who the packet says you are. That is to say, it looks as if any host can inject false rwho data for any other host. I''m not convinced this is worth fixing. Opinions? -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

Introduction. ------------ Every now and then a new "exploit" turns up of some program that uses tmp files. The first solution was "sticky bits", but since links exist (that''s a LONG time), that solution is inadequate. Discussion. ---------- The problem is that you put an object (link/pipe) in the place where you expect a program to put its tempfile, and wait for

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

Hello there, I believe that unfsd ( http://unfs3.sourceforge.net/ ) now does have multi-threaded capability and as such should be fairly well scalable. I am using it on CentOS 6.2 and it seems to become all but unusable when more then 3-4 users connect to it. Is that normal? What sort of experience have other people had? Is there a way to parametrically tune it, by the way? Thanks. Boris.

Hi list. I have been testing with glusterfs-3.0.2. glusterfs mount works well. unfsd on glusterfs mount point works well too. When using booster, unfsd realpath check failed. But ls util works well. I tried 3.0.0-git head source build but result was same. My System is Ubuntu 9.10 and using unfsd source from official gluster download site. Any comment appreciated!! - kpkim root at

I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1: Permission denied

Hi all, I've been trying out Gluster Platform, so some info will be from the management interface. If additional data from logs is required, please let me know which logfiles. When using a Gluster NFS volume as a ESXi datastore, creation of a disk file (vmdk) takes a considerable amount of time (with unfsd using 10-50% cpu) and then crashes unfsd. A reboot of the system seems necessary to

-------- Is this old? I couldn''t find it in the linux-security archives. If so, please disregard. Dan ------- Forwarded Message Return-Path: cppm_reg_sysadmins-owner@fnal.gov Received: from FNAL.FNAL.Gov (fnal.fnal.gov [131.225.9.8]) by sapphire.fnal.gov (8.8.7/8.8.7) with ESMTP id LAA27322 for <yocum@sapphire.fnal.gov>; Tue, 13 Oct 1998 11:12:23 -0500 Received: from raven

Hi, I've installed Gluster Storage Platform on two servers (mirror) and mounted the volume on a client. I had to mount it using "mount -t glusterfs <MANAGEMENT_SERVER>:<VOLUMENAME-ON-WEBGUI>-tcp <MOUNTPOINT>" because I didn't had a vol file and couldn't generate one with volgen because we don't have shell access to the gluster server right? How can

-----BEGIN PGP SIGNED MESSAGE----- Hi all, Prompted by Mark''s discussion of the transname patch I''ve put together an experimental patch to the Linux nfsd that supports something I''ve named CDFs for lack of a more appropriate name. They''re not real CDFs, and in particular, they won''t let you manage stuff like shared /etc directories for diskless

Hello, my goal is to import data into a MySQL-Database using FasterCSV: Does anyone have an idea how I can force FasterCSV to ignore carriage returns that occur within(!) a database text field and to read until "line feed" = end or row is reached? I tried to use option ":row_sep" but it did not work, it still uses the returns within the text field as end of row, too:

Its been talked about from time to time. There really isn't anything stopping us from supporting it other than someone putting the time in to modify llvm-gcc to support C and possibly implementing the required runtime libraries for ObjC. Patches welcome! :) Reid. On Wed, 2004-12-08 at 23:01, Sébastien Pierre wrote: > Hello there, > > LLVM has C and C++ backends, so I was wondering

Le 17 janv. 05, à 00:38, Vikram Adve a écrit : > I think the code for closures (and therefore any first-class > functions) requires excessive use of void pointers and casts. And is there any chance that closure implementation could be made easier ? If LLVM is to be used as a platform for new computer languages, tis would be important. I think that closures would be on the top of the