similar to: Re: Beware of dangerous enviroment (Re: Overflows in minicom)

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:53 Security Advisory FreeBSD, Inc. Topic: catopen() may pose security risk for third party code Category: core Module: libc Announced:

On Tue, 12 May 1998, Andi Kleen wrote on BUGTRAQ: > I assumed the libc would ignore NLSPATH when the app runs suid (similar > like it does with LD_LIBRARY_PATH etc.). If it doesn''t that is a bad bug. > > [... clickety click ... ] > > At least glibc 2.1 uses __secure_getenv() for NLSPATH. Don''t know about 2.0, > separate GNU gettext, or libc5. I have

This was posted not too long ago on sci.crypt... Enjoy... I think the most relevant information is near the top, but it''s all quite good... :-) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is no intrinsic difference between algorithm and data, the same information can be viewed as data in one context and as algorithm in another. Why then do so many people claim that encryption algorithms

[Mod: Forwarded from bugtraq -- alex] Hi! I''m sorry if the information I''m going to tell about was already known, but I hope it wasn''t... I just occasionally found a vulnerability in Linux libc (actually, some of the versions seem not to be vulnerable; my Slackware 3.1 box was though). Unfortunately, I have no time for a real investigation right now, but

Can anyone tell me where my blunder is in the following program? llvm-as reports: llvm-as: testit.ll:11: Can't store 'opaque *' into space of type 'opaque *'! Which doesn't seem to make sense to me. What is it that is illegal about storing a pointer to opaque in a space that is of type pointer to opaque? Is it just that you can't store pointers to opaque? %path =

Hi I'm presently installing 2.2.8a on Mandrake 9.1 I'm a newbie to Linux as well as Samba, so it's been fun... When I first installed Linux I installed Samba from the discs (2.2.7a), but on reading up on the subject it became clear that I should give installing the source a go. My problem is this - I don't think I have rerouted all of the paths to usr/local/samba from what

I''m trying to install CiscoWorks 2.5 on Solaris 10 update 1, and after the install when I try to start the daemon, it errors: # /opt/CSCOpx/objects/dmgt/dmgtd.sol ERROR: open file dmgtd failedERROR >>>>>>>>>>>>> open msg catalog failed. NLSPATH incorrect or objects/share/nls/C/dmgtd.cat is missing. # echo $NLSPATH

There are security holes in XMCD 2.0pl2 (and presumably all previous versions), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses

System details: -------------- Sun Blade 1000, Solaris 8, Sun ONE Compiler Suite (rebranded Forte 7), R versions 1.6.0 and 1.6.2 - suspect others are affected, too Problem description: ------------------- Using the recommended env var setting from p.15 of the Admin Guide, the configure script fails the sgemm sunperf test, even though the sunperf libraries are available Not linking with

I need a terminal program, such as minicom, which I see is not part of my Strongbolt install of CentOS+BQ loaded on a RaQ 4 system. Does anyone know if a standard rpm for minicom should work or where to get a package that will provide minicom or other terminal program? Or, perhaps there is another terminal program installed in my system that I can look for? -- Robert

I'm trying to capture text data coming in on serial port to put into a plot on a web page. Running minicom 2.3 on a Fedora 9 box the capture file is updated immediately. Running minicom 2.1, stock on a Centos 5.x box the capture file doesn't update until you exit capture mode. Is there any way to have it update immediately or is there an alternative application to write incoming data to a

Nicolas Kovacs writes: > Hi, > > I have to do some maintenance on a CentOS 7 proxy installed on a routerboard > without a video card. The only way to access this machine directly is via > Minicom and serial port. > > I'm using NetworkManager TUI (nmtui) to configure network interfaces, but > Ncurses rendering in Minicom works in the sense that chickens fly and horses

Hi all I am a newcomer of this ML. And I installed CentOS a couple of hours ago on my i386 box because it is said that CentOS is a community based binary distro of RHEL. Before that I used to use RH9(it is quite out of date for my newly upgraded PC) as my host environment to work on embedded systems. The installation procedure went smoothly and after that everything looked functional, however, I

hi ppl, well, here is another standard buffer overrun vulnerability, which may sometimes lead to root compromise (not always. not in new distributions, fortunately). Current Slackware and current RedHat don''t install minicom suid root, only sgid/uucp, which is not *that* dangerous. But when you build minicom from source, it asks you to do "chmod +s" on it. Summary:

Hi, I have to do some maintenance on a CentOS 7 proxy installed on a routerboard without a video card. The only way to access this machine directly is via Minicom and serial port. I'm using NetworkManager TUI (nmtui) to configure network interfaces, but Ncurses rendering in Minicom works in the sense that chickens fly and horses swim. What you get is a forest of question marks with a few

Here are my preliminary tests: 5.2.18 is vulnerable (stock Redhat 3.0.3) 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think) Dave G. <daveg@escape.com> http://www.escape.com/~daveg

The system I am using is a clean install of Mandrake 8.0 which has the gcc version 2.96 installed. I downloaded the wine-20010510 snapshot and successfully ran the ./tools/wininstall. The build seems to have run without problems and if I type: wine --version the correct release number is displayed indicating the install was also succesful. As per the FAQ I also did the following:

I have been looking further and need some help with: tools:::sysdata2LazyLoadDB("/data/prj/cran/R-3.2.3/src/library/tools/R/sysdata.rda","../../../library/tools/R") Error: Line starting 'Package: tools ...' is malformed! Details: root at x065:[/data/prj/cran/64/R-3.2.3/src/library/tools]export | egrep "PATH|HOME" HOME=/

Hi, I am seeing a rather strange issue with openssh-5.3p1 (both client and server) under scientific linux 6. The systems in question are set up to authenticate against a Kerberos server. ssh'ing between machines works fine 99% of the time with the gssapi-with-mic method. But on occasion an ssh session will fail to spawn a sheel for the user after authentication. An example -vvv output in this

Hi. I just went thru reading all of the howto and have a working implementation of RSVP over UDP encapsulation that i would linke to test, made in Java. For this, I would like to use a Linux Box as a RSVP enabled router. However, I have tried and tried to make RSVP work on linux and failed. So I wonder what I am doing wrong. Basically, on the linux box what I am doing is turning