similar to: rwhod is naive

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in cron daemon Advisory ID: RHSA-1999:030-01 Issue date: 1999-08-25 Updated on: Keywords: vixie-cron crond MAILTO Cross references: --------------------------------------------------------------------- 1. Topic: A buffer overflow exists in crond, the cron

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID: RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 --------------------------------------------------------------------- 1. Topic: A

Introduction. ------------ Every now and then a new "exploit" turns up of some program that uses tmp files. The first solution was "sticky bits", but since links exist (that''s a LONG time), that solution is inadequate. Discussion. ---------- The problem is that you put an object (link/pipe) in the place where you expect a program to put its tempfile, and wait for

I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1: Permission denied

On Tue, Nov 09, 1999 at 11:39:39AM +0100, Mariusz Marcinkiewicz wrote: > After reading lcamtuf's posts I decided write this one. Few months ago one > of my friends - digit - found bug in linux nfsd daemon. I made example > sploit about IV 1999. Now in distributions is new nfsd and nowhere was > information about security weaknes of old version! Well, one gets used to people

Its been looking like this pretty much all day ... top shows nothing major, and the drive looks reaonably quiet ... there is nothing in messages to indicate a problem that I can see (even those enclosure messages have been reasonably quiet) ... What consumes SYS CPU? Stuff like apache and jakarta-tomcat use up USER CPU, correct? neptune# iostat 5 tty aacd0 pass0

I've got egg on my face... There is a nasty security hole in the User-space NFS servers. If you are running an NFS server, please upgrade as soon as possible to the latest release, nfs-server-2.2beta35.tar.gz, which can be found at ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir All previous releases are vulnerable. <Taking off his okir hat and putting on his caldera

Hi there, some of the recent holes discussed on this list, and David Holland''s suggestion for a utmp manager daemon got me thinking. I ended up coding a sample program that demonstrates how a `resource manager'' can be used to allow applications access to certain resources while not giving them any privileges. The sample program is a primitve modem manager that hands out open

-----BEGIN PGP SIGNED MESSAGE----- ld.so Vulnerability A buffer overflow problem was reported on bugtraq affecting the ELF and a.out program loaders on Linux. This problem can possibly be exploited by malicious users to obtain root access. On Linux, programs linked against shared libraries execute some code contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for ELF

Summary: you can exploit a single-byte buffer overrun to gain root privs. When, half a day after releasing version 2.2beta37 of the Linux nfs server, I received a message from Larry Doolittle telling me that it was still vulnerable to the root exploit posted to bugtraq, I was ready to quit hacking and start as a carpenter... Tempting as that was, I didn''t, and started looking for the

Hi all, I just looked into LPRng to see to what extent it is affected by the problems recently reported for the BSD lpd. It seems that it is fairly safe from those mentioned in the SNI advisory. > Problem 1: File creation > > Individuals with access to the line printer daemon from a privileged > port on a valid print client can tell lpd to create a file, providing > the name of

Some versions (the util-linux version, but not the netwrite or netkit versions) of /usr/bin/write have a buffer overrun problem that is almost certainly exploitable. Note that this gives access to the tty group, but not (directly) root. The fix is to change the two sprintfs to snprintfs. Patches have been mailed to the maintainer. -- - David A. Holland | VINO project home page:

> ========================================================================== > CERT(sm) Advisory CA-96.20 > Original issue date: September 18, 1996 > Last revised: -- > > Topic: Sendmail Vulnerabilities > -------------------------------------------------------------------------- > *** This advisory supersedes CA-95:05 *** Just a word of warning -

I guess I never sent the message I was going to last week about xterm. [Noteto REW: If I did, kill this message...] It seems that sending xterm an excessively long escape sequence kills it (and perchance might be made to hack it, which would be quite bad.) The xterm in XFree86-3.2 is immune to this problem. I recommend everyone upgrade ASAP. -- - David A. Holland | VINO

About a year ago I outlined a scheme for arranging chowning of the tty end of ptys without needing root privileges. Since then, I haven''t had time to actually implement it. I was thinking about the problem again today, and, having learned a bit about sessions and controlling ttys and stuff, was able to come up with a simpler mechanism. First, observe that the POSIX session mechanism, if

Processing commands for control at bugs.debian.org: > severity 376780 important Bug#376780: atd: Please correct LSB formatted dependency info in init.d script Severity set to `important' from `normal' > severity 458442 important Bug#458442: rsync: Slightly wrong LSB header in init.d script Severity set to `important' from `normal' > severity 458474 important Bug#458474:

Evening all ... One of my servers just crashed with the "pmap_new_proc: u_map allocation failed" ... Looking at a ps of the vmcore file, I find: neptune# awk '{print $11}' /tmp/ps.crash | sort | uniq -c 1 (Xvfb) 1 (aac0aif) 1 (adjkerntz) 1 (analog) 1 (bufdaemon) 4412 (cron) 8 (csh) 84 (ctl_cyrusdb) 3 (ctl_deliver) 1 (emacs) 1 (find) 1

Hi all, Note: selinux was in permissive prior to error Got this with a yum update: abrt_version: 2.0.8 cgroup: cmdline: semodule -n -r oracle-port -b base.pp.bz2 -i accountsd.pp.bz2 ada.pp.bz2 cachefilesd.pp.bz2 cpufreqselector.pp.bz2 chrome.pp.bz2 awstats.pp.bz2 abrt.pp.bz2 aiccu.pp.bz2 amanda.pp.bz2 afs.pp.bz2 apache.pp.bz2 arpwatch.pp.bz2 audioentropy.pp.bz2 asterisk.pp.bz2

I took my anaconda-ks.cfg file, cp to ks.cfg and copied to a floppy The isos have been copied to an ftp server. So I had the following lines in my ks.cfg intall url ftp://10.1.1.1// (yes the ftp server's directory is the Centos directory) This is along with all the appropriate network command to get the ethernet setup. I issue the linux ks=floppy (also tried linux