similar to: Yet Another DIP Exploit?

Hi all, I am using Hartigan & Hartigan's [1] "dip test" of unimodality via the diptest package in R. The function dip() returns the value of the test statistic but I am having problems calculating the p-value associated with that value. I'm hoping someone here is familiar with this process and can explain it. In the original article there is an example using n=63 and a

This could be a nice opportunity for users with a high volume of SIP traffic terminating in the US: Collecting dip fees on outbound phone calls - fees that would otherwise go to the local phone company. With all the recent fees and surcharges, the cost of wholesale telecom and dialer traffic keeps rising. But what many companies with a high volume of IP based voice traffic don't realize

Hi, I just got a value for the dip test out of my data of 0.074 for a sample size of 33. I'm trying to work out what this actually means though? Could someone help me relate this to a p-value? Thanks James

It has come to my attention that there are quite a few local exploits circling around in the private sector for GID Games. Several of the games have vanilla stack overflows in them which can lead to elevation of privileges if successfully exploited.

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of

Hm, look what I got hold of today.. Works if sendmail is mode 4111 or similar: #! /bin/sh # # # Hi ! # This is exploit for sendmail smtpd bug # (ver. 8.7-8.8.2 for FreeBSD, Linux and may be other platforms). # This shell script does a root shell in /tmp directory. # If you have any problems with it, drop me a letter. #

We just had a security application vendor come in. We asked about Linux support and he said that putting a security application on top of an insecure OS was useless. When I asked what he meant by insecure he replied that Linux does not have a true Auditing capability - as opposed to HP-UX & Solaris which they do support. Can anyone explain to me what he was talking about? Thanks, Marty

I was wondering if it might be possible for an rsync developer to look over the attached patch (tested on Linux 2.4.24 against the rsync-2.6.0 release), and offer suggestions on how I could improve it. Basically I want to use Linux finer grained capabilities to retain only CAP_SYS_CHROOT & CAP_DAC_READ_SEARCH when rsync drops root privs. That way I can take whole system backups as a (mostly)

Red Hat Software has been notified of a critical security problem (a buffer overrun) in /usr/bin/sperl*. As no official fix for this problem exists, we recommend turning off the setuid bit on /usr/bin/sperl*. As far as we know, this problem affects all platforms and all versions. As soon as a fix is available we will release a new version of the perl package and announce it here. If no fix seems

Hello all ! Does anyone have a document describing jumpers, DIP switches, and connectors on Atcom's AX-4S (HFC-4S based 4xBRI) and AX-1E (HFC-1E based 1xPRI) cards ? Got the cards without any documents, there is nothing on a subject on Atcom's site, and so far no one from their support is replying to my emails. Thanks very much. Cheers, Nenad -------------- next part

I have some doubts about the validity of my procedure to estimeate linear contrasts ina a factorial design. For sake of semplicity, let's imagine a one way ANOVA with three levels. I am interested to test the significance of the difference between the first and third level (called here contrast C1) and between the first and the seconda level (called here contrast C2). I used the following

Hi, Recently once again an exploit for SuperProbe was posted to the bugtraq. That message was forwarded to linux-security and Rogier Wolff rejected it on the basis of the author of the SuperProbe (David Wexelblatt) comment that it was never intended to be suid. In general, there is absolutely no reason for programs that are supposed to be run only by root to be suid to root! If your

Hallo Waffenmeister! Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > Apr 7 14:07:52 delta postfix/qmgr[19078]: 1D8921B31260: from=<anmeyer at anup.de>, size=1492149, nrcpt=1 (queue active) > > Apr 7 14:07:53 delta postfix/pipe[19091]: 1D8921B31260: to=<miles at anup.de>, relay=dovecot, delay=2542, delays=2542/0.01/0/0.29, dsn=4.3.0, status=deferred

>From library(diptest): Shouldn't the following almost always be non-significant for Hartigan's dip test? dip(x = rnorm(1000)) I get dip scores of around 0.0008 which based on p values taken from the table (at N=1000), using the command: qDiptab, are 0.02 < p < 0.05. Anyone familiar with Hartigan's dip test and what I may not be understanding? Thanks, kbrownk

Running dovecot 1.2.4 on FreeBSD using Postfix. Everything works fine normally, but deliver is executable by world. This is not normally a problem, as I don't run deliver SetUID root. But for whatever reason, when deliver is called by something that IS SetUID root I get the following error: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This

Well, I had just finally gotten around to downloading a snapshot to test the latest on Tru64 a couple of days ago but hadn't had a chance to build it yet, and 3.7p1 has now been released. Sigh. The problem is that Tru64 setreuid() and setregid() are broken, so privsep doesn't work. This could also be a security problem for SIA authentication in general (any version of OpenSSH on Tru64,

http://bugzilla.mindrot.org/show_bug.cgi?id=653 Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Product: Portable OpenSSH Version: 3.7.1p1 Platform: Alpha OS/Version: other Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi all. I've had a hard time trying to find out why deliver isn't working after I've updated dovecot from v1.11 to v1.2.8. It just gave me EX_TEMPFAIL without any info in the logs. My deliver was setuid-root. Once I've made a simple shell wrapper script for the deliver executable which saves deliver's stdout+stderr, I've found the reason:

Any way to check if another proc has run or been run by a proc that is setuid or seteuid?

PIZZACODE SECURITY ALERT program: rssh risk: low[*] problem: string format vulnerability in log.c details: rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. Additioanlly, running rsync, rdist, and cvs are