similar to: Re: Re: Re: Re: Buffer Overflows: A Summary

Martin Pool wrote: > > > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU> > > Date: 05 May 1997 12:23:05 -0400 > > > [mod: Yes. One "catchall" would be to modify "suser()" to return > > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > > chrooted environment just

Hi All, > act_2 Date Dtime Hour Min Second Rep 51 2006-02-22 14:52:18 14 52 18 useractivity_act 52 2006-02-22 14:52:18 14 52 18 4 55 2006-02-22 14:52:49 14 52 49 4 57 2006-02-22 14:52:51 14 52 51 4 58 2006-02-22 14:52:52 14 52 52 3 60 2006-02-22 14:54:42 14 54

Hi All, > act_2 Date Dtime Hour Min Second Rep 51 2006-02-22 14:52:18 14 52 18 useractivity_act 52 2006-02-22 14:52:18 14 52 18 4 55 2006-02-22 14:52:49 14 52 49 4 57 2006-02-22 14:52:51 14 52 51 4 58 2006-02-22 14:52:52 14 52 52 3 60 2006-02-22 14:54:42 14 54

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

Hi, Andrew G. Morgan wrote: > bofh@snoopy.virtual.net.au wrote: > > >At this stage, I''m interested mostly in peoples'' comments. I''m becoming > > >fascinated by what it would take to make Linux conform to Orange-Book Class B > > >security. This modification to the filesystem would be relevant to getting it > > >over C1

I'm looking at migrating a small Netware 3.12 server to a Linux box with samba for a small office. They use a DOS program called `ACCPAC' to do their accounting; both the program and it's data reside on different exported volumes on the netware system. I set up a linux box (for testing- deployment later, maybe) to make sure the program would run with samba before going ahead and just

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Multiple Heap Overflows Allow Remote == Code Execution == CVE ID#: CVE-2007-2446 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Various bugs in Samba's NDR parsing == can allow a user to send specially ==

Hi, On one of our asterisk systems that is quite busy, we are seeing the following from 'netstat -s': Udp: 17725210 packets received 36547 packets to unknown port received. 44017 packet receive errors 17101174 packets sent RcvbufErrors: 44017 <--- this When this number increases, we see SIP errors, and in particular Qualify packets are lost, and

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to |

On Mon, Nov 20, 2017 at 1:07 PM, James Zern <jzern at google.com> wrote: > Just an attempt to avoid overflows with an explicit check, I don't know if > there's a better way to identify corrupt input here. > > James Zern (2): > op_pcm_seek: fix int64 overflow > op_fetch_and_process_page: fix int64 overflow > > src/opusfile.c | 11 +++++++++-- > 1 file

On Tue, Oct 13, 2015 at 12:04 AM, celelibi--- via Syslinux <syslinux at zytor.com> wrote: > From: Sylvain Gault <sylvain.gault at gmail.com> > > Hello there, > > I propose 2 patches that fix two possible stack overflows either when running a > COM32 module or when loading a new config file. > > I didn't find a better way to do this than to use the infamous

I'm running Centos 7 with gnome. After 32 running applications, the panel at the bottom overflows. There seems to be no scrolling mechanism. How if at all can I see the overflow? -- Michael hennebry at web.cs.ndsu.NoDak.edu "Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a heiroglyph, and the blood of a virgin."

Salut, I found a bug in tinc where one might be able to execute code remotely by sending a long key, whereas I'm not sure if it's security relevant. I'd prefer sending the patch in confidentially, whom should I send it to? Tonnerre -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes

Spam detection software, running on the system "mail.montanhydraulik.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster for details. Content preview: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Hi everyone, In the package POT, there is a function that computes the L-moments of a given sample (samlmu). However, to compute those L-moments, one needs to obtain the total number of combinations between two numbers, which, by the way, requires the use of a factorial. See, for example, Hosking (1990 , p. 113). How does the function "samlmu" in the package POT avoids overflows? I

FreeBSD wahoo.prodigy.net 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #0: Tue Sep 23 10:13:51 CDT 2003 jbryant@wahoo.prodigy.net:/usr/obj/usr/src/sys/WAHOO.SMP i386 Dual Pentium II 333 MHz on Tyan Thunder-2 Motherboard. Anyone else seeing this? jim -- "Religious fundamentalism is the biggest threat to international security that exists today." United Nations Secretary

On Tue, 12 May 1998, Andi Kleen wrote on BUGTRAQ: > I assumed the libc would ignore NLSPATH when the app runs suid (similar > like it does with LD_LIBRARY_PATH etc.). If it doesn''t that is a bad bug. > > [... clickety click ... ] > > At least glibc 2.1 uses __secure_getenv() for NLSPATH. Don''t know about 2.0, > separate GNU gettext, or libc5. I have

Steven Rostedt <rostedt at goodmis.org> writes: > On Thu, 26 Jan 2023 18:01:14 +0100 > Petr Machata <petrm at nvidia.com> wrote: > >> + TP_printk("dev %s af %u src %pI4/%pI6c grp %pI4/%pI6c/%pM vid %u", >> + __get_str(dev), __entry->af, __entry->src4, __entry->src6, >> + __entry->grp4, __entry->grp6, __entry->grpmac,

On Thu, Dec 7, 2017 at 12:18 PM, Timothy B. Terriberry <tterribe at xiph.org> wrote: > [...] > > Sorry, I can't reply to the original patches because I didn't actually get > that e-mail due to local trouble with my mail server. I could pull the > patches from the list archive, however. Thanks for the reports. > Thanks for recovering them and having a look. I

Asterisk Project Security Advisory - AST-2007-022 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Buffer overflows in voicemail when using IMAP | | |