Displaying 20 results from an estimated 120 matches similar to: "FYI: Possible information disclosure in cfingerd."
1998 Aug 07
4
SMB printing server problem... HELP ME !!!
-------------- next part --------------
Hello everybody!!!
First of all I must say that I'm not an English speaker, so this text may sound
a little extrange. I apollogize.....
Well, I'm having problems with the SMB printing system. I have spent a lot of time
(nearly 15 hours and a houndred of configurations) in it but I could not use it as
a printing server.
System Configuration:
One
2012 Dec 03
0
Uncontrolled disclosure of advisories XSA-26 to XSA-32
We just sent the message below to the security advisory predisclosure
list, relating to the release of XSA-26 to XSA-32. As you will see,
these have now been publicly released.
We''ll have a proper conversation about this in a week or two.
Thanks for your attention,
Ian.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We regret to announce that a member of the predisclosure list
2013 Feb 06
0
Response to France Telecom disclosure
Hi,
For those who heard of the recent France Telecom IPR disclosure against
Opus, here's our response:
https://hacks.mozilla.org/2013/02/defending-opus/
Cheers,
Jean-Marc
2003 Sep 16
0
two potentially troubling posts to full-disclosure
I haven't seen anything about this here and thought I should pass it along.
christopher neitzert <chris at neitzert.com> made two postings to the
full-disclosure list earlier today. They stated, in part:
*****
Does anyone know of or have source related to a new, and unpublished ssh
exploit? An ISP I work with has filtered all SSH connections due to
several root level incidents
2020 Jul 18
2
[Bug 3196] New: [Information Disclosure] OpenSSH_7.4p1 Raspbian-10+deb9u7 discloses OS version
https://bugzilla.mindrot.org/show_bug.cgi?id=3196
Bug ID: 3196
Summary: [Information Disclosure] OpenSSH_7.4p1
Raspbian-10+deb9u7 discloses OS version
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Other
Status: NEW
Severity: security
Priority: P5
2018 Jun 11
0
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
Asterisk Project Security Advisory - AST-2018-008
Product Asterisk
Summary PJSIP endpoint presence disclosure when using ACL
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Minor
2003 Sep 17
0
Fwd: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
More patch-o-rama :-(
---Mike
>From: Michal Zalewski <lcamtuf@dione.ids.pl>
>To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>,
> <full-disclosure@netsys.com>
>X-Nmymbofr: Nir Orb Buk
>Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one)
>[CAN-2003-0694]
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere:
2003 Sep 15
1
Fwd: Re: [Full-Disclosure] new ssh exploit?
Has anyone around here heard of this ?
---Mike
>Subject: Re: [Full-Disclosure] new ssh exploit?
>From: christopher neitzert <chris@neitzert.com>
>Reply-To: chris@neitzert.com
>To: full-disclosure@lists.netsys.com
>X-Mailer: Ximian Evolution 1.4.3.99
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere: full-disclosure@lists.netsys.com
2006 Aug 10
0
DHH''s Post on Ruby Talk -- Rails 1.1.6: Stronger fix, backports, and full disclosure
The cat is out of the bag, so here''s the full disclosure edition of
the current security vulnerability. With Rails 1.1.0 through 1.1.5
(minus the short-lived 1.1.3), you can trigger the evaluation of Ruby
code through the URL because of a bug in the routing code of Rails.
This means that you can essentially take down a Rails process by
starting something like /script/profiler, as the code
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
It seems that users may be disclosing unintended public key info
when logging into remote hosts.
Use of the words keypair/keyid/etc have been bastardized. Signature
is likely better. Note also, the author may be without clue.
Setup:
[g] - refers to an administrative group of hosts
[n] - refers to a host within that group
ws[g][n] - management workstations [trusted]
User ssh-add's keys for
2005 Jul 07
1
[Fwd: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow]
Has Centos been tested for this yet?
-------- Original Message --------
Subject: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow
Date: Wed, 06 Jul 2005 16:23:20 +0200
From: Thierry Carrez <koon at gentoo.org>
Organization: Gentoo Linux
To: gentoo-announce at lists.gentoo.org
CC: full-disclosure at lists.grok.org.uk,
bugtraq at securityfocus.com, security-alerts at
2012 Aug 01
5
[Full-disclosure] nvidia linux binary driver priv escalation exploit
Hi all!
I found this today on FD:
http://seclists.org/fulldisclosure/2012/Aug/4
2006 Aug 10
4
Rails 1.1.6: Stronger fix, backports, and full disclosure
The cat is out of the bag, so here''s the full disclosure edition of
the current security vulnerability. With Rails 1.1.0 through 1.1.5
(minus the short-lived 1.1.3), you can trigger the evaluation of Ruby
code through the URL because of a bug in the routing code of Rails.
This means that you can essentially take down a Rails process by
starting something like /script/profiler, as the code
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013
>
> +----------------------------------------------------------------------------------+
> | Product | Asterisk |
> |----------------------+-----------------------------------------------------------|
> | Summary | IAX2
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013
>
> +----------------------------------------------------------------------------------+
> | Product | Asterisk |
> |----------------------+-----------------------------------------------------------|
> | Summary | IAX2
2002 Sep 06
3
error starting client-server protocol (code 5)
I'm running FreeBSD 4.6.2 on two different machines. Both machines have
rync installed by way of the ports library, but one of them is running
it as a server. I followed the directions in the man pages for running
the server using inetd.
Here is what happens:
rsync rsync://myusername@10.0.0.8/
rsync: server sent "rysnc version 2.5.5 protocol version 26" rather than
2005 Apr 21
6
Information disclosure?
Hello,
For some reason, I thought little about the "clear" command today..
Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
a file containing a password, running vipw, etc) .. then runs clear and
logout. Then anyone can press the scroll-lock command, scroll back up
and read the sensitive information.. Isn't "clear" ment to clear the
2016 Mar 02
2
problem restoring ssl and vlc
greeting.
a short while ago, i may have gone to a site i should not have. maybe.
after visiting, i decided i would check for rpm updates.
when yumex opened to available packages, it showed that;
openssl.x86_64 0:1.0.1e-42.el6_7.4
was available, so i checked it, then clicked install button. during
log display, i got error message, tried again. still got error.
seems that there is a
2002 Mar 09
1
smbd and login scripts
Hello
I've two strange problems:
- smbd
I've attached you my smb.conf, inetd.conf and my log file. Sometimes smbd and
nmbd run and somtimes only nmbd run (I check it with ps -ax). But I have
access over my shares (I test it with my Win95 machine). Also in my log
file there're some error messages (I don't now from where the came).
- login scripts
My scripts won't run but if
2005 Jun 02
1
Re: Reboots -- everything's a file
From: Rodrigo Barbosa <rodrigob at suespammers.org>
> Actually, there is another neat trick for rpm based systems.
> You see, rpm, prior to removing anything, will rename that to ${NAME}.OLD.
> So, libc.so.6 becomes libc.so.6.OLD, and then removed.
> As we all know, if that library is currently open by any running process,
> it won't be imediately removed (even tho you