similar to: SNI-12: BIND Vulnerabilities and Solutions (fwd)

Author: anay Repository: /hg/zfs-crypto/gate Revision: ecd424d223eba74f36389e19f048782a9ce9142e Log message: 6274683 gcc and libresolv[2] don''t get along Files: update: usr/src/lib/libresolv/res_comp.c update: usr/src/lib/libresolv/res_debug.c update: usr/src/lib/libresolv/res_gethost.c update: usr/src/lib/libresolv/res_init.c update: usr/src/lib/libresolv/res_mkquery.c update:

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

Hi all, I have been using tinc successfully for a while now. However, I need to do something different from my normal setup, and i am getting the feeling I am doing something obvious wrong. What I want to do is hookup 5 distant linux routers into one bigger network, Since I need to transmit both unicast and multicast traffic, the VPN network has to be in "Mode = switch" [Assumption

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory

[mod: Executive summary: SNI found recent linux-distributions not-vulnerable -- REW] -----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######.

[Mod: I am approving this message even though it is just a rehash of known vulnerabilities of DNS. Please in future lets avoid rehashing what was alreadt discussed in probably every single mailing list that deals with UNIX security several years ago? -- alex ] ###### ## ## ###### ## ### ## ## ######

###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory February 24, 1997

###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory March 2, 1997

Author: raf Repository: /hg/zfs-crypto/gate Revision: 4e0d2d9869b6e03153797c60bb3786268667c14c Log message: 6362982 namespace pollution/protection in libc 6369040 there should be but one synonyms.h file outside of libc Files: create: deleted_files/usr/src/lib/common/inc/mtlib.h create: deleted_files/usr/src/lib/libc/sparcv9/gen/llabs.s create:

////////////////////////////////////////////////////////////////////////// I have got a couple of messages stating that I am wrong and that the resolver vulnerability sent to list by Oliver Friedrichs (oliver@secnet.com) is a new one. Our discussion with Oliver outlined that even though it is possible that this vulnerability was discussed during BOFs at conferences such as LISA, SANS and NETSEC,

Hello. I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and "options edns0" in /etc/resolv.conf (glib >= 2.6). getrrsetbyname() calls res_query() with a maximum buffer size of 65536. The glibc resolver truncates this value to 16 bits, reducing the query's advertised buffer size to 0. BIND appears to ignore it while Unbound returns a server failure.

While I realize that the bliss virus looks more like a research project than a malicious virus, the reality is that it is out there. Because I was concerned that some programs on my linux systems might have become infected, I wrote a tool to determine which programs, if any, had been infected by the bliss virus. For those who lack md5 checksums of all their binaries, this is likely to be a

This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---559023410-1254324197-853117123=:29978 Content-Type: TEXT/PLAIN; charset=US-ASCII Two security problems have been noticed in the Apache 1.1.1 code base: 1) A hole in mod_cookies

Hello, I have dowloaded all that is required to build a working OpenSSH on HP-UX 10.20 from the HP-UX Porting and Archibve centre (this seems to be the only way to go for 10.20). Make/install of all prerequisites has scucceeded. Now make of openssh-3.7.1p2 gives the following: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/openssl-0.9.7b/include

Why is www.secnet.com down ? i'm looking for the samba-audit-tool and didn't find any mirror. Thomas On Fri, 30 Apr 1999 samba@samba.org wrote: > SAMBA Digest 2073 > > For information on unsubscribing see http://samba.org/listproc/ > Topics covered in this issue include: > > 1) Group-Shares > by Johannes Scherbaum <scherj@funkhaus.de> >

http://bugzilla.mindrot.org/show_bug.cgi?id=1299 Summary: Remove redefinition of _res in getrrsetbyname.c Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: NetBSD Status: NEW Keywords: patch Severity: major Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org

I've been trying to figure out why I can't seem to use SSHFP fingerprints delivered via DNSSEC, which led me to try to figure out why OpenSSH won't use DNSSEC on my NetBSD-4-branch platform. It turns out that around line 70 in openbsd-compat/getrrsetbyname.c, we have the following: /* to avoid conflicts where a platform already has _res */ #ifdef _res # undef _res

In the configure script, when it checks to see if _res is an extern, there are two problems: 1. There is no ac_WHATEVER variable to control it and override it. 2. Because the extern reference to _res is unused, the linker on some systems may elide it, causing an erroneous definition of HAS__RES_EXTERN The test should be coded as follows: /* ... confdefs.h */ #include <stdio.h> #if

Hello, I forgot in my last reply that my DWT implementation can be speed up, for example I'm doing for now: for (;_X1<_E_;_X1++,_RES+=2) //dilatation { _RES[0]=_X1[0]<<3; _RES[1]=(_X1[1]+_X1[0])<<2; } then for (;_X2<_E_;_X2++,_RES+=2) //details { _RES[0]-=(_X2[1]+_X2[0])<<1; _RES[1]+=6*_X2[1]-_X2[2]-_X2[0];