similar to: Overflow in xlock (fwd)

/* vixie crontab buffer overflow for RedHat Linux * * I dont think too many people know that redhat uses vixie crontab. * I didn''t find this, just exploited it. * * * Dave G. * <daveg@escape.com> * http://www.escape.com/~daveg * * */ #include <stdio.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #define

cxterm is a Chinese terminal emulator for the X Window System. It''s installed as suid-root by default if you did a make install. Just like xterm, it does needs to be suid to update /etc/utmp...blahblah... I discovered some buffer overflow bugs in it. The code attached below is the exploit. Quick fix? chmod -s /path/cxterm

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:44 Security Advisory FreeBSD, Inc. Topic: xlockmore port allows reading of password file Category: ports Module: xlockmore Announced:

I was surprised to see that this hadn't made it to the samba list yet. Note I have not spent any time trying to confirm validity. ---------- Forwarded message ---------- Date: Fri, 26 Sep 1997 00:21:55 +0200 From: root <root@ADM.KIX-AZZ.ORG> To: BUGTRAQ@NETSPACE.ORG /* ___ ______ _ _ / \ | _ \ | \ / |

Processing commands for control at bugs.debian.org: > # changing bug submitter e-mail address from > # dkg-debian.org at fifthhorsemannet to > # dkg at fifthhorseman.net for consolidation > submitter 318123 ! Bug#318123: [CVE-2006-0061] xlockmore: xlock segfaults with libpam-opensc, returns to user session Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at

Roman Garcia wrote: > > Hi, > Maybe I found a hole in the security on Linux running X-Windows. > Supose that you logged as root. If you locks the screen (at least > using openwindows+virtual desktop and xlock), anybody can press > <Ctrl><Alt><Backspace>, that kills the xserver, giving the root > prompt in the console. You can disable this in the XF86Config

Hi, I am facing two problems in Linux , if you can help me with these. 1. I have to generate keyboard /mouse interrupt from my program which xlock can recognize so that prompt will appear on it. The interrupt will be generated from a program running at the background. It is required in my project. 2. I have started a program in /usr/bin/startkde, which was necessary at that time only, has

Hello to all: I'd like to thank everyone who offered insight to why xscreensaver lock wasn't working. Just this morning I performed a last-minute search, based on some leads, of possible pam configuration issues. One URL that popped up via google was http://www.kernel.org/pub/linux/libs//pam/FAQ Q9 contained a lead to make `which xlock` setuid root (chmod +s). I did this for

Summary: Any user can gain root privileges on a Intel Linux system with suidperl 5.003 (having the suid bit, of course) even if "SUIDBUF" and "two suidperl security patches" have been applied. Non-Intel / non-Linux platforms may be affected as well. Quick fix: chmod u-s /usr/bin/sperl5.003 (what else?) Details: There is a nasty bug in mess() (util.c): it is possible to

Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification

Package: logcheck-database Version: 1.3.8 Severity: wishlist HI, can you please create a rule/some rules for amavis(d-new). I get for every mail this mesage: May 25 19:55:40 data amavis[9603]: (09603-15) Passed CLEAN, [::1] [213.165.64.22] <xxx at yyy.zz> -> \ <aaa at localhost>, Message-ID: <20100525175015.29677page1 at mx002.bbb.ccc>, mail_id: MM7upJv6se1Z, \ Hits:

Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0

Section I. Overview Hello, About a half year ago there was some rumour on bugtraq concerning a buffer overflow in Linux dynamic linkers, ld.so and ld-linux.so. You can take a look at the beginning of the thread at http://www.geek-girl.com/bugtraq/1997_3/0089.html to refresh old memories; I''ll capitalize anyway. Briefly, there exists a buffer overrun in ld-linux.so versions 1.7.14,

The Wine development release 1.7.46 is now available. What's new in this release (see below for details): - Improvements in the BITS file transfer service. - Still more progress on DirectWrite implementation. - Support for shared user data on 64-bit. - Various C++ runtime improvements. - Some more support for the 64-bit ARM platform. - Various bug fixes. The source is available

My apologies for not including sessionInfo(), and I'm a bit angry at myself for that. Retrying in a fresh session of R, I get different results. More specifically, I get the expected result where accuracy is the same in the first and the last line. As I didn't include my sessionInfo() in my previous mail, I can't figure out why I now have a different result. So I'm positive

On Tue, 18 Mar 2003 11:55, Daniel O'Connor wrote: > On Tue, 2003-03-18 at 02:54, Fred Clift wrote: > This is interesting because I had a crash with Mozilla which only > stopped when I built WITHOUT_XFT. > > I have updated fontconfig, freetype etc.. with no luck :( Not sure I replied to this but.. The solution was that I had a font directory X knew about but not fontconfig :(

Hi there, when doing "make check" for a 2.3.0 build on Solaris Sparc I get a bus error due to an alignment issue. It seems the error is only happening during testing, because in the official API it was fixed in https://github.com/dovecot/core/commit/d8361cc8576d9ede93a037f9b96f2a3f9b7e9054#diff-2ff53ae0e00a90ee20d648229ad91d2b But the tests use hand written test vectors, that are

What OS are you on? On Ubuntu 17.10 with R 3.4.3 all seems well (see below for your example, I just added a setwd()). [ That said, I long held a (apparently minority) view that csv is for all intends and purposes a less-than-ideal format. If you have that much data, you do generally not want to serialize it back and forth as that is slow, and may drop precision. The rds format is great for R

Hi, all, When running > AB.fit=adaboost(ylearn, xlearn, xtest, presel=0) I got the following error: Error in `[[<-.data.frame`(`*tmp*`, preds, value = c(4L, 6L, 6L, 6L, 3L, : replacement has 186 rows, data has 62 The data structure is attached below: [1] "ylearn" [1] 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 [40] 1 1 1 1 1 1 1 0

Dear all, I have encountered a weird behaviour in R survival package which seems to me to be a bug. The weird behaviour happens when I am using 100 variables in the ridge function when calling coxph with following formula Surv(time = futime, event = fustat, type = "right") ~ ridge(X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X12, X13, X14, X15, X16, X17, X18, X19, X20, X21, X22,