Displaying 20 results from an estimated 110 matches similar to: "Linux Security WWW has moved"
1997 May 29
1
Vulnerability of suid/sgid programs using libXt
-----BEGIN PGP SIGNED MESSAGE-----
Buffer overflow in the resource handling code of the libXt (X11R6)
Thu May 29, 1997
Distribution of this document is unlimited
Copyright (C) Alexander O. Yuriev (alex@yuriev.com)
Net Access
Abstract
A buffer overflow was found in the resource handling
1997 Sep 18
0
[MOD] About "Security concern"
[Mod: Warning - we are hitting issues of security policy and that is not
what we would like to see here --alex]
Brian Koref said:
>
> Great input...
>
> As an investigator, many of the compromises I see involve systems
> which are 2 to 3 years old. An old slackware box sitting on a .mil
> domain, which some airman set up as a test machine. The airman gets
> trasferred, and
2016 Nov 28
0
gnucash 2.4.15 - both help and tutor drop out when attempting to read
greetings all.
GnuCash 2.4.15 - both help and tutor drop out when attempting to read
within a few seconds of opening. submitted bug report.
system:
centos 6.8 current
toshiba satellite l455d-s5976 w/
amd sempron si-42, 2GB ddr2
aoy, have not search centos or web for problem. thought i might try
quick and easy first.
has anyone seen such problem?
would installing latest version possibly be
1998 Jul 15
0
Re: RedHat 5.X Security Book
I think it depends on wat you are using the book for..I myself have been
trying for a long time to find a document that describes basic RedHat and
Linux security, what to look for, inherent dangers etc etc.
So I was overjoyed when I found this book. No, I am not depending on it as
a sole source of information, but the basicis that it covers simply do not
get repeatadly posted to the lists you
2000 Jul 26
0
[RHSA-2000:045-01] gpm security flaws have been addressed
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: gpm security flaws have been addressed
Advisory ID: RHSA-2000:045-01
Issue date: 2000-07-26
Updated on: 2000-07-26
Product: Red Hat Linux
Keywords: gpm, denial of service, /dev/gpmctl, gpm-root, setgid
Cross references:
1997 Mar 24
1
More sendmail problems... Partition your disks!
This is yet-another reason to _partition_ your disks. Of course hard links
do not work accross filesystems. Even thought it is a pain in the neck to do
when installing your operating system, think about separating critical
system files from non-critical and non-system files from system files. I
would say that the following layout is a good place to start:
/
/usr (nosuid,nodev,ro)
/usr/local
1999 Jan 04
0
Tripwire mess..
This may be, or may not be a security issue, however, since alot of people
still use tripwire-1.2 or lesser versions(this is what shipped with R.H.
Linux 5.2 at least), they might be interested in following detail:
Chuck Campbell (campbell@neosoft.com) pointed me out that tripwire dies with
coredump on R.H. linux, if it hits a filename containing 128-255 characters.
Playing a bit with debugger I
1997 Jul 31
0
Re: Attack feeling ??
Your message dated: Thu, 31 Jul 97 17:34:01 +0200
> * Drop source routes pakets
Drop packets that have a source route flag set. This stops simpliest
redirection attacks and should be always set to yes.
> * always defragment
Reassemble packet from fragments first and only after that apply firewalling
rulesets. Unless you have a really good reason not to do this ( and I am yet
to hear
1997 Feb 24
0
ADMIN: Change of address
-----BEGIN PGP SIGNED MESSAGE-----
As I am sure you noticed from my messages to linux-{security|alert}, I have
changed my primary email address from alex@bach.cis.temple.edu to
alex@yuriev.com. Linux Security WWW will be moved from bach.cis.temple.edu
in the nearest future and while I will continue to mirror pages to make them
accessible at http://bach.cis.temple.edu/linux/linux-security/, please
1998 Apr 11
0
Linux libc5.4.33 dumbness w/ mk[s]temp()
Linux libc5.4.33''s mk[s]temp() functions require 6 X''s at the end of
a filename (the BSD versions I''ve seen are a bit more flexible). This alone
is enough to break any claims to real BSD compatability, but wait, there''s
more:
Only 1 of those 6 X''s are really unique. The rest are simply pid.
So you can create exactly 62 temp files using mk[s]temp()
1997 Dec 05
3
New Program: Abacus Sentry - Port Scan Detector
Hello,
I just made available a beta version of a port scan detector that I''ve
been working on. The program, called Abacus Sentry, is a port scan/probe
detector that offers what I think are a number of unique and useful
features:
- Runs on TCP or UDP sockets. Configurable by the user to bind to
multiples of sockets for increased detection coverage.
- Adjustable scan detection value with
1998 May 09
4
Apparent SNMP remote-root vulnerability.
I just had a remote root break-in on my machine (x86 running Red Hat Linux
5.0 with all the updates except for kernel-2.0.32-3) this morning at
06:03:28 EDT. From what I''ve been able to gather, it appears to have been
through snmpd, which I missed when I was weeding out unused daemons.
Sorry for the feeble message, but all I know (or at least strongly
suspect) is that there''s a
2004 Sep 27
3
chan_capi, Eicon Diva server BRI, kernel 2.6?
Hi list,
Does chan_capi work with kernel 2.6? The Eicon Diva server card loads
fine judging from /var/log/messages but Asterisk gives an error when
trying to load the chan_capi module. I'm using chan_capi-0.3.5,
zaptel-1.0.0, libpri-1.0.0 and asterisk-1.0.0 on a Fedora box with
kernel 2.6.8-1.584. Zaptel and ilbpri work fine as does *. I have seen a
msg that may be related and don't know
1996 Nov 22
0
LSF Update#14: Vulnerability of the lpr program.
-----BEGIN PGP SIGNED MESSAGE-----
$Id: lpr-vulnerability-0.6-linux,v 1.1 1996/11/22 21:42:46 alex Exp $
Linux Security FAQ Update
lpr Vulnerability
Thu Nov 21 22:24:12 EST 1996
Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
1999 Jun 07
2
RedHat 6.0, /dev/pts permissions bug when using xterm (fwd)
[Mod: forwarded from BUGTRAQ -- alex]
---------- Forwarded message ----------
Date: Sun, 6 Jun 1999 19:15:05 +0000
From: noc-wage <wage@IDIRECT.CA>
To: BUGTRAQ@NETSPACE.ORG
Subject: RedHat 6.0, /dev/pts permissions bug when using xterm
Once again I''ve come up with another trivial Denial of Service flaw,
(wow,
I seem to be good at this Conseal Firewall, +++ath0, ppp byte-stuffing)
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl code seems to allow the setting of the flag
> > >only by init (PID=1)
1997 May 26
1
FYI: Possible information disclosure in cfingerd.
Hi,
This is FYI. Lets not start discussion on a topic of "my fingerd is
better than yours".
Alex
------- Forwarded Message
Return-Path: owner-bugtraq@NETSPACE.ORG
Message-ID: <199705240145.WAA11413@morcego.linkway.com.br>
Date: Fri, 23 May 1997 22:45:04 -0300
Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
1997 Mar 23
0
ADMIN: undeliverable email
Hi,
This is just a pre-warning. I am in a process of implementing a
filter that would automatically unsubscribe email addresses that cause
permanent delivery errors, mostly user-unknown.
Addresses that return "host unknown" and similiar will be placed
into removal queue for 1 week from which they would be removed upon
successful delivery. Otherwise, if after 1 week the error does not
1997 Mar 24
0
Re: [linux-alert] More sendmail problems... Partition your disks!
[Mod: redirected to linux-security --alex]
On Mon, 24 Mar 1997, Alexander O. Yuriev wrote:
>This is yet-another reason to _partition_ your disks. Of course hard links
>do not work accross filesystems. Even thought it is a pain in the neck to do
>when installing your operating system, think about separating critical
>system files from non-critical and non-system files from system
1996 Nov 18
0
New moderator, linux-alert lists'' consolidation.
-----BEGIN PGP SIGNED MESSAGE-----
The linux-alert-digest list has now been consolidated with the
linux-alert list.
There wasn''t nearly enough traffic on the linux-alert list to justify
its having a separate digest list; subscribers to linux-alert-digest
tended to receive the same number of e-mail messages as subscribers to
linux-alert, only with an additional time lag of up to a