similar to: More sendmail problems... Partition your disks!

You probably know this already, but the following notice appeared to bugtraq. As a side note the protocol on bugtraq seems to be designed to make a fix available before the announcement by providing one yourself or giving the maintainer a week's advance warning (M$ gets a lot longer warning and *still* fails to fix the bugs before bugtraq knows). Having said that M$ insists on allowing me

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

---------- Forwarded message ---------- Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by blues.jpj.net (backatcha) with ESMTP id CAA13949; Fri, 14 Nov 1997 02:08:13 -0500 (EST) Received: from unknown@netspace.org (port 25452 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <818-20257>; Fri, 14 Nov 1997 01:41:22 -0500 Received: from NETSPACE.ORG by

[Mod: forwarded from BUGTRAQ -- alex] ---------- Forwarded message ---------- Date: Sun, 6 Jun 1999 19:15:05 +0000 From: noc-wage <wage@IDIRECT.CA> To: BUGTRAQ@NETSPACE.ORG Subject: RedHat 6.0, /dev/pts permissions bug when using xterm Once again I''ve come up with another trivial Denial of Service flaw, (wow, I seem to be good at this Conseal Firewall, +++ath0, ppp byte-stuffing)

---------- Forwarded message ---------- Date: Tue, 30 Jun 1998 15:10:47 +0800 From: David Luyer <luyer@UCS.UWA.EDU.AU> To: BUGTRAQ@NETSPACE.ORG Subject: Serious Linux 2.0.34 security problem I just saw this mentioned on linux-kernel and confirmed it; #include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int

Hi, This is FYI. Lets not start discussion on a topic of "my fingerd is better than yours". Alex ------- Forwarded Message Return-Path: owner-bugtraq@NETSPACE.ORG Message-ID: <199705240145.WAA11413@morcego.linkway.com.br> Date: Fri, 23 May 1997 22:45:04 -0300 Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

Hello All, I've tried researching around on the 'net for an answer to this, but haven't had any luck. Here's some information on the system first: AMD XP 1700 CPU 768 MB DDR Ram (old though, think it's PC 2100) Running Kubuntu 6.06 (Ubuntu Dapper Drake) Using Wine 0.9.19 I've been trying to install Command and Conquer: Red Alert (I have the Domination Pack that includes

And, here''s a fix. -----Original Message----- From: David Zhao <dzhao@LURK.KELLOGG.NWU.EDU> To: BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG> Date: Sunday, May 17, 1998 3:00 PM Subject: simple kde exploit fix >in kdebase/kscreensaver/kscreensave.cpp: > >change: >line 18: strcpy( buffer, getenv("HOME") ); > to >

------- start of forwarded message (RFC 934 encapsulation) ------- From: kevingeo@CRUZIO.COM Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> To: BUGTRAQ@NETSPACE.ORG Subject: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files Date: Wed, 25 Feb 1998 05:49:58 -0500 Reply-To: kevingeo@CRUZIO.COM Vulnerable: Everyone who followed the installation instructions and made Quake2

-=> To moderator: I don't know whether it's wise to release the FTP-location I would recommend everyone to just look over their daemons, and run something like nessus against theirselves... Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Thu, 25 Mar 1999 16:26:59 -0700 From: "Ben Cantrick (Macky Stingray)" <mackys@MACKY.RONIN.NET> To:

------- start of forwarded message (RFC 934 encapsulation) ------- From: Joe Zbiciak <im14u2c@cegt201.bradley.edu> Approved: alex@bach.cis.temple.edu Sender: Bugtraq List <BUGTRAQ@netspace.org> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org> Subject: Buffer overflow in Linux''s login program Date: Sun, 22 Dec 1996 09:27:24 -0600 Reply-To: Joe Zbiciak

------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <14008.870179829.1@erehwon.bmc.com> See attached. Red Hat Linux package mh-6.8.3-13.i386.rpm installs the inc and msgchk programs as follows: -rwsr-sr-x- root mail 72628 Oct 17 16:57 /usr/bin/mh/inc -rwsr-xr-x- root root 52536 Oct 17 16:57 /usr/bin/mh/msgchk Hal -------

[mod: The first message would''ve been rejected on the grounds "no security related information", but it gives ME a warm feeling too, so I''m allowing it to piggyback on the announcement of the "fix". Note that Linux-2.1.63 simply implements a fix for the problem, instead of applying this fix, upgrading to 2.1.63 might be an option for you. Linus indicated that

Hi!! Of late, I'm getting a lot of un-solicited mails from this list, and inspite of un-subscribing mails, messages, threats , nothing really seems to work... My question: 1. Is there any way I can 'avoid' or 'bounce' incoming messages at the mail-server level?? 2. I cannot change my address (alias) as such... since this involves sending reminders to God knows how many

I've just had polarity reversal provisioned by our telco to test hangup detect with a TDM400P I've set hanguponpolarityswitch=yes in zapata.conf When I start Asterisk I get "ignoring hanguponpolarityswitch" in /var/log/asterisk/messages I assume that the option is either not valid or conflicts with another setting somewhere. Any ideas?

I picked up the following from Bugtraq. -----Forwarded message from David Phillips <phillips@PCISYS.NET>----- MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-ID: <01BC5D8D.679DD4A0@frank56.pcisys.net> Date: Sat, 10 May 1997 21:56:05 -0600 Reply-To: David Phillips <phillips@PCISYS.NET> Sender: Bugtraq List

[mod: In addition to this, Jon points us to: http://www.redhat.com/corp/support/errata/rh52-errata-general.html#imap for the official fix from Red Hat. -- REW] ---------- Forwarded message ---------- From: dumped <dumped@SEKURE.ORG> Subject: ipop2d buffer overflow fix Resent-Subject: ipop2d buffer overflow fix Date: Thu, 3 Jun 1999 17:29:05 -0300 Resent-Date: Fri, 4 Jun 1999 00:52:49

Hi, some more info on the previous admw0rm alert. Fwd'd from BugTraq Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Fri, 26 Mar 1999 21:17:40 +0100 From: Mixter <mixter@HOME.POPMAIL.COM> To: BUGTRAQ@NETSPACE.ORG Subject: Re: ADM Worm. Worm for Linux x86 found in wild. The "ADM w0rm" is public and can be found at:

Another from Bugtraq. I've also forwarded this one on to our contact at Red Hat (Stephen Smoogen) and he tells me it's in their QA currently. Dan _______________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Computing Division OSS/FSS | Fax: (630) 840-6345 .~. L Fermi National Accelerator

Just got this on bugtraq... Balu -------- Original Message -------- Subject: SVGATextMode 1.8 /tmp race Date: Thu, 21 Oct 1999 23:01:34 +0300 From: Adrian Voinea <root@DEATH.GDS.RO> Reply-To: Adrian Voinea <root@DEATH.GDS.RO> To: BUGTRAQ@NETSPACE.ORG Hello, savetextmode, a utility that comes with SVGATextMode 1.8, saves the text mode data in /tmp, in two files with the mode 644: