similar to: RealSecure IDS [Commercial]

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

XMCD is a popular unix audio cd-player with a unique feature that it will query remote databases over the Internet to determine the title, group, and song list for cds that are being played. The remote database of compact discs has become quite popular and is now supported by several Windows based cd players as well, including EasyCD2, DiscPlay, MyCDPLayer, and WinMCD. XMCD source is available

There are security holes in XMCD 2.0pl2 (and presumably all previous versions), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses

This is to announce that XMCD 2.1 patchlevel 0 has been released which fixes all of the issues previously raised by David Meltzer. It also contains a number of other minor feature and functionality enhancements. The new version may be obtained via the xmcd web page at: http://sunsite.unc.edu/~cddb/xmcd/ Users of xmcd with older versions are encouraged to upgrade. -Ti -- \\ // XMCD - Motif CD

Hi, I''ve been thinking about group membership and the corresponding (weak) restrictions to system resources. Consider the following: % cat > gsh.c main() { system("/bin/sh"); } % cc -o gsh gsh.c % id uid=100(joe) gid=500(users) groups=14(floppy),15(sound) % chgrp sound gsh % chmod g+s gsh % mail abuser Subject: You owe me $5...

[Note to R. Wolff -- thanks for the pointers and the program. As I understand its workings, it would run as root and bind a listen port to a particular program -- with a list being supplied in /etc/portadmin or other file. Basically, a listen wrapper. Hopefully this message will address your cleanup concerns in my previous message. Thanks. Also, you may want to provide a moderator''s

Op 2/5/2017 om 8:53 PM schreef dovelist: > Hi, > > I am trying to get sieve working on a new OpenSuse leap 42.2 install. > On my 'old' OpenSuse 13.2 machine it worked fine. > > The problem is that Managesieve can't access the script store and > won't let me create any script. It says permission denied on ~/sieve > directory. See log below. I 've

Hi, I am trying to get sieve working on a new OpenSuse leap 42.2 install. On my 'old' OpenSuse 13.2 machine it worked fine. The problem is that Managesieve can't access the script store and won't let me create any script. It says permission denied on ~/sieve directory. See log below. I 've activated debug logging, but that doesn't give any clues to me. Also, I've

FYI, for those who may not have heard about this one. I got this from another mailing list as is evident by the headers. >Delivered-To: alert-out-link@iss.net >Delivered-To: alert-out@iss.net >Date: Wed, 9 Jun 1999 16:16:41 -0400 (EDT) >From: X-Force <xforce@iss.net> >To: alert@iss.net >cc: X-Force <xforce@iss.net> >Subject: ISSalert: ISS Security Advisory: KDE

Hi Stephan, > Normally, Dovecot permission errors are more helpful than that. So, > this > error message in itself is a bit of a bug: I'm glad to h've been able to help with this beta-test ;-) > About the cause of this error: keep in mind that the whole directory > path needs read/execute permission, not only the leaf directory. Have checked. They are... > You

Oops. Missed one line in the last patch.... Roger. -- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * The Worlds Ecosystem is a stable system. Stable systems may experience * * excursions from the stable situation. We are currently in such an * * excursion: The stable situation does

Hi everyone, Thanks all for your feedback. Here is a reply to most of your comments.... Roger. Chris Evans wrote: > On Mon, 9 Mar 1998, Rogier Wolff wrote: > > not to give those rights away. A non-setuid program should not have to > > worry about buffer overruns (you can crash the program, wow!). It > Just a reminder, that in some cases, it _should_ worry. As a

Guys, Once again I need some help I hope you can give me. When I try to SFTP to any of my PCs (also running openssh) from my Xscale (ARM, big-endian) system sftp segfaults on me. Sftp to the xscale system works without any problems. I'm using openssl-0.9.8b (with ocf support), linux-2.6.16 and openssh 4.3p2 on the Xscale system. One of the systems I try to sftp to runs Openssh 3.7.1p2, with

Hi, I have the following weird problem with syslinux, and I was hoping that some1 on this list might be able to help: I am using syslinux 3.86 on CentOS-5.4 64bit. I'm creating a custom installation image for my distribution (customized centos). I first create a file with the image, and later on I write it to a USB disk. This procedure have been working quite good for a very long time.

Hello, I'm wondering if there's any easy way to enable a regular user to log into swat and have swat grant them root privelages, so they can use it to configure samba without having root access... Please shoot me an email at choranburg@iss.net if you have any ideas, Thanks, Chadd ********************************************************* Chadd M. Horanburg Internet Security Systems

Hello, I've recently put Samba into production, and while I do love it, I am having a problem I can not figure out. It comes when a regular user tries to change their password. I have dug through the FAQ's I could find, and also looked through a few trouble shooting sections. Everything they suggest checks out. The server as a whole works great. If I log in as root and change a users

Hi!! This is my first time with llvm. I'm still learning and really need help. I wrote only one Function Pass, which uses another Function Pass (blockNrs), and registered this: RegisterPass<FunctionAnalysis> X("gasched", "Genom Scheduling Pass"); When I compile my sourcecode, everything was okay. But when I tried to test it, i got this error Message: nicole at

I picked up the following from Bugtraq. -----Forwarded message from David Phillips <phillips@PCISYS.NET>----- MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-ID: <01BC5D8D.679DD4A0@frank56.pcisys.net> Date: Sat, 10 May 1997 21:56:05 -0600 Reply-To: David Phillips <phillips@PCISYS.NET> Sender: Bugtraq List

Hi!! This is my first time with llvm. I'm still learning and really need help. I wrote only one Function Pass, which uses another Function Pass (blockNrs), and registered this: RegisterPass<FunctionAnalysis> X("gasched", "Genom Scheduling Pass"); When I compile my sourcecode, everything was okay. But when I tried to test it, i got this error Message: nicole at