similar to: Linux NLSPATH buffer overflow (fwd)

cxterm is a Chinese terminal emulator for the X Window System. It''s installed as suid-root by default if you did a make install. Just like xterm, it does needs to be suid to update /etc/utmp...blahblah... I discovered some buffer overflow bugs in it. The code attached below is the exploit. Quick fix? chmod -s /path/cxterm

I was surprised to see that this hadn't made it to the samba list yet. Note I have not spent any time trying to confirm validity. ---------- Forwarded message ---------- Date: Fri, 26 Sep 1997 00:21:55 +0200 From: root <root@ADM.KIX-AZZ.ORG> To: BUGTRAQ@NETSPACE.ORG /* ___ ______ _ _ / \ | _ \ | \ / |

Summary: Any user can gain root privileges on a Intel Linux system with suidperl 5.003 (having the suid bit, of course) even if "SUIDBUF" and "two suidperl security patches" have been applied. Non-Intel / non-Linux platforms may be affected as well. Quick fix: chmod u-s /usr/bin/sperl5.003 (what else?) Details: There is a nasty bug in mess() (util.c): it is possible to

We?ve been seeing this a lot lately on generic CentOS 6 rpm installs: rpm -qa | grep libguestfs libguestfs-java-1.16.19-1.el6.x86_64 libguestfs-java-devel-1.16.19-1.el6.x86_64 libguestfs-1.16.19-1.el6.x86_64 libguestfs-tools-1.16.19-1.el6.x86_64 libguestfs-javadoc-1.16.19-1.el6.x86_64 libguestfs-devel-1.16.19-1.el6.x86_64 libguestfs-tools-c-1.16.19-1.el6.x86_64

All, I'm trying to use PAM to replicate the authorized user functionality in commercial ssh. In the past, I've patched openssh to do this, but I think that solution is fairly ugly (and requires me to patch with each new release of openssh which is really bad). I want to do this: 0. use openssh for all communication with this machine. 1. check a user's identity using their

On Mon, Mar 13, 2017 at 11:48:05PM +0200, Keresztes Péter-Zoltán wrote: > Hello, > > We have a nodejs app which is injecting first boot scripts using virt-customize however the exact same commands are working when triggered manually. > > Here is the debug output of the commands Which version of virt-customize? A number of bugs were fixed in this part of the code in the last

I am running libguestfs version 1.34.2 The issue is the following. When I start the vm with virt-log I see this: Mar 13 17:33:30 multi6 firstboot.sh[358]: /usr/lib/virt-sysprep/firstboot.sh start Mar 13 17:33:30 multi6 cron[359]: (CRON) INFO (Running @reboot jobs) Mar 13 17:33:30 multi6 firstboot.sh[358]: Scripts dir: /usr/lib/virt-sysprep/scripts Mar 13 17:33:30 multi6 firstboot.sh[358]: ===

/* vixie crontab buffer overflow for RedHat Linux * * I dont think too many people know that redhat uses vixie crontab. * I didn''t find this, just exploited it. * * * Dave G. * <daveg@escape.com> * http://www.escape.com/~daveg * * */ #include <stdio.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #define

-| == Marcin Bohosiewicz marcus@venus.wis.pk.edu.pl == |- -| == tel. +048 (0-12) 37-44-99 marcus@krakow.linux.org.pl == |- -| == Strona Domowa - http://venus.wis.pk.edu.pl/marcus/ == |- ---------- Forwarded message ---------- Date: Sat, 26 Apr 1997 16:16:05 -0400 From: George Staikos <staikos@0WNED.ORG> Approved: R.E.Wolff@BitWizard.nl To: BUGTRAQ@NETSPACE.ORG Subject:

Hello, We have a nodejs app which is injecting first boot scripts using virt-customize however the exact same commands are working when triggered manually. Here is the debug output of the commands Regards, Peter [ 0.0] Examining the guest ... libguestfs: trace: set_network true libguestfs: trace: set_network = 0 libguestfs: trace: add_drive

See description in the attached patch. -------------- next part -------------- This quick hack adds primitive support of UTF-8 as a server 'character set' to Samba 2.0.7. All file, share and user names are stored on server in UTF-8, and translated into client code page (not UCS2) on the fly. Additionally, server string conversion is added. Tested with Chinese and Russian Windows clients.

Hi R Developers, Greg is helping me with debugging R on Solaris 10 x64. Please let us know if you have any thoughts or tips that can help us debug this. Thanks, David ************ Using default transfer plist in vector_io: permuting About to write *** caught segfault *** address e8554000, cause 'memory not mapped' Traceback: 1: .External("do_hdf5save", call,

> > Hi > > > > > > I have multi domain environment with root domain and subdomain. > > Forest and domain level windows 2003 native. > > > Also forest prep and domain prep did for sccm 2007 ocs 2007 and > > Exchange 2003. > > > > > > After join Samba to domain like ad dc I had some problem with > > replication: > >

Before this patch, Python would segfault once you pass a non-string key or value to node_set_value. It was also not possible to set bytes on Python 3 as Unicode was assumed (Python 2 was not affected by this). This patch fixes recognition of bytes for Python 3, but in addition it recognizes ints (includes 'long' in Python 2) for DWORD (LE + BE) and QWORDs. For this purpose, a new field

Here are my preliminary tests: 5.2.18 is vulnerable (stock Redhat 3.0.3) 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think) Dave G. <daveg@escape.com> http://www.escape.com/~daveg

Hi I have multi domain environment with root domain and subdomain. Forest and domain level windows 2003 native. Also forest prep and domain prep did for sccm 2007 ocs 2007 and Exchange 2003. After join Samba to domain like ad dc I had some problem with replication: ################################################# [root at dc03 ~]# samba-tool drs replicate dc02 dc03

On Sat, 23 May 1998, Torkil Zachariassen wrote: > >I have browsed various versions of libc and found a handful of weak points > >where the value of an enviroment variable is trusted more than necessary. > [1] > Could you explain to programming novices on linux-security - people like > myself 8) - hwo this could affect security on a firewall (proxy and/or > IP-router,

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:53 Security Advisory FreeBSD, Inc. Topic: catopen() may pose security risk for third party code Category: core Module: libc Announced:

My apologies for not including sessionInfo(), and I'm a bit angry at myself for that. Retrying in a fresh session of R, I get different results. More specifically, I get the expected result where accuracy is the same in the first and the last line. As I didn't include my sessionInfo() in my previous mail, I can't figure out why I now have a different result. So I'm positive

On Tue, 12 May 1998, Andi Kleen wrote on BUGTRAQ: > I assumed the libc would ignore NLSPATH when the app runs suid (similar > like it does with LD_LIBRARY_PATH etc.). If it doesn''t that is a bad bug. > > [... clickety click ... ] > > At least glibc 2.1 uses __secure_getenv() for NLSPATH. Don''t know about 2.0, > separate GNU gettext, or libc5. I have