similar to: write(1) leak

> Some versions (the util-linux version, but not the netwrite or netkit > versions) of /usr/bin/write have a buffer overrun problem that is > almost certainly exploitable. Note that this gives access to the tty > group, but not (directly) root. > > The fix is to change the two sprintfs to snprintfs. Patches have been > mailed to the maintainer. While I agree that routines

About a year ago I outlined a scheme for arranging chowning of the tty end of ptys without needing root privileges. Since then, I haven''t had time to actually implement it. I was thinking about the problem again today, and, having learned a bit about sessions and controlling ttys and stuff, was able to come up with a simpler mechanism. First, observe that the POSIX session mechanism, if

It seems that when you send rwhod an rwho packet, it blindly assumes you are who the packet says you are. That is to say, it looks as if any host can inject false rwho data for any other host. I''m not convinced this is worth fixing. Opinions? -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

> ========================================================================== > CERT(sm) Advisory CA-96.20 > Original issue date: September 18, 1996 > Last revised: -- > > Topic: Sendmail Vulnerabilities > -------------------------------------------------------------------------- > *** This advisory supersedes CA-95:05 *** Just a word of warning -

I guess I never sent the message I was going to last week about xterm. [Noteto REW: If I did, kill this message...] It seems that sending xterm an excessively long escape sequence kills it (and perchance might be made to hack it, which would be quite bad.) The xterm in XFree86-3.2 is immune to this problem. I recommend everyone upgrade ASAP. -- - David A. Holland | VINO

Hi. I don''t know if this one is known, but I can''t recall seeing anything about it. If it is old news I apologize. I discovered a bug in the inetd that comes with NetKit-B-0-08 and older. If a single SYN is sent to port 13 of the server, inetd will die of Broken Pipe: write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe) --- SIGPIPE (Broken pipe) ---

x-kernel@vger.rutgers.edu Subject: Re: tty chowning Newsgroups: mail.linux.kernel In-Reply-To: <199709261901.PAA04763@dcl.MIT.EDU> Organization: Cc: Bcc: "Theodore Y. Ts''o" <tytso@MIT.EDU> writes: > David Holland <dholland@eecs.harvard.edu> writes: > } Why not build chowning into this process? On TIOCSCTTY, the tty would > } chown itself to the

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of

I''ve been poking around my system, and realized that having a tftp server would be handy. (I''m working with cisco routers, which have the capability to up and download configuration images via tftp.) However, I''m not content with the usual tftpd that comes with Linux. The whole "specify each directory you want" scheme is cock-eyed to me. I''d prefer

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

[Note: this has already been sent to comp.os.linux.announce.] -----BEGIN PGP SIGNED MESSAGE----- It has come to my attention that the recent 1.6 release of MAKEDEV-C inadvertently created /dev/random and /dev/urandom with the wrong permissions. /dev/random and /dev/urandom should look like this: crw-r--r-- 1 root system 1, 8 Feb 21 14:42 /dev/random crw-r--r-- 1 root system

[mod: Executive summary: SNI found recent linux-distributions not-vulnerable -- REW] -----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######.

I''m looking for some evidence, backup up with dates and references, that shows that the Linux community responds to security problems more quickly than other OS vendors, and thus might be considered "more secure". A number of fairly high profile corporations are starting to look for such information as they consider Linux as an alternative solution to other UNIXes. Something

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - Telnet AYT remote exploit Advisory number: CSSA-2001-030.0 Issue date: 2001, August 10 Cross reference: ______________________________________________________________________________ 1. Problem

I am trying to get vino going on CentOS 7.1 I run this command: gsettings set org.gnome.Vino require-encryption false Then this one: gsettings list-recursively org.gnome.Vino org.gnome.Vino notify-on-connect true org.gnome.Vino alternative-port uint16 5900 org.gnome.Vino disable-background false org.gnome.Vino use-alternative-port false org.gnome.Vino icon-visibility 'client'

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in in.telnetd Advisory ID: RHSA-1999:029-01 Issue date: 1999-08-19 Updated on: Keywords: telnet telnetd Cross references: --------------------------------------------------------------------- 1. Topic: A denial of service attack has been fixed in

Hi, I have a tftp client which loads quite happily from a tftpd built from netkit-tftp-0.16 but which fails to load from from a tftpd built from tftp-hpa 0.29. In both cases, tftpd was built from pristine sources and run from xinetd under Redhat 7.3. [netkit-tftp-0.16 is the ancestor of tftp-hpa, predating HPA's maintenance of same] [the tftp client also.. .. fails with the prebuilt tftpd

-----BEGIN PGP SIGNED MESSAGE----- $Id: lpr-vulnerability-0.6-linux,v 1.2 1996/11/25 22:39:20 alex Exp $ Linux Security FAQ Update lpr Vulnerability Mon Nov 25 16:56:59 EST 1996 Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu) CIS Laboratories

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2013:1452 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-1452.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6f9e41d0b9e7dc36736a76d4e13e637faade333740eb51478580177461b631f7 vino-2.13.5-10.el5_10.i386.rpm x86_64: