Displaying 20 results from an estimated 100 matches similar to: "phf & Bash exploit"
1997 Sep 28
0
[IPD] Internet Probe Droid
[Mod: while not directly related to linux security, this post of course is
approved because it provides a good summary and clear description. Please
limit the discussion on this topic to new stuff. In general posts like this
will be approved -- alex]
Automating brute force attacks with ''Expect"
balif and desslok
- Abstract -
phf,
1997 Feb 03
1
Linux rcp bug
[Mod: This is a misconfiguration of a site. nobody''s uid should not be -1 -- alex]
When playing around with rcp on Linux, we found something interesting,
that we haven''t seen mentioned on bugtraq before:
SUMMARY: Root privileges can be obtained by user nobody with uid 65535 by
exploiting a problem with /usr/bin/rcp. Many applications are running as
''nobody'',
2020 Oct 09
0
Feature request.
> On 09/10/2020 11:16 Rogier Wolff <r.e.wolff at bitwizard.nl> wrote:
>
>
> Hi,
>
> I get my Email from my own SMTP server on the internet using
> "fetchmail". Some time ago I did the smart thing and configured
> dovecot to use SSL and the letsencrypt certificate that automatically
> renews.
>
> Welllll..... a few days ago my certificate
2020 Oct 09
0
Feature request.
Automatic renewal
The Ubuntu package for certbot comes pre-configured with systemd timer that will automatically renew existing certificates. What it does not handle however is reloading postfix/dovecot so that they will begin using the new certificates. For that, we need to implement a hook.
Certbot has both pre and post hooks that you can use to execute a script prior to and after the renewal
1996 Dec 20
0
Other security holes in cgi program ?
Hello
Maybe not the right list...
I know about the phf cgi script is a hole.
So I look thou my errorlog and surely found a couple (4 accesses)
of tries to run the script. =
Now it passed my mind that i should check what other scripts failed
because they didn''t exist.
I have found a two other scripts that some tries to run, I have no
reference to them. These are:
pursuit (3
2004 Aug 06
0
hello
K2Fb4jFc4`eOyWeV|~]!5P")k:JgiZ
k;tj2X.Hs!Yg`Qo{dDRqqOKEcE
<J:DiMo]9g#"rw;);UY*8GayoN$r?g8Paxn0tb:wL'
~Nl^n7x%^
$`xi_oK?K&-[1vOWe
8xiXiR* i`C9{Xj]W_i^s!'zs(
0G ByNw,pHf&;_kb-`:c
_QRG):P.7qIgan[[M-S
vCXV)C
UdepZlk2Bk(|-DD'}O[^*}
Ru\~-
hraw~**p'4nMnG3[Is1 g3dh!s
t#
Ca $z&)KCb`_:#
ZT QwYBj"aTB/)/g;_zGjd8bsP
u;\;fxMHe#/A"Cg
2020 Oct 09
11
Feature request.
Hi,
I get my Email from my own SMTP server on the internet using
"fetchmail". Some time ago I did the smart thing and configured
dovecot to use SSL and the letsencrypt certificate that automatically
renews.
Welllll..... a few days ago my certificate expired and the fetchmail
deamon running in the background had nowhere to complain. So I didn't
notice.
It turns out that dovecot
2010 Nov 17
2
Bug in agrep computing edit distance?
I posted this yesterday to r-help and Ben Bolker suggested reposting it
here...
Dickison, Daniel <ddickison <at> carnegielearning.com> writes:
>
> The documentation for agrep says it uses the Levenshtein edit distance,
> but it seems to get this wrong in certain cases when there is a
> combination of deletions and substitutions. For example:
>
> >
2014 Nov 14
10
[Bug 2315] New: OpenSSH 6.7p1 on AIX 7.1 compile issue
https://bugzilla.mindrot.org/show_bug.cgi?id=2315
Bug ID: 2315
Summary: OpenSSH 6.7p1 on AIX 7.1 compile issue
Product: Portable OpenSSH
Version: 6.7p1
Hardware: PPC
OS: AIX
Status: NEW
Severity: normal
Priority: P5
Component: Build system
Assignee: unassigned-bugs at
2010 Oct 20
4
Recommendation for a new server
Hello list,
What servers would you suggest for:100 concurrent SIP calls, 4xT1 card, and
a not much busy website, i.e. getting 500-1000 hits a day.
Thanks,
Zeeshan A Zakaria
--
www.ilovetovoip.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101020/8ab7ae3e/attachment.htm
1998 Jun 19
16
WARNING: Break-in attempts
Greetings all,
I''m forwarding a copy of an email I sent reporting attempted
break-ins on my main server, earth.terran.org. I am forwarding this
because I think it is relevant that folks watch for this kind of activity
in their logs to catch people who "try doorknobs" in the middle of the
night. After sending this email, I sent a talk request to the user, who
was still logged
1999 Jun 09
3
Port 7 scan
Over the last several day, we''ve been getting pretty regular scans from a
non-existant host on our port 7. Any idea what they are looking for/what are
some of vulnerabilites with echo?
Thanks
Coral Cook
2010 Nov 16
1
Bug in agrep computing edit distance?
The documentation for agrep says it uses the Levenshtein edit distance,
but it seems to get this wrong in certain cases when there is a
combination of deletions and substitutions. For example:
> agrep("abcd", "abcxyz", max.distance=1)
[1] 1
That should've been a no-match. The edit distance between those strings
is 3 (1 substitution, 2 deletions), but agrep matches
1999 Jun 04
0
Forw: 2.2.x kernel vulnerability
below.
Dan
___________________________________________________________________________
Dan Yocum | Phone: (630) 840-8525
Linux/Unix System Administrator | Fax: (630) 840-6345
Computing Division OSS/FSS | email: yocum@fnal.gov .~. L
Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I
P.O. Box 500 |
2001 Mar 13
2
Samba 2.2 CVS
Sure thing:
cvs -d :pserver:cvs@pserver.samba.org:/cvsroot login
<password is cvs >
cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba
this will grab samba_2_2 and place it in a directory lableled samba.
leaving out the SAMBA_2_2 grabs HEAD.
you can get other modules as follows:
SAMBA_2_2
HEAD
APPLIANCE_HEAD
APPLIANCE_TNG
there are others but I haven't tried
1998 May 12
25
Checking remote servers
I''d like to hear some suggestions about securely administering a
system remotely. Here''s the application: a project is going to
scatter some server machines around the US. The server machines will
be running Linux, with the only network servers being a custom
application.
Ignoring the separate question of physical security, how can I
remotely check the system''s
2004 Mar 02
1
Re: FreeBSD Security AdvisoryFreeBSD-SA-04:04.tcp
yes unless you use the version as of :> 2004-03-02 17:24:46
UTC (RELENG_5_2, 5.2.1-RELEASE-p1)
check it out with uname -a
if it does not say -p1
it affects you.
My guess, you are affected :)
cheers
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van:
2004 Mar 29
1
cvs commit: ports/multimedia/xine Makefile
Jacques A. Vidrine wrote:
> On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote:
>
>>Jacques A. Vidrine wrote:
>>
>>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote:
>>>
>>>>eik 2004/03/28 15:44:06 PST
>>>>
>>>>FreeBSD ports repository
>>>>
>>>>Modified files:
2009 Jul 23
1
[PATCH server] changes required for fedora rawhide inclusion.
Signed-off-by: Scott Seago <sseago at redhat.com>
---
AUTHORS | 17 ++++++
README | 10 +++
conf/ovirt-agent | 12 ++++
conf/ovirt-db-omatic | 12 ++++
conf/ovirt-host-browser | 12 ++++
2004 Jun 18
2
4.x, PAM, password facility
Hi,
I've been playing around with pam_mysql, and have it working for
interactive logins (backed by /etc/passwd entries for uid/gid w/*'d
password field) and it works well so far.
Looking at the source to the module, it does support password changing.
So I put in the following entry in pam.conf:
sshd password required pam_mysql.so user=root db=pam table=users crypt=1
However,