similar to: LINUX:/var/log/messages world readable

/* vixie crontab buffer overflow for RedHat Linux * * I dont think too many people know that redhat uses vixie crontab. * I didn''t find this, just exploited it. * * * Dave G. * <daveg@escape.com> * http://www.escape.com/~daveg * * */ #include <stdio.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #define

There is a serious problem with the makewhatis cronjob under Redhat Linux 4.0/3.0.3. You can use it to overwrite any file on the system. Redhat is aware of the problem, and said they would have some kind of fix by next week which should be plenty of time before this bug is exploitable again. #!/bin/sh # # blowitawaysam # # makewhatis is a shellscript that stores a tmp copy of the whatis #

Hi All. Attached is a patch against OpenBSD, based in part on the owl-always-auth patch. The idea is that the only way out of auth_passwd for the failure case is the "return 0" at the bottom. I don't know if this is a good way to do it or not, it's presented for discussion. Also, I don't think 3.6.1p2 is quite right WRT these timing issues (eg, you get a fast failure

Hello. I tried installing dovecot on a server that relies on vpopmail authentication using $1$ MD5 algorithm and it didn't work. Please fix this for the next release. Attached is a patch, please be carefull with the line wrapping. Radu --- passdb-vpopmail.c.old Thu Feb 20 00:46:51 2003 +++ passdb-vpopmail.c Thu Sep 30 18:58:56 2004 @@ -1,4 +1,4 @@ -/* Copyright (C) 2002-2003 Timo

Quoting Rick Romero <rick at havokmon.com>: > Quoting Eric Broch <ebroch at whitehorsetc.com>: > >> On 10/4/2018 7:27 AM, Rick Romero wrote: >>> Quoting Eric Broch <ebroch at whitehorsetc.com >>> <mailto:ebroch at whitehorsetc.com>>: >>> >>>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>>> ? >>>

On 10/4/2018 7:27 AM, Rick Romero wrote: > > Quoting Eric Broch <ebroch at whitehorsetc.com > <mailto:ebroch at whitehorsetc.com>>: > >> >> On 10/4/2018 6:34 AM, Rick Romero wrote: >>> > Quoting Aki Tuomi <aki.tuomi at open-xchange.com > <mailto:aki.tuomi at open-xchange.com>>: > >> On 03.10.2018 23:30, Eric Broch wrote:

Here are my preliminary tests: 5.2.18 is vulnerable (stock Redhat 3.0.3) 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think) Dave G. <daveg@escape.com> http://www.escape.com/~daveg

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 7:27 AM, Rick Romero wrote: >> >> Quoting Eric Broch <ebroch at whitehorsetc.com >> <mailto:ebroch at whitehorsetc.com>>: >> >>> >>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>> >> Quoting Aki Tuomi <aki.tuomi at open-xchange.com >>

On 10/4/2018 6:34 AM, Rick Romero wrote: > > Quoting Aki Tuomi <aki.tuomi at open-xchange.com > <mailto:aki.tuomi at open-xchange.com>>: > >> On 03.10.2018 23:30, Eric Broch wrote: >> >>> Hello list, >>> >>> I run Dovecot with the vpopmail driver and have found that it >>> authenticates against the clear text password in the

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 6:34 AM, Rick Romero wrote: > >> ? Quoting Aki Tuomi <aki.tuomi at open-xchange.com>: > On 03.10.2018 23:30, Eric Broch wrote: > >> Hello list, >> >> I run Dovecot with the vpopmail driver and have found that it >> authenticates against the clear text password in the vpopmail

At this point, I've been through 4 AMD64 motherboards. Commonly, AE_BAD_CHARACTER stops ACPI (or apic?) from figuring out the system --- this has happened on 3 out of four boards. On this latest board, it can turn off APIC. If I do that, FreeBSD hangs after detecting the disks. The only "wrong" thing on the screen is module_register_init: MOD_LOAD (amr_linux,

> Some versions (the util-linux version, but not the netwrite or netkit > versions) of /usr/bin/write have a buffer overrun problem that is > almost certainly exploitable. Note that this gives access to the tty > group, but not (directly) root. > > The fix is to change the two sprintfs to snprintfs. Patches have been > mailed to the maintainer. While I agree that routines

Is anybody working on implementing CreateNamedPipeA/WaitNamedPipeA (KERNEL32.168 , KERNEL32.725) or can anybody comment on how much needs to be done to implement these ? Some applications seem to use this to communicate with a license manager process - even freely available product catalogs that apparently create a pro forma license file during the installation process. Martin -- Dr. Martin

All, I'm working in a multi-platform environment where user accounts are already held in Active Directory. I'm been trying to setup dovecot to perform user authentication against Active Directory using ldap. My Environment is: Platform OpenBSD 3.9 Dovecot Version 1.0.rc7 Active Directory Windows 2003 The approach I've taken (being the only one I was able to

From: Sergei Golovan <sgolovan@gmail.com> Replace the use of liberl_interface, which is removed in Erlang 23, by libei. The implementation uses the ei_decode_iodata() function which has been introduces only for Erlang 23, so it doesnt work with earlier Erlang versions. --- erlang/Makefile.am | 1 - erlang/main.c | 312 +++++++++++++++++++++++++-------------------

I use a solution to crypt a string that I found using OpenSSL. But the crypted string becomes very long, too long for a varchar 255 to hold it. What can I do to make it shorter? Or should I just use text as column in the mysql db? public_key_file = ''lib/public.pem'' public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file)) @encrypted_string =

Hi Aki and Remo, switch from vpopmail driver to SQL driver (if you are using vpopmail with mysql as backend) is very simple. First you need to setup the right query for vpopmail database: # cat /etc/dovecot/dovecot-sql.conf.ext ### Vpopmail driver = mysql connect = host=192.168.1.2 dbname=vpopmail user=vpopmail password=Vp0pM4iL default_pass_scheme = MD5-CRYPT ### Query to get a list of all

Hi, in quite a few programs i can not browse the filesystem when opening a "listbox"; to be more clear: for example when i do in winword Open and the listbox appears, and i try to open the pull down menu winword just quits(without an error message in wine). In another program like "Camel join" it quits as soon as i go up to the level of "my computer" with a message

The references to pw_expire and pw_change in pwcopy() in misc.c cause compilation errors at least on solaris. How about doing a memcpy of the whole structure and only explicitly setting those that need xstrdup? That would work on openbsd and everywhere else. - Dave Dykstra --- misc.c.O Thu Jun 21 11:35:28 2001 +++ misc.c Thu Jun 21 11:36:09 2001 @@ -125,14 +125,10 @@ { struct passwd *copy =

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it