similar to: Buffer overflow in Linux''s login program [Forwarded e-mail from Joe Zbiciak]

You probably know this already, but the following notice appeared to bugtraq. As a side note the protocol on bugtraq seems to be designed to make a fix available before the announcement by providing one yourself or giving the maintainer a week's advance warning (M$ gets a lot longer warning and *still* fails to fix the bugs before bugtraq knows). Having said that M$ insists on allowing me

------- start of forwarded message (RFC 934 encapsulation) ------- From: kevingeo@CRUZIO.COM Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> To: BUGTRAQ@NETSPACE.ORG Subject: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files Date: Wed, 25 Feb 1998 05:49:58 -0500 Reply-To: kevingeo@CRUZIO.COM Vulnerable: Everyone who followed the installation instructions and made Quake2

---------- Forwarded message ---------- Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by blues.jpj.net (backatcha) with ESMTP id CAA13949; Fri, 14 Nov 1997 02:08:13 -0500 (EST) Received: from unknown@netspace.org (port 25452 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <818-20257>; Fri, 14 Nov 1997 01:41:22 -0500 Received: from NETSPACE.ORG by

This is yet-another reason to _partition_ your disks. Of course hard links do not work accross filesystems. Even thought it is a pain in the neck to do when installing your operating system, think about separating critical system files from non-critical and non-system files from system files. I would say that the following layout is a good place to start: / /usr (nosuid,nodev,ro) /usr/local

Hi, This is FYI. Lets not start discussion on a topic of "my fingerd is better than yours". Alex ------- Forwarded Message Return-Path: owner-bugtraq@NETSPACE.ORG Message-ID: <199705240145.WAA11413@morcego.linkway.com.br> Date: Fri, 23 May 1997 22:45:04 -0300 Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

[mod: The first message would''ve been rejected on the grounds "no security related information", but it gives ME a warm feeling too, so I''m allowing it to piggyback on the announcement of the "fix". Note that Linux-2.1.63 simply implements a fix for the problem, instead of applying this fix, upgrading to 2.1.63 might be an option for you. Linus indicated that

And, here''s a fix. -----Original Message----- From: David Zhao <dzhao@LURK.KELLOGG.NWU.EDU> To: BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG> Date: Sunday, May 17, 1998 3:00 PM Subject: simple kde exploit fix >in kdebase/kscreensaver/kscreensave.cpp: > >change: >line 18: strcpy( buffer, getenv("HOME") ); > to >

------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <14008.870179829.1@erehwon.bmc.com> See attached. Red Hat Linux package mh-6.8.3-13.i386.rpm installs the inc and msgchk programs as follows: -rwsr-sr-x- root mail 72628 Oct 17 16:57 /usr/bin/mh/inc -rwsr-xr-x- root root 52536 Oct 17 16:57 /usr/bin/mh/msgchk Hal -------

Hi Folks, This is my first post on nut-upsdev. I would like to share a small patch to enable support for the Powercool PCRACK 1200VA ups. I found that the UPS uses megatec/krauler protocol but is sensitive to the USB buffer length passed to it in requests via usb_get_string(), and usb_get_string_simple(). If the buflen is greater than 102 then the ups will reply to requests but does not

Strict C99 compilers do not support implicit function declarations or implicit ints, so something like the patch below is needed. Thanks, Florian diff --git a/configure.ac b/configure.ac index 4f68e98a..b5c7a582 100644 --- a/configure.ac +++ b/configure.ac @@ -173,6 +173,9 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <fcntl.h> #include <sys/types.h> #include <sys/wait.h>

In the past there have been discussions about adding a switch to rsync to preserve the atime on files being copied by rsync. I needed this function for a project I'm working on and decided to invent it. I've attached the diffs. Note that this has the limitations describe in previous emails, namely that preserving atime causes ctime to not be preserved. *** Patch follows *** ***

Sorry about the noise guys. Below a significantly improved patch. The main difference is that all calls to usb_get_string_.. have been wrapped in a new function nut_usb_get_string()  that is implemented in libusb.c This was necessary in order to make the bufflen_fix available in libusb.c where usb_get_string() is called in libusb_open() This wrapper function mops up and hides all the work

I picked up the following from Bugtraq. -----Forwarded message from David Phillips <phillips@PCISYS.NET>----- MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-ID: <01BC5D8D.679DD4A0@frank56.pcisys.net> Date: Sat, 10 May 1997 21:56:05 -0600 Reply-To: David Phillips <phillips@PCISYS.NET> Sender: Bugtraq List

Another from Bugtraq. I've also forwarded this one on to our contact at Red Hat (Stephen Smoogen) and he tells me it's in their QA currently. Dan _______________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Computing Division OSS/FSS | Fax: (630) 840-6345 .~. L Fermi National Accelerator

Hi, some more info on the previous admw0rm alert. Fwd'd from BugTraq Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Fri, 26 Mar 1999 21:17:40 +0100 From: Mixter <mixter@HOME.POPMAIL.COM> To: BUGTRAQ@NETSPACE.ORG Subject: Re: ADM Worm. Worm for Linux x86 found in wild. The "ADM w0rm" is public and can be found at:

Just got this on bugtraq... Balu -------- Original Message -------- Subject: SVGATextMode 1.8 /tmp race Date: Thu, 21 Oct 1999 23:01:34 +0300 From: Adrian Voinea <root@DEATH.GDS.RO> Reply-To: Adrian Voinea <root@DEATH.GDS.RO> To: BUGTRAQ@NETSPACE.ORG Hello, savetextmode, a utility that comes with SVGATextMode 1.8, saves the text mode data in /tmp, in two files with the mode 644:

Hi *, fwd from bugtraq Greetings, Jan-Philip Velders <gvelders@jvelders.tn.tudelft.nl> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Nederlandse Linux GebruikersGroep : http://www.nllgg.nl | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ---------- Forwarded message ---------- Date: Tue, 28 Jul 1998 20:27:21 +0200 From: Paul Boehm <paul@BOEHM.ORG> To:

Hi. Here's a patch for copying the atimes of files when -t/--times is given. I bumped the protocol to 29 since it sends more data over the wire. It obviously does not send the atime if it's sending data to an older rsync version. It passes all the tests (including the added atime.test) for me on a: Linux Debian/3.0 gcc 2.95.4 (debian), glibc 2.2.5 system. Any questions/feedback? I

Dear Martin Pool. We regularly use rsync for making backups of our file systems but we have noticed that the atimes are not transferred with the files and are also always updated on the sender's side. Therefore, we have created a modified version of rsync based on rsync-2.6.6 protocol version 29 which transfers the access times with the transferred files and also allows to preserve the access

[mod: In addition to this, Jon points us to: http://www.redhat.com/corp/support/errata/rh52-errata-general.html#imap for the official fix from Red Hat. -- REW] ---------- Forwarded message ---------- From: dumped <dumped@SEKURE.ORG> Subject: ipop2d buffer overflow fix Resent-Subject: ipop2d buffer overflow fix Date: Thu, 3 Jun 1999 17:29:05 -0300 Resent-Date: Fri, 4 Jun 1999 00:52:49