similar to: setgid binaries

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

>Their is a buffer overrun in /bin/login which has the potential to >allow any user of your system to gain root access. util-linux-2.5-29 >contains a fix for this and is available for Red Hat Linux 4.0 on >all four platforms. We strongly recommend that all of Red Hat 4.0 >usres apply this fix. Does this bug affect the ''login'' that is distributed with shadow

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

Hi, well, swift response! Qualcomm has a patched qpopper (2.5) Greetings, Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl> ---------- Forwarded message ---------- Date: Mon, 29 Jun 1998 21:43:18 -0700 From: Praveen Yaramada <pyaramad@QUALCOMM.COM> To: BUGTRAQ@NETSPACE.ORG Subject: Patched Qpopper2.5 release Notification. Hello Folks, As you are already aware that qpopper

Hi Are there any known security holes or necessary precautions in using port forwarding with ipportfw? I'm planning on forwarding ports from an outer firewall/router (connected to the Internet) to a host in the DMZ, then on from the DMZ host to the inner firewall, and finally from the inner firewall to some host on the inside. Thanks, Jens jph@strengur.is From mail@mail.redhat.com Wed

////////////////////////////////////////////////////////////////////////// I have got a couple of messages stating that I am wrong and that the resolver vulnerability sent to list by Oliver Friedrichs (oliver@secnet.com) is a new one. Our discussion with Oliver outlined that even though it is possible that this vulnerability was discussed during BOFs at conferences such as LISA, SANS and NETSEC,

Hi all, I've been running rsync successfully from cron jobs for the last six months across a local network. The cron jobs are very simple. They run rsync on a client machine, connect to an rsync server on a server machine (no ssh or rsh involved), and copy files from the server to the client. That's all. There are several jobs, one for each directory on the server, and between them

I need to migrate data from a Linux box (PATH_MAX 4096) to Solaris with (PATH_MAX 1024) and it so happens that not only do paths longer than 1K actually exist, but also is the application in no way bound to 4K paths. In an effort to find a generic solution to these issues, I have written liblongpath. See https://code.uplex.de/liblongpath - there is a manpage (online as RST:

Ran into a weird problem, and this seemed a good forum to toss it out into -- if I've gaffed, please let me know. Just upgraded my RH5.0 box to RH5.2. Went well, worked nearly seamlessly. When running 5.0, though, I'd installed the opie-fied ftpd that comes with the most recent opie package (ftp://ftp.inner.net/pub/opie/opie-2.32.tar.gz) and had it work without a hitch. I'd also

---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: Security Patches for Slackware 7.0 Available There are several security updates available for Slackware 7.0. We will always post bug fixes and security fixes to the /patches subdirectory on the ftp site:

Hi, When php3 module is compiled in apache, files in any directory will be interpreted by the parser and executed. This is a security breach. There is a way to correct this? Any comments? Thanks, lacj --- <levy@null.net> Levy Carneiro Jr. Linux & Network Admin From mail@mail.redhat.com Sat May 8 02:32:02 1999 Received: (qmail 28372 invoked from network); 8 May 1999 07:05:57

This may be, or may not be a security issue, however, since alot of people still use tripwire-1.2 or lesser versions(this is what shipped with R.H. Linux 5.2 at least), they might be interested in following detail: Chuck Campbell (campbell@neosoft.com) pointed me out that tripwire dies with coredump on R.H. linux, if it hits a filename containing 128-255 characters. Playing a bit with debugger I

below. Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

I'd like to announce the availability of the "tsne" package. It provides the T distributed Stocastic Neighbor Embedding algorithm by van der Maaten and Hinton: 1. http://ict.ewi.tudelft.nl/~lvandermaaten/t-SNE.html 2. L.J.P. van der Maaten and G.E. Hinton. Visualizing High-Dimensional Data Using t-SNE. Journal of Machine Learning Research 9(Nov):2579-2605, 2008. [

I'd like to announce the availability of the "tsne" package. It provides the T distributed Stocastic Neighbor Embedding algorithm by van der Maaten and Hinton: 1. http://ict.ewi.tudelft.nl/~lvandermaaten/t-SNE.html 2. L.J.P. van der Maaten and G.E. Hinton. Visualizing High-Dimensional Data Using t-SNE. Journal of Machine Learning Research 9(Nov):2579-2605, 2008. [

Hi, There have been a bunch of useful submissions for the compare /contrast thread. To reduce the load on your mailbox, they are gathered here in one go... Roger. Date: Wed, 28 Oct 1998 15:11:37 +0000 From: "David L. Sifry" <dsifry@linuxcare.com> To: "Matthew S. Crocker" <matthew@crocker.com> CC: Rob Bringman <rob@trion.com>,

Hm, look what I got hold of today.. Works if sendmail is mode 4111 or similar: #! /bin/sh # # # Hi ! # This is exploit for sendmail smtpd bug # (ver. 8.7-8.8.2 for FreeBSD, Linux and may be other platforms). # This shell script does a root shell in /tmp directory. # If you have any problems with it, drop me a letter. #

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow problem in the inews program Advisory ID: RHSA-1999:033-01 Issue date: 1999-09-01 Keywords: inn inews buffer overflow - --------------------------------------------------------------------- 1. Topic: New packages for INN

Dear R expert I have come across the GBM package for R and it seemed appropriate for my research. I am trying to predict the number of FPGA resources required by a Software Function if it were mapped onto hardware. As input I use software metrics (a lot of them). I already use several regression techniques, and the graphs I produce with GBM look promising. Now my question... I see that the

In a fit of irony, while preparing to burn a CDROM with some software I've been writing for about six months, I did a rm *>o instead of rm *.o on an ext3 filesystem. And I'm well aware that under normal circumstance you can't undelete, especially a ext3 filesystem. However, I need to at least *try* to recover this. I've built lde (linux disk editor) and if I can isolate a