Displaying 20 results from an estimated 200 matches similar to: "Is Java insecure ?"
2013 Jul 30
6
How does such long term support work?
I've had nothing but trouble with BSD/Linux over the past year or so.
I've been on Centos 6.4 for about a half day now and I am loving it.
I am just wondering though, how does a 7 year support cycle work?
I see that there is libreoffice which is kinda new. Is this because open
office is under oracle's influence?
I am on gnome 2 right now, will I wake up one day in the next 7 years
1998 Oct 21
0
Insecure /tmp handling in isdnlog
The isdnlog program (provided by isdn4k-utils.tar.gz) creates a
root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and
no checking for symbolic links is done. The file is opened append only,
a user can make a symbolic from /tmp/isdnctrl to any file and mess
things up.
example: ln -s /var/spool/mail/root /tmp/isdnctrl
-- dentoir
Fart Foundation
Security through immaturity
2008 Dec 15
0
insecure: can't modify hash
A weird problem occurs (only on the prod server, not locally), when i
try to register a new user with restful_authentication.
Once in a while, i get the following error when trying to sign up as a
new user:
Insecure: can''t modify hash
usr/lib/ruby/gems/1.8/gems/activerecord-2.2.2/lib/active_record/attribute_methods.rb:309:in
`delete''
2000 Jul 07
1
Potentially insecure format string handling in PAM support
-----BEGIN PGP SIGNED MESSAGE-----
With the recent remote root Wu-ftpd exploit based upon incorrect format
string handling (processing user-supplied data as format strings), I've
taken to scanning any code with elevated permissions for similar problems.
I found one in the portable version of OpenSSH. Its only outputting
messages passed back by PAM, I think, so I don't think its
2007 Oct 23
0
Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss
Package: xen-utils-3.0.3-1
Version: 3.0.3-0-3
Severity: grave
Tags: security
Justification: user security hole
Xen versions 3.x, and 3.1 contain a tool for processing Xen trace
buffer information.
This tool uses the static file /tmp/xenq-shm insecurely allowing
a local user to truncate any local file when xenbaked or xenmon.py
are invoked by root.
Sample session:
# setup.
skx
2013 Oct 17
0
ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket
This issue has been assigned CVE-2013-4419.
https://bugzilla.redhat.com/show_bug.cgi?id=1016960
(Note this bug is private, but will be made public shortly)
----------------------------------------------------------------------
When using the guestfish --remote or guestfish --listen options,
guestfish would create a socket in a known location
(/tmp/.guestfish-$UID/socket-$PID).
The location has
2005 Aug 26
1
realtime sip channel configuration -> insecure option
Hi all
I'm trying to figure out what values are valid for the "insecure" option in a
realtime configuration table. The table field is 4 chars long and the actual
valid values for this is longer. Can I modify the field length or has this
changed? Below is where I looked, if I'm not looking in the right place
please let me know.
the field on the table is:
...
`insecure`
2007 Feb 23
1
default "insecure" setting
Hello, everyone.
I'm having a small problem when using asterisk with GUI. For every
provider I create I have to set "insecure=invite,port" in users.conf. Is
there a way to make it a default setting?
Thanks in advance.
2009 Apr 18
1
Insecure=
Who knows who decided to put insecure as the name for that option ?
Not only does it confuse noobs, it really has nothing to do with security,
as iirc its to accept calls from a device regg'ed or authed even if on diff
ports, and for the invite..
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2017 Nov 02
2
pjsip insecure=port,invite
Hello!
Looks like faq, but...
Could you , please, point me on how to convert this
[cisco]
type=friend
host=192.168.22.253
insecure=port,invite
to pjsip?
as you can see another side is very old cisco router, so I can't change
anything there.
I don't see any examples here
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Over the next month I have to setup a new network in a local school, and
> I wonder if I should use NIS/NFS. I still have my own documentation,
> it's simple and somewhat bone-headed to setup, and it just works.
In my opionion, there is a serious gap in this area. It's either NIS, simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management server at a complexity at
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info at microlinux.fr> wrote:
> Hi,
>
> In the past I've setup simple centralized authentication with NIS and
> NFS, without bothering about possible security implications.
>
> Over the next month I have to setup a new network in a local school, and
> I wonder if I should use NIS/NFS. I still have my own
2018 Mar 26
1
How insecure is NIS ? Possible alternatives ?
Am 2018-03-26 10:46, schrieb Clint Dilks:
> Hi, as you why it is insecure the biggest reason is that it is trivial
> for
> a user to get sensitive information about other users. Particularly
> things
> like password hashes, and with the compute power available today
> cracking a
> hash is not impractical.
You don't even need to crack them yourself.
If you have the
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs <info at microlinux.fr>:
>
> Le 26/03/2018 ? 10:28, isdtor a ?crit :
>> In my opionion, there is a serious gap in this area. It's either NIS,
>> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management
>> server at a complexity at least one order of magnitude beyond NIS.
>
> I gave FreeIPA a
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
On 03/26/2018 02:59 AM, Nicolas Kovacs wrote:
> I gave FreeIPA a spin a while back. I installed it on a sandbox server,
> and from what I recall, it pulled in a tsunami of dependencies, and
> first thing it wanted to replace my Dnsmasq with BIND... so I didn't
> look much further.
FreeIPA should be installed on its own server or VM, in which case its
dependencies and what it
2018 Mar 26
2
How insecure is NIS ? Possible alternatives ?
On 26/03/2018 15:14, Gordon Messmer wrote:
> FreeIPA takes all of one command to install, and one to set up. It
> provides a web UI for both administrative and end-user management of
> users, passwords, login and sudo policy, etc. Anything you find overly
> complex can simply be unused.
FreeIPA is easy to set up, but it is quite a complex beast under the
hood. I've had some nasty
2018 Mar 26
0
How insecure is NIS ? Possible alternatives ?
> Am 26.03.2018 um 16:31 schrieb Tom Grace <lists-in at deathbycomputers.co.uk>:
>
> On 26/03/2018 15:14, Gordon Messmer wrote:
>> FreeIPA takes all of one command to install, and one to set up. It
>> provides a web UI for both administrative and end-user management of
>> users, passwords, login and sudo policy, etc. Anything you find overly
>> complex can
2018 Mar 29
0
How insecure is NIS ? Possible alternatives ?
Le 29/03/2018 ? 06:44, Keith Keller a ?crit :
> I wonder how much support there is for NIS any more in recent
> distros. Is it possible CentOS 7 doesn't support NIS, or does but is
> buggy?
I'm planning to test this very soon, probably during the next week, and
I'll report back.
Cheers from another ex-Slackware user who migrated to CentOS. :o)
Niki
--
Microlinux -
2003 Apr 23
1
Insecure smbpasswd with ldap ??
hi there i have recently moved all users to LDAP and incorporated the
Samba schema i have allocated servers read only access to the data
except for what is required ie lmpass ... ntpass .. what disturbs me is
that smbpasswd demands write access to
uid,rid,primarygroup,cn,displayname i would rather it did not do this i
fully understand why samba requires write access to other attr's in fact
in
2014 Feb 26
1
allow insecure wide links
Does the 'allow insecure wide links' parameter work in the Samba in RHEL 6.5 (which is 3.6.9-167.el6_5)?
I need 'unix extensions' to be yes and also follow wide links. So I set 'allow insecure wide links' but it doesn't seem to work.
By the way (and this may be a known issue that's been resolved in later releases) after we upgraded our Macs to 10.9 (which rolled