similar to: 'template shell' samba parameter

Hi, I'm using samba version 3.0.37 and i encountered a very strange and annoying phenomena when 2 different users from 2 different machines are getting the same PID from samba. (2 windows users that are trying to view documents on the CIFS share). I did some google research on this problem and i found the following regarding such a problem: " One can find references to problems like

According to the vulnerability test script from shellshocker.net, the latest bash versions on CentOS5 and CentOS6, 3.2-33.el5_11.4 and 4.1.2-15.el6_5.2, resp., are still vulnerable to CVE-2014-6277. In fact, on CentOS6, abrtd will send you a nice report about it. Does anyone know if upstream is working on a fix? [root at host ~]# bash ~/shellshock_test.sh CVE-2014-6271 (original shellshock):

Good afternoon! After applying the latest bash RPM listed at http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html : The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on CentOS 5.10. However, it DOES NOT work on CentOS 5.4. That is, bash runs fine, but IS STILL VULNERABLE TO SHELLSHOCK! Scary screenie at: http://i.imgur.com/yR7sBjV.png It looks like

Hello, I am trying to create a simple Manhattan plot for a small list of 200 SNPs spread out in the genome in different genes. I have tried different functions (using ggplot2 and a function created by Stephen Turner, mhtplot etc.)-none of them work smoothly. Does anyone have a simple way to create the plot (not for all 22 chromosomes)- with the x axis showing the genes name and not the

I found an interesting email that got caught in my spam quarantine. I?m wondering if dovecot is vulnerable to this kind of code execution (I?m aware that other components could be vulnerable, but this question is specifically targeting dovecot). The idea is to insert shell commands into various header fields that would get executed as part of the message processing/delivery. Examples include:

Hello, How can I run a backward stepwise regression with part of the variables fixed, while the others participate in the backward stepwise analysis? Thank you, Einat -- View this message in context: http://r.789695.n4.nabble.com/Stepwise-analysis-with-fixed-variables-tp4650015.html Sent from the R help mailing list archive at Nabble.com.

On Wed, Feb 4, 2015 at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote: > >>> Most such vulns are against Apache, PHP, etc, which do not run as root. >> >> Those are common. Combine them with anything called a 'local >> privilege escalation' vulnerability and you've got a remote root >> exploit. > > Not quite. An LPE can only be used

The AstLinux Team has released 1.2.0. All current users are encouraged to upgrade as this release addresses the bash "ShellShock" bug. New in 1.2.0: * New Linux Kernel 3.2.x * "igb" ethernet driver for Intel Atom C2000 * Enable AES-NI support * New "sip-user-agent" firewall plugin * New versions of Asterisk 11 and 1.8 * Bash "ShellShock" security fixes A

On Mon, Feb 2, 2015 at 8:02 PM, Kahlil Hodgson <kahlil.hodgson at dealmax.com.au> wrote: > On 3 February 2015 at 13:34, PatrickD Garvey <patrickdgarveyt at gmail.com> wrote: >> Now how about some specific sources you personally used to learn your >> craft that we can use likewise? > > So many places it makes my brain hurt just thinking about it. Google > and

Dear All I want to put my stuff on centos 6.3 but some colleagues warned that it is not wise to use it at now for some bugs reported. Can you please confirm if this is true and which vulnerability can be risked for ? Thank you

Hopefully that gets everyone''s attention. Evan Weaver has whined enough to make me do a release to change the requirements on the Mongrel gem so that it doesn''t need the cgi_multipart_eof_fix anymore. *************************** THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR GREATER! NO EXCEPTIONS! *************************** I know Debian guys like to hack

I'm right now handling this beach-ball sized grenade, and trying to figure out which of our services need to be locked down right away. Since dovecot passes values via environment variables based on user input (e.g. username, password, mailbox?) to auxilliary executables (including possibly bash shell scripts), is dovecot vulnerable to this exploit? (This is not a fault of dovecot, but

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100

On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: > On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> >> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat if >> I >> look back). One day I realized how happy I am that I chose RedHat way >> back, - that was when all Debian (and its clones like Ubuntu,...) admins

Do we know if dovecot is vulnerable to the heartbleed SSL problem? I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it anyway!). Thanks John

Hey guys, I realize this release is a little old. But I'm hoping to get some help with this anyway if that's cool. This is my employer's box and I don't have the option of upgrading it. I installed apr 1.5.1 and apr-util 1.5.4. Then downloaded the source for apache 2.4.10 for a project that I'm working on. I gave these configure flags along with make and install [root at

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All

Is it true that (dynamic) binaries are vulnerable if and only if they are linked with libssl.so.3, not with libcrypt or libcrypto? Thanks for your help. Andrew.