similar to: Openssh use enumeration

Displaying 20 results from an estimated 200 matches similar to: "Openssh use enumeration"

2016 Jul 21
2
Openssh use enumeration
I thought this was already addressed with the internal blowfish hash of "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK" to where all passwords were checked against this to prevent timing analysis for user enumeration. On 20 July 2016 at 19:45, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jul 19, 2016 at 11:10 PM, C0r3dump3d <coredump at
2010 Sep 18
2
Ac1dB1tch3z Vs Linux Kernel x86_64 0day
Are there any 64bit CentOS5 kernels available that are immune against the exploit mentioned in the subject? Turning off 32bit support is no option to me.. Gerhard Schneider P.S.: Source code can be found at http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on 2.6.18-194.11.3.el5.centos.plus -- Gerhard Schneider Institute of Lightweight Design and e-Mail: gs
2012 Aug 01
5
[Full-disclosure] nvidia linux binary driver priv escalation exploit
Hi all! I found this today on FD: http://seclists.org/fulldisclosure/2012/Aug/4
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff that do_authloop() appends to loginmsg is harmless (the user
2016 Jul 22
18
Call for testing: OpenSSH 7.3
Hi, OpenSSH 5.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is
2011 Apr 01
0
on "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload"
Hi, as some IPSec users might be worried about the "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload" from http://seclists.org/fulldisclosure/2011/Apr/0 , here's some braindump: To be affected it's believed that you need to 1) manually compile in IPSEC (not done in GENERIC or the release), 2) have an entry for ipcomp in your security
2016 Jul 21
2
Openssh use enumeration
On Thu, Jul 21, 2016 at 1:34 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > yeah I like this idea, fixes the issue with blowfish hashes and non root > passwords, maybe random delay as the final fall back if no salts/passwords > are found. Well if there are no accounts with a valid salt then there's also no valid account to compare the timing of invalid accounts
2004 Jun 07
2
"Destructive" utilities
The following threads suggest that the way to reclaim memory occupied by initramfs is to remove files from it: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&frame=right&th=c6cb846bba1a7aea&seekm=SAUO.51B.21%40gated-at.bofh.it#link1 http://seclists.org/lists/linux-kernel/2003/Dec/0707.html However, there is no way to do it using utilities provided by klibs. Could you
2005 Sep 27
2
Samba/Firewall issues?
Greetings, I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11 server is also running iptables. In our log.nmbd file we have noticed the following: [2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (Connection refused) [2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790) Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation
2015 Aug 19
2
Converting HVM to PV kernel CentOS7
Thanks for the reply. Sorry for the typo in the earlier mail. I have PV-HVM of CentOS 7 & I need to convert it to PV kernel. Basically here I am trying to see whether my PV_HVM kernel is vulenrable to this issue given in the following link http://seclists.org/oss-sec/2015/q3/212 In the above link, it was mentioned that the PV kernel is not vulnerable to this bug, but HVM is. It didnt say
2015 Aug 19
2
Converting HVM to PV kernel CentOS7
Thanks for the reply. If we want to have PV kernel for CentOs 7 , are there any guidelines to follow? How we can know before hand itself that this kernel is PV or HVM, without installing kernel? On Wed, Aug 19, 2015 at 11:27 AM, John R Pierce <pierce at hogranch.com> wrote: > On 8/18/2015 10:37 PM, Venkateswara Rao Dokku wrote: > >> Thanks for the reply. >> Sorry for the
2014 Jun 17
1
Bug#751894: xen: CVE-2014-4021 / XSA-100
Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, fixed-upstream Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6 Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch --- Henri Salo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc:
2015 Aug 19
0
Converting HVM to PV kernel CentOS7
On 8/18/2015 10:37 PM, Venkateswara Rao Dokku wrote: > Thanks for the reply. > Sorry for the typo in the earlier mail. > I have PV-HVM of CentOS 7 & I need to convert it to PV kernel. > > Basically here I am trying to see whether my PV_HVM kernel is vulenrable to > this issue given in the following link > http://seclists.org/oss-sec/2015/q3/212 that is talking about a
2015 Aug 19
0
Converting HVM to PV kernel CentOS7
All modern kernels are PV compatible. You can take the same Linux image and run it HVM or PV. On 19 August 2015 at 09:19, Venkateswara Rao Dokku <dvrao.584 at gmail.com> wrote: > Thanks for the reply. > > If we want to have PV kernel for CentOs 7 , are there any guidelines to > follow? > How we can know before hand itself that this kernel is PV or HVM, without >
2019 Dec 06
0
VPN connections subject to hijack attack
<https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/> This affects all VPNs and is a consequence of using "loose" reverse path filtering for anti-spoofing. The default CentOS setting is strict filtering but you may have changed this to loose for some unusual routing situations. Check that the value of
2018 Sep 06
1
cran-r debian readme used to include security flaw
I had to bust the cache on one of my Docker images and when I rebuilt it I noticed something rather concerning from the `apt-get install` step: gpg: requesting key E084DAB9 from hkp server ha.pool.sks-keyservers.net gpg: key E084DAB9: public key "Totally Legit Signing Key < mallory at example.org>" imported gpg: key E084DAB9: public key "Michael Rutter <marutter at
2011 Dec 22
0
[PATCH] Security: Mitigate possible privilege escalation via SG_IO ioctl (CVE-2011-4127, RHBZ#757071)
From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from
2015 Apr 14
0
[ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro
X.Org Security Advisory: April 14, 2015 Buffer overflow in MakeBigReq macro in libX11 prior to 1.6 [CVE-2013-7439] ========================================================================== Description: ============ It's been brought to X.Org's attention that this commit: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d which was included
2019 Dec 06
1
VPN connections subject to hijack attack
On Fri, 6 Dec 2019 at 04:40, Kenneth Porter <shiva at sewingwitch.com> wrote: > > <https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/> > Thanks for the heads up > This affects all VPNs and is a consequence of using "loose" reverse path > filtering for anti-spoofing. The default CentOS setting is
2019 Dec 05
0
CVE-2019-14899 can potentially affect tinc VPNs
Hello, Researchers have shown that many operating systems, sometimes in default configurations, allow packets to be received on an interface with a destination address that does not match a route that would send return packets back out of that interface. For example, you have a LAN interface which uses the address range 192.168.1.0/24, and a WAN interface with a public IP address. In some