similar to: UDP Constant IP Identification Field Fingerprinting Vulnerability

On Fri, June 24, 2016 12:24, John R Pierce wrote: > On 6/24/2016 9:20 AM, James B. Byrne wrote: >> We received a notice from our pci-dss auditors respecting this: >> >> CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps >> the >> IP Identification field at 0 for all non-fragmented packets, which >> could allow remote attackers to determine that

On Mon, June 27, 2016 12:29, Gordon Messmer wrote: > On 06/26/2016 01:50 PM, James B. Byrne wrote: >> However, all I am seeking is knowledge on how to handle this using >> iptables. I am sure that this defect/anomaly has already been >> solved wherever it is an issue. Does anyone have an example on >> how to do this? > > > I think the bit you're missing is

Hello, I plan to create a commercial software that would automate the running of a few IT security tools and build a nice report, in order to help security auditors in their work. I saw your smbclient tool that could be really appropriate. As this tool is GPL'd, I would like to make sure you agree with the usage (running and parsing) I plan. Of course, should you have any requirement (e.g.

All, There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data: https://hiddenlayer.com/research/r-bitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-27322 https://www.kb.cert.org/vuls/id/238194 Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report: https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html

CentOS Errata and Security Advisory 2013:X012 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- 2eb1022ec7ec2d508248c9c152e253aa72acfa08a155701d2791b1458766590a e1000e-2.5.4-3.4.68.2.el6.centos.alt.x86_64.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2014:X011 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- 0ca23e081ddc488aa22b357fd2ad46b26526424f4613f5af7254bcbdcbcf1474 e1000e-2.5.4-3.10.55.2.el6.centos.alt.x86_64.rpm

CentOS Errata and Security Advisory 2014:X009 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- b46a8cc4391424f463aec8e81e716152357426ae3601857b2661bc5a1257f9b3 e1000e-2.5.4-3.10.43.2.el6.centos.alt.x86_64.rpm

Thanks for the analysis of second bug. Please also share CVSSv3 score for first bug. Arjit Kumar On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > > Hi Team, > > > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. > > They are not unpublished:

https://bugzilla.samba.org/show_bug.cgi?id=10936 Bug ID: 10936 Summary: Rsync path hijacking attack vulnerability Product: rsync Version: 3.1.1 Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: core Assignee: wayned at samba.org

Hi, I''m trying to verify that the Xen I''m running is patched against the all the known published bugs. I''m running Fedora 7, which means I''m running Xen 3.1.2. I''ve checked the changelog in the Fedora package, and I can verify that all the bugs I''ve found are fixed except for one. http://www.securityfocus.com/bid/27219

CentOS Errata and Security Advisory 2013:X018 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- 2ac8f3b6799eac04c6fc5fe054a68d00bdf914f173087a7802c9bce8b4366e48 e1000e-2.5.4-3.10.25.2.el6.centos.alt.x86_64.rpm

Hi there, With the new scrutinization by auditors on account policies and auditing, how can Samba be SOX compliant? Using 3.0.14a-sernet on Suse 9.1 - ldapsam Specifically, a couple of things seem to be lacking: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. 2) Do the Audit Policy values in user manager have any effect? Are

On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > Hi Team, > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. They are not unpublished: https://www.samba.org/samba/security/CVE-2017-2619.html https://www.samba.org/samba/security/CVE-2017-7494.html For this second bug, I did some work on CVSS scores: I've had a go at a CVSSv3 score for the

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

We are running samba 3.0.7 on a Solaris 9 server. This is our company's main file server (migrated over from Windows). We are having issues with properly applying file permissions to different groups. Right now, we have about 400 users. They are all members of the "other" group at the OS level. Beyond that, all the users are divided into groups based on their department so that

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2013:0620-01 Important (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: a8a913de2ce129fe28c1015d2be0ca72acbb70eb7b4e41ef470f8fdc3d70c6ad kernel-3.4.50-8.el6.centos.alt.x86_64.rpm b01179ca3023f3f3503fe71f8efbdecee9f01f6be552c2a35c91909fe652574f

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors