similar to: [dizznutt@my.security.nl: icecast 1.3.11 remote shell/root exploit - #temp]

hi, don't know whether this is already covered in the list, sorry if it's old news... is there any 1.3.11 bugfix release out there? can't find things on icecast.org attached the email from bugtraq. best, uno <p> <strong>attached mail follows:</strong><hr noshade> Hello, Attached is a full analysis to accompany the earlier disclosed remote root/shell

Hi There, re. the recently reported buffer overflow in icecast, is there any "official" security patch against 1.3.11 ? I am reluctant to take any un-official patch like this one ;-) There is nothing on www.icecast.org/releases, maybe it's somewhere else ? Thanks. Alfredo <p><p>>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id:

To all users: The recently exploits announced at bugtraq can be fixed by the following patch. This patch should fix a few other potential holes as well, and I will post a followup patch soon that is even more thorough. Note: this exploit would give the attacker priviledges of the user running icecast. If you are running icecast as a normal user account or as root, this would be a good time to

To all users: The recently exploits announced at bugtraq can be fixed by the following patch. This patch should fix a few other potential holes as well, and I will post a followup patch soon that is even more thorough. Note: this exploit would give the attacker priviledges of the user running icecast. If you are running icecast as a normal user account or as root, this would be a good time to

Hello Icecast folks, Attached is an analysis I slapped together detailing the exact specifics of the bug that is exploited with the icecast exploit I disclosed earlier this week. Furthermore it details another remotely exploitable bug. I sent this to team@icecast.org and to Jack Moffit, but have not received a response as of yet. So if people, like I noticed in the icecast@xiph.org list, are

Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Received-SPF: none (hypatia: domain of tofesi at web.de does not designate permitted sender hosts) X-Virus-Scanned: by amavisd-new at stat.math.ethz.ch X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on hypatia.math.ethz.ch X-Spam-Level: * X-Spam-Status: No, hits=1.9 required=5.0

greetings, would it be a good idea to include within the scp man pages, how one would use scp to copy files which have the ' : ' character in the filename? a friend struggled a little trying to do this, discovered the answer on google, i thought it might be usefull to have in the man pages too. the solution was to use the files' full path so that scp recognised it as a file. please cc

Does swfdec work on AMD 64-bit systems? On 3/27/07, D?niel Fraga <fragabr@gmail.com> wrote: > URL: > http://linuxtoday.com/news_story.php3?ltsn=2007-03-27-010-26-NW-SW-DV > Free software fans of YouTube jumped for joy last week when developer > Benjamin Otte announced on his blog that the free Swfdec Flash player > has reached the point where it can play YouTube's Flash

With the latest message I send to the CentOS list I got this strange 'probe' message. The included bounce example has nothing to do with my email-adres, but rather with someone subscribed to the list. So it seems that somehow the mailinglist manager is sending bounces to the wrong email-adres. Or I do not understand the 'probe' message (and the included bounce message) at all.

when check java process lock statistics, plockstat failed, please see below: # prstat -mLp 21162 PID USERNAME USR SYS TRP TFL DFL LCK SLP LAT VCX ICX SCL SIG PROCESS/LWPID 21162 7677 0.9 0.1 0.0 0.0 0.0 99 0.0 0.3 83 89 215 0 java/81 21162 7677 0.3 0.1 0.0 0.0 0.0 0.0 99 0.2 106 33 305 0 java/35 21162 7677 0.1 0.0 0.0 0.0 0.0 100 0.0 0.1 79 6 85 0 java/59

Hey everyone, I posted bug #3746 for people to report on the latest code in the stable branch. Once I get enough reports that it is working fine, we will release 1.0.7. Thanks, Russell Bryant _______________________________________________ Asterisk-Dev mailing list Asterisk-Dev@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-dev To UNSUBSCRIBE or update options visit:

Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Received-SPF: none (hypatia: domain of tofesi at web.de does not designate permitted sender hosts) X-Virus-Scanned: by amavisd-new at stat.math.ethz.ch X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on hypatia.math.ethz.ch X-Spam-Level: X-Spam-Status: No, hits=0.2 required=5.0

Greetings from Amazon.com. We're sorry. You replied to a notification-only address that cannot accept incoming e-mail. But that's OK--this automated response will direct you to the right place at Amazon.com to answer your question or help you make changes to your order. To change any unshipped orders, make other changes to your account, or view your order history, visit:

Hi all, I''ll be at LISA starting tomorrow afternoon. I have a panel with other config-mgmt authors on Thursday and I''m running BoFs at night, but I''ll otherwise likely be trawling the hallways looking for conversation. Track me down if you''re there; I''ll do my best to wear a bike cap every day or something to simplify recognizing me. --

i'm trying to set up a customer who has two printers attached to their computer one is some sort of okidata color laser printer, which seems to work fine the other one is a brother HL-4040CDN, which prints fine from a Linux based application such as open office. when i try to print from a program in wine, however, I can't for the life of me get it to print properly to legal sized paper,

Hi, I've been generating linear models with lm(). I wanted to look at the VIF's for the coefficient. Using the vif() function from the package Design, I would get unusually high VIF's. However using vif() from the car package I get more reasonable values (ie in line with the quality of the model). What is the difference between the two vif functions? (I dont have access to the

"Select from a wide variety of brand name and generic rneds. It is legitimate to select licensed chemist-sites to place the or-der.,Customers have better selections for rnedicals on ereection dysfunction, pain, man's care, highcholesterol, stress and obesity. It is easier to stay healthier." [1]Embrace super value and check quality medicals on

Hi, I'm plotting 4 graphs on one page (2x2 matrix) but I cant seem to get the title for the whole page right. I'm doing: op <- par(mfrow = c(2,2), pty="s") hist(var$V2, breaks="FD",main="Euclidean Metric", xlab="Sum of 3NN ... hist(var$V2, breaks="FD",main="Manhattan Metric", xlab="Sum of 3NN ... hist(var$V2,

Hi All, I have recently downloaded and compiled IceCast 1.3.11 with the crypt option turned on. Once I did this I have not been able to access the ADMIN console through telnet. I got the latest version of mkpasswd from CVS and compiled it. I have included the encrypted version of the password into the configuration file and then started icecast. Am I doing something wrong? One thing that

sorry folks, i should have done this properly the first time i post my changes. the attachment contains a gzipped version of unified recursive diff ... this diff is made between a fresh cvs copy of icecast 1.3.11 and the source branch of icecast 1.3.11-mingw that i have. some things are missing, but don't worry about that. i'm not going to explain why individual files present in one