similar to: Full analysis of the remotely exploitable icecast 1.3.x bugs

hi, don't know whether this is already covered in the list, sorry if it's old news... is there any 1.3.11 bugfix release out there? can't find things on icecast.org attached the email from bugtraq. best, uno <p> <strong>attached mail follows:</strong><hr noshade> Hello, Attached is a full analysis to accompany the earlier disclosed remote root/shell

Contrary to the report, this only affect 1.3.x version of icecast, not _all_ versions. But this is a serious problem and I do hope you all took my advice last time and aren't running icecast as root. I'll try to have a patch today. jack. ----- Forwarded message from dizznutt@my.security.nl ----- Date: Tue, 2 Apr 2002 07:51:55 +0000 (GMT+00:00) From: dizznutt@my.security.nl To:

This is a continuation to the library creation effort for syslinux. I added the necessary ops required to read partitions and sectors off the disk. I'm using it with my com32 module. I did change the interface for read_disk a bit, so it takes a disk_info argument. This way I can maintain multiple instances of read handlers, for example if I'm reading and comparing stuff from two different

Hi, I noticed this today. If I build lsof on my 4-STABLE box, then it doesn't run: boojum# lsof lsof: PID 0, no file * space If I build the lsof binary under 4.8-STABLE, then it runs fine under 4.8-STABLE and 4-STABLE. Upon investigation it appears that the variable fd in the file dproc.c is being used uninitialized in gather_proc_info(). The problem seems to be related to some changes to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:16.filedesc Security Advisory The FreeBSD Project Topic: file descriptor leak in readv Category: core Module: kernel Announced: 2003-10-02

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:16.filedesc Security Advisory The FreeBSD Project Topic: file descriptor leak in readv Category: core Module: kernel Announced: 2003-10-02

Hi Everyone, http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html A critical vulnerability was found in lukemftpd, which shipped with some FreeBSD versions (4.7 and later). However, with the exception of FreeBSD 4.7, lukemftpd was not built and installed by default. So, unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP when building FreeBSD from source, you

Hi There, re. the recently reported buffer overflow in icecast, is there any "official" security patch against 1.3.11 ? I am reluctant to take any un-official patch like this one ;-) There is nothing on www.icecast.org/releases, maybe it's somewhere else ? Thanks. Alfredo <p><p>>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id:

Hi I've developed a player that utilizes winamp input plugins for decoding audio to PCM. I'm going to include an open source mp3 input plugin, in_mpg123.dll, and I'm wanting an open source in_vorbis.dll as well. One question. Since vorbis is open source, would it break any rules to distribute the in_vorbis.dll included with Winamp? I presume so but thought I would ask.

On Mon, 2013-10-07 at 10:58 -0600, Mike Latimer wrote: > On Friday, October 04, 2013 09:38:58 AM Matthew Booth wrote: > > It's specifically an error if we're attempting to configure virtio, and > > there's no detected virtio kernel. It shouldn't have been possible to > > get here in that state, hence it's a programmer error. The code below > >

Hello, I see in BugTraq that there's yet another problem with Wu-ftpd, but I see no mention of it in the freebsd-security mailing list archives...I have searched the indexes from all of June and July. Wu is pretty widely used, so I'm surprised that nobody seems to have mentioned this problem in this forum. The notice on BugTraq mentioned only Linux, not FreeBSD, but that's no

Hello, I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is CBC therefore considered as broken and unsecure (in general or SSH implementation)? I also read a lot of references (see below) but still not clear to me what's the actual "security status" of CBC and why it has been removed in general. http://www.openssh.com/txt/release-6.7 sshd(8): The default set

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced:

This change adds grub parsing to Lib.pm. It adds the following structure to $os: {boot} ->{configs} ->[0] ->{title} = "Fedora (2.6.29.6-213.fc11.i686.PAE)" ->{kernel} = \kernel ->{cmdline} = "ro root=/dev/mapper/vg_mbooth-lv_root rhgb" ->{initrd} = \initrd ->{default} = 0 The kernel and initrd entries are just

when check java process lock statistics, plockstat failed, please see below: # prstat -mLp 21162 PID USERNAME USR SYS TRP TFL DFL LCK SLP LAT VCX ICX SCL SIG PROCESS/LWPID 21162 7677 0.9 0.1 0.0 0.0 0.0 99 0.0 0.3 83 89 215 0 java/81 21162 7677 0.3 0.1 0.0 0.0 0.0 0.0 99 0.2 106 33 305 0 java/35 21162 7677 0.1 0.0 0.0 0.0 0.0 100 0.0 0.1 79 6 85 0 java/59

Hi: Russ Moffit of our Honolulu Lab has made a modification to the R netcdf package 'ncdf' so that it can access remote netcdf files using OPenDAP (http://www.opendap.org). The package works on Linux, and with help from Don MacQueen was also ported to Macintosh OS X. We have had a lot of demand for this to be ported to Windows also, but it is beyond our capabilities. If there is

To all users: The recently exploits announced at bugtraq can be fixed by the following patch. This patch should fix a few other potential holes as well, and I will post a followup patch soon that is even more thorough. Note: this exploit would give the attacker priviledges of the user running icecast. If you are running icecast as a normal user account or as root, this would be a good time to

To all users: The recently exploits announced at bugtraq can be fixed by the following patch. This patch should fix a few other potential holes as well, and I will post a followup patch soon that is even more thorough. Note: this exploit would give the attacker priviledges of the user running icecast. If you are running icecast as a normal user account or as root, this would be a good time to

Hey On Sun, May 19, 2002 at 01:14:43PM -0700, Nicolae wrote: > I noticed that RealPlayer plays shoutcast streams along with > mp3 players but not with MEDIA Player. (lame a** M$). Thats one of the reasons whey people should use Icecast (Read OPEN SOURCE!). Using Icecast you actually have the posibility to get all those mediaplayers out there working with those fucked up players. Jack

it was fixed a long time ago actually. The current YP is now benefitting from the changes made by me (with help from Karl), and yet despite the requests from both Karl and I recommending that these streams be allowed again, it falls on deaf ears. Ultimately it's up to Xiph to decide, although I was hoping that when the objection "it performs badly so we turned off all non-vorbis