similar to: rumours of openssh vulnerability

Hello, is there a security issue on CentOS 5.3 with openssh 4.3? I ask that cause of http://www.h-online.com/security/Rumours-of-critical-vulnerability-in-OpenSSH-in-Red-Hat-Enterprise-Linux--/news/113712 and http://secer.org/hacktools/0day-openssh-remote-exploit.html. Should ssh login from internet on CentOS better be disabled? regards Olaf

Hi all. I've looked at the archives and it seems to be quiet regarding this supposed "0-day" openssh vulnerability and I'm wondering if anyone here may have some insight or further information regarding it. We've been monitoring things and the amount of speculative info flying around is incredible. Some claim it's the CPNI-957037 issue, thus affecting <5.2, others

Hi all, Several people have written to me over the past couple of days to ask about a youtube video which allegedly shows a local root vulnerability in 8.1-beta1 being exploited. It is possible that the video is real and someone has found a vulnerability. It is also possible that the video is completely fake. There is no evidence on the video which is remotely conclusive in either direction.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, A short time ago a "local root" exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root. Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is

The FreeBSD Security Officer would normally be sending out this email, but he's a bit busy right now and it is clear from reactions to FreeBSD Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of the current status of the RELENG_5_1 branch, so I'm going to send out this reminder myself. The branches supported by the FreeBSD Security Officer have been updated to reflect

Hi, I'm having issues connecting Garmin GPS 18 to COM1 on 9.1, I get nothing but silence. Identical setup works absolutely fine with Linux. I've got PPS wire connected to DCD, but that seems to make no difference on Linux, so I presume it shouldn't affect fbsd either. On Linux, I get: $ uname -a Linux ubuntu 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 2013 x86_64 x86_64

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 6.3. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 6.3 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 6.3. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 6.3 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

Hi to all rsync users. rsync's `--delete' option works fine in the following example: I'm sending all the content of /home/rodolfo from machine1 to /home/rodolfo in machine2: $ rsync --dry-run -vrtul --delete --exclude='/.*' . 192.168.0.2:/home/rodolfo , and --delete works perfectly. Instead, in this other example: $ rsync --dry-run -vrt --delete --modify-window=1 file1

I''ve noticed some strangeness when using the InPlaceEditor. Here''s my code: <p id="storyTitle"><%= storyTitle %></p> <script type="text/javascript"> new Ajax.InPlaceEditor(''storyTitle'', ''editBlog.jsp'', { callback: function(value) { return ''v=edit&user=<%=

Hi People, I know this may seem off topic, but I thought for those of us who might have Debian users generating key pairs that they put on CentOS systems people should be aware that everybody who generated a public/private keypair or an SSL cert request on Debian or Ubuntu from 2006 on is vulnerable http://it.slashdot.org/it/08/05/13/1533212.shtml

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. >

Dear FreeBSD users, Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon

All, Given the amount of NULL-pointer dereference vulnerabilities in the FreeBSD kernel that have been discovered of late, I've started looking at a way to generically protect against the code execution possibilities of such bugs. By disallowing userland to map pages at address 0x0 (and a bit beyond), it is possible to make such NULL-pointer deref bugs mere DoS'es instead of code

Can I change the wiki? The box claims it plays oggs, the tech. specs. in the booklet claims it plays oggs, *some* places on the website claims it supports oggs, but it doesn't actually play my oggs. Can I move it to a "misadvertised" section, or a "rumours" section, or what can I do to indicate this to other people, so they don't accidentaly buy it? Hugo

On 02/02/16 07:30, Rowland penny wrote: >> I'll have a look at the Sernet and see if there's any other Samba >> > backports to Ubuntu 14.04 -- I can't be the only one facing this issue. >> > (Probably wouldn't be hard to nick the deb sources from the upcoming >> > Ubuntu 16.04 and re-compile them on 14.04 too.) > There are later versions

John Todd wrote.... > Cisco has an 802.11 phone called the 7920, which is apparently > shipping now. It is very expensive (>$550 USD) and only runs SCCP at > the moment, which is Cisco's proprietary VoIP protocol. However, if > it falls in line with some of Cisco's other high-end VoIP equipment, > that means it should have a trailing-edge SIP image running by

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On April 30th, FreeBSD 7.0 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 7.0 are strongly encouraged to upgrade to FreeBSD 7.1 before that date. Note that the End of Life date for FreeBSD 7.0 was originally announced as being February 28, but was delayed by two months in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On April 30th, FreeBSD 7.0 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 7.0 are strongly encouraged to upgrade to FreeBSD 7.1 before that date. Note that the End of Life date for FreeBSD 7.0 was originally announced as being February 28, but was delayed by two months in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of this release are strongly encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be supported until the end of March 2012. Please note that since FreeBSD 7.1 has been designated for