Re: [SECURITY] [DSA 626-1] New tiff packages fix denial of service

2005-01-10 Thread Florian Weimer
* Martin Schürrer: > Gut, ich erlaube dir herumzuspielen, allerdings mache ja ein Backup vorher > (hängt auch deine Domain dran, und 2 Backups sind besser als 1) > > bei phpmyadmin Username [...] I've contacted Martin by phone and told him about his mistake.

Re: [SECURITY] [DSA 626-1] New tiff packages fix denial of service

2005-01-10 Thread Martin Schürrer
Gut, ich erlaube dir herumzuspielen, allerdings mache ja ein Backup vorher (hängt auch deine Domain dran, und 2 Backups sind besser als 1) bei phpmyadmin Username schosting Passwort asdqwe FTP-Account: [EMAIL PROTECTED] Passwort asdqwe Code ist von mir, allerdings schon sehr alt, und so schnell

Re: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution

2005-01-10 Thread Bob Proulx
> Package: kdelibs > Debian Bug : 287201 > ... > For the stable distribution (woody) this problem has been fixed in > version 2.2.2-13.woody.13. This fails to upgrade for me. It seems I don't have libarts installed. This package introduces four new files and a change and increase in

Re: local root exploit

2005-01-10 Thread Johann Glaser
Hi! > Christophe Chisogne a écrit : > > Vladislav Kurz a écrit : > > > >> mount -t tmpfs tmpfs /dev/shm > > > > With or without that, it fails with > > Oups, I'm sorry, it really works, with /dev/shm mounted :( > but for about 10% of executions. (yes, 'again' was the keyword) > > > Tested with

Re: local root exploit

2005-01-10 Thread Christophe Chisogne
Christophe Chisogne a écrit : Vladislav Kurz a écrit : mount -t tmpfs tmpfs /dev/shm With or without that, it fails with Oups, I'm sorry, it really works, with /dev/shm mounted :( but for about 10% of executions. (yes, 'again' was the keyword) Tested with 2.4.27-1-686 (2004-09-03) compiled with gcc

Re: local root exploit

2005-01-10 Thread Boris B. Zhmurov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Carlos Tirado. On 10.01.2005 18:36 you said the following: | [+] SLAB cleanup | child 1 VMAs 65406 | [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80 | [+] vmalloc area 0xd400 - 0xe7ff1000 | Wait... - | [+] race won

Re: local root exploit

2005-01-10 Thread Carlos Tirado
[+] SLAB cleanup child 1 VMAs 65406 [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80 [+] vmalloc area 0xd400 - 0xe7ff1000 Wait... - [+] race won maps=51294 expanded VMA (0xbfffc000-0xe000) [!] try to exploit 0xd4915000 [+] gate modified ( 0xffec90f4 0x0804ec00

Re: local root exploit

2005-01-10 Thread Christophe Chisogne
Vladislav Kurz a écrit : mount -t tmpfs tmpfs /dev/shm With or without that, it fails with "[-] FAILED: uselib (Cannot allocate memory) Killed" Tested with 2.4.27-1-686 (2004-09-03) compiled with gcc (GCC) 3.3.5 (Debian 1:3.3.5-5) and 2.4.27 kernel headers (-I/usr/src/kernel-source-2.4.27/include/)

Re: local root exploit

2005-01-10 Thread Boris B. Zhmurov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Carlos Tirado. On 10.01.2005 18:16 you said the following: | [EMAIL PROTECTED]:~/security$ ./elflbl | | [+] SLAB cleanup | child 1 VMAs 605 | [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80 | [+] vmalloc area 0xd400 -

Re: local root exploit

2005-01-10 Thread Carlos Tirado
[EMAIL PROTECTED]:~/security$ ./elflbl [+] SLAB cleanup child 1 VMAs 64801 [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80 [+] vmalloc area 0xd400 - 0xe7ff1000 [-] FAILED: open lib (/dev/shm/_elf_lib not writable?) (Permission denied) Killed [EMAIL PROTECTED]:~/securit

Re: local root exploit

2005-01-10 Thread Vladislav Kurz
On Monday 10 of January 2005 15:29, Jacques Lav!gnotte wrote: > On Mon, 10 Jan 2005 15:19:33 +0100 > > Vladislav Kurz <[EMAIL PROTECTED]> wrote: > > mount -t tmpfs tmpfs /dev/shm > > Only root can do that. But it can be already mounted, and the exploit can be modified to use any writeable directo

Re: local root exploit

2005-01-10 Thread Jacques Lav!gnotte
On Mon, 10 Jan 2005 15:19:33 +0100 Vladislav Kurz <[EMAIL PROTECTED]> wrote: > mount -t tmpfs tmpfs /dev/shm Only root can do that. Jacques -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: local root exploit

2005-01-10 Thread Vladislav Kurz
On Fri, 07 Jan 2005 23:55:15 +0100, Arnaud Loonstra <[EMAIL PROTECTED]> wrote: > Just tried the newly found exploits on a Woody system, it doesn't work... > I get: > [+] SLAB cleanup > child 1 VMAs 143 > [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80 > [+] vmalloc area 0xc

PLEASE NOTE: Brian Howe is away from the office

2005-01-10 Thread bhowe
I will be out of the office starting 01/10/2005 and will not return until 01/17/2005. Please address IT related matters to Jim Gerbrand via telephone at 604-514-5268 or email at [EMAIL PROTECTED] Otherwise, I will respond to your message when I return. -- To UNSUBSCRIBE, email to [EMAIL PROTE

CAN-2004-1056 status at kernel.org ?

2005-01-10 Thread Christophe Chisogne
A kernel vulnerability related to intel drms (CAN-2004-1056 insufficient locking checks in DRM code), has been reported by some vendors [5-7]. It seems to have been fixed in kernel-source-2.6.8-11, and will be fixed by a backport to kernel-source-2.4.27-8 (also fixes CAN-2004-1235 about uselib) [1-

unsubscribe

2005-01-10 Thread Marinelli Massimo
--- Questo messaggio e confidenziale; il suo contenuto non costituisce impegno da parte di Symphonia SGR salvo accordo scritto tra il destinatario e Symphonia SGR. La pubblicazione, l'uso o la diffusione non autorizzati di qu

UNSUBSCRIBE

2005-01-10 Thread krehmer . th