ciao Ci, vieni su domani sera?
Se hai problem con il trasporto fammi sapere.
ti aspetto.
Beppuz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"[SECURITY] [DSA 641-1] New playmidi packages fix local root exploit",
a summary of which appears below.
There is no need to reply to this message right now. Y
Robert Vangel wrote:
It says it did exploit but it didn't...
A.
Try doing something that would require root (eg.. mount something,
create a file in /, etc)
Yep I tried that but I don't have root permissions
[EMAIL PROTECTED]:~$ ./a.out
[+] SLAB cleanup
child 1 VMAs 9019
[+] moved stack bfffe0
A.J. Loonstra wrote:
I tried modifying the exploit not to use /dev/shm... but this is wat
happens:
~$ ./a.out
[+] SLAB cleanup
child 1 VMAs 287
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xc500 - 0xc9d17000
Wait... |
[+] race won maps=6768
e
On Tue, Jan 11, 2005 at 10:18:46AM +0100, A.J. Loonstra wrote:
> I tried modifying the exploit not to use /dev/shm... but this is wat
> happens:
>
> ~$ ./a.out
>
> [+] SLAB cleanup
> child 1 VMAs 287
> [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
> [+] vmalloc area 0xc5
I tried modifying the exploit not to use /dev/shm... but this is wat
happens:
~$ ./a.out
[+] SLAB cleanup
child 1 VMAs 287
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xc500 - 0xc9d17000
Wait... |
[+] race won maps=6768
expanded VMA (0xbfffc0
A.J. Loonstra a écrit :
I tried modifying the exploit not to use /dev/shm... but this is wat
happens:
(...)
It says it did exploit but it didn't...
I just modify it the same way (without /dev/shm tmpfs-mounted).
And it worked as expected (uid 0 and root access).
Perhaps you inadvertly entered the
What about this:
./elflbl
[+] SLAB cleanup
child 1 VMAs 87
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xe040 - 0xd000
[-] FAILED: uselib (Exec format error)
this is on woody, with vulnerable kernel (2.4.28 with ow1 and vserver),
I do
Hi!
> Christophe Chisogne a écrit :
> > Vladislav Kurz a écrit :
> >
> >> mount -t tmpfs tmpfs /dev/shm
> >
> > With or without that, it fails with
>
> Oups, I'm sorry, it really works, with /dev/shm mounted :(
> but for about 10% of executions. (yes, 'again' was the keyword)
>
> > Tested with
Christophe Chisogne a écrit :
Vladislav Kurz a écrit :
mount -t tmpfs tmpfs /dev/shm
With or without that, it fails with
Oups, I'm sorry, it really works, with /dev/shm mounted :(
but for about 10% of executions. (yes, 'again' was the keyword)
Tested with 2.4.27-1-686 (2004-09-03)
compiled with gcc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello, Carlos Tirado.
On 10.01.2005 18:36 you said the following:
| [+] SLAB cleanup
| child 1 VMAs 65406
| [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
| [+] vmalloc area 0xd400 - 0xe7ff1000
| Wait... -
| [+] race won
[+] SLAB cleanup
child 1 VMAs 65406
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xd400 - 0xe7ff1000
Wait... -
[+] race won maps=51294
expanded VMA (0xbfffc000-0xe000)
[!] try to exploit 0xd4915000
[+] gate modified ( 0xffec90f4 0x0804ec00
Vladislav Kurz a écrit :
mount -t tmpfs tmpfs /dev/shm
With or without that, it fails with
"[-] FAILED: uselib (Cannot allocate memory)
Killed"
Tested with 2.4.27-1-686 (2004-09-03)
compiled with gcc (GCC) 3.3.5 (Debian 1:3.3.5-5)
and 2.4.27 kernel headers
(-I/usr/src/kernel-source-2.4.27/include/)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello, Carlos Tirado.
On 10.01.2005 18:16 you said the following:
| [EMAIL PROTECTED]:~/security$ ./elflbl
|
| [+] SLAB cleanup
| child 1 VMAs 605
| [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
| [+] vmalloc area 0xd400 -
[EMAIL PROTECTED]:~/security$ ./elflbl
[+] SLAB cleanup
child 1 VMAs 64801
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xd400 - 0xe7ff1000
[-] FAILED: open lib (/dev/shm/_elf_lib not writable?) (Permission denied)
Killed
[EMAIL PROTECTED]:~/securit
On Monday 10 of January 2005 15:29, Jacques Lav!gnotte wrote:
> On Mon, 10 Jan 2005 15:19:33 +0100
>
> Vladislav Kurz <[EMAIL PROTECTED]> wrote:
> > mount -t tmpfs tmpfs /dev/shm
>
> Only root can do that.
But it can be already mounted, and the exploit can be modified to use any
writeable directo
On Mon, 10 Jan 2005 15:19:33 +0100
Vladislav Kurz <[EMAIL PROTECTED]> wrote:
> mount -t tmpfs tmpfs /dev/shm
Only root can do that.
Jacques
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, 07 Jan 2005 23:55:15 +0100, Arnaud Loonstra <[EMAIL PROTECTED]>
wrote:
> Just tried the newly found exploits on a Woody system, it doesn't work...
> I get:
> [+] SLAB cleanup
> child 1 VMAs 143
> [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
> [+] vmalloc area 0xc
Ok, more data.
[...]
> Sarge, 2.6.7-1-686 and sid, 2.6.9 custom kernel (same behavior):
>
> $ ./elflbl
>
> child 1 VMAs 0
> [+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
> [+] vmalloc area 0xc800 - 0xcfc32000
>
> (at this point it eats all the cpu and ram it can g
In-Reply-To=<[EMAIL PROTECTED]>
Same behaviour here; custom 2.4.27 uml kernel on woody.
$ ./elflbl
[+] SLAB cleanup
child 1 VMAs 70
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xc6c0 - 0xcd5dd000
[-] FAILED: open lib (/dev/shm/_elf_lib not writab
Hi
It doesn't work on Woody + kernel 2.4.26 (with /dev/shm ) too.
./a.out
[+] SLAB cleanup
child 1 VMAs 65527
child 2 VMAs 65527
child 3 VMAs 2896
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0x3e80 - 0xbcd09000
Wait... -
[-] FAILED:
Just tried the newly found exploits on a Woody system, it doesn't work...
I get:
[+] SLAB cleanup
child 1 VMAs 143
[+] moved stack bfffe000, task_size=0xc000, map_base=0xbf80
[+] vmalloc area 0xc500 - 0xc9d17000
[-] FAILED: open lib (/dev/shm/_elf_lib not writable?) (No such file or
Hi,
"Tue, 14 Dec 2004 14:07:51 -0500", "Joey Hess"
"Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit"
>> For the unstable distribution (sid) these problems will be fixed soon.
>
>Actually, according to
>http://marc.thea
On Tue, Dec 14, 2004 at 05:03:01PM +0100, Martin Schulze wrote:
>
> Adam Zabrocki discovered multiple buffer overflows in atari800, an
> Atari emulator. In order to directly access graphics hardware, one of
> the affected programs is installed setuid root. A local attacker
> could exploit this v
Martin Schulze píše v Út 14. 12. 2004 v 17:03 +0100:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - --
> Debian Security Advisory DSA 609-1 [EMAIL PROTECTED]
> http://www.debian.org/security/
Martin Schulze wrote:
> For the stable distribution (woody) these problems have been fixed in
> version 1.2.2-1woody3.
>
> For the unstable distribution (sid) these problems will be fixed soon.
Actually, according to
http://marc.theaimsgroup.com/?l=bugtraq&m=110149441815270&w=2 upstream
version 1
On Mon, Apr 19, 2004 at 06:40:35PM +0200, Jan Minar wrote:
> Could You tell us what _exactly_ happened? (DWN cover-story ;-)) Are
> there no testsuites/scripts to ensure basic sanity of the packages being
> built packages? Or what _exactly_ was the mistake (I'm personally
> interested in the se
On Mon, Apr 19, 2004 at 06:40:35PM +0200, Jan Minar wrote:
> Could You tell us what _exactly_ happened? (DWN cover-story ;-)) Are
> there no testsuites/scripts to ensure basic sanity of the packages being
> built packages? Or what _exactly_ was the mistake (I'm personally
> interested in the se
On Sat, Apr 17, 2004 at 06:10:36PM -0400, Michael Stone wrote:
> The big problem is that the kernel situation in woody blows. There are
> too many kernels and they don't build consistently. Hopefully things
> will be better in sarge (although if you look at the number of kernels
> out there the fut
On Sat, Apr 17, 2004 at 06:10:36PM -0400, Michael Stone wrote:
> The big problem is that the kernel situation in woody blows. There are
> too many kernels and they don't build consistently. Hopefully things
> will be better in sarge (although if you look at the number of kernels
> out there the fut
On Sat, Apr 17, 2004 at 10:00:23AM -0400, Michael Stone wrote:
> On Thu, Apr 15, 2004 at 08:19:24PM +1000, Joshua Goodall wrote:
> >In other words, people are ready to pounce, and that short gap of time
> >after server installation and before installing patched code cannot be
> >considered "safe"
On Sat, Apr 17, 2004 at 10:00:23AM -0400, Michael Stone wrote:
> On Thu, Apr 15, 2004 at 08:19:24PM +1000, Joshua Goodall wrote:
> >In other words, people are ready to pounce, and that short gap of time
> >after server installation and before installing patched code cannot be
> >considered "safe"
The big problem is that the kernel situation in woody blows. There are
too many kernels and they don't build consistently. Hopefully things
will be better in sarge (although if you look at the number of kernels
out there the future seems grim) but woody will always have slow &
painful kernel updat
The big problem is that the kernel situation in woody blows. There are
too many kernels and they don't build consistently. Hopefully things
will be better in sarge (although if you look at the number of kernels
out there the future seems grim) but woody will always have slow &
painful kernel update
Le samedi 17 avril 2004 à 10h01 (-0400), Michael Stone écrivait :
> >When you have time, could you please tell people how could that happen?
> It's a mistake, it happens.
Off course! And I don't ask to blame anybody!
I'm just curious to know the details, so it may be usefull to me too
when I'm co
On Thu, Apr 15, 2004 at 03:30:58PM +0700, Jean Christophe ANDRÉ wrote:
When you have time, could you please tell people how could that happen?
It's a mistake, it happens.
Mike Stone
On Thu, Apr 15, 2004 at 08:19:24PM +1000, Joshua Goodall wrote:
In other words, people are ready to pounce, and that short gap of time
after server installation and before installing patched code cannot be
considered "safe". Quite the opposite.
Note that if you're doing a network install you c
Le samedi 17 avril 2004 Ã 10h01 (-0400), Michael Stone Ãcrivait :
> >When you have time, could you please tell people how could that happen?
> It's a mistake, it happens.
Off course! And I don't ask to blame anybody!
I'm just curious to know the details, so it may be usefull to me too
when I'm co
On Wed, Apr 14, 2004 at 05:08:42PM -0400, Phillip Hofmeister wrote:
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
No, the number has absolutely no relation to the date the vulnerability
was discovered.
Mike Stone
On Thu, Apr 15, 2004 at 03:30:58PM +0700, Jean Christophe ANDRÉ wrote:
When you have time, could you please tell people how could that happen?
It's a mistake, it happens.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Thu, Apr 15, 2004 at 08:19:24PM +1000, Joshua Goodall wrote:
In other words, people are ready to pounce, and that short gap of time
after server installation and before installing patched code cannot be
considered "safe". Quite the opposite.
Note that if you're doing a network install you can
On Wed, Apr 14, 2004 at 05:08:42PM -0400, Phillip Hofmeister wrote:
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
No, the number has absolutely no relation to the date the vulnerability
was discovered.
Mike Stone
--
To UNSUBS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 16 April 2004 08.20, David R wrote:
> 1) At first, didn't realize I needed to uncomment the word prompt in
> lilo.conf (though I figured this one out before posting to the
> group).
You can just hold down the shift or control key when booti
Thanks for the many replies. Just for the record, I thought I'd type out
what I had to go through to get everything to work:
1) At first, didn't realize I needed to uncomment the word prompt in
lilo.conf (though I figured this one out before posting to the group).
2) The reason I received the erro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 16 April 2004 08.20, David R wrote:
> 1) At first, didn't realize I needed to uncomment the word prompt in
> lilo.conf (though I figured this one out before posting to the
> group).
You can just hold down the shift or control key when booti
Thanks for the many replies. Just for the record, I thought I'd type out
what I had to go through to get everything to work:
1) At first, didn't realize I needed to uncomment the word prompt in
lilo.conf (though I figured this one out before posting to the group).
2) The reason I received the erro
On Thu, Apr 15, 2004 at 09:33:32PM +0200, David R wrote:
> Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I
> installed this 2.4.18 package, it blew up my network card, so I am unable to
> get the new, fixed package. I thought about using apt-get remove to get rid
> of th
"David R" <[EMAIL PROTECTED]> writes:
> What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I
> do something else?
You could look at /var/cache/apt/archives and see if there is an old
version of the kernel package. Try to install it using "dpkg -i".
--
Current mail filte
Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I
installed this 2.4.18 package, it blew up my network card, so I am unable to
get the new, fixed package. I thought about using apt-get remove to get rid
of the patched kernel, but somehow this seemed ungood to me, so I trie
On Thu, Apr 15, 2004 at 09:33:32PM +0200, David R wrote:
> Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I
> installed this 2.4.18 package, it blew up my network card, so I am unable to
> get the new, fixed package. I thought about using apt-get remove to get rid
> of th
"David R" <[EMAIL PROTECTED]> writes:
> What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I
> do something else?
You could look at /var/cache/apt/archives and see if there is an old
version of the kernel package. Try to install it using "dpkg -i".
--
Current mail filte
Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I
installed this 2.4.18 package, it blew up my network card, so I am unable to
get the new, fixed package. I thought about using apt-get remove to get rid
of the patched kernel, but somehow this seemed ungood to me, so I trie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 15 April 2004 11.56, Tim Nicholas wrote:
> On 04/15/04 20:05, Michelle Konzack wrote:
> > Question: What about the Bootfloppies ?
> If I recall correctly it is assumed that users will not run on the
> boot floppy kernels after the initia
On Thu, 15 Apr 2004 07:56 pm, Tim Nicholas wrote:
> If I recall correctly it is assumed that users will not run on the
> boot floppy kernels after the initial system installation. They are
> expected to install a more appropriate kernel after finishing the
> install.
>
> As such there will be no pa
On 04/15/04 20:05, Michelle Konzack wrote:
Question: What about the Bootfloppies ?
Many bad Debian $USER using the bf24 as there standard Kernel
and do not replace it with an other kernel flavor...
The Boot-Disks are not updated since 21.05.2002...
Greetings
Michelle
If I recall c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 15 April 2004 11.56, Tim Nicholas wrote:
> On 04/15/04 20:05, Michelle Konzack wrote:
> > Question: What about the Bootfloppies ?
> If I recall correctly it is assumed that users will not run on the
> boot floppy kernels after the initia
Hi Guys!
Le mercredi 14 avril 2004 à 23h58 (+0200), Martin Schulze écrivait :
> An unfortunate build error caused some of the kernel packages in
> DSA 479-1 to be broken.
When you have time, could you please tell people how could that happen?
Doesn't packaging process has any check for co
Hello all,
last night I have gotten this Message:
Am 2004-04-14 23:58:00, schrieb Martin Schulze:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>- --
>Debian Security Advisory DSA 479-2 [EMAIL PROTECT
On Thu, 15 Apr 2004 07:56 pm, Tim Nicholas wrote:
> If I recall correctly it is assumed that users will not run on the
> boot floppy kernels after the initial system installation. They are
> expected to install a more appropriate kernel after finishing the
> install.
>
> As such there will be no pa
On 04/15/04 20:05, Michelle Konzack wrote:
Question: What about the Bootfloppies ?
Many bad Debian $USER using the bf24 as there standard Kernel
and do not replace it with an other kernel flavor...
The Boot-Disks are not updated since 21.05.2002...
Greetings
Michelle
If I recall correctly it
Greetings,
Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister:
> If you checked the reference CVE numbers you should be able to tell when
> the exposure first occurred (or close to it).
>
Thanks :) - I have already been there. Are there any, no longer classified
information about the fi
Hi Guys!
Le mercredi 14 avril 2004 Ã 23h58 (+0200), Martin Schulze Ãcrivait :
> An unfortunate build error caused some of the kernel packages in
> DSA 479-1 to be broken.
When you have time, could you please tell people how could that happen?
Doesn't packaging process has any check for co
Hello all,
last night I have gotten this Message:
Am 2004-04-14 23:58:00, schrieb Martin Schulze:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>- --
>Debian Security Advisory DSA 479-2 [EMAIL PROTECT
Greetings,
Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister:
> If you checked the reference CVE numbers you should be able to tell when
> the exposure first occurred (or close to it).
>
Thanks :) - I have already been there. Are there any, no longer classified
information about the fi
On Wed, 2004-04-14 at 07:52, Martin Schulze wrote:
> Several serious problems have been discovered in the Linux kernel.
> This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
> architectures. The Common Vulnerabilities and Exposures project
> identifies the following problems tha
On Wed, 2004-04-14 at 07:52, Martin Schulze wrote:
> Several serious problems have been discovered in the Linux kernel.
> This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
> architectures. The Common Vulnerabilities and Exposures project
> identifies the following problems tha
ECTED]>
To: "Debian Security Announcements"
Sent: Wednesday, April 14, 2004 11:58 PM
Subject: [SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root
exploit (i386)
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -
> yada...
> >
>
> Thanks for doing so ;) Anyway, this wasn't the intetention of my
> post. My point is, that five local root exploits at once are a
> little bit scary, as far as there are no patch- days for debian
> ;).
Actually:
CAN-2004-0003 (the R128 DRI bounds chec
ECTED]>
To: "Debian Security Announcements"
<[EMAIL PROTECTED]>
Sent: Wednesday, April 14, 2004 11:58 PM
Subject: [SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root
exploit (i386)
&g
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
On Wed, 14 Apr 2004 at 04:30:16PM -0400, Jan L?hr wrote:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan L?hr <[EMAIL PROTECTED]> writes:
> > > Greeti
Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> Jan Lühr <[EMAIL PROTECTED]> writes:
> > Greetings,
> Okay... This is the result of a cursory check, do your homework, yada,
> yada...
>
Thanks for doing so ;) Anyway, this wasn't the intetention of my post.
My point is, that five l
> yada...
> >
>
> Thanks for doing so ;) Anyway, this wasn't the intetention of my
> post. My point is, that five local root exploits at once are a
> little bit scary, as far as there are no patch- days for debian
> ;).
Actually:
CAN-2004-0003 (the R128 DRI bounds chec
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
On Wed, 14 Apr 2004 at 04:30:16PM -0400, Jan L?hr wrote:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan L?hr <[EMAIL PROTECTED]> writes:
> > > Greeti
Jan Lühr <[EMAIL PROTECTED]> writes:
> Greetings,
>
> Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> > --
> > Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> > http://www.debian.org/sec
Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> Jan Lühr <[EMAIL PROTECTED]> writes:
> > Greetings,
> Okay... This is the result of a cursory check, do your homework, yada,
> yada...
>
Thanks for doing so ;) Anyway, this wasn't the intetention of my post.
My point is, that five l
Hello Martin Schulze,
am Mittwoch, 14. April 2004 um 16:52 schrieben Sie:
MS> --
MS> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
MS> ...
MS> ---
Jan Lühr <[EMAIL PROTECTED]> writes:
> Greetings,
>
> Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> > --
> > Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> > http://www.debian.org/sec
On Wed, 2004-04-14 at 16:52, Martin Schulze wrote:
> - --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
> April 14th, 200
On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote:
> Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha
> kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf
> kernel-patch-2.4.18-powerpc
> Vulnerability : several vulnerabilities
> Problem-Type : local
> Debian-sp
hi joey,
the new packages on security.d.o are way to small (1meg vs. 8meg in the
past), and seem to contain NO MODULES besides dummy.o .
i fear upgerading woody will disconnect any network connections. please
please review and pull that update.
thanks, /felix.
At 16:52 14.04.04 +0200, you wrote:
Hello Martin Schulze,
am Mittwoch, 14. April 2004 um 16:52 schrieben Sie:
MS> --
MS> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
MS> ...
MS> ---
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
On Wed, 2004-04-14 at 16:52, Martin Schulze wrote:
> - --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
> April 14th, 200
On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote:
> Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha
> kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc
> Vulnerability : several vulnerabilities
> Problem-Type : local
> Debian-speci
hi joey,
the new packages on security.d.o are way to small (1meg vs. 8meg in the
past), and seem to contain NO MODULES besides dummy.o .
i fear upgerading woody will disconnect any network connections. please
please review and pull that update.
thanks, /felix.
At 16:52 14.04.04 +0200, you wrote:
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
2004. február 12. 19:45 dátummal Ryan Underwood ezt írta:
Thanks a lot!
Daniel
--
LeVA
2004. február 12. 19:45 dátummal Ryan Underwood ezt írta:
Thanks a lot!
Daniel
--
LeVA
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Thu, 12 Feb 2004 13:44:09 +0100
Subject: [Dri-devel] XFree86 local root exploit
To: DRI developer's list
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
There's a buffer overflow in XFree86 allowing local attackers to gain
root privileges. Here's the pa
Thu, 12 Feb 2004 13:44:09 +0100
Subject: [Dri-devel] XFree86 local root exploit
To: DRI developer's list <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
There's a buffer overflow in XFree86 allowing local attackers to gain
root privil
Previously André Dahlqvist wrote:
> Keith Owens, the author of modutils, just sent this security annoucement
> to the linux-kernel mailing list:
Looking into this I found some nice issues:
1. potato is not vulnerable
2. the patch from Keith is wrong
I'll have fix for woody later today.
Wichert.
Previously André Dahlqvist wrote:
> Keith Owens, the author of modutils, just sent this security annoucement
> to the linux-kernel mailing list:
Looking into this I found some nice issues:
1. potato is not vulnerable
2. the patch from Keith is wrong
I'll have fix for woody later today.
Wichert.
92 matches
Mail list logo
