hello sebastien..
Received at 2003-01-08 / 23:10 by Sebastien Chaumat:
> The xbill package contains : /usr/share/gnome/help/xbill/C/xbill.xml
>
> In this file the DTD is refered by an absolute external link :
>
> "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd";
>
> Thus : s
Thats absolutely ridiculous.
I would file one at once, that should definitely not go unchecked, at least. I
can appreciate the motivation, but for my own sanity I'm too paranoid to a)
accept strange unknown files/connections or b) send out requests for such data.
Especially considering since
> "Sebastien" == Sebastien Chaumat <[EMAIL PROTECTED]> writes:
Sebastien> Hi, This a real example :
Sebastien> The xbill package contains :
Sebastien> /usr/share/gnome/help/xbill/C/xbill.xml
Sebastien> In this file the DTD is refered by an absolute external link
Sebastien> :
Sebastien> V
* Thomas Gebhardt <[EMAIL PROTECTED]> [2003-01-07 16:23 +0100]:
> as far as I can see, one can get at least 2 out of the following 3 items:
^"most"? otherwise trivial :-)
> * sshd Privilege Separation
> * /var/log/lastlog not world readable
> * users get a last
On Wed, 8 Jan 2003, Javier Fernández-Sanguino Peña wrote:
> You will see that the listing for many servers/clients in the network are
> usually port 6346 [1]. But it seems port 6352 is also used sometimes.
That seems to be the case. I found some more info on this page:
http://outpostfirewall.c
>
> From: Hubert Chan <[EMAIL PROTECTED]>
> Subject: Re: scrollkeeper loading external (online) DTD
> Date: 10/01/2003 6:33:22
snip
> DTDs cannot introduce any vulnerabilities (unless the XML parser is
> horribly buggy). The worst that can happen is that the file doesn't
> validate, and scroll
hello sebastien..
Received at 2003-01-08 / 23:10 by Sebastien Chaumat:
> The xbill package contains : /usr/share/gnome/help/xbill/C/xbill.xml
>
> In this file the DTD is refered by an absolute external link :
>
> "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd";
>
> Thus : s
Thats absolutely ridiculous.
I would file one at once, that should definitely not go unchecked, at least. I can
appreciate the motivation, but for my own sanity I'm too paranoid to a) accept strange
unknown files/connections or b) send out requests for such data. Especially
considering since
> "Sebastien" == Sebastien Chaumat <[EMAIL PROTECTED]> writes:
Sebastien> Hi, This a real example :
Sebastien> The xbill package contains :
Sebastien> /usr/share/gnome/help/xbill/C/xbill.xml
Sebastien> In this file the DTD is refered by an absolute external link
Sebastien> :
Sebastien> V
* Thomas Gebhardt <[EMAIL PROTECTED]> [2003-01-07 16:23 +0100]:
> as far as I can see, one can get at least 2 out of the following 3 items:
^"most"? otherwise trivial :-)
> * sshd Privilege Separation
> * /var/log/lastlog not world readable
> * users get a last
On Wed, 8 Jan 2003, Javier Fernández-Sanguino Peña wrote:
> You will see that the listing for many servers/clients in the network are
> usually port 6346 [1]. But it seems port 6352 is also used sometimes.
That seems to be the case. I found some more info on this page:
http://outpostfirewall.c
>
> From: Hubert Chan <[EMAIL PROTECTED]>
> Subject: Re: scrollkeeper loading external (online) DTD
> Date: 10/01/2003 6:33:22
snip
> DTDs cannot introduce any vulnerabilities (unless the XML parser is
> horribly buggy). The worst that can happen is that the file doesn't
> validate, and scroll
14 matches
Mail list logo
