Re: makedev: /dev/tty([0-9])* should not have 666 permissions

On Tue, Apr 20, 2004 at 11:40:13AM +1000, Russell Coker wrote: > On Tue, 20 Apr 2004 07:50, Jan Minar <[EMAIL PROTECTED]> wrote: > > It seems like they should be 660, not 600, as I suggested (wall(1) and > > talkd(1) would break otherwise, probably). > > What prevents wall from sending those escap

Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]

On Mon, 19 Apr 2004, Jan Minar wrote: > On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote: > > On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: > > > > > Come on, Matt: Virtually all terminal emulators are vulnerable, and the > > > vulnerability is a common knowledge. The

【お天気メルマガ】５億９ 千万円証拠・出来る在宅ビジ ネスと全国お天気情報　第4 10号（8,000部配信)

[EMAIL PROTECTED]"(B $B$*FI$_D:$-!"$"$j$,$H$&$4$6$$$^$9!#(B $B!~K\%a%k%^%,$NG[?.ITMW!"$^$?$OEPO?$7$?3P$($N$J$$>l9g$O(B $B!!0lHV2<$N!z!z!z!!:#F|$NE75$M=Js!!!z!z!z(B $B$H(,KhD+8+$l$k!*!!A49q$N$*E75$(,!!(B $B!!$N4V$K$"$k%"%I%l%9$G2r=|$5$;$FD:$-$^$9!#!!(B $B(,(,(,(,(,(,

SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

[Matthew, Colin - I suspect you're on debian-security anyway. If so, no need to reply off-list; I just wanted to make sure you see this, since I considered filing a bug about this.] Hi, Package: ssh Version: 1:3.8p1-3 Tags: bug-not-filed I have a cople of issues with UsePam in ssh. First, it

Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

On Tue, 20 Apr 2004, Adrian 'Dagurashibanipal' von Bidder wrote: > [Matthew, Colin - I suspect you're on debian-security anyway. If so, no > need to reply off-list; I just wanted to make sure you see this, since > I considered filing a bug about this.] > > Hi, > > Package: ssh > Version: 1:3.8p1-3

Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

On Tuesday 20 April 2004 14.24, Giacomo Mulas wrote: > > First, it seems to always enable PasswordAuthentication. All my > > systems have 'PasswordAuthentication no' and 'PubkeyAuthentication > > yes', so I was very surprised when I was prompted for a password > > trying to login to one of the sys

Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

Hi! Am Dienstag, 20. April 2004 15:27 schrieb Adrian 'Dagurashibanipal' von Bidder: > So, to rephrase the question, is > there a way to have PAM set up my session (specifically, pam_env) > without allowing users to log in with their password? I think you can do this by removing a line in /etc/pa

Pre-qualify, and apply for home [loans] and [mortgages]

Title: sunday Re-finance now, even with bad-credit! - Best Re-fi.nance Rate for cre.dit challenged. - Best Customer Service - Lo.west-int.erest-rates in years - Sa.ve $100-$400 per month Our easy application only takes 1 minutes.     -- To modify your future

(no subject)

is there a type of listening bug that can be put on a person to here every thing said

Major TCP Vulnerability

Has anyone heard about this? this article has no details ... appologies for the post's data-mining ... I'm still looking for other references. http://www.washingtonpost.com/wp-dyn/articles/A27403-2004Apr20.html

Re: Major TCP Vulnerability

On Tue, Apr 20, 2004 at 02:29:34PM -0400, Eric Dantan Rzewnicki wrote: > Has anyone heard about this? this article has no details ... appologies > for the post's data-mining ... I'm still looking for other references. > > http://www.washingtonpost.com/wp-dyn/articles/A27403-2004Apr20.html Since t

Re: Major TCP Vulnerability

Eric Dantan Rzewnicki <[EMAIL PROTECTED]> writes: > Has anyone heard about this? this article has no details ... It's just TCP sequence number/RST stuff: http://article.gmane.org/gmane.comp.security.bugtraq/11208> -- (domestic pets only, the antidote for overdose, milk.) [EMAIL PROTECTED] *

Re: Major TCP Vulnerability

On Tue, Apr 20, 2004 at 14:29:34 -0400, Eric Dantan Rzewnicki wrote: > Has anyone heard about this? Hmm... from the subject it sounds like it might be OSVDB ID: 4030 "TCP Reset Spoofing", http://www.osvdb.org/displayvuln.php?osvdb_id=4030 aka CAN-2004-0230 http://cve.mitre.org/cgi-

Fwd: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP [Was: Major TCP Vulnerability]

- Forwarded message from David Ahmad <[EMAIL PROTECTED]> - Date: Tue, 20 Apr 2004 11:39:02 -0600 From: David Ahmad <[EMAIL PROTECTED]> To: bugtraq@securityfocus.com Subject: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Mailing-List: contact [EMAIL PROTECTED]; run by ezm

Re: Major TCP Vulnerability

On Tue, 20 Apr 2004 at 02:49:48PM -0400, Thomas Sj?gren wrote: > Since the article is for subscribers only, this is a "wild" guess: > http://www.uniras.gov.uk/vuls/2004/236929/index.htm This article isn't anything I am going to loose sleep over. Any mission critical long term TCP connections over

RE: Major TCP Vulnerability

CERT has issued a vulnerability email. They seem to think it's a little more serious 8>< Technical Cyber Security Alert TA04-111A archive Vulnerabilities in TCP Original release date: April 20, 2004 Last revised: -- Source: US-CERT Systems Affected * Systems that re

Re: Major TCP Vulnerability

Phillip Hofmeister <[EMAIL PROTECTED]> writes: > This article isn't anything I am going to loose sleep over. Any mission > critical long term TCP connections over an untrusted network (The > Internet) should already be using IPSec. Core routers usually don't have the CPU power to run IPsec (yes,

RE: Major TCP Vulnerability

Stupid Question, I don't understand how IPSec is secure. Can't you just kill the IPSec connection, or is IPSec connectionless? As I understand it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you have [ TCP Header | encrypted([TCP HEADER | TCP DATA]) ] that you could still kill. St

Re: Major TCP Vulnerability

On Tue, Apr 20, 2004 at 03:37:50PM -0700, Steve Ramage wrote: > Stupid Question, I don't understand how IPSec is secure. Can't you just > kill the IPSec connection, or is IPSec connectionless? As I understand > it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you > have [ TCP Header

Re: Major TCP Vulnerability

On Tue, 20 Apr 2004 at 06:37:50PM -0400, Steve Ramage wrote: > Stupid Question, I don't understand how IPSec is secure. Can't you just > kill the IPSec connection, or is IPSec connectionless? As I understand > it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you > have [ TCP Header

Réponse automatique d'absence du bureau : Failure

Title: Réponse automatique d'absence du bureau : Failure ABSENTE JUSQU'AU 26 AVRIL AU MATIN,  EN CAS D'URGENCE, MERCI DE CONTACTER SEBASTIEN GEORGES AU 01.39.24.10.79 OU PASCAL GUENOT AU 01.39.24.10.78 A BIENTOT !

Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]

On Mon, 19 Apr 2004, Jan Minar wrote: > On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote: > > On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: > > > > > Come on, Matt: Virtually all terminal emulators are vulnerable, and the > > > vulnerability is a common knowledge. The

$B!Z$*E75$%a%k%^%,![#52/#9(B$B@iK|1_>Z5r!&=PMh$k:_Bp%S%8(B$B%M%9$HA49q$*E75$>pJs!!Bh(B410$B9f!J(B8,000$BItG[?.(B)

[EMAIL PROTECTED]"(B $B$*FI$_D:$-!"$"$j$,$H$&$4$6$$$^$9!#(B $B!~K\%a%k%^%,$NG[?.ITMW!"$^$?$OEPO?$7$?3P$($N$J$$>l9g$O(B $B!!0lHV2<$N!z!z!z!!:#F|$NE75$M=Js!!!z!z!z(B $B$H(,KhD+8+$l$k!*!!A49q$N$*E75$(,!!(B $B!!$N4V$K$"$k%"%I%l%9$G2r=|$5$;$FD:$-$^$9!#!!(B $B(,(,(,(,(,(,

SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

[Matthew, Colin - I suspect you're on debian-security anyway. If so, no need to reply off-list; I just wanted to make sure you see this, since I considered filing a bug about this.] Hi, Package: ssh Version: 1:3.8p1-3 Tags: bug-not-filed I have a cople of issues with UsePam in ssh. First, it

Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

On Tue, 20 Apr 2004, Adrian 'Dagurashibanipal' von Bidder wrote: > [Matthew, Colin - I suspect you're on debian-security anyway. If so, no > need to reply off-list; I just wanted to make sure you see this, since > I considered filing a bug about this.] > > Hi, > > Package: ssh > Version: 1:3.8p1-3

Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

On Tuesday 20 April 2004 14.24, Giacomo Mulas wrote: > > First, it seems to always enable PasswordAuthentication. All my > > systems have 'PasswordAuthentication no' and 'PubkeyAuthentication > > yes', so I was very surprised when I was prompted for a password > > trying to login to one of the sys

Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?

Hi! Am Dienstag, 20. April 2004 15:27 schrieb Adrian 'Dagurashibanipal' von Bidder: > So, to rephrase the question, is > there a way to have PAM set up my session (specifically, pam_env) > without allowing users to log in with their password? I think you can do this by removing a line in /etc/pa

Pre-qualify, and apply for home [loans] and [mortgages]

Title: sunday Re-finance now, even with bad-credit! - Best Re-fi.nance Rate for cre.dit challenged. - Best Customer Service - Lo.west-int.erest-rates in years - Sa.ve $100-$400 per month Our easy application only takes 1 minutes.     -- To modify your future

(no subject)

is there a type of listening bug that can be put on a person to here every thing said

Major TCP Vulnerability

Has anyone heard about this? this article has no details ... appologies for the post's data-mining ... I'm still looking for other references. http://www.washingtonpost.com/wp-dyn/articles/A27403-2004Apr20.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Troub

Re: Major TCP Vulnerability

On Tue, Apr 20, 2004 at 02:29:34PM -0400, Eric Dantan Rzewnicki wrote: > Has anyone heard about this? this article has no details ... appologies > for the post's data-mining ... I'm still looking for other references. > > http://www.washingtonpost.com/wp-dyn/articles/A27403-2004Apr20.html Since t

Re: Major TCP Vulnerability

Eric Dantan Rzewnicki <[EMAIL PROTECTED]> writes: > Has anyone heard about this? this article has no details ... It's just TCP sequence number/RST stuff: http://article.gmane.org/gmane.comp.security.bugtraq/11208> -- (domestic pets only, the antidote for overdose, milk.) [EMAIL PROTECTED] *

Re: Major TCP Vulnerability

On Tue, Apr 20, 2004 at 14:29:34 -0400, Eric Dantan Rzewnicki wrote: > Has anyone heard about this? Hmm... from the subject it sounds like it might be OSVDB ID: 4030 "TCP Reset Spoofing", http://www.osvdb.org/displayvuln.php?osvdb_id=4030 aka CAN-2004-0230 http://cve.mitre.org/cgi-

Fwd: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP [Was: Major TCP Vulnerability]

- Forwarded message from David Ahmad <[EMAIL PROTECTED]> - Date: Tue, 20 Apr 2004 11:39:02 -0600 From: David Ahmad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm User-

Re: Major TCP Vulnerability

On Tue, 20 Apr 2004 at 02:49:48PM -0400, Thomas Sj?gren wrote: > Since the article is for subscribers only, this is a "wild" guess: > http://www.uniras.gov.uk/vuls/2004/236929/index.htm This article isn't anything I am going to loose sleep over. Any mission critical long term TCP connections over

RE: Major TCP Vulnerability

CERT has issued a vulnerability email. They seem to think it's a little more serious 8>< Technical Cyber Security Alert TA04-111A archive Vulnerabilities in TCP Original release date: April 20, 2004 Last revised: -- Source: US-CERT Systems Affected * Systems that re

Re: Major TCP Vulnerability

Phillip Hofmeister <[EMAIL PROTECTED]> writes: > This article isn't anything I am going to loose sleep over. Any mission > critical long term TCP connections over an untrusted network (The > Internet) should already be using IPSec. Core routers usually don't have the CPU power to run IPsec (yes,

RE: Major TCP Vulnerability

Stupid Question, I don't understand how IPSec is secure. Can't you just kill the IPSec connection, or is IPSec connectionless? As I understand it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you have [ TCP Header | encrypted([TCP HEADER | TCP DATA]) ] that you could still kill. St

Re: Major TCP Vulnerability

On Tue, Apr 20, 2004 at 03:37:50PM -0700, Steve Ramage wrote: > Stupid Question, I don't understand how IPSec is secure. Can't you just > kill the IPSec connection, or is IPSec connectionless? As I understand > it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you > have [ TCP Header

Re: Major TCP Vulnerability

On Tue, 20 Apr 2004 at 06:37:50PM -0400, Steve Ramage wrote: > Stupid Question, I don't understand how IPSec is secure. Can't you just > kill the IPSec connection, or is IPSec connectionless? As I understand > it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you > have [ TCP Header

Réponse automatique d'absence du bureau : Failure

Title: Réponse automatique d'absence du bureau : Failure ABSENTE JUSQU'AU 26 AVRIL AU MATIN,  EN CAS D'URGENCE, MERCI DE CONTACTER SEBASTIEN GEORGES AU 01.39.24.10.79 OU PASCAL GUENOT AU 01.39.24.10.78 A BIENTOT !

Re: (no subject)

Le mardi 20 avril 2004 Ã 12h24 (-0400), [EMAIL PROTECTED] Ãcrivait : > is there a type of listening bug that can be put on a person to here > every thing said If you have some microphone plugged in and somebody has access to your machine, with rights to read /dev/dsp (or any audio input type devic