lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8c4adf5804121317291b93f1d2@mail.gmail.com>
Date: Mon, 13 Dec 2004 19:29:44 -0600
From: Michael Hampton <error10@...il.com>
To: bugtraq@...urityfocus.com,
	room_citadel_development@...ensored.citadel.org
Subject: Re: Citadel/UX <= v6.27 Remote Format String Vulnerability


On 13 Dec 2004 00:06:42 -0000, CoKi <coki@...ystem.com.ar> wrote:
> -------------------------------------------------
> No System Group - Advisory #09 - 12/12/04
> -------------------------------------------------
> Program: Citadel/UX
> Homepage: http://www.citadel.org
> Operating System: Linux and Unix-Compatible
> Vulnerable Versions: Citadel/UX v6.27 and prior
> Risk: High
> Impact: Remote Format String Vulnerability

The patch for this issue has been checked in to Citadel CVS and a
release will be forthcoming shortly. Please do not run a production
system from Citadel CVS as code may not always be stable.

Sites which are unable to patch or upgrade may work around the issue
by disabling system logging, and logging to a separate text file. To
perform this action, remove the -l option from the citadel command
line in /etc/inittab and replace it with a -t option specifying the
text file to log to. Once complete, signal init to re-read the inittab
(e.g. init q) and then restart the Citadel server.
 
Example:
cit1:2345:respawn:/usr/local/citadel/citserver -h/usr/local/citadel
-x3 -t/var/log/citadel.log


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ