lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <16180000.1026803573@localhost>
From: pb at bieringer.de (Peter Bieringer)
Subject: Sharutils buggy?


--On Tuesday, July 16, 2002 01:24:30 AM +0200 martin f krafft
<madduck@...duck.net> wrote:

> I'd like to get some educated thoughts and opinions on a recently
> found potential bug:
> 
>   http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
>   http://online.securityfocus.com/bid/4742
>   http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-049
>   http://www.aerasec.de/security/index.html?lang=en&id=ae-200204-033
>   http://bugs.debian.org/149454
>   http://www.kb.cert.org/vuls/id/336083

One additial memo:

The original advisory and afaik the fixed version from RHL still not
metioned that devices also are candidates for overwriting.

Think about

begin 666 /dev/hda
...


        Peter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ