[TCLUG] Rookie question - Pausing ls output

[David Phillips]

Chad Walstrom writes:
> Nor does it provide context, references, or supporting documentation.
> IOW, it's a potshot.

The vsftpd changelog for release 0.0.15 documents a theoretical security fix
regarding re-entrancy issues with signal handlers.

The first release of Postfix used a world writable mail drop, which allows
for four security holes: http://cr.yp.to/maildisasters/postfix.html

See the bugtraq vulnerability database for several buffer overflows in
various Apache components that allow remote users to take over the web
server.  Also see SECURITY in the changelog for more locally and remotely
exploitable security holes.

OpenSSL has had buffer overflows that were remotely exploitable in Apache
and possibly other software: http://www.openssl.org/news/secadv_20020730.txt

OpenSSH has had remotely exploitable vulnerabilities in both the server and
client: http://www.openbsd.org/advisories/ssh_channelalloc.txt,
http://www.openbsd.org/advisories/ssh_afstoken.txt

BIND has had many remotely exploitable vulnerabilities, both in the server
and client library: http://www.cert.org/incident_notes/IN-2001-03.html,
http://www.cert.org/advisories/CA-2002-19.html

Sendmail has had many remotely exploitable vulnerabilities:
http://www.cert.org/advisories/CA-2003-07.html

WU-FTPD has had many remotely exploitable vulnerabilities:
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt

MySQL has had remotely exploitable vulnerabilities, both in the server and
client library: http://www.mysql.com/doc/en/News-3.23.54.html

ProFTPD has had several remotely exploitable vulnerabilities:
http://www.proftpd.org/security.html

thttpd has had at least one remotely exploitable vulnerability:
http://www.acme.com/software/thttpd/#releasenotes

Exim has had locally and remotely exploitable vulnerabilities:
http://www.securityfocus.com/bid/1859/discussion/,
http://www.kb.cert.org/vuls/id/283723

PHP has had several remotely exploitable vulnerabilities:
http://www.securityfocus.com/archive/1/283533/2002-07-19/2002-07-25/0

Linux has had exploitable security holes:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html

The FreeBSD kernel has had exploitable security holes:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:42.linux.asc

The OpenBSD kernel has had exploitable security holes:
http://www.phrack.org/phrack/60/p60-0x09.txt

-- 
David Phillips <david at acz.org>
http://david.acz.org/



_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list