[10907] in bugtraq
Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0
daemon@ATHENA.MIT.EDU (sillyhead)
Sat Jun 26 12:44:44 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9906251416470.12223-100000@silly.techmonkeys.net>
Date: Fri, 25 Jun 1999 14:17:53 -0500
Reply-To: sillyhead <cdale@HOME.ISOLNET.COM>
From: sillyhead <cdale@HOME.ISOLNET.COM>
X-To: Andreas Bogk <andreas@ANDREAS.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m3iu8coudx.fsf@soma.andreas.org>
Hi!
If you will read further down, you will see this:
7. Problem description:
A change to 32 bit uid_t's within glibc 2.0.x
has opened a potential hole in root-squashing.
sillyhead
On Fri, 25 Jun 1999, Andreas Bogk wrote:
> Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL> writes:
>
> > 7. Problem description:
> >
> > Several potential buffer overruns have been corrected within the net-tools
> > package.
>
> Very helpful. I'm running LinuxPPC here, which is partly based on
> RedHat. Could someone from RedHat please identify the programs in
> question, their version numbers, the history of the code or something
> else which allows me to find out whether I'm affected or not?
>
> No, Im not asking "gimme the xpl0itz". Far from it. But such
> announcements just don't help me. Instead they give me the uneasy
> feeling that out there are people which know about a security problem
> on my machine and don't tell me about it.
>
> Andreas
>
> --
> "We show that all proposed quantum bit commitment schemes are insecure because
> the sender, Alice, can almost always cheat successfully by using an
> Einstein-Podolsky-Rosen type of attack and delaying her measurement until she
> opens her commitment." ( http://xxx.lanl.gov/abs/quant-ph/9603004 )
>
