Buffer Overflow Compromises Kerberos

Grok Headline matches for Buffer Overflow Compromises Kerberos

[ GLSA 200405-23 ] Heimdal: Kerberos 4
buffer overflow in kadmin

[ GLSA 200405-23 ] Heimdal: Kerberos 4
buffer overflow in kadmin 05/27/2004 02:10 PM
Kurt Lieber (May 27 2004)

Buffer flaws fixed in Ethereal,
Kerberos, Squid and CVS

Buffer flaws fixed in Ethereal,
Kerberos, Squid and CVS 06/09/2004 12:15 PM

lha buffer overflow(s) again

lha buffer overflow(s) again 05/15/2004 02:44 PM
lw_at_wszia.edu.pl (May 15 2004)

Buffer Overflow in ActivePerl ?

Buffer Overflow in ActivePerl ? 05/17/2004 05:58 PM
Oliver_at_greyhat.de (May 17 2004)

Re: Buffer Overflow in ActivePerl ?

Re: Buffer Overflow in ActivePerl ? 05/18/2004 11:52 AM
rich.sf_at_lclogic.com (May 17 2004)

Re: GNU screen buffer overflow

Re: GNU screen buffer overflow 12/02/2003 12:32 AM
Mariusz Woloszyn (Dec 01 2003)

Protegrity buffer overflow

Protegrity buffer overflow 03/13/2003 04:57 PM
sss sss (Mar 13 2003)

Buffer overflow in sarad

Buffer overflow in sarad 08/21/2004 07:42 AM
Matthias Bethke (Aug 20 2004)

Re: Buffer Overflow in ActivePerl?

Re: Buffer Overflow in ActivePerl? 05/18/2004 01:21 PM
Axel Beckert (May 18 2004)

MSInfo Buffer Overflow

MSInfo Buffer Overflow 09/02/2004 10:16 AM
E.Kellinis (Aug 30 2004)

Buffer overflow in mnoGoSearch

Buffer overflow in mnoGoSearch 02/16/2004 01:30 PM
Jedi/Sector One (Feb 15 2004)

Buffer overflow in Zinf 2.2.1 for Win32

Buffer overflow in Zinf 2.2.1 for Win32 09/25/2004 12:01 AM
Luigi Auriemma (Sep 24 2004)

GNU/Linux 'info Buffer Overflow

GNU/Linux 'info Buffer Overflow 08/06/2004 03:14 PM
Josh Martin (Aug 05 2004)

IBM DB2 libdb2.so buffer overflow
(#NISR05012005B)

IBM DB2 libdb2.so buffer overflow
(#NISR05012005B) 01/05/2005 04:04 PM
NGSSoftware Insight Security Research (Jan 05 2005)

IBM DB2 db2fmp buffer overflow
(#NISR05012005A)

IBM DB2 db2fmp buffer overflow
(#NISR05012005A) 01/05/2005 04:04 PM
NGSSoftware Insight Security Research (Jan 05 2005)

BlackJumboDog Buffer Overflow
Vulnerability

BlackJumboDog Buffer Overflow
Vulnerability 08/02/2004 05:32 PM

Direct and Related Links for 'BlackJumboDog Buffer Overflow Vulnerability'

“Chew Keong TAN has reported a vulnerability in BlackJumboDog, potentially allowing malicious people to compromise a vulnerable system….This has been reported in version 3.6.1. Prior versions may also be affected. Solution: Reportedly, the vulnerability has been fixed in version 3.6.2.”…

Re: FreeBSD kernel buffer overflow

Re: FreeBSD kernel buffer overflow 09/18/2004 12:59 PM
Tim Newsham (Sep 17 2004)

Mutt-1.4.2 fixes buffer overflow.

Mutt-1.4.2 fixes buffer overflow. 02/11/2004 12:08 PM
Thomas Roessler (Feb 11 2004)

buffer overflow in Robot FTP Server

buffer overflow in Robot FTP Server 02/16/2004 04:00 PM
gsicht gsicht (Feb 15 2004)

Buffer overflow in Whisper FTP Surfer
1.0.7

Buffer overflow in Whisper FTP Surfer
1.0.7 07/20/2004 04:37 PM
Komrade (Jul 19 2004)

Ethereal remote buffer overflow #2

Ethereal remote buffer overflow #2 03/14/2005 04:37 PM
LSS Security (Mar 12 2005)

Re: GNU/Linux 'info Buffer Overflow

Re: GNU/Linux 'info Buffer Overflow 08/06/2004 06:52 PM
Niels Bakker (Aug 06 2004)

Eudora file URL buffer overflow

Eudora file URL buffer overflow 05/07/2004 03:01 PM
Paul Szabo (May 06 2004)

Keeping up with Finnish or Buffer
Overflow

Keeping up with Finnish or Buffer
Overflow 12/19/2004 02:59 PM

« Sticker art girl with a long neck. »

I managed to survive the first week at work. There is always a period of feeling awkward and exposed when you first start working somewhere as you get to know the people you work with and find your way into the daily routine. The work is very familiar even though I'm a bit rusty in places and there are products in use that I've not worked with before. I have some large datacenter experience that might be helpful as well. The most challenging part of the job is, and will likely continue to be for a while, keeping up with conversations and meetings in Finnish. I understand quite a lot, but I have to concentrate on everything that is said. My vocabulary isn't all that great, but even if I only get half the words, context will usually help me figure out the rest. It's like working a cryptogram in real-time. My coworkers have been very nice in speaking Finnish to me even though I'm sure they find my replying in English somewhat annoying and, hopefully, I'll get over my self-consciousness about speaking Finnish sometime soon. Most of the people speak English very well which makes it too easy at times to be lazy. I keep hoping I have a Thirteenth Warrior experience and just start speaking it at some point and quip "I listened" when asked how I learned it. One person has such a perfect American accent that had he not said he was Finnish, I would have pegged him as being from somewhere in the Midwest. I hate that when people who aren't from the US have a better American accent than I do. :)

The atmosphere of the office reminds me so much of WU and BBN that I feel pretty much at home already. Everyone is some sort of academic who found their way into computing. I had to stand up and introduce myself at a meeting on my first day where I was told I had to describe my hobbies lest I be asked about them repeatedly. It seemed a little odd until I started to figure out that people really do value their hobbies and are interested in yours as well. I was really excited to meet a coworker who is involved with a student photography club and lab since I didn't want to build my own darkroom with an enlarger or buy one of the new photo printers since they generally suck at B&W printing. I'm also going to try and play sähly, Finnish floorball, with the company team once a week. I'd better look up the word for "incoming!" before hitting the arena. :)

Perhaps one of the most obvious differences between working in the US and here is the general approach to the amount of time you spend in the office. At BBN, 80 hours wasn't an unusual week and if you were on call, 100 or more. Here, people go home at a reasonable hour and I've yet to notice anyone sleeping under their desk. You're even expected to take your holiday time. What a novel concept! I had 5 or 6 weeks of holiday time per year when I left WU, but I never really had the chance to take it so that I had a giant check for 16 weeks of accrued holiday time along with my last paycheck. Holiday time works a little different here as you accrue time much like you do in the US, but you need 6 days of holiday time to take a week off from work. I am told this is a vestige from the 60s or thereabouts when the workweek was 6 days rather than 5. The employee manual also had some interesting holiday tidbits such as a day per annum for moving house and if your 50th or 60th birthday falls on a weekday you get the day off. I have a few years to go before that happens. :)

And, the breeders have supplied us with 2 more pictures of puppy cuteness. :)

Re: GNU Sharutils buffer overflow
vulnerability.

Re: GNU Sharutils buffer overflow
vulnerability. 04/10/2004 09:41 PM
Dan Yefimov (Apr 10 2004)

Infosecwriters.com : Buffer Overflow for
Beginners

Infosecwriters.com : Buffer Overflow for
Beginners 01/11/2004 09:03 AM
http://www.infosecwriters.com/texts.php?op=display&id=134 A starting point for this tutorial requires the readers to have a simple understanding of the C programming language, the way the stack and memory is organised, and asm knowledge is helpfull though not essential. (I always wanted to say that heh) When I refer to Buffer overflows throughout this article, I am refering to stack based overflows, there is a difference between stack based overflows, and heap based, though as...

Ringtone Tools Buffer Overflow

Ringtone Tools Buffer Overflow 12/22/2004 01:52 AM
Secunia Advisory: SA13547 Release Date: 2004-12-20 Critical: Moderately critical Impact: System access Where: From remote Solution Status: Unpatched Software: Ringtone Tools 2.x Qiao Zhang has reported a vulnerability in Ringtone Tools, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the “parse_emelody()” function. This can be exploited to cause a buffer overflow by tricking a user into opening a specially crafted eMelody…

Direct and Related Links for 'Ringtone Tools Buffer Overflow'

FreeBSD kernel buffer overflow

FreeBSD kernel buffer overflow 09/17/2004 08:24 PM
gerarra_at_tin.it (Sep 16 2004)

mpg123 buffer overflow vulnerability

mpg123 buffer overflow vulnerability 09/07/2004 06:23 PM
Davide Del Vecchio (Sep 06 2004)

[SECURITY] [DSA 424-1] New mc packages
fix buffer overflow

[SECURITY] [DSA 424-1] New mc packages
fix buffer overflow 01/17/2004 11:13 PM
Matt Zimmerman (Jan 16 2004)

IBM DB2 call buffer overflow
(#NISR05012005C)

IBM DB2 call buffer overflow
(#NISR05012005C) 01/05/2005 04:04 PM
NGSSoftware Insight Security Research (Jan 05 2005)

Gaim Buffer Overflow Vulnerabilities

Gaim Buffer Overflow Vulnerabilities 08/14/2004 08:23 AM

Direct and Related Links for 'Gaim Buffer Overflow Vulnerabilities'

“Critical: Highly critical Impact: System access Where: From remote Sebastian Krahmer has discovered some vulnerabilities in gaim, which can potentially be exploited by malicious people to compromise a user’s system….Successful exploitation may allow execution of arbitrary code. Solution: Use another product, until fixes are available.”…

MacOS X TruBlueEnvironment Buffer
Overflow

MacOS X TruBlueEnvironment Buffer
Overflow 01/01/2005 04:55 AM
_at_stake Advisories (Jan 28 2004)

Gaucho v1.4 Build 145 Buffer Overflow

Gaucho v1.4 Build 145 Buffer Overflow 08/27/2004 05:51 PM
Jérôme (Aug 26 2004)

[SECURITY] [DSA 517-1] New CVS packages
fix buffer overflow

[SECURITY] [DSA 517-1] New CVS packages
fix buffer overflow 06/10/2004 04:33 PM
Martin Schulze (Jun 10 2004)

bss-based buffer overflow in l2tpd

bss-based buffer overflow in l2tpd 06/05/2004 01:00 AM
Thomas Walpuski (Jun 04 2004)

Re: .MHT Buffer Overflow in Internet
Explorer

Re: .MHT Buffer Overflow in Internet
Explorer 03/13/2003 10:22 AM
Thor Larholm (Jan 25 2003)

Mac OS X Long argv[] buffer overflow

Mac OS X Long argv[] buffer overflow 10/28/2003 11:06 PM
_at_stake Advisories (Oct 28 2003)

SOHO Routefinder 550 VPN, DoS and Buffer
Overflow

SOHO Routefinder 550 VPN, DoS and Buffer
Overflow 03/13/2003 10:22 AM
Peter Kruse (Mar 11 2003)
Grok Description matches for Buffer Overflow Compromises Kerberos
GrokA matches for Buffer Overflow Compromises Kerberos

Roomba Discovery

Roomba Discovery 07/12/2004 07:39 AM

Oh hey, new Roomba! The Roomba Discovery is being pre-sold "exclusively [to] current Roomba owners" at the moment, but includes some much-needed improvements, like a self-charging Home Base which the Roomba will head to, automatically, when done cleaning (finally!), an "intense cleaning" feature (presumably detecting areas that need multiple passes, and a dust bin that's 3 times larger. Sounds like an all-around improvement, so good on them. The Discovery is currently being sold on the iRobot Store site for $250.
R ead - Product Page [NewRoomba]

Related
Australian Robot Vacuum Contender: Floorbotics [Gizmodo]
Trilobite Vs. Roomba: The Mystery Revealed [ArtOfSpeed]
Electrolux Trilobite Robotic Floor Vac Review (Bunny Not Included) [Gizmodo]

Two Timing Roomba Discovery Reviews

Two Timing Roomba Discovery Reviews 07/15/2004 06:58 AM

< img src="http://www.gizmodo.com/archives/images/roomba_discovery.jpg" alt="roomba_discovery.jpg image" width="200" height="200" class="borderyes" border="0" align="right" vspace="5" hspace="15"/>We're going to give this New York Times' Circuits section review of the new Roomba Discovery a passing grade, if only because author William Grimes (oh ho ho) talks about torturing robots. It's good to know that when robots rise up against their fleshy masters, we'll all be able to blame Circuits. The new Discovery does well enough -- it's clearly an improvement over the previous generations -- but its still, ultimately, an expensive distraction to getting real cleaning done. And that's why I love it.

More Roomba and links inside.

Roomba

Roomba 04/10/2004 02:05 PM
0.11 released

Roomba 0.12

Roomba 0.12 04/28/2004 11:49 AM
Room booking software for hotels.

I lust for a Roomba

I lust for a Roomba 02/10/2004 01:28 PM
I'm just listening to Helen Greiner's presentation of Roomba. She actually has one that she is running on the table, and the #etech -channel is filled with geeks declaring their instant love at the tiny little home robot.

Can't say I'm much different.

I seriously, seriously want one. Like now.

Update: Joi snapped a photo of me, relaxing outside :-)

Update2: I'm now a bit less enthusiastic. IRobot does in addition build the PackBot, which is a military bot. We were shown a cool video in which the PackBot? is thrown in through a window to a building, drives off the roof, and drives directly into a river; surviving all this stuff. It was apparently used during the Afghan war as well. It's just a matter of time before they strap it with guns.

More Roomba hacking

More Roomba hacking 07/14/2004 10:00 AM
Another group of hardware hackers have at a Roomba robotic vacuum cleaner:

"For higher level control, we've attached a Virgin Webplayer. The Webplayer was sold as a loss leader for Virgin's internet service in the late 90s, and thus can be found on ebay for under $100. It has two serial ports, a 200MHz Geode processor, 64M ram, and a miniPCI port. Thus, we can give it an 802.11b card, a webcam, and a usb-serial adapter."

Link (via MetaFilter)

Revenge of the Roomba

Revenge of the Roomba 07/13/2004 03:41 PM
The profesor sent us this about the new and improved Roomba robot vacuum cleaner: iRobot yesterday announced some new versions of our Roomba line of robotic vacuums. Cool new features include a recharging docking station and a dirt sensor, in addition to many changes to make it a more solid product. For more details see the iRobot press release. According to their website, the new version also includes a bigger dust bin that holds three times as much as the old Roomba. I've also heard that Roomba hackers may find some interesting new changes inside too. But can it still be used to deliver beer?

Roomba Gets Overhaul

Roomba Gets Overhaul 07/13/2004 02:02 PM
Extreme Tech Jul 13 2004 5:46PM GMT

Back-door your Roomba

Back-door your Roomba 05/07/2004 03:35 AM
PT sez, "This week's "how to" article from Engadget shows how to put the Roomba Robot Vacuum in hardware check mode. This is a useful mode for Roomba hackers (and anyone else) to test the functions of the unit as well as see how the unit works, test the 'virtual walls,' clean specific parts and have some fun."

Pressing the L button for the 5th time (you'll hear 5 beeps) will put the Roomba in "bulldozer" mode, in other words it'll just roll forward no matter what, the sensors and bumpers and picking it up will not stop it. Be careful, don't let the Roomba damage you or itself.

Link (Thanks, PT!)

SmartCarpet Roomba Killer

SmartCarpet Roomba Killer 06/17/2005 06:15 PM

Foreign companies Vorwerk and Infineon are furthering the process of making Americans even more lazy. Research into the popular robot vacuum, Roomba, has shown the inefficiency of being able to cover all parts of the carpet. These foreigners are developing a robotic vacuum that interacts with RFID chips imbedded into the carpet. The robot uses the RFID transmission information to decipher whether or not it has actually covered all areas of the carpet.

Intelligent Robot Vacuum [Ohgizmo.com]

Roomba customer support

Roomba customer support 07/02/2004 04:35 PM
We have a Roomba at home to sweet our floor while we're out (it's really noisy). Yes, from iRobot makers of the "next step in unmanned tactical mobile robots". In other words: They are makers of robotic killing machines! Anyway, one of the evil cats ate the power supply some time ago, so it hasn't gotten much use lately. (Her cats, I usually say when they do things like that) I sent them an email through their online email form...

Trilobite Vs. Roomba: The Mystery
Revealed

Trilobite Vs. Roomba: The Mystery
Revealed 06/01/2004 01:53 PM

Ever wonder why the Trilobite 2.0 robotic vacuum is about $1,800 when you can get a good ol' American Roomba for as low as $160? Turns out, it's because the Roomba is, as robots are judged, pretty dumb. One of I4U's readers with a degree in human computer interaction and artificial intelligence wrote a nice piece about some of the major differences between the two robot vacuums, which he compares to the difference between a "Trabant versus a Rolls." Unfortunately, without one of them fancy AI degrees, the Roomba is the one I can afford.
Read [I4U]

Hack-Friendly Roomba Scheduler

Hack-Friendly Roomba Scheduler 06/24/2005 04:01 PM

CNET News.com gets freaked out when we link to their stories and use their pictures, so thank god iRobot has a picture of their new Roomba Scheduler on their site already. The Schedular is pretty similar to the Discovery, except it includes a timer function that can be set to activate the robot on a schedule (hence...). It's sort of an obvious, if welcome, upgrade, so the additional news that iRobot will be encouraging tinkerers to hack in additional features into this model is great. A Roomba with a camera is cool, but I think it's time somebody figured out how to make a Roomba that's smart enough to not eat cords.

Catalog Page [iRobot]
Trick out your Roomba [News.com]

Roomba is Sucking up Christmas Dollars

Roomba is Sucking up Christmas Dollars 12/19/2004 03:41 PM
A new CNET article notes that the iRobot Roomba is a hot item among Christmas shoppers this season. Best Buy claims it's the most popular gift item at their stores this year and the Roomba 4100 has also recently reached the number four position on Amazon's Housewares top sellers list (it has since dropped to position six). The San Mateo Daily Journal recently picked the Roomba as number six on its list of the top ten holiday gadgets. So you better watch out, Santa may be bringing you an autonomous robot vacuum cleaner this year.

Roomba Discover vs Sharper Image eVac

Roomba Discover vs Sharper Image eVac 08/10/2004 10:18 AM
Everyday Robots has posted a comparison of the Roomba Discovery and Sharper Image eVac robot vacuum cleaners. It's primarily a consumer-oriented review on points such as suction power and carpet types rather than more interesting things like hackability. But if you're thinking about buying a robot vacuum for its intended purpose, this could be a helpful review.

Troubleshoot Windows with Task Manager

Troubleshoot Windows with Task Manager 08/17/2004 03:20 PM
WebDevInfo Aug 17 2004 7:24PM GMT

Apple Silences Beeps, Hissing

Apple Silences Beeps, Hissing 03/06/2004 02:06 AM
Apple confirmed this week that there was a noise issue with some of its dual-processor Power Mac G5 models and said the issue has been fixed for new machines rolling off the production lines. By Ina Fried (CNET News.com via MyAppleMenu)

Express Stor . . . The First Windows
Powered Application Specific NAS Sever
To Manage Data Through Its Life Cycle

Express Stor . . . The First Windows
Powered Application Specific NAS Sever
To Manage Data Through Its Life Cycle 06/03/2004 03:33 AM
Express Stor, a Microsoft Windows 2003 Network Attached Storage (NAS) server, incorporates all the software and hardware required to manage all aspects of an application's information life cycle – from inception to disposal – across multiple types of media. MDI's unique approach offers an optimized storage management tool created from the combination of a basic storage design with several differentiating feature/functions and the lowest total cost of ownership in the industry. [PRWEB Jun 3, 2004]

Troubleshooting Kerberos Delegation in
Windows 2000 and Windows Server 2003

Troubleshooting Kerberos Delegation in
Windows 2000 and Windows Server 2003 04/10/2004 12:43 PM
This white paper explains how to troubleshoot delegation issues that can arise in Kerberos authentication scenarios. The paper summarizes required infrastructure and describes Windows authentication scenarios. The central discussion is organized around four troubleshooting checklists: one each for Active Directory, client application, middle tier, and back-end. The appendices detail diagnostic tools and give examples of how to resolve problems in typical IIS to SQL delegation scenarios.

Troubleshooting Windows Firewall in
Microsoft Windows XP Service Pack 2

Troubleshooting Windows Firewall in
Microsoft Windows XP Service Pack 2 09/02/2004 12:00 PM

Data Vision Thru-Glass Monitor Provides
Windows Through Windows

Data Vision Thru-Glass Monitor Provides
Windows Through Windows 07/06/2004 11:39 AM

A company called Data Vision has developed a new 15-inch LCD touchscreen called 'Thru-Glass' for retail stores that works through windows. The touch part works through windows, I mean, not just the light; that wouldn't be that impressive. Beyond that, it's pretty much just a regular screen, but it could be an interesting way to show off some of your products and answer simple questions even after the lights have been dimmed for the evening. For the £2,000 purchase price Data Vision will even install it for you, which is nice of them.
Read - Thru-Glass touchscreen computer [BIOS]

Windows Memory Diagnostic

Windows Memory Diagnostic 08/07/2004 09:09 PM

Diagnose XP - A Windows XP Diagnostic
Guide

Diagnose XP - A Windows XP Diagnostic
Guide 04/13/2005 06:32 AM

PM FAQ: Troubleshooting Windows XP SP2
Issues

PM FAQ: Troubleshooting Windows XP SP2
Issues 09/20/2004 06:53 PM

Videocast: Windows XP Wireless
Troubleshooting

Videocast: Windows XP Wireless
Troubleshooting 03/19/2005 02:24 AM

See your faithful editor on the small, small screen: ZDNet asked me to engage in a 15-minute videocast on helping users troubleshoot Windows XP wireless problems, which I am unfortunately highly qualified to do, having spent the last few years working with XP and Wi-Fi. For instance, I discuss updating BIOS to solve persistent Wi-Fi connection dropping.

Yes, I am in Seattle as you can see by the Space Needle in the photographic backdrop behind me. Now what's ironic is that the Space Needle is across the street from the studio I shot my remote in.

Critical Update for Windows Media Player
(All Versions) for Windows 2000, Windows
XP, and Windows Server 2003 (KB828026)

Critical Update for Windows Media Player
(All Versions) for Windows 2000, Windows
XP, and Windows Server 2003 (KB828026) 02/11/2004 01:19 AM
When a content owner creates an audio or video stream, they can add script commands (such as URL script commands and custom script commands) to be encoded in the stream. When the stream is played back, the script commands can trigger events in an embedded player program, or they can open your browser and then navigate to a Web page. This behavior is by design

Windows Media Player (All Versions) for
Windows 2000, Windows XP, and Windows
Server 2003 (KB832353)

Windows Media Player (All Versions) for
Windows 2000, Windows XP, and Windows
Server 2003 (KB832353) 04/22/2004 01:20 AM
After applying the Update for Windows Media Player Script Commands (KB828026), some URL script commands do not fire even though they would be expected to do so. In addition to the URL script command issues, this package addresses an issue with the installer that would cause 100% CPU utilization in certain scenarios.

Welsh to get specific versions of
Windows XP + Office

Welsh to get specific versions of
Windows XP + Office 01/24/2004 01:46 PM

Pros point to flaws in Windows security
update

Pros point to flaws in Windows security
update 08/18/2004 04:57 PM
ZDNet Aug 18 2004 8:23PM GMT

Broken Windows

Broken Windows 06/04/2004 08:23 PM

Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not?

Buffer Overflow Compromises Kerberos

The following phrases have been identified by the grok system as matching this entry: rendezwho! for windows roomba beep broken pros task-specific robots rendezwho monitor windows roomba troubleshooting beeps 4 times roomba discovery diagnostic 5 beeps how to manage schedular in oracle9i m16c read id sweepeze troubleshoot