File: 910821-01 From: jkp@cs.HUT.FI (Jyrki Kuoppala) Subject: A security problem in SunOS 4.1.1 and earlier with in.comsat and /etc/utmp Source: alt.security,alt.sys.sun,comp.unix.admin Message-ID: <1991Aug21.152339.11436@nntp.hut.fi> Keywords: SunOS 4.1*, BSD 4.3, comsat, /etc/utmp File: 910822-01 From: wswietse@wsbs06.bs.win.tue.nl (Wietse Venema) Subject: Re: A security problem in SunOS 4.1.1 and earlier with in.comsat and /etc/utmp Source: alt.security Message-ID: <2189@svin02.info.win.tue.nl> Keywords: comsat, /etc/utmp File: 910822-02 From: henk@cs.vu.nl (Henk Smit) Subject: Netgroup troubles (was: Re: Unresponsiveness of .....) Source: alt.security Message-ID: <10728@star.cs.vu.nl> Keywords: YP/NIS, domain, /etc/hosts.equiv, netgroup, 1024 char limit, SunOS 4.0.3 -> 4.1.1 File: 910823-01 From: fitz@mml0.meche.rpi.edu (Brian Fitzgerald) Subject: Re: Unresponsiveness: + in hosts.equiv and /etc dir Source: alt.security Message-ID: <0c3mqb@rpi.edu> Keywords: Sun Patch 100103-06, file permissions File: 910823-02 From: hogan@csl.sri.com (Emmett Hogan) Subject: YASB (Yet Another Sun Bug) Source: alt.security,alt.sys.sun Message-ID: <HOGAN.91Aug23164201@cujo.csl.sri.com> Keywords: SunOS 4.1.1, C2conv, /etc/passwd mode File: 910827-01 From: brendan@cs.widener.edu (Brendan Kehoe) Subject: Re: npasswd ftp address Source: alt.security Message-ID: <BRENDAN.91Aug27141712@laverne.cs.widener.edu> Keywords: npasswd, ftp, archie File: 910827-02 From: henk@cs.vu.nl (Henk Smit) Subject: SUMMARY: dictionaries (anyone got some more ?) Source: alt.security,alt.sources.d Message-ID: <10750@star.cs.vu.nl> Keywords: dictionary, french, german, italian, english File: 910827-03 From: montjoy@thor.ece.uc.edu (Robert Montjoy) Subject: C2 security and passwords Source: alt.sys.sun Message-ID: <1991Aug27.185853.5493@uceng.UC.EDU> Keywords: passwd, c2conv, YP/NIS, SunOS File: 910828-01 From: prl@iis.ethz.ch (Peter Lamb) Subject: Re: C2 security and passwords Source: alt.sys.sun Message-ID: <prl.683338578@iis> Keywords: passwd, c2conv, YP/NIS, SunOS File: 910828-02 From: gtoal@castle.ed.ac.uk (G Toal) Subject: Re: SUMMARY: dictionaries (anyone got some more ?) Source: alt.security,alt.sources.d Message-ID: <12658@castle.ed.ac.uk> Keywords: dictionary, dutch File: 910906-01 From: wietse@wzv.win.tue.nl (Wietse Venema) Subject: Re: What breaks if /etc is not owned by bin? Source: alt.sys.sun,alt.security Message-ID: <2585@wzv.win.tue.nl> Keywords: /etc ownership, bin vs. root, umask in /etc/rc, inetd.conf File: 910909-01 From: spaf@cs.purdue.EDU (Gene Spafford) Subject: Need dictionaries Source: alt.security,sci.crypt Message-ID: <SPAF.91Sep9095147@uther.cs.purdue.EDU> Keywords: password screening, compressed dictionary, paper File: 910909-02 From: archer@frmug.fr.mugnet.org (Vincent Archer) Subject: Re: Need exhaustive list of French first names Source: alt.security,resif.unix Message-ID: <1991Sep9.204904.20329@frmug.fr.mugnet.org> Keywords: french dictionary File: 910718-01 From: tar@math.ksu.edu (Tim Ramsey) Subject: Re: Why does YP let me read passwd.adjunct? Source: alt.security Message-ID: <k8afqjINN37s@maverick.ksu.ksu.edu> Keywords: YP/NIS, SunOS, ypmatch, passwd.adjunct File: 910729-01 From: [original header not available] Subject: GAO Online Documents Source: pacs-review Message-ID: [not available] Keywords: GAO reports, GAO/IMTEC-90-48, government security planning File: 910801-01 From: tchrist@convex.COM (Tom Christiansen) Subject: Re: do's and don'ts with setuid stuff?? Source: comp.unix.questions,alt.security Message-ID: <1991Aug01.175624.21612@convex.com> Keywords: setuid scripts File: 910812-01 From: kean@talon.ucs.orst.edu (Kean Stump) Subject: Re: What happened to Crack 3.1? Source: alt.sources.d,alt.security Message-ID: <1991Aug12.184912.29064@talon.ucs.orst.edu> Keywords: password cracking, dictionaries, Dan Klein File: 910812-02 From: kyle@UUNET.UU.NET Subject: dictionaries (was Re: What happened to Crack 3.1?) Source: alt.security,alt.sources.d Message-ID: <9108121918.AA11492@wendy-fate.UU.NET> Keywords: password cracking, dictionaries, Dan Klein File: 910814-01 From: geoff@mdms.moore.com (Geoff Loker) Subject: Re: Crack, Cops, and The Intregity of My System Source: alt.security Message-ID: <1991Aug14.020147.7844@mdms.moore.com> Keywords: passwd, not in dictionary, perl, shadow password File: 910820-01 From: NIC@NIC.DDN.MIL (DDN Reference) Subject: Security books Source: comp.protocols.tcp-ip Message-ID: <12711015419.39.NIC@NIC.DDN.MIL> Keywords: books, UNIX, Nutshell/O'Reilly, Russell and Gangemi, Garfinkel and Spafford File: 910820-02 From: jkp@cs.HUT.FI (Jyrki Kuoppala) Subject: Re: World-writable /etc/utmp (was something else) Source: comp.unix.admin Message-ID: <1991Aug20.022920.24954@nntp.hut.fi> Keywords: comsat, utmp, syslog, wall/rwall, talk File: 910826-01 From: al@ee.pitt.edu (A. Martello) Subject: SUMMARY: ftpd -> syslog vs. chroot Source: comp.unix.wizards Message-ID: <168440@unix.cis.pitt.edu> Keywords: ftpd, syslog, BSD, password protection, guest logins File: 910910-01 From: mtp@ukc.ac.uk (Matt Paley) Subject: v22i103: bigb - A security daemon for SCO Unix, Part01/01 Source: comp.sources.misc Message-ID: <1991Sep10.170300.8109@sparky.IMD.Sterling.COM> Keywords: SCO, repeated login failures File: 910911-01 From: dank@blacks.jpl.nasa.gov (Dan Kegel) Subject: Re: "Open Systems Security" document available Source: alt.security,sci.crypt,comp.protocols.tcp-ip Message-ID: <dank.684631689@blacks> Keywords: ftp sites File: 910911-02 From: per@erix.ericsson.se (Per Hedeland) Subject: Re: Should /etc/utmp protection be changed? Source: alt.security Message-ID: <1991Sep11.115213.1453@eua.ericsson.se> Keywords: utmp, xterm, xload, X11R5, dynamic libraries, SunOS File: 910912-01 From: josevela@mtecv2.mty.itesm.mx (Jose A. Vela Avila) Subject: Re: Password generator wanted Source: alt.security Message-ID: <4135@mtecv2.mty.itesm.mx> Keywords: rndname, getpasswd File: 910915-01 From: tar@math.ksu.edu (Tim Ramsey) Subject: X11R5 xload security hole (was Re: Should /etc/utmp protection..) Source: alt.security Message-ID: <kd5icbINNk40@moe.ksu.ksu.edu> Keywords: X11R5, xload, dynamic linking, trace File: 910922-01 From: aem@aber.ac.uk (Alec David Muffett) Subject: Crack - The password cracker v3.3c Source: alt.security Message-ID: <1991Sep22.051602.13910@sparky.imd.sterling.com> Keywords: password cracking File: 910919-01 From: jmason2@gpu.utcs.utoronto.ca (Jamie Mason) Subject: Re: SUID shell scripts Source: comp.unix.wizards Message-ID: <1991Sep19.125455.20375@gpu.utcs.utoronto.ca> Keywords: setuid, script File: 911004-01 From: shipley@godzilla.tcs.com (Peter Shipley) Subject: lofs security bug Source: alt.security Message-ID: <1991Oct4.214436.18563@tcsi.com> Keywords: lofs, loopback filesystem, read-only, SunOS 4.1* File: 911007-01 From: wswietse@wsbs06.bs.win.tue.nl (Wietse Venema) Subject: Re: Securing system on network. Source: comp.protocols.tcp-ip,comp.unix.admin Message-ID: <2380@svin02.info.win.tue.nl> Keywords: network, access control, monitoring, UDP, RPC, log_tcp File: 911007-02 From: tencati@nssdca.gsfc.nasa.gov Subject: CIAC bulletin C-1: New TFTPD server available for IBM RS6000 systems Source: alt.security/CIAC Message-ID: <7OCT199117542234@nssdca.gsfc.nasa.gov> Keywords: tftpd, IBM RS6000, AIX, APAR ix22628 File: 911014-01 From: fitz@mml0.meche.rpi.edu (Brian Fitzgerald) Subject: SUMMARY(pt 1/2): DO NOT depend on YP to hide passwd.adjunct Source: alt.security Message-ID: <7=ap=sb@rpi.edu> Keywords: SunOS, YP/NIS, passwd.adjunct, shadow password File: 911014-02 From: fitz@mml0.meche.rpi.edu (Brian Fitzgerald) Subject: SUMMARY(pt 2/2): DO NOT depend on (OLD)YP to hide passwd.adjunct Source: alt.security Message-ID: <0=ap_xb@rpi.edu> Keywords: SunOS, NIS+, YP/NIS paswd.adjunct File: 911014-01 From: fitz@mml0.meche.rpi.edu (Brian Fitzgerald) Subject: SUMMARY(pt 1/2): DO NOT depend on YP to hide passwd.adjunct Source: alt.security Message-ID: <7=ap=sb@rpi.edu> Keywords: SunOS, YP/NIS, passwd.adjunct, shadow password File: 911014-02 From: fitz@mml0.meche.rpi.edu (Brian Fitzgerald) Subject: SUMMARY(pt 2/2): DO NOT depend on (OLD)YP to hide passwd.adjunct Source: alt.security Message-ID: <0=ap_xb@rpi.edu> Keywords: SunOS, NIS+, YP/NIS paswd.adjunct File: 911004-02 From: kuhn@swe.ncsl.nist.gov (Rick Kuhn) Subject: Report on Assurance of High Integrity Software Source: comp.software-eng,alt.security,comp.specification Message-ID: <951@dove.nist.gov> Keywords: NIST, report File: 911010-01 From: ckd@eff.org (Christopher Davis) Subject: Re: .rhosts -- disallowing Source: alt.security Message-ID: <CKD.91Oct10140718@eff.org> Keywords: .rhosts, resolver, gethostbyaddr log_tcp File: 911016-01 From: Seth Robertson <seth@ctr.columbia.edu> Subject: TCP/IP Connection Monitoring Source: cert-tools Message-ID: <9110161431.AA18499@tictac.cert.sei.cmu.edu> Keywords: network monitoring, common File: 911017-01 From: ecd@cert.sei.cmu.edu (Edward DeHart) Subject: AIX TFTP Daemon re-release Source: alt.security Message-ID: <858@cert.sei.cmu.edu> Keywords: AIX, tftpd File: 911023-01 From: "John R Ruckstuhl Jr" <ruck@alpha.ee.ufl.edu> Subject: automounter security Source: sun-managers Message-ID: <9110231948.AA04537@alpha.ee.ufl.edu> Keywords: automounter, SunOS, nosuid File: 911029-01 From: ecd@cert.sei.cmu.edu (Edward DeHart) Subject: Re: Cracked accounts Source: comp.unix.admin Message-ID: <860@cert.sei.cmu.edu> Keywords: intruder, breakin, locking out File: 911029-02 From: chip@eniac.seas.upenn.edu (Charles H. Buchholtz) Subject: Re: Cracked accounts Source: comp.unix.admin Message-ID: <54618@netnews.upenn.edu> Keywords: intruder, breakin, locking out, COPS File: 911103-01 From: aem@aberystwyth.ac.uk (Alec Muffett) Subject: v25i005: crack - The Password Cracker, version 4.0a, Part01/05 Source: comp.sources.misc,alt.security Message-ID: <csm-v25i005=crack.171116@sparky.IMD.Sterling.COM> Keywords: password cracker, dictionary File: 911103-01 From: aem@aberystwyth.ac.uk (Alec Muffett) Subject: v25i005: crack - The Password Cracker, version 4.0a, Part01/05 Source: comp.sources.misc,alt.security Message-ID: <csm-v25i005=crack.171116@sparky.IMD.Sterling.COM> Keywords: password cracker, dictionary File: 911105-01 From: prl@iis.ethz.ch (Peter Lamb) Subject: Re: NIS and password security Source: alt.security,comp.unix.admin Message-ID: <prl.689340261@iis> Keywords: NIS, YP, passwords, sunrpc, portmapper, NFS, npasswd File: 911115-01 From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein) Subject: New network security mailing list: rfc931-users Source: comp.protocols.tcp-ip,alt.security Message-ID: <24615.Nov1523.22.5691@kramden.acf.nyu.edu> Keywords: rfc931, mailing list, network security, authentication server File: 911115-02 From: scoggin@udel.edu (John K Scoggin) Subject: Internet Firewalls Source: alt.security Message-ID: <70552@nigel.ee.udel.edu> Keywords: firewall File: 911118-01 From: "zmudzinski, thomas" <ZMUDZINSKIT@imo-uvax.dca.mil> Subject: In-Re: Legal Status of digital signatures [Risks 12.61] Source: email message from Zmudzinski, also RISKS digest xx.xx Message-ID: <9111181449.AA19182@cert.sei.cmu.edu> Keywords: EDI, electronic contract File: 911126-01 From: plipp@iaik.tu-graz.ac.at (Peter Lipp) Subject: Re: Fake sources? Source: alt.security Message-ID: <1991Nov26.080713.1571@news.tu-graz.ac.at> Keywords: faking source addresses, Bellovin, TCP/IP File: 911129-01 From: Heiner.Schorn@waldschrat.umu.se Subject: Re: Fake sources? Source: alt.security Message-ID: <HEINER.SCHORN.91Nov29103202@phaedros.waldschrat.umu.se> Keywords: faking source addresses, Bellovin, TCP/IP, Kent, critique File: 911204-01 From: prl@iis.ethz.ch (Peter Lamb) Subject: Re: NIS and password security Source: alt.security,comp.unix.admin Message-ID: <prl.691873839@iis> Keywords: Sun, YP/NIS, ypserv, passwd.adjunct, IP forwarding, packet filtering, hiding domain name, passwd+, npasswd, Sun Shield, C2, Crack, dictionary, bugid 1036869 File: 911205-01 From: sgf@cfm.brown.edu (Sam Fulcomer) Subject: Re: NIS and password security Source: alt.security,comp.unix.admin Message-ID: <95123@brunix.UUCP> Keywords: YP/NIS, ypserv, portmapper File: 911209-01 From: kuhn@swe.ncsl.nist.gov (Rick Kuhn) Subject: Re: looking for info (and vendors) of "SmartCards" Source: alt.security Message-ID: <1061@dove.nist.gov> Keywords: SmartCards, NIST publication File: 911211-01 From: "(Alain Brossard EPFL-SIC/SII)" <brossard@sasun1.epfl.ch> Subject: Information: NIS and password security Source: sun-managers Message-ID: <9112111028.AA00423@sasun1.epfl.ch> Keywords: YP/NIS, ypserv, patch, Purdue File: 911217-01 From: "(Alain Brossard EPFL-SIC/SII)" <brossard@sasun1.epfl.ch> Subject: Information:(2) NIS and password security Source: sun-managers Message-ID: <9112171412.AA23124@sasun1.epfl.ch> Keywords: YP/NIS, ypserv, ypxfrd, patch, Purdue, 911211-01 File: 911219-02 From: brossard@sic.epfl.ch (Alain Brossard EPFL-SIC/SII) Subject: ypserv, unsecure Source: alt.sys.sun,alt.security Message-ID: <2196@sicsun.epfl.ch> Keywords: YP/NIS, ypserv, ypxfrd, patch, Purdue, 911211-01, 911217-01 File: 911230-01 From: "John Markoff" <markoff@nyt.com> Subject: Recent Novell Software Contains a Hidden Virus Source: Risks Digest 12.72 Message-ID: <CMM.0.90.1.694136342.risks@chiron.csl.sri.com> Keywords: Novell, virus, Stoned 111, Konami, Spacewrecked