lsh-bugs

lsh-bugs@lists.lysator.liu.se

491 discussions

ANNOUNCE: LSH-2.0.2, fix for file descriptor leak and denial of service
by nisse＠lysator.liu.se 28 Jan '06

28 Jan '06

This is a maintenance release, fixing the recently discovered file descriptor leak in lsh. I have reviewed the use of all fd:s opened by lshd, and besides the leaks related to the randomness generator, I found one more definite leak (the logfile, when using the --log-file option), and a few other suspicious places. These have been fixed. News for the 2.0.2 release Fixed a couple of problems in lshd, where the server process leaks file descriptors to user shells that it starts. These bugs implied a local denial of service hole, at best. Support for aes256-ctr. Newer nettle library. Bugfixes and performance improvements for the assembler code, in particular support for sparc64, and Makefile fixes. Available at: http://www.lysator.liu.se/~nisse/archive/lsh-2.0.1.tar.gz This release is also a little special, since I'm away from home (I'm spending a month or too at INRIA in Antibes, France). This has some drawbacks, lsh-wise: * This release is not signed. My signing keys are on a computer back home, which, for paranoia reasons, doesn't allow any remote logins. That the distribution tar file is located in my web directory at lysator should provide for some level of authenticity, but that isn't of much help if you don't trust unauthenticated network transfers. If anybody else is feeling trustworthy, and is willing to review the changes since 2.0.1, you can mail me a pgp signature of the distribution file. I'll then check that it matches my copy of the file, and make the signature available. * I've not had the same time for proper testing as I usually do, in particular, there have been no xenofarm builds. Let me know if there are any problems, and I'll see what I can do. The current code has been compiled on GNU/Linux and Solaris only. * There might be other glitches, since the distribution isn't generated on the same machine as any other release. * I'm totally off-line during weekends. Happy hacking, /Niels

2 1

Feel & look younger
by Maribel Connors 27 Jan '06

27 Jan '06

After the age of twenty-one, your body slowly stops releasing an important hormone known as HGH (Human Growth Hormone). The reduction of HGH, which regulates levels of other hormones in the body (including testosterone, estrogen, progesterone, and melatonin) is directly responsible for many of the most common signs of growing old, such as wrinkles, gray hair, decreased energy, and diminished sexual function. Human Growth Hormone will normally yield the following results: - Boost your immune system - Rejuvenate your body and mind - Feel & look younger - Reduce wrinkles, lose weight, decrease cellulite - Restore your sex drive and vigor - Revitalize your heart, liver, kidneys & lungs - Maintain muscle mass - Refresh memory, mood and mental energy - Sleep soundly and awake rested - Help eliminate stress, fatigue and depression http://afghlbciejk.loriptop.info/?dmejkxwqowyafghlzhghbci

1 0

re; rolling stocks
by Jules Byers 26 Jan '06

26 Jan '06

OTC.BB Market Release D K D Y Price Climbs 265% In One Month In the last 4 weeks we have seen an amazing climb in the market from DKDY. Their price has climbed over 265% and has had continuous Heavy Trading throughout. Just look at these stats. Symb0l: DKDY December 19th: $0.65 Jan 25th High: $1.72 1 Month Increase: 265% SH0RT; $2.25 - 2.50 Long Term: $3.75 - $4.25 Indi cat0r; Str0ng Buy This stock has had fantastic return on investment for our members. We have been keeping a close eye on it as we believe it has not yet peaked it's potential. We are now expecting another jump on Thursday. Members, Thursday morning is the time to take advantage of this stocks consistent price climbs. Just review the recent releases below: January 6 2006 Friday Morning D K D Y announced the agreement to begin nightly banquets in April 2006 that are expected to increase visitors to the park by over 18000 per month, doubling its annual attendance and creating an increase in re venues by over $3,400,000.00. Dark Dynamite Inc. has reached a cooperation agreement, for initiating a large-scale outdoor Qin dynasty Cultural Dinner Show program for performing Qin dynasty dancers and songs in the Theme Park of Qin E - Pang Palace (''the T h e m e P a r k'') from April 2006. January 7 2006 XI'AN, China, Jan. 4 /Xinhua-PRNewswire/ -- Dark Dynamite Inc. (OTC Bulletin Board: DKDY) (''DDI'') announces that the construction of the Western 3rd Round City Highway (the ''3rd Highway'') in Xi'an is expected to be completed in early 2006. The completed 3rd Highway is expected to bring in more tourists to the Theme Park of the Qin E-Pang Palace (''E-Pang Palace''). Get ready for Thursday Members and finish a great trading week this week.

1 0

SECURITY: lshd leaks fd:s to user shells
by nisse＠lysator.liu.se 25 Jan '06

25 Jan '06

Stefan Pfetzing noticed that lshd leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. This is a security problem, in at least two ways: * A user can truncate the server's seed file, which may prevent the server from starting. * By reading the file, a user can get information that may be useful for cracking other user's session keys, as well as public keys that are generated from the disclosed seed file. (To understand what the impact is, one must understand how yarrow generates and uses the seed file. My initial analysis is that reading the seed-file is advantageous only if it is read just prior to the start of some process using the seed for initialization.) This is a local hole. It provides for fairly easy denial of service by local users, and with some more effort, maybe also cracking of session keys. The below patch, relative to lsh-2.0.1, seems to solve the problem. After applying the patch, you should remove and then regenerate the server's seed file (since users may still have open fd:s), and restart lshd. I hope to be able to put together a new release sometime next week. I'll be off-line over the weekend. In the mean time, feel free to inform other distributors and appropriate security fora about the problem. Sorry for the inconvenience, /Niels *** unix_random.c.~1.17.~ 2004-11-17 22:13:27.000000000 +0100 --- unix_random.c 2006-01-20 14:26:05.000000000 +0100 *************** *** 258,263 **** --- 258,264 ---- if (self->device_fd < 0) return 0; + io_set_close_on_exec(self->device_fd); self->device_last_read = now; } *************** *** 381,386 **** --- 382,388 ---- return NULL; } + io_set_close_on_exec(self->seed_file_fd); trace("random_init, reading seed file...\n"); if (!read_initial_seed_file(&self->yarrow, self->seed_file_fd))

2 1

Modelos prontos de cartas comerciais e documentos diversos
by Julio Costa 25 Jan '06

25 Jan '06

Modelos prontos de cartas e e-mails comerciais. Visite o site: http://www.gueb.de/cartascomerciais E veja alguns dos modelos abaixo: COMUNICADOS E AVISOS Advertência a funcionário; Aviso de aumento de preços; Aviso de incorporação da empresa; Aviso de lançamento de produto e serviço; Aviso de mudança de endereço; Aviso de ocorrência de acidente; Aviso de término de contrato; Aviso genérico; Procuração Carta de Recomendação Convite para Exposição ou Feira AGRADECIMENTOS E CONDOLÊNCIAS Agradecimento de convite e felicitações; Agradecimento e convite para solenidade; Agradecimento de mensagem de pêsames; Agradecimento de pedido; Agradecimento e boas vindas a cliente novo; Agradecimento por mensagem de felicitação; Confraternização; Congratulações; Cumprimentos por resultados comerciais; Felicitações pessoais; Pêsames; http://www.gueb.de/cartascomerciais Votos de boas festas Voltar ao topo http://www.gueb.de/cartascomerciais CARTAS DE RECLAMAÇÃO Reclamação de compra de produto; Reclamação por atraso; Reclamação por aumento de preço; Reclamação por deficiência técnica; Reclamação por demora na entrega; Reclamação por divergência; Respostas a reclamações; Voltar ao topo Comunicação de atraso no envio de mercadorias; Comunicação de devolução de duplicata; Comunicação de devolução de mercadoria; Comunicação de envio de mercadorias; Comunicação de envio de parte do pedido; Comunicação de extravio de mercadorias; Comunicação de férias coletivas; Comunicação de liquidação de débito; Comunicação de novo serviço de televendas; Comunicação de reunião; Confirmação de pedido; Resposta ao comunicado de reunião; Voltar ao topo http://www.gueb.de/cartascomerciais EMPREGO Aviso prévio de dispensa de empregado: 1, 2, e 3; Carta de recomendação; Pedido de demissão: 1 e 2; Solicitação de emprego: 1, 2 e 3; Solicitação de estágio; Voltar ao topo ATESTADOS E DECLARAÇÕES Atestado de bons antecedentes; Atestado médico; Declaração negativa de vínculo empregatício; Declaração para cancelamento de protesto; Declaração para fins escolares; Voltar ao topo * Agradecimentos e condolências * Atestados e Declarações * Cartas de Cobranças * Cartas de Reclamação * Cartas em Inglês * Comunicados e Avisos * Convites * Documentos * Emprego * Propostas * Solicitações e pedidos * Viagem http://www.gueb.de/cartascomerciais CARTAS DE COBRANÇA Cartas de cobrança: 1, 2, 3, 4, 5, 6, 7 e 8; Encaminhamento de cobrança a protesto; Oferecimento de serviço de cobrança; Recebimento de débito pendente; Voltar ao topo CARTAS EM INGLÊS Cancelamento de pedido; Carta de demissão; Carta de referência; Curriculum vitae; Pedido de produto: 1 e 2; Reclamação de assinatura de publicação; Remessa de valores; Resposta a pedido de produto; Resposta a solicitação de emprego; Resposta a solicitação de informações; Resposta a solicitação de preços; Solicitação de emprego; Solicitação de informações comerciais; Solicitação de licença; Solicitação de preços; Voltar ao topo CONVITES http://www.gueb.de/cartascomerciais Convite para batizado; Convite para evento social; Convite para exposição ou feira; Convite para lançamento de produto; Resposta negativa a convite; Resposta positiva a convite; Voltar ao topo DOCUMENTOS Ata; Contrato de locação de imóvel; Contrato firmado acordo; Contrato social; Edital de convocação; Procuração; Recibo de venda de automóvel; Voltar ao topo PROPOSTAS Proposta de abertura de conta corrente; Proposta de prestação de serviços: 1 e 2; Proposta de representação comercial: 1 e 2; Proposta para ocupação de cargo; Proposta para recuperação de clientes; Resposta negativa à proposta de representação: 1 e 2; Resposta positiva à proposta de representação: 1 e 2; Voltar ao topo http://www.gueb.de/cartascomerciais SOLICITAÇÕE E PEDIDOS Pedido de desculpas; Pedido de mercadorias; Resposta a pedido de carta de apresentação; Resposta a solicitação de cópias de documentos; Resposta a solicitação de orçamento; Resposta negativa a solicitação de informações comerciais; Resposta positiva a solicitação de informações comerciais; Solicitação de atestado de Idoneidade Financeira; Solicitação de catálogos de preços; Solicitação de crédito; Solicitação de informações comerciais; Solicitação de informações sobre curso; Solicitação de listas de preços; Solicitações de referências pessoais; Suspensão de pedido de mercadoria; Voltar ao topo VIAGEM Informações sobre requisitos de viagem; Pedido de reserva em hotel; Recuperação de bagagem extraviada; Reclamação de maus tratos à bagagem; Recuperação de objeto esquecido em hotel; Reserva de passagens; Roteiro turístico. http://www.gueb.de/cartascomerciais

1 0

Alert - Shareholder Release
by Angel Mccollum 24 Jan '06

24 Jan '06

50% price increase gets CWTD Listed on Stock Alert With Stockguru.com Company: China World Trade Corporation Symbol: CWTD 10 Day Climb: $1.14 - $1.615 Monday High: $1.72 Short Term: $2.25 - $2.50 Interest: Multiple Market Alerts Indicator: Strng Buy Due to HEAVY TRADING and Huge Price jumps over the last 10 days, CWTD has been listed on Stockguru.com and Stockhouse.com. CWTD has shown us solid returns over the last 10 climbing from $1.14 on Jan 11, to a high today of $1.72, a 50% increase. During the final hours of trading the price dipped to $1.615 giving investors a chance to set there opening buy for the morning before the price continues its climb. CWTD is a solid company on the market for many years, with several announcements in the new recently creating a steady growth in price and volume. Get On CWTD first thing in the morning and take advantage of today�s pricing before this stock resumes its climb tomorrow. Recent News: China World Trade Corporation Organizes The World Trade Financial Forum with Xinhua PR Newswire - Jan 19, 2006 TIANHE, GUANGZHOU, China, Jan. 19 /Xinhua-PRNewswire/ -- China World Trade Corporation (OTC Bulletin Board: CWTD) ("CWTD") announced today the successful completion of the World Trade Financial Forum, held on December 18, 2005 at Beijing's Landmark Tower building in China. The Forum was jointly held by CWTD and Xinhua PR Newswire. Guest keynote speakers included well-respected professionals from varied fields such as legal, accounting and financial public relations all jointly focused on addressing the opportunities and challenges for listed Chinese companies seeking to raise funds and becoming a publicly listed company in the U.S. Statistics published on one of the leading Chinese internet portals revealed the growing needs of Chinese enterprises seeking initial public offerings in the various capital markets around the world. In 2004, there were approximately 84 initial public offerings of Chinese companies, representing a 75% increase over 2003.

1 0

NOTIFICATION - Press Release
by Zachary Hartley 23 Jan '06

23 Jan '06

Reminton Ventures Inc. Continues Steady Climb With Huge R.O.I.'s Remington Ventures Inc. Symbol: R M V N Friday Close: $0.93 Friday High: $1.15 Two Week Climb: $0.40 - $0.93 Short Term: $2.25 - $2.50 Status: S t r o n g B u y Members, Since Jan 4th we have been keeping you up to date on the trading activites of RMVN, and it has been an exciting run. We have seen this stock trade from $0.40 with freny buying as high as $1.95. Many of our members have taken advantage of the huge price spikes of the day trade but have also been enjoying the steady climb of the price on this stock. Friday showed good trading with a climb from $0.81 to a high of $1.15. End of day trading had a price dip closing at $0.93 giving further opertunity for longterm investors as well as day traders. With this steady climb over the last 15 days, we believe we will see a good increase for Monday bringin more healthy returns to investors. Get on RMVN first thing Monday. Take advantage of the reduced open and watch for the price spikes monday and enjoy the day trade, or get in while it dipped for a long term and healthy R.O.I. Just review why this stock has been climbing: About R M V N: Remington Ventures Incorporated (OTCPK: RMVN), is a software company specializing in automated currency trading systems and artificial neural networks for the currency markets. The Currency market, also referred to as the Forex or FX market is the largest financial market in the world, with a daily average turnover of approximately $1.5 trillion. R M V N is continuously improving its system to isolate the most predictable and lucrative instrument(s) to trade. Their system's neural network input database can be designed so that the neural net actually chooses the instrument to trade as well as the trade parameters. Some additional features of the the automated currency trading system are: * Neural network pattern recognition * Real time economic data input * Automatic trading * Proprietary input database structure * Real time training and prediction * Designed for single user deployment * Selectable market and trading routines Good Trading, and see you Monday!

1 0

(no subject)
by 78jh22g5＠ljsanye.com 22 Jan '06

22 Jan '06

农博果蔬频道周报2006年1月第3期总第9期今天是二十四节气中的大寒，随着天气的变化，市场也跟着波动，全国各地的蔬菜水果价格是涨声一片，虽然不少地方的价格每天都在攀升，每天都在变化，但是有一点却是不变的，那就是人们对春节的盼望！鸡年的鞭炮声似乎还在耳边徘徊，狗年的爆竹声已经向我们走来。在此我们祝愿各位狗年旺旺，阖家幸福！"爆竹声中辞旧岁，农博果蔬迎新春"。本周，价格方面不用再多说大家也会发现，全国各地，不涨的地方不多，由于气温已经接近一年当中的最低，菜价果价涨点也属正常，但是，不少地方的价格却屡屡突破历史记录，这多少让人心理上有点承受不住。沈城蔬菜价格屡创新高 http://vegetable.aweb.com.cn/news/2006/1/18/11471779.shtml 长春：春节期间蔬菜批发价再涨20% http://vegetable.aweb.com.cn/news/2006/1/18/11580026.shtml 北京：蔬菜小幅上升，水果上涨一成 http://vegetable.aweb.com.cn/news/2006/1/18/1717286.shtml 礼品菜成商家"赔钱菜" http://vegetable.aweb.com.cn/news/2006/1/18/11580014.shtml 最近几天的雨雪天气加剧了不少地方的菜价和果价的上涨势头，但是什么事情都有例外，不信请看下面的文章: 节前山东各地蔬菜价格连日飞涨有人囤菜待沽高价 http://vegetable.aweb.com.cn/news/2006/1/20/12440669.shtml 江苏徐州:小雨削弱了水果价格上升势头 http://vegetable.aweb.com.cn/news/2006/1/17/14443045.shtml 本周有几篇是介绍华人在国外的种菜的，写的不错，值得一读！中国菜农改变苏丹历史 http://vegetable.aweb.com.cn/news/2006/1/18/1158002.shtml 华人在澳大利亚种菜的机遇与挑战 http://vegetable.aweb.com.cn/news/2006/1/17/11161054.shtml 中国人的果篮子越来越"全球化" http://vegetable.aweb.com.cn/news/2006/1/20/8475761.shtml 马上就到春节了，我们在提着大包小包回家过年的时候，有没有想到顺便将实用技术带回家呢，如果没有，现在动手还来得及！让火车将科学种养的信息带回家 http://vegetable.aweb.com.cn/news/2006/1/17/7551517.shtml 市场分析里面也有几篇文章给人以启发！一个梨卖五块钱卖的是科技含量 http://vegetable.aweb.com.cn/news/2006/1/19/8355742.shtml 50元一个苹果/80元一斤大樱桃,合理不？ http://vegetable.aweb.com.cn/news/2006/1/19/9591296.shtml 最后是健康方面的文章。部分蔬菜农药残留超标 http://vegetable.aweb.com.cn/news/2006/1/17/7522959.shtml 买水果果篮慎防鱼目混珠 http://vegetable.aweb.com.cn/news/2006/1/20/8340972.shtml 更多信息敬请点击农博果蔬http://vegetable.aweb.com.cn

1 0

(no subject)
by 深圳市粤丰华实业有限公司 18 Jan '06

18 Jan '06

贵公司负责人(经理/财务）您好! 　　深圳市粤丰华实业有限公司。在全国各地（广州、东莞、上海、北京等地）　　设有分公司，我司在深圳市实力雄厚，有着良好的社会关系，现因各地公司进项　　较多完成不了每月销售额度.为要冲减进项，每月有部分电脑增值税发票6%和普　　通国税、地税发票2%左右(商品销售、其它服务业、广告、电脑运输、　建筑工　　程、等等)发票对外优惠代开或合作！还可以根据所做数量额度的大小来商讨优　　惠的点数。　　　　另本公司代理进出口报关业务，为贵司提供全方面服务！公司成立多年一直坚持以“诚信”为中心作为公司的核心思想、牢固树立　　公司形象、真正做到“彼此合作一次、必成永久朋友”！本公司郑重承诺所用发票均可上网查询或到税务抵扣验证！　此信息长期有效，如须进一步洽商: 详情请电:13824355086　公司电话：0755-25753241 　邮箱：hzm333(a)tom.com 联系人：胡海景　顺祝商祺! 　　　　　　　　　　　　　　　　　　　　　　深圳市粤丰华实业有限公司

1 0

(no subject)
by 深圳市粤丰华实业有限公司 18 Jan '06

18 Jan '06

1 0

← Newer
1
...
5
6
7
8
9
10
11
...
50
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

lsh-bugs