iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)

2002-12-19 Thread iDEFENSE Labs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 12.19.02: http://www.idefense.com/advisory/12.19.02.txt Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) December 19, 2002 I. BACKGROUND Easy Software Products' Common Unix Printing System (CUPS) is

[Fix] Openwebmail 1.71 remote root compromise

2002-12-19 Thread Dmitry Guyvoronsky
Hello Vendor of the OpenWebMail system had released patch and upgraded `current` sources. More information can be found at: http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 Patches: http://openwebmail.org/openwebmail/download/cert/patches/SA-02:01/ Current: http://op

Cisco IOS EIGRP Network DoS

2002-12-19 Thread FX
Hi there, please find attached an advisory about an issue with the Cisco IOS Enhanced IGRP implementation that can be used to cause a network segment wide denial of service condition. Regards FX -- FX <[EMAIL PROTECTED]> Phenoelit (http://www.phenoelit.de) 672D 64B2 D

RE: Password Hole Found In Webshots - (Webshots Confirmed)

2002-12-19 Thread Shutters, Mike
>From Webshots (confirmed): -Original Message- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 9:33 AM To: Shutters, Mike Subject:Re: Password Hole Found In Webshots [T200212130039] Hello Mike, Thank you for contacting Webshots! Unfort

TSLSA-2002-0083 - kernel

2002-12-19 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0083 Package name: kernel Summary: Local DoS Date: 2002-19-12 Affected versions: TSL 1.01, 1.1, 1.2,

TSLSA-2002-0084 - tcpdump

2002-12-19 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0084 Package name: tcpdump Summary: Incorrect bounds checking Date: 2002-12-19 Affected versions: TSL

TSLSA-2002-0087 - perl

2002-12-19 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0087 Package name: perl Summary: Safe compartments not being safe Date: 2002-12-19 Affected versions:

TSLSA-2002-0085 - lynx-ssl

2002-12-19 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0085 Package name: lynx-ssl Summary: HTTP headers injection Date: 2002-12-19 Affected versions: TSL 1

TSLSA-2002-0089 - wget

2002-12-19 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0089 Package name: wget Summary: directory traversal bug Date: 2002-12-19 Affected versions: TSL 1.5

Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd)

2002-12-19 Thread David Howe
at Thursday, December 19, 2002 12:31 AM, Dave Ahmad <[EMAIL PROTECTED]> was seen to say: > Solution: > For Winamp 2.81 users > We recommend either upgrading to Winamp 3.0 or redownloading Winamp > 2.81 (which has since been fixed) from: http://www.winamp.com Does anyone have a more direct URL or a

TSLSA-2002-0086 - mysql

2002-12-19 Thread Trustix Secure Linux Advisor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0086 Package name: mysql Summary: Multiple issues Date: 2002-12-19 Affected versions: TSL 1.5 -

Re: Directory traversal vulnerabilities in several archivers processing.tar

2002-12-19 Thread Stephen Samuel
It's not always obvious that an archive shouldn't be trusted -- for example, the breakins at the BSD and Sendmail sites. Trusting directory traversal strings (absolute paths and ../) should require an explicit request on the part of the user. Just because a user 'should' be wary of a trojan archiv

Re: Cisco IOS EIGRP Network DoS

2002-12-19 Thread Damir Rajnovic
-BEGIN PGP SIGNED MESSAGE- We can confirm the statement made by FX from Phenoelit in his message "Cisco IOS EIGRP Network DoS" posted on 2002-Dec-19. The EIGRP implementation in all versions of IOS is vulnerable to a denial of service if it receives a flood of neighbor announcements. EIG

Multiple vulnerability in Enceladus Server

2002-12-19 Thread securma massine
hi Enceladus Server Suite is an Internet/Intranet lightweight Web and FTP Server for Windows, the version 3.9 according to mollensoft "Includes a fix to the directory traversal vulnerability... ( This is a CRITICAL SECURITY UPDATE)" http://www.mollensoft.com/ I found several vulnerability critical

Openwebmail 1.71 remote root compromise

2002-12-19 Thread Dmitry Guyvoronsky
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Security Advisory 12.18.02 Software : Openwebmail (http://openwebmail.org) Version : ?.?? -> 1.71 (current) Type : Arbitrary commands execution Remote : yes Root : yes (!!!) Date : December 18, 2002 I. BACKGROUND Openwebmail is a web-

WAnewsletter (PHP)

2002-12-19 Thread Frog Man
Informations : °° Website : http://www.phpcodeur.net Versions : 2.0beta -> 2.1.0 Problem : Include file PHP Code/Location : °°° newsletter.php 2.1beta -> 2.1.0 : if( !empty($HTTP_POST_VARS['action']) ) { $action =

[CLA-2002:556] Conectiva Linux Security Announcement - openldap

2002-12-19 Thread secure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : openldap SUMMARY : Several vulnerabilities D

[SECURITY] [DSA 213-1] New libpng packages fix buffer overflow

2002-12-19 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 213-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 19th, 2002

RE: Missing admin sql password in Okena StormWatch

2002-12-19 Thread Marcus Gavel
Background: StormWatch is a security product that uses a central database to hold security configuration information that is used to control a number of security agents. In the text below, the server refers to the StormWatch central database server. The issue reported in the bugtraq message "Mi