-
ImmuniX OS Security Alert
Synopsis: StackGuard vulnerability found & fixed
Advisory ID:Immunix-1999:01
Issue date: 1999-11-09
Updated on: 1999-11-09
Key
Title: Re: BigIP - bigconf.cgi holes
Guy Cohen wrote:
| The html interface basicly operates one program, bigconf.cgi, witch is
| installed suid root. I have not spend much time learning how to exploit this
| program, but from the bits I did, I was able to look at _any_ file
| on the system
TrendMicro has released a fix to the buffer overflow vulnerability in
VirusWall:
http://download.antivirus.com/ftp/products/patches/isvw331_patch.zip
--
Elias Levy
Security Focus
http://www.securityfocus.com/
On Mon, 8 Nov 1999, Brock Tellier wrote:
> In preparing for this advisory release, I checked for "seyon" vulnerabilities
> in the bugtraq archives. I found that the exploit I had developed had already
> been discussed in May 1997. However, this does not change the fact that the
> current versio
*This message was transferred with a trial version of CommuniGate(tm) Pro*
-
Red Hat, Inc. Security Advisory
Synopsis: new initscripts packages available (/tmp race)
Advisory ID:RHSA-1
Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability
PROBLEM
UssrLabs found a Remote DoS Attack in TransSoft's Broker Ftp Server v3.5,
the buffer overflow is caused by a long user name 2730 characters.
If TransSoft's Broker Server is running as a service the service will start
Some months ago I began using the crypt-pw Auth Scheme with my
Internic/Network Solutions NIC handle because forging mail to
ineternic.net is just too easy and I don't want my domains messed with.
On Sep 21, 1999 I notified [EMAIL PROTECTED] that when doing
domain updates with Auth Scheme Crypt-P
Just wanted to point out - this is specific to the modifications that
Cobalt has made to cgiwrap for their server's structure. It is not an
issue with the regular version of cgiwrap.
I don't completely understand all of their changes, but they have added
a bunch of code to how cgiwrap detects wha
Well, my version in C did not work out well, so here is the TCL version.
Usage:
./netscape-test.tcl -i
or edit the file "check_hosts" add your own hosts to check in a list
then..
./netscape-test.tcl
and it will check the entire list. Output is to STDIN...
/Nicholas W. Blasgen
Refract,
Hello,
For those of you who don't know what is BigIP, it is a software
developed by F5 labs to handle incoming traffic and redirect
it to a server with in a group of servers.
It is installed on BSDI system (maybe other too). Once it is has been
installed you can configure it either by using a com
I'd just like to confirm that the information Mark provided is correct for
outlook 2000 too.
> -Original Message-
> From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of Mark
> Sent: 08 November 1999 21:37
> To: [EMAIL PROTECTED]
> Subject: Re: MS Outlook alert : Cuartango Active Setu
Hello!
It was surprise for me - Windows allow to open the file
with name "wwwroot\--\..\..\conf\Eserv.ini"
when folder "--" not exists. Seems this is Windows bug, not my,
but I forced to fix Eserv. (Already fixed in the Eserv build 2841)
Thank you again!
- Original Message -
From: Ussr La
Hello
The popular Image viewer "Irfan View32" contains the buffer overflow
problem, this problem exists in the handling of Adobe Photoshop image
file. Irfan view checks the image type by the image header, if "8BPS"
pattern is found in the header, Irfan view judges this file as Photo
Shop image.
Hi,
this is voice of lam3rZ (.pl)
-- Introduction -
After reading lcamtuf's posts I decided write this one. Few months ago one
of my friends - digit - found bug in linux nfsd daemon. I made example
sploit about IV 1999. Now in distributions is new nfsd and nowhere was
information about security
Greetings,
In preparing for this advisory release, I checked for "seyon" vulnerabilities
in the bugtraq archives. I found that the exploit I had developed had already
been discussed in May 1997. However, this does not change the fact that the
current version of FreeBSD still ships a vulnerable
Hello
Microsoft Internet Explorer 4/5 overflows when the handling of
"file://" specification. This overflow occurs when we are logging on to
the Microsft Network, this overflow can be verified if the long name is
specfied to the "file://". For example,
file://test/ (long 'A')
Th
Marc Slemko writes:
> Note that the following is a valid SSI:
>
>
>
> Apache does "reject" invalid SSIs, but does not validate that a
> SSI is valid before it begins processing it so the rejection only
> happens after it has been partially processed. ...
Understandable. And, of cour
As far as I understand: this security hole will work when user double-click
an supposedly innocent attachment, expecting that some well-known program
(e.g. notepad.exe) will open it, is it right? So it will work only when user
is opening an attachement, am I right?
Now I'm trying to imagine simil
Ben Laurie wrote:
>
> [Snippage has occurred]
>
> Blue Boar wrote:
> > The format of the SSI command entered is as follows:
> >
> >
> >
> > In my testing with the most recent Apache at the time (1.3.9) I found it
> > took any of the following:
> >
> >
> >
19 matches
Mail list logo