Georgi Guninski security advisory #4, 2000
IE 5 security vulnerablity - circumventing Cross-frame security policy
and accessing the DOM of "old" documents.
Disclaimer:
The opinions expressed in this advisory and program are my own and not
of any company.
The usual standard disclaimer applies,
[Hackerslab bug_paper] Solaris chkperm buffer overflow
[Hackerslab:/users/loveyou/buf]$ chkperm -n `perl -e 'print "x" x 200'`
Segmentation fault (core dumped)
it is recommended that the suid bit is
removed from chkperm using command :
chmod 400 /usr/vmsys/bin/chkperm
Hrm, yeah, I found
(Some of you may have seen this already... Yesterday was the official
release. Steve)
http://www.noncon.org/noncon/pc-1.1-dist.zip
Noncon Releases PalmCrack®, the Password Testing Tool for
the PalmComputing Platform®
Internet - January 5, 2000 - Noncon has released PalmCrack,
the password
The following patch, built upon code and suggestions submitted by
Henrik Edlund, Henrik Nordstrom, and Andrew Brown, is intended to render
safe the config file requires, in the seven scripts which use them, in
the Majordomo 1.94.4 home directory. It also incorporates Todd Miller's
patch of
Hello,
There seem to be a number of security holes in Phorum 3.0.7, a popular web
forum software based on php3 and SQL. JFs of !Hispahack documented
several security flaws in his writeup at:
http://hispahack.ccc.de/en/mi020.htm
Exploits described include changing the master password for the
In some mail from "±è¿ëÁØ KimYongJun (99Á¹¾÷)", sie said:
[Hackerslab bug_paper] Solaris chkperm buffer overflow
File : /usr/vmsys/bin/chkperm
SYSTEM : Solaris 2.x
How amusing.
On of my Solaris7 box's (incidently was pre-installed by Sun) doesn't
appear to have SUNWfac installed.
On Wed, 5 Jan 2000 11:37:49 +0100, Henri Torgemane wrote:
What could be useful would be a tag working like
blockscript key=randompieceofdata
/blockscript key=samepieceofdata
This would just try to fix one of the symptoms. Something more
fundamentally
is wrong: Data and executable code do not
* Nick FitzGerald ([EMAIL PROTECTED]) [01/05/00 12:14]:
This means that stealing of tree.dat not only allows the thief access
via CuteFTP to any 'secrets' that may be recorded in that file, but
they can also be easily decoded for other uses. The v3.x releases of
CuteFTP store this data in
Nick Phillips wrote:
Interestingly enough, when I just read Edwin Gonzalez' message (re: JS
and Hotmail) in
Messenger 4.5 (the most recent available version under Debian "slink"),
I got a
Javascript alert box appear.
This despite the fact that according to my preferences, javascript is
This is expected behavior.
JavaScript can be inserted almost anywhere, and this is a good thing. As
Henrik Nordstrom pointed out earlier, JavaScript might be used in this
particular instance to calculate the URL of the image tag.
The point of JavaScript is to add interactive functionality to
My post yesterday seems to have died during moderation.
This happened to my last 2 incidentally - both looked worthwhile to me.
Olaf Kirch:
That's not true for setuid processes. You're allowed to signal a process
if _either_ the effective or the real uid match. Try running passwd in
one
I tested this vulnerability on a Win2k Professional machine(AKA Windows NT
WS 2000) running the currently downloadable version of Communicator 4.7 and
found it to be vulnerable. After executing the test hyperlink on
beavuh.org's page on my client machine, I was able telnet to a remote shell
on
[...] the numerous other ways root can subvert the running kernel ---
or, equivalently, all running processes (e.g. with ptrace).
Subverting the kernel is not equivalent to subverting any/all running
processes; the former is significantly stronger than the latter. As a
simple example, if you
Stack Shield 0.7 beta has been relased.
Several bugs have been fixed and the optimization support has been hadded.
Also a new protection method has been added.
http://www.angelfire.com/sk/stackshield
[EMAIL PROTECTED]
Vendicator
P.S. Thanks to Aleph One for Phrack 49-14 'Smashing the Stack
Try the link below for more info on the apparently factual WebTV Exploit:
http://net4tv.com/voice/story.cfm?StoryID=1823
-Original Message-
From: Dale E. Chulhan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 04, 2000 4:07 PM
To: [EMAIL PROTECTED]
Subject: The WebTV Email Exploit
On Mon, 3 Jan 2000, Olaf Kirch wrote:
when you're dealing with files in /tmp that are supposed to be re-opened
(rather than opened once and then discarded) there's an established
way to do it which goes like this:
The problem lies in the premises: these files should not be stored in
/tmp. If
On Wed, 5 Jan 2000, Metal Hurlant wrote:
Things are a bit more complicated than that:
- javascript code can be placed in a growing number of optional tag parameters
(like onmouseover, onload, etc..). The only way to block those is to keep an
extensive and up-to-date list of every possible
-
Red Hat, Inc. Security Advisory
Synopsis: New lpr packages available
Advisory ID:RHSA-2000:002-01
Issue date: 2000-01-07
Updated on: 2000-01-07
18 matches
Mail list logo