Regarding this vulnerability:
The problem seems to exist with all versions of lotus 5.04 and up and even
has been confirmed on 4.6.7 (the latest r4 release)
In a standard windows installation situation the url mentioned by George
Guninski will result in the contents of win.ini being displayed,
-- Forwarded message --
Date: Tue, 9 Jan 2001 03:53:04 -0800 (PST)
From: IT Resource Center [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
The staff at cgisecurity.com have found a security issue with a
forum script that is widley used.
Below is the advisory along with the vendor patch.
-zenomorph
[Cgi Security Advisory #3.1]
[EMAIL PROTECTED]
Hello,
I fail to understand why these vulnerabilities are NOT
exploitable, could you elaborate a bit on that?
-ivan
- Original Message -
From: "Przemyslaw Frasunek" [EMAIL PROTECTED]
Newsgroups: core.lists.bugtraq
To: [EMAIL PROTECTED]
Sent: Monday, January 08, 2001 4:12 PM
Subject:
NSFOCUS Security Advisory(SA2001-01)
Topic: NetScreen Firewall WebUI Buffer Overflow vulnerability
Release Date£º Jan 9th, 2001
CVE Candidate Numbers: CAN-2001-0007
Affected system:
ScreenOS release 1.73r1 on the NetScreen-1000
ScreenOS release 2.01r6 on the
This was mentioned to Audiogalaxy several months ago, after a long
converstation via email it was noted that a problem did exist and something
*might* be done to fix it. Seems they have gone with our suggestion and fixed
it.
1. What is Audiogalaxy.com?
Audiogalaxy.com is a website devoted to
Georgi Guninski security advisory #34, 2001
Oracle XSQL servlet and xml-stylesheet allow executing java on the web server
Systems affected:
Oracle XSQL servlet, installed by default Oracle 8.1.7 Windows 2000installation,
probably other versions/platforms are affected because the servlet is
Hi all,
Today our Domino administrator (Robert Turnsek) and I spent some time trying to make the recent Domino vulnerability disappear. This is what we came up with.
Domino Server 5.0.5
- Open the Administration Client
- Select the server you want to administer
- Configuration tab / Server
Further information on this issue:
1) This issue has been reproduced on several versions of domino prior to 5.0.5
2) My testing has failed to reproduce this issue on Linux and OS/400 (AS/400)
3) To secure your boxes create 3 file protection documents for each server granting no access to the
I don't actually consider this to be a problem. This is how some network
IDSes are able to work (RealSecure for one) and can avoid all risk of IP
based attacks (since there's no ipaddr on the if).
But, the interfaces are able to found, you just need to look for the MAC
address and not the IP.
Well, as Lotus haven't released a fix for the *confirmed* bug, we
get a workaround. Adding the following line:
map */../* /something.nsf
at httpd.conf, seems to handle the bug. You should notice that
EVERYTHING using ../ links will stop working too, including the bug !
Zorgan,
Maybe I am missing the point, but how is making a non-setuid client
application crash a vulnerability? Most Linux distro's before the summer of
2000 had the same problem, yet it never became a security issue. I could
understand if the app was being called by a privileged application
It was never stated you could use audlinks to gain root through
rsh/rlogin.
in my post I said you could use it to clobber (overwrite to clarify
because obviously I have to)
audlinks like many programs doesn't fstat the file it opens with O_RDWR
access properly.
As far as this posing a threat
* nealk [EMAIL PROTECTED] [010109 10:41] wrote:
I think I have stumbled across a new category of distributed denial
of service (DDoS). (If this is old news, I'm sure I'll be corrected;
it's new to me.)
Traditional DDoS have the follow flow:
- A host (or few hosts) controls a large number
On Tue, 9 Jan 2001, nealk wrote:
Alternate (New) DDoS model:
- Server 'A' directly prevents all clients from accessing server 'B'.
I don't see how this is particularly "distributed".
Let's say that someone placed a corrupt Flash (SWF) file on a web server.
All clients that access the web
Thanks to Ninke Westra for testing
this...
The same problem as in my previous post exists in
this case
If you append a phoney directory to the url
passed on to the webserver the exploit will still work, however you have to back
out an extra time.
example url:
On Tue, 9 Jan 2001 [EMAIL PROTECTED] wrote:
Note- I have not checked the Linux version for any problems, if someone gets
to it before I do pleae let me know.
The Linux version has this problem and it has not been fixed. The .6 series
of the program has not been released for Linux as of yet
Hello Bugtraq:
Not so much time ago a ProFTPd remote vulnerability was released:
" ProFTPd has memory leakage bug when it executes the SIZE FTP command. By
calling the FTP command SIZE 5000 times it possible to cause ProFTPd to
consume over 300kB of memory. Exploiting this bug
Pablo Sor wrote:
The /usr/lib/exrecover contains a buffer overflow
(this command is suid in Solaris 2.4/5/6)
Starting with Solaris 7 exrecover is no longer installed setuid root.
It is safe to change the exrecover permissions to 0555 on all other
releases since it doesn't need elevated
Clarification to the remote execution versus remote file reading portion of
the advisory:
1) Very old versions of bbs_forum.cgi suffered from ability to execute
commands through lack of input handling.
This was fixed several years ago two-fold: (1) adding taint mode and (2)
tightening perl's
Hello,
While its true if a user got a hold of your
password they could send you mp3 files - or at
least files with an mp3 extension. The satellite
will only name files with a .temp or .mp3
extension. Even if the filename is really an
executable it will have a .mp3 extension. To
-BEGIN PGP SIGNED MESSAGE-
Summercon 2001
The Grand Hotel Krasnapolsky
01-03 June 2001
Amsterdam, NL
This year's Summercon will be quite different from those of years
past. For the first time ever the conference will be outside of the
United States with this years venue being the
We are still investigating, but there seems to be a major security problem
in at least some versions of reiserfs. Since reiserfs is shipped with
newer versions of SuSE Linux and the problem is too easy to reproduce and
VERY dangerous I think alerting people to this problem is in order.
We have
Hi
Marc Lehmann wrote:
We are still investigating, but there seems to be a major security problem
in at least some versions of reiserfs. Since reiserfs is shipped with
newer versions of SuSE Linux and the problem is too easy to reproduce and
VERY dangerous I think alerting people to this
I can't reproduce this.
[root@vaio /root]# mkdir "$(perl -e 'print "x" x 768')"
[root@vaio /root]# ls
25 matches
Mail list logo