Sorry, forgot to add this in the comments at the top: the shellcode used
in the exploit is Cheez Whiz' setregid() shellcode for x86 Solaris.
Refer to:
http://www.securityfocus.com/data/vulnerabilities/exploits/arpexp.c
-da
-BEGIN PGP SIGNED MESSAGE-
Hi All,
Because this report makes some rather serious claims, and was sent to
BugTraq at the start of a holiday weekend, we've been treating it as
an urgent issue. We were concerned that, if the report were correct,
malicious users might attack web sites
"This is not a bug, is a feature..."
This is NOT realy a bug, but a misconfiguration that afect **EVERY** web
server that suports a script language (like PHP, ASP, Cold Fusion or
others).
Example: You have Apache with PHP and configure ONLY the .php extension to
be interpreted by the PHP engine;
Georgi Guninski security advisory #35, 2001
Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
Systems affected:
Windows Media Player 7 and IE
Risk: High
Date: 15 January 2001
Legal Notice:
This Advisory is Copyright (c) 2000 Georgi Guninski. You may distribute it
Simon Cozens [EMAIL PROTECTED] writes:
And a patch. Yeah, it's pretty obvious, but nobody's produced it yet.
Your patch doesn't include the HOSTALIASES fix (which is
security-related as well):
Index: sysdeps/generic/unsecvars.h
Brent Welch [EMAIL PROTECTED] asked that this message about the
exmh symlink problem be forwarded to Bugtraq.
Thanks,
Noel
RootPrompt.org -- Nothing but Unix
News and information for Unix Sysadmins
http://rootprompt.org/
rss/rdf file: http://www.rootprompt.org/rss/
Text Headlines:
When being warned by my firewall that some packet
contents may contain sensitive data when connecting
to Yahoo! servers with the popular, Yahoo! Instant
Messenger, I found to my amazement my username
and password combination where being sent to the
server in plain text.
This is performed to
Problems
=
[1] PHP supports a configuration mechanism that allows users to configure
PHP directives on a per-directory basis. Under Apache, this is usually
done using .htaccess files. Due to a bug in the Apache module version of
PHP, remote 'malicious users' might be able to create a
__
NtWaK0, SecurHack. Labs
Security Advisory 1-13-2001
DOSSING IIS 4 or IIS5 fully patched using GET /%0%0 HTTP/1.0
Dear, Bugtraq.
jaZip is a program for managing an Iomega Zip or Jaz drive.
It is often installed setuid root - and because of a buffer
overflow it is possible for regular users to become root.
Please excuse me if this was know. Please note that I can not
guarantee that this information is
Dan Harkless [EMAIL PROTECTED] writes:
Rainer Weikusat [EMAIL PROTECTED] writes:
Dan Harkless [EMAIL PROTECTED] writes:
Using this grammar applied to the data we send to an arbitrary host
piped to the ident/auth port will reveal the process owner running
on a given port, even
Hello.
Recently, one of my articles was posted to Bugtraq. This article
detailed a method of creating a "hidden sniffer" on a Sun box.
The article may be perused here:
http://www.cymru.com/~robt/Docs/Howto/Sun/sniffer-trick.txt
To alleviate the concerns some of you have shared, I have updated
Hello all,
I'm learning more and more about plugins.
I have recreated the write-overflow I found 6 months ago.
The affected plugins:
There are two primary sources for Flash plugins.
- Macromedia provides the official version. They are NOT affected by this
latest defect.
- Olivier Debon
---[ MasterSecuritY www.mastersecurity.fr ]---
[ Multiple vulnerabilities in splitvt ]-
--[ By fish stiqz [EMAIL PROTECTED] ]---
-[ And Michel "MaXX" Kaempf [EMAIL PROTECTED] ]--
--[ 0x00 -
Hi @ll,
it seems that the problem described below has not been discussed on
Bugtraq.
Problem description
---
Due to a various race conditions in the init level editing script
/sbin/rctab it is possible for any local user to overwrite any system's
file with arbitrary data. This
Hi all,
The problem I'm exposing is quite obvious, but unfortunatelly
can be used in a very simple way by script kiddies.
SYNOPSIS
It's possible to slowdown (a lot) connections between two
arbirary hosts (but at least one with the PMTU discovery enabled)
using some spoofed TCP/IP packet.
Matt Zimmerman wrote:
On Thu, Jan 11, 2001 at 01:42:52AM +0200, Ari Saastamoinen wrote:
On Wed, 10 Jan 2001, Pedro Margate wrote:
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
That
Stack Overflow in MSHTML.DLL
Systems affected:
Any program using MSHTML.DLL for HTML parsing (Internet Explorer,
Outlook/Outlook Express and other HTML-enabled emailreaders).
Reliably tested on IE4.0 and higher on any Windows system, with any servicepacks
and patches.
Older versions of
InterScan VirusWall - multiple vunerabilities
***SUMMARY***
Product: Interscan VirusWall for UNIX
Vendor: Trend Micro
Testing Platform: RedHat Linux 6.2
vunerable version: 3.0.1 3.6.x
non-vunerable versions: unknown
Vendor: Trend Micro
Issues: This advisory covers three separate issues
PDF version is available at http://www.synnergy.net/?dir=Papers/dethy
Advanced Host Detection
Techniques To Validate Host-Connectivity
whitepaper by dethy
[EMAIL PROTECTED]
Abstract
Security Engineers spend a tireless
[This message is being blind-copied to several email lists, in hopes
of reaching security incident handlers and computer intrusion
investigators who may wish to participate. Sorry if this causes
duplicates. If you know of another list with a similar constituency
that did not directly receive
Hello,
I am using Backup system from Veritas Software (http://www.veritas.com/)
and its Linux agent. That agent is listening TCP-socket (8192 in my
system) and if someone makes connection to that socket, but do not send
anything to it, the agent hangs forever, even if you close that
connection.
22 matches
Mail list logo