Please, check http://www.openssh.com/security.html for a full summary of
security related issues in OpenSSH.
OpenBSD Security Advisory
February 8, 2001
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-027-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 8, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-028-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 9, 2001
- -
From: [EMAIL PROTECTED]
Date: Tue, 6 Feb 2001 02:31:40 -0800
. . .
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
Detail
Remote vulnerability in SSH daemon crc32 compensation attack detector
---
Issue date: 8 February 2001
Author: Michal Zalewski <[EMAIL PROTECTED]>
Contact: Scott Blake <[EMAIL PROTECTED]>
CVE: CAN-2001-0144
Topic:
Remotely e
CORE SDI
http://www.core-sdi.com
SSH1 CRC-32 compensation attack detector vulnerability
Date Published: 2001-02-08
Advisory ID: CORE-20010207
Bugtraq ID: 2347
CVE CAN: CAN-2001-0144
Title: SSH1 CRC-32
---
Immunix OS Security Advisory
Packages updated: kernel
Effected products: Immunix OS 6.2 and 7.0-beta
Bugs Fixed: immunix/1324
Date: February 8, 2001
Advisory ID:IM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : proftpd
SUMMARY : Denial of Service
DATE
___
TurboLinux Security Announcement
Vulnerable Packages: slocate-2.3-1 and earlier
Date: 02/02/2001 5:00 PDT
Affected TurboLinux versions:TL 6.1 WorkStation,
TurboLinux Security Announcement
Vulnerable Packages: netscape-communicator 4.75-1 and earlier
Date: 02/05/2001 5:00 PDT
Affected TurboLinux versions:T
Avro Nelson wrote:
> The problem exists in the Slackware x86 7.1.0 Distro as well.
> >On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Ku¼niar wrote:
> >> The same problem in most (all?) distributions is with m4 - GNU macro
> >> processor code, when trying use -G option:
> >>
> >> mezon@beata:
In message <073f01c09136$ddc04240$2e58a8c0@ffornicario>, =?iso-8859-1?Q?Iv=E1n_
Arce?= writes:
> OpenSSH
> The vulnerability is present in OpenSSH up to version 2.3.0,
> although it is not possible to exploit it due to limits imposed
> on the number of simultaneous connections the server is al
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:security problems in ptrace and sysctl
Advisory number:CSSA-2001-009.0
Issue da
Hi,
After two days of recieving comments on my original posting and doing some
testing, here's a summary:
* The 'bug' seems to manifest itself randomly. Named on my machine crashes
maybe 1 in 5 tries. This might explain why relatively few people were able to
reproduce it.
* Running nmap without
It seems I should have been in a bit less of a rush and dug a bit
deeper into this problem.
BIND-9.1.0 is not entirely to blame for the crash it suffers on some
systems when probed in some circumstances by nmap.
I wish to thank ISC and especially Andreas Gustafsson for their quick
response to my
For those of you keeping score, here are the (very unscientific) tallied
repro reports so far on this issue:
OS Yes No
BSDi 4.01
BSD/OS 4.1 1
BSD/OS 4.2 1
Debian 2.2 3
FreeBSD 2.26
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VERSIONS AFFECTED
Internet Explorer 5.0 on the Macintosh and 4.0 on Windows both
have the problem. IE 5 on Windows did not seem vulnerable, however
it also didn't display the test image correctly, so there may still be issues.
SUMMARY
First. Intern
BindView Security Advisory
Local promotion vulnerability in NT4's NTLM Security Support Provider
Issue Date: February 7, 2001
Contact: [EMAIL PROTECTED]
Topic:
Local promotion vulnerability in NT4's NTLM Security Support Provider
Overview:
Due to a flaw in the NTLM Security Support P
Just a small correction to the advisory just released:
> http://www.core-sdi.com/bid/1949
> http://www.core-sdi.com/bid/1426
> http://www.core-sdi.com/bid/1323
> http://www.core-sdi.com/bid/1006
> http://www.core-sdi.com/bid/843
> http://www.core-sdi.com/bid/660
>
should be:
http://www.
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:22 Security Advisory
FreeBSD, Inc.
Topic: dc20ctrl por
The problem exists in the Slackware x86 7.1.0 Distro as well.
>On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Ku¼niar wrote:
>> The same problem in most (all?) distributions is with m4 - GNU macro
>> processor code, when trying use -G option:
>>
>> mezon@beata:~$ m4 -G %x%x%x%x
>> m4: 40012a
=?iso-8859-1?Q?Iv=E1n_Arce?= <[EMAIL PROTECTED]> writes:
> Solution/Vendor Information/Workaround:
[...]
> SSH.com
> ssh-1 up to version 1.2.31 is vulnerable.
> The official response from SSH.com follows:
>
> -SSH1 is deprecated and SSH.com does not support it
>anymore, the official res
-- Forwarded message --
From: Microsoft Product Security <[EMAIL PROTECTED]>
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
23 matches
Mail list logo