On 16.05.01 at 14:41, Peter Bierman <[EMAIL PROTECTED]> wrote:
>At 12:30 PM +0200 5/15/01, Terje Bless wrote:
>>Since Apple *still* aren't reading Bugtraq [...]
>
>I might not read every message on Bugtraq (who can?) but I skim the
>subjects looking for Mac OS X topics. And I doubt I'm the only M
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated Kerberos 5 packages available
Advisory ID: RHSA-2001:060-04
Issue date:2001-04-26
Updated on:2001-05-16
Product:
At 12:30 PM +0200 5/15/01, Terje Bless wrote:
>On 10.05.01 at 07:32, Jass Seljamaa <[EMAIL PROTECTED]> wrote:
>
>>Personal Web Sharing Remote Stop.
>>[...]
>>Solution: Nothing. Vendor not contacted, I\'m sure he\'s aware of that.
>
>Since Apple *still* aren't reading Bugtraq I'm going to report th
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated gnupg packages available
Advisory ID: RHSA-2001:063-02
Issue date:2001-05-02
Updated on:2001-05-16
Product: R
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
- --
Device(s) tested:
Logitech wireless desktop (mouse, keyboard, receiver)
These devices transfer data wireless via RF, this set uses
CB-band-frequencies at about 27MHz.
The syncronisation between the wireless devices is initiated by pressing
a connect-button on the receiver and then on the wireless
On 16.05.01 at 10:01, Ron Trenka <[EMAIL PROTECTED]> wrote:
>>BTW, if anyone has contacts at Apple _please_ bug them about starting to
>>take security seriously! It looks like the last update to Mac OS X
>>(10.0.3) was to close the recent glob hole, but it isn't mentioned in the
>>release notes.
Ya! I did that!
I used the .asp file to upload and execute the nc file and to get the system
permissions.
If you need some instructions to do that, send it to the list.
Adriano Dias
Proteus Security Systems
-Original Message-
From: e-Security Chap [mailto:[EMAIL PROTECTED]]
Sent: Tuesda
I have tested this on patched and unpatched IIS 4 & 5 servers and have found
some strange results also. Several recently patched IIS5 servers that I
tested are not vulnerable to the Unicode bug (as would be expected), but are
vulnerable to this one. Similarly with patched IIS4 servers I have tri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remote Desktop 3.0 and previous DoS
Affected:
Win95/95/ME running Mcafee Remote Desktop 3.0 and below
Problem:
possible for remote attacker to crash Remote Desktop session. in some
cases crashing the remote desktop agent.
Desc:
Remote desktop agen
Hi,
The info posted to get man to seg fault is slightly incorrect. You
need to supply some text as the name of a man page - otherwise man will
reject all input. The number of :'s is irrelevat too - one is enough.
man -S : blah
will cause a seg fault. This has been confirmed on debian 2.2
>
> BTW, if anyone has contacts at Apple _please_ bug them about starting to
> take security seriously! It looks like the last update to Mac OS X (10.0.3)
> was to close the recent glob hole, but it isn't mentioned in the release
> notes. Just some vague "security related fixes".
That was part o
Simple perl script for checking FTP servers for the DoS issue covered in
MS01-026.
Nelson Bunker, CISSP
Critical Watch
http://www.criticalwatch.com
Enlightenment, Empowerment, Answers T
wildcard_dos.pl
The vendor DCScripts.com has already issued a patch
for this vulnerability. Please see
http://www.dcscripts.com/dcforum/dcfNews/167.html
David S. Choi
DCScripts
>
> DCForum Password File Manipulation Vulnerability
> qDefense Advisory Number QDAV-5-2000-2
>
> Product: DCForum
>
> Vendor: D.
Hi.
another port in perl in:
http://www.knelo.com/~aramos/perl/iisrules.tgz
$ gzip -dc iisrules.tgz | tar -xvf -
iisrules.exe
iisrules.pl
--
A. Ramos mailto:[EMAIL PROTECTED]
"Existen dos productos importantes que salieron de Berkeley:
LSD y UNIX. No creemos que esto sea una coincidencia."
This may be obvious, but even if a server is not accessible to the
internet, you can exploit it via email. All you need is the following
information:
> 1 - an email address on their network. It must be one that someone will
> read, and the person must be using a reader that renders html m
Summary of responses in this thread:
From: PJ <[EMAIL PROTECTED]>
Doesn't work on Slackware 7.1
This is the result:
elvander:~$ man -S `perl -e 'print ":" x 100'`
What manual page do you want?
elvander:~$
From: Alvin Oga <[EMAIL PROTECTED]>
i have many patched rh-7.0 ( patched available on
I won't call it an exploit. Just a vulnerability-check tool.
But nothing blocks you to use it as an exploit ;) .
http://www.unsekure.com.br/labs/jmscan-1.1.tar.gz
Currently check this vulns:
"Microsoft IIS CGI Filename Decode Error Vulnerability"
"Microsoft IIS Extended Unicode Directory Traver
A few remarks,
The following topics tackles some comments being made through private
e-mail. Just clarification.
NOT UNICODE - This is not 100% unicode we are talking about. This is
the vulnerability as discovered by NSFOCUS Security
Advisory(SA2001-02). This has been documented by Microsoft
On Tue, May 15, 2001 at 02:15:45PM +0100, Andrew Hilborne ([EMAIL PROTECTED])
wrote:
> >
> > (At least not if you /var/mail directory has the standard 1777 permissions)
> >
> > By forcing a file permission of 600 on mailboxes, group mail should not
> > gain you anything.
>
> Just how do you fo
That root.exe sploit is actually the Solaris sadmind/ IIS Unicode worm.
I've been on several incident responses at client sites and have seen it.
It zombifies a Solaris box using the sadmind exploit (shame on them) and
then scans a range of addresses for IIS b0x3n that are vulnerable to the
Unicod
Hi ,
I have included a perl exploit for IIS4/5 CGI decode
hole , just published at bugtraq,
First detects vulnerable servers and if detectable,
You just enter the commands and it executes them for
you remotely,you can also creat new files remotely,
and use them for ftp or other commands,
Regards,
hi folks,
its just another expected iis bug. did anybody tried out the chance of
elevating privileges. i have tried the same techniques as in the iis unicode
bug, however i could not.
any known ways to do that?
regards
Get f
Hi,
I spotted the same behaviour on my win2k + IIS 5.0 installation. When I
installed the unicode patch this problem disappeared. Hence why I did not
publish this. Maybe other people can reproduce this as well?
another one that works is %252f.
%255c and %252f (slash and backslash) worked before
Andrew Hilborne <[EMAIL PROTECTED]> wrote on
Tue, 15 May 2001 14:15:45 +0100:
> Just how do you force 0600 on mailboxes which don't exist (many MUAs
> remove empty mailboxes?)
>
> Since you cannot easily do this, at the very least a malicious user
> should be able to steal other users' mail. I th
I am trying to post this again.
-Original Message-
From: Ofir Arkin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 7:12 PM
To: Bugtraq List
Subject: Fingerprinting Linux Kernel 2.4.x based machines using ICMP
While playing with Linux Kernel 2.4.2, I have encounter a rather sim
Hi Folks!
Here is a short Shell-Script for testing of the latest IIS-escape
vulnerability.
Cheers
Leif
#!/bin/sh
# Copyright 2001 by Leif Jakob <[EMAIL PROTECTED]>
#
# do not abuse this code... blah blah :)
if [ -z "$1" ] ; then
echo "usage:"
echo "$0 hostname"
exit 1
fi
host=
The attached UXE file, for use with TWWSCAN/TUXE Expert Scanner (available
from: http://search.iland.co.kr) will scan IIS 4 and 5 servers for the old
Unicode vulnerability and the new Filename Decode Error vulnerability.
Usage: tuxe target_server port iisuc.uxe
Cheers
d0gman
___
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
>Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default
>package) and earlier.
>=
>Heap Based Overflow of man via -S option
On 10.05.01 at 07:32, Jass Seljamaa <[EMAIL PROTECTED]> wrote:
>Personal Web Sharing Remote Stop.
>[...]
>Solution: Nothing. Vendor not contacted, I\'m sure he\'s aware of that.
Since Apple *still* aren't reading Bugtraq I'm going to report this to
their bug tracking system. I'll refer them to y
Hello,
Seems that this mail has been lost again.
Gaus
==
My previous mail seems to be lost due to the mail server problems
so here is the response again.
In response to this mail sent by bashis on Bugtraq:
At 19:57 03/05/2001 +0200, bashis wrote:
>I was playing with Cisco'
Hi,
We tested various settings in our lab, with
different encoding combinations, executable directories,
and Win32 configurations.
Curiously, not all combinations worked quite the same
way on Windows 2000 Server and Professional (even discounting
the fact that certain directories exist in one an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux-Mandrake Security Update Advisory
Package name: pine
Date:
This is the fixed iis exploit
^^^- iisex.c starts here---
/* IISEX by HuXfLuX <[EMAIL PROTECTED]>. IIS CGI File Decode Bug
exploit. Written 16-05-2001.
Compiles on Linux, works with IIS versions 3, 4 and 5. Microsoft's
products were always
famous for their backward com
iPlanet Netscape Enterprise Web Publisher Buffer Overflow
Release Date:
May 11, 2001
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Netscape Enterprise 4.1 and prior versions.
Description:
The Web Publisher feature in Netscape Enterprise 4.1 is vulnerable to a
buffer o
Strumpf Noir Society Advisories
! Public release !
<--#
-= OmniHTTPd Pro Denial of Service Vulnerability =-
Release date: Tuesday, May 15, 2001
Introduction:
OmniHTTPd Pro is a powerful all-purpose industry compliant web
server built specifically for the Windows 9x and NT platforms.
OmniH
-- Corsaire Limited Security Advisory --
Title: Symantec/Axent NetProwler 3.5.x database configuration
Date: 07.04.01
Application: Symantec/Axent NetProwler 3.5.x
Environment: WinNT
Author: Martin O'Neal [[EMAIL PROTECTED]]
Audience: General distribution
-- Scope --
The aim of this document i
This buffer overflow exploit is effective against the 3Com OfficeConnect
Remote 840 SDSL router, as well. NorthPoint Communications (and probably
other ISPs) resold this router in some areas of the U.S.
When I tested it, the router ceased to function and its LEDs began
flashing, but it did not a
[ On Tuesday, May 15, 2001 at 13:46:23 (+0200), Johann Klasek wrote: ]
> Subject: Re: Solaris /usr/bin/mailx exploit (SPARC)
>
> To correct slightly the picture of a set-gid mail environment:
>
> set-gid has nothing to do with writing the inbox. It was in old days
> (without todays 1000 permissi
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:cron-3.0.1-296
Announcement-ID:SuSE-SA:2001:17 (resent)
Date:
sAvAte inc.
Serial Savate System
<[( advisory )]>---<[(
xxx2.adv.en
Program: PHPSLASH
Homepage: http://www.phpslash.org
Author Contacted: 15/apr/2001
Answer: 16/apr/2001 (ajayro
Device:
Allied Telesyn AT-AR220e, Firmware 1.08a RC14, combined DSL/Cable-Router, NAT,
Firewall, HTML-Config
This Device is equipped with the function 'Virtual Server', which is a
portmapper WAN -> LAN.
The 'Virtual Server'-functionality can be disabled completely and single
portmappings can be di
I have attached two simple scripts which exploit vulnerabilities which exist
in the some versions of the Sendfile daemon, both allow a local attacker
to gain superuser privileges.
The bug exploited by sfdfwd.sh was supposed to have been fixed by the patches
provided in Debian Security Advisory
43 matches
Mail list logo