---
Immunix OS Security Advisory
Packages updated: sysklogd
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed: immunix/1623
Date: Thu Jun 14 2001
Advisory ID:
---
Immunix OS Security Advisory
Packages updated: fetchmail
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed: immunix/1618
Date: Wed Jun 13 2001
Advisory ID:
I was a brave soul and did install it (rev3). I figured the third time may
be a charm (I never installed the first 2 mind you, just lucky I guess being
too busy to install the first 2 the second they came out).
It seems to be ok, even though on the reboot it took a "scary" amount of
time to come
On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> OpenBSD 2.9,2.8
> Have not tested on other OSes but they may be vulnerable
FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id
privileges before allowing detach.
--
* Fido: 2:480/124 ** WWW: http://www.frasun
Dear bugtraq readers,
The JavaScript code posted before raised a lot of questions. Below
you'll find some answers.
Q: Does the page have to get a visitor to click a link for the script
to run ?
A: Script can be started like all the scripts (just insert it into
html and that's all).
Matt Watchinski wrote:
> # Name: Apache Artificially Long Slash Path Directory Listing Exploit
> # Author: Matt Watchinski
> # Ref: SecurityFocus BID 2503
> #
> # Affects: Apache 1.3.17 and below
Doh! From apache 1.3.x CHANGES file:
Changes with Apache 1.3.18 [not released]
*) SECURITY: The d
John Hanks wrote:
>
> Does anyone know if a third version is in the works or if I should keep
> trying to make the second version work on my machines?
MS just released version 3 of that Security Bulletin, with a 3rd "official"
version of the patch for W2K. Again, the URL for the bulletin is h
Microsoft has just released another updated version of this patch.
According to the bulletin
(http://www.microsoft.com/technet/security/bulletin/MS01-030.asp), they
discovered that some outdated files were inadvertantly placed in the first
updated patch, and this patch fixes that problem.
We
Personal Web Server Users,
I assembled an effective patch for the UNICODE directory traversal
vulnerability issue in Microsoft Personal Web Server 4.0 for Windows 95/98,
which was noted previously on this list. It can be downloaded at:
http://www.geocities.com/p_w_server/pws_patch/index.htm
This exploit shows how almost any script that uses cookie session/login data
to validate CGI forms can be exploited if the users can post images.
One of our developers, Chris 'stallion' Lambert ( [EMAIL PROTECTED] ),
discovered this exploit in a routine internal security audit.
Allowing users to
-BEGIN PGP SIGNED MESSAGE-
Cisco Security Advisory: Cisco 6400 NRP2 Telnet Vulnerability
==
Revision 1.0
For Public Release 2001 June 14 at 1500 UTC
-
Product:BestCrypt for Linux
Vendor: Jetico (http://www.jetico.com)
Problem:Stack overflow
Affected
versions: 0.6-x -> 0.8-1 (and possibly older versions)
Fixed
version:0.8-2 is available from the Jetico website.
Advisory
author:
Georgi Guninski security advisory #47, 2001
OpenBSD 2.9,2.8 local root compromise
Systems affected:
OpenBSD 2.9,2.8
Have not tested on other OSes but they may be vulnerable
Risk: High
Date: 14 June 2001
Legal Notice:
This Advisory is Copyright (c) 2001 Georgi Guninski.
You may distribute it u
13 matches
Mail list logo