A buffer overflow exists in OpenSSH's sshd if sshd has been compiled
with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
has been enabled in the sshd_config file. Ticket and token passing
is not enabled by default.
1. Systems affected:
All Versions of OpenSSH compiled
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-02:23.stdio Security Advisory
The FreeBSD Project
Topic: insecure
- Forwarded message from Jennifer S. Granick [EMAIL PROTECTED] -
X-Sender: [EMAIL PROTECTED]
Date: Wed, 17 Apr 2002 10:05:27 -0800
To: [EMAIL PROTECTED]
From: Jennifer S. Granick [EMAIL PROTECTED]
Subject: STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to
Close Soon!
The
I was browsing last week's BUGTRAQ posts and found the thread on Snort,
fragrouter, and the supposed perils of NIDS evasion interesting. Not
because these were necessarily ground-breaking topics, but more because
I'm amazed that people consider NIDS evasion, well, news. Marty's comment
about
Slrnpull Buffer Overflow (-d parameter)
===
Author:
** Alex Hernandez [EMAIL PROTECTED]
** Thanks all the people from Spain and Argentina.
** Special Greets: White-B, Paco Spain, Gabriel M.
Thanks friends for all the research:
+ Solar Eclipse
psyBNC 2.3 DoS / bug
:: Description
psyBNC
(http://www.psychoid.lam3rz.de/psybnc.html) has a
problem
dealing with oversized passwords, making it possible
to tie up all
the connection slots and consume alot of CPU on the
server.
:: Exploit
Create a program to do the
Topic: insecure handling of stdio file descriptors
They didn't say so, but this work was obviously based on:
RCS file: /cvs/src/sys/kern/kern_exec.c,v
...
revision 1.20
date: 1998/07/02 08:53:04; author: deraadt; state: Exp; lines: +38 -1
for sugid procs ensure that fd 0-2 are
-BEGIN PGP SIGNED MESSAGE-
-
Pine Internet Security Advisory
-
Advisory ID : PINE-CERT-20020401
Authors : Joost Pol
Credits:Joost Pol [EMAIL PROTECTED]
Joost rules. And my apologies to Pine for always being late paying my bills.
Sorry :-)
This is a simple test, executing a setuid process with filedescriptor 2
closed, and then opening a file and seeing what fd it gets.
Linux 2.2.16RedHat AXP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Attached is advisory + local root exploit for screen 3.9.11.
Save yourself!
Love,
GOBBLES
Hush provide the worlds most secure, easy to use online applications - which solution
is right for you?
HushMail Secure Email http://www.hushmail.com/
AIM Remote File Transfer/Direct Connection
Vulnerability
I Discovered this vulnerability while I was port
scanning my brother(April 15th, 2002), he just
happened to send me a file and the port scan
connected and received the file instead of me... The
next day(April 16th, 2002) I
Target:
Philip Chinery's Guestbook 1.1 (maybee older versions?)
Vendor:
http://www.sector7g.de.vu
Notified Vendor:
Sure
Affected Systems:
Webservers that run Philip Chinery's Guestbook 1.1
Found by:
Markus Arndt[EMAIL PROTECTED]
Short Description:
Philip Chinery's Guestbook 1.1 fails
Matu FTP remote buffer overflow vulnerability
/*---
Description
---*/
Matu FTP is a Japanese FTP client software for Win32 Platform.
We found an exploitable buffer overflow problem in Matu FTP Version 1.74.
The buffer overflow occurs when a long
Hi,
I have a small problem.
Situation:
We have linux box running kernel 2.4 with 2 NICs.
Let`s assume that
eth0 IP 10.1.1.1/8 MAC 11:11:11:11:11:11,
eth1 IP 192.168.0.1/24 MAC 22:22:22:22:22:22
We can even safely set the eth1 interface down, remove a patchcord from
this
vqServer is a Windows web server written in Java. It is an innovative
product, with support internally for Servlets, and external support for many
kinds of CGI, (EXE, Perl, ...)
However, some of the examples shipped in a default configuration of
vqServer contain multiple cross-site
Been there, done that.
I have successfully created a worm and tested it
before trying to report this to McAfee, they do the
vrus scanning for hotmail. I got a you are not a
registered user auto-reply and they ignored my
messages because I wasn't in their files ;( too bad
for them.
Lil' HTTP Server is a Windows HTTP server that supports several features in
a relatively compact application. It is vulnerable to a classic (stupid)
attack:
http://[target]/../../windows/win.ini
This link will read WIN.INI on Windows 95/98/Me, and with a slight
modification (winnt instead of
17 matches
Mail list logo