There has been a lot of misinformation spread about our ISS Apache Advisory
and wanted to clean up any confusion and misunderstanding.
1) Our policy for publishing advisories is to give a vendor 30 to 45
day quiet period to provide an opportunity to create a patch or work around.
If an expl
>>> (this came from a bugtraq posting by [EMAIL PROTECTED])
>>>
>>> On Thu, Jun 20, 2002 at 02:00:51PM +0400, 3APA3A wrote:
>>>
3. There was also report by DocSoft on
buffer
overflow in some older version of ncftpd on Solaris , but I was
not
able to re
Author: David D. Rude II [EMAIL PROTECTED]
Release Date: June 20th 2002
Systems Affected: All versions of Windows Capable of running this
software.
Severity: Medium
Credits: Cryptix from irc.pulltheplug.com
Introduction:
This bug was discovered a very long time ago by cry
Did you even care about reading the Xitami FAQ ?
This small section tells you everything you need to know
http://www.imatix.com/html/xitami/index13.htm#m_7 )
7: Why is the password file not encrypted?
In general if access to your server is secure, then the lack of encryption
is not a problem.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: apache
Advisory ID:
I submitted the following to NTBUGTRAQ, but Mr. Cooper doesn't seem to think
it's worth posting. I'd like a second opinion Thank you.
After applying Q318138, "Unchecked Buffer in Remote Access Service Phonebook
Could Lead to Code Execution", which was released last week, my Power Users
and
[[ Note: this issue affects both 32-bit and 64-bit platforms; the
subject of this message emphasizes 32-bit platforms since that
is the most important information not announced in our previous
advisory. ]]
SUPERSEDES: http://httpd.apache.org/info/security_bulletin_20020617.txt
Dat
Advisory attached.
Can also be found at
http://sec.angrypacket.com/advisories/0003_AP.yabb.txt
--
+ methodic >> [http://methodic.angrypacket.com] -- -
+ Cannot find nsabackdoor.dll. Please reinstall Windows.
- -- - -- -
[>(] AngryPacke
Title: AdvServer DoS
Date: 21.06.02
Author:elab (http://elaboration.8bit.co.uk)
Software: AdvServer
Platform: Win32
Tested:Version 1.03
Vendor:WWW:http://gamecheats.ws
Contacted on: 30 May 02
Via:[EMAIL PROTEC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: apache
Advisory ID:
Quick clarification on several points based on emails that I've received:
1) We did notify Apache before going public. ISS X-Force emailed
Apache in the morning at 9:44am regarding this Advisory. We waited until
the afternoon before sending to Bugtraq for approval and finally reaching
the
Taken from the scripts website:
"WARNING: DPGS is no longer maintained and is thus discontinued. If you would like to
take over its development, email me. - July 30, 2000"
This is the reasoning to why I did not contact the author prior to this email.
This is an example of how bad input filterin
-- Forwarded message --
Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT)
From: Slackware Security Team <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [slackware-security] new apache/mod_ssl packages available
New Apache packages for Slackware are available to fix a security iss
At 6:06 PM -0400 6/20/02, Klaus, Chris (ISSAtlanta) wrote:
>In the case of this advisory, ISS X-Force provided an Apache patch and did
>not see a need for a long quiet period.
I do not believe that there are any circumstances in which a
non-vendor provided patch can be considered equivalent to a
"Klaus, Chris (ISSAtlanta)" wrote:
>
> There has been a lot of misinformation spread about our ISS Apache Advisory
> and wanted to clean up any confusion and misunderstanding.
>
> 1) Our policy for publishing advisories is to give a vendor 30 to 45
> day quiet period to provide an opportun
Hi Dave,
Thank you for posting this information. The defect ID's for Cisco
customers who wish to track this issue via the Cisco Bug toolkit on our
website are: CSCdx88709 and CSCdx88715 for both affected release versions.
Thank you,
Lisa Napier
Product Security Incident Response Team
Cisco S
> 1) Our policy for publishing advisories is to give a vendor 30 to 45
> day quiet period to provide an opportunity to create a patch or work
around.
> If an exploit for the vulnerability appears in the wild, or a patch and
> work-around is provided by the vendor or ISS X-Force, this quiet pe
Hi!
Does anyone know, if the chunk handling vulnerability carries through a proxy i.e.
Squid or Webcache? (Updating is currently not possible, because it is not the plain
apache, but the Oracle IAS flavour...)
Or has anyone further information how this vulnerabilty really works?
Any pointers
Stefan Esser wrote:
> Hi,
>
> i heard several people looking at the gobbles exploit and believing it
> can only be fake:
>
> here is my little explanation how bsd memcpy can be exploited:
>
> first a snipset of the bsd memcpy code:
>
> ...
> 1:
> addl%ecx,%edi /* copy backwards
On Fri, Jun 21, 2002 at 04:15:53PM -0400, Klaus, Chris (ISSAtlanta) wrote:
> 1) We did notify Apache before going public. ISS X-Force emailed
> Apache in the morning at 9:44am regarding this Advisory. We waited until
> the afternoon before sending to Bugtraq for approval and finally reachin
On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:
> There has been a lot of misinformation spread about our ISS Apache Advisory
> and wanted to clean up any confusion and misunderstanding.
>
> 1) Our policy for publishing advisories is to give a vendor 30 to 45
> da
> Quick clarification on several points based on emails that I've received:
>
> 1) We did notify Apache before going public. ISS X-Force emailed
> Apache in the morning at 9:44am regarding this Advisory. We waited until
> the afternoon before sending to Bugtraq for approval and finally r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There seems to be some confusion about whether or not this bug can be exploited on any
other operating systems than OpenBSD. Here's a second version of our private exploit,
apache-massacre.c, called apache-nosejob.c. Used correctly, it will succes
23 matches
Mail list logo