RE: New Paper: Microsoft SQL Server Passwords

> -Original Message- > From: NGSSoftware Insight Security Research > [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 17:33 > To: [EMAIL PROTECTED] > Subject: New Paper: Microsoft SQL Server Passwords > > > Hi all, I've written a paper on how users' passwords, or > rather their

iPlanet Remote File Viewing

Sun iPlanet Web Server Remote File Viewing Vulnerability Vendor: Sun Microsystems Product: iPlanet Web Server 6.0 SP2 iPlanet Web Server 4.1 SP9 Netscape Enterprise Server 3.6 Platforms: Windows 2000 Windows NT

Re: Linux kernels DoSable by file-max limit

On Mon, 8 Jul 2002, Kurt Seifried wrote: > For example you can limit the amount of memory that user "bob" is allowed to > use: > > user hardmemlock 4096 Uhhh... not quite. Linux kernel does not really provide a nice way of enforcing per-user limits by default, IIRC (unless s

Re: Linux kernels DoSable by file-max limit

Kurt Seifried wrote: >>Solution: no temporary solution yet, there should be a global per user >>file limit, the reserved file descriptors should be given out under >>another uid/euid policy. The NR_RESERVED_FILES limit seems to me to be >>really low. >> >> > >Huh. Simply limit users, PAM prov

ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)

ALERT: Working Resources BadBlue #2 Vendor Notified: July 8, 2002 Working Resources have been informed of a pair of denial of service conditions in the BadBlue PWS. The first vulnerability lies in the way a GET request is handled. A specially crafted GET request can crash the target server. Al

Re: Linux kernels DoSable by file-max limit

Kurt Seifried wrote: >The available limits are: > > core -- Limits the core file size (KB); usually set to 0 for most users to >prevent core dumps. > data -- Maximum data size (KB). > fsize -- Maximum file size (KB). > memlock -- Maximum locked-in-memory address space (KB). > nofile -- Maxim

Exploit for previously reported DoS issues in Shambala Server 4.5

DoS exploit for previously discussed issues in Shambala Server 4.5. -- /*** * Daniel Nyström, Telhack 026 Inc. * ***/ http://www.SweSec.tk http://www.telhack.tk / shambalax.c **

SuSE Security Announcement: squid (SuSE-SA:2002:025)

-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:squid Announcement-ID:SuSE-SA:2002:025 Date: Tuesday, Ju

KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS

Title: Watchguard Firebox Dynamic VPN Configuration Protocol DoS BUG-ID: 2002030 Released: 9th Jul 2002 Problem: A malicious user can crash the Dyna

Sun iPlanet Web Server Buffer Overflow (#NISR09072002)

NGSSoftware Insight Security Research Advisory Name: iPlanet Search Buffer Overflow Systems: iWS 6.0 and iWS 4.1 Severity: High Risk (if Search enabled) Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.iplanet.com/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL: htt

Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT

| Greetings, | | This is a local exploit for a format string vulnerability in | /usr/bin/artswrapper on Red Hat Linux release 7.2 (Enigma). The first mail with the above subject was obviously a fake and not written by me. Thank you. kanix.