Linux kernel setgid implementation flaw

Hi, I believe the following to be accurate and of some interest to bugtraq readers, although i did not have time to extensively test it, nor did i warn the vendor, since 1) this is at most a undirect risk - IMHO - and 2) i am going on holidays so i had to balance betweeen disclosing now and le

Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller

Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller SCENARIO: You have a password in your Windows 2000 domain that you set up that consists of 12 characters that alternate between capitals and lowercase. You log on using your Windows 2000 professi

Re: ICQ and MSIE allow execution of arbitrary code

Jelmer wrote: >>>Outline<< >>> >>> >It does infact allow you to run code of your choosing on a victims machine >by creating a specially crafted webpage and sound scheme file > > Your absolutely correct. I can confirm this on: ICQ: 2000b (The problem goes back 3 years!) OS: Windows 2

Geeklog XSS and CRLF Injection

Geeklog XSS and CRLF Injection PROGRAM: Geeklog VENDOR: Tony Bibbs et al. <[EMAIL PROTECTED]> HOMEPAGE: http://geeklog.sourceforge.net/ VULNERABLE VERSIONS: 1.3.5sr1, possibly earlier versions as well NOT VULNERABLE VERSIONS: 1.3.5sr2 LOGIN REQUIRED: no SEVERITY: high DESCRIPTION: "Geeklog is

Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code

Knud, This issue is still here, only address that you use is not longer valid, because is changed... At end is the http session (for my icq beware :)). Also seems that no one take attention Jelmer's exploit for ICQ and MSIE. It must be examined througly for other variants and complete solution mus

asciiSECURE advisory (2002-07-17/1)

ASCII HEADER ADVISORY !! ALERT !! ASCII HEADER ADVISORY !! ALERT !! ASCII HE ADDIUNG A POORLY GENERATED ASCII HEADERZ FOR BUGTACKY READERZAAZSZ! :apparentlytheonlywaytogetamessageacceptedonbugtraqistodothis:

[AP] Oracle Reports Server Information Disclosure Vulnerability

- -- - -- - [>(] AngryPacket Security Advisory [>(] - -- - -- - +- -- - + advisory information +-- -- - author: skp <[EMAIL PROTECTED]> re

Fwd: non-disclosed info in Outlook can lead to potential serious Social Attack.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (can I resubmit this, signed by the key for this email instead of the other key I signed it with, thnx). See below... I don't know if this has been discussed on bugtraq before, but I just thought it might be important to bring up. Noting Outlook Ex

Java webstart also allows execution of arbitrary code

It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine Java webstart is equally vulnerable Java webstart is a revolutionary way of deploying java applications and comes standard with j

Trend Micro Officescan Denial of Service

Hi! I've send you "Trend Micro Officescan Denial of Service" (TMOSDOS for Windows; compiled win32-exe and the Visual Basic source) which is an optimized tool for the issue explained on http://online.securityfocus.com/bid/1013 All advisories describe that a denial of service attack is possible du

[CLA-2002:512] Conectiva Linux Security Announcement - libpng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : libpng SUMMARY : Buffer overflow vulnerabil

Re: KPMG-2002033: Resin DOS device path disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Resin 2.1.0 also appears vulnerable mr. peter fundl. // badpack3t. On Wed, 17 Jul 2002 11:33:59 +0200, =?iso-8859-1?Q?Peter_Gr=FCndl?= <[EMAIL PROTECTED]> wrote: > > >Title: Resin

Re: Sniffable Switch Project

Dear Bugtraq'ers, I apologize for my last post since it was just plain wrong. ARP and MAC are not to be confused, and I did just that. Call it momentary stupidity, but please excuse it afterwards ;^> -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|t

WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)

It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine winamp is equally vulnerable Winamps starts skin files with the extention wsz and the mime type interface/x-winamp-skin automatic

MERCUR Mailserver advisory/remote exploit

2c79cbe14ac7d0b8472d3f129fa1df55 Security Adisory #3 #PRODUCT Atrium Software International's MERCUR Mailserver, All Versions #DESCRIPTION MERCUR Mailserver's Control-Service, installed and activated by default on port 32000, is vulnerable to the classic buffer overflow on it's password argume

wwwoffle-2.7b and prior segfaults with negative Content-Length value

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 QITEST1 SECURITY ADVISORY #005 wwwoffle-2.7b and prior segfaults with negative Content-Length value PROGRAM DESCRIPTION WWWOFFLE, World Wide Web Offline Explorer, is a proxy HTTP/FTP server for computers with dial-up internet access