HylaFAX.org Security Advisory
17 June 2002
Subject: Various Vulnerabilities Fixed
Introduction:
HylaFAX is a mature (est. 1991) enterprise-class open-source software
package for sending and receiving facsimiles as well as for sending
alpha-numeric pages. It runs on a wide variety of UNIX-like
In-Reply-To: <[EMAIL PROTECTED]>
We have released versions of SecureCRT that address this
vulnerability. This fix is available for ALL of our licensed
customers without charge. VanDyke Software recommends that all
users of SecureCRT upgrade immediately to the available versions.
Updated i
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated util-linux package fixes password locking race
Advisory ID: RHSA-2002:132-14
Issue date:2002-06-27
Updated on:2002-07-2
==
XWT Foundation Security Advisory
Adam Megacz <[EMAIL PROTECTED]>
http://www.xwt.org/sop.txt
29-Jul-2002 [Public Release]
__
Abstract
The fo
Updated version of eat gopher...
with minor fix...
visit http://monkey.org/~mat for latest verrsion..
#!/usr/bin/perl
#
# [EMAIL PROTECTED]
# 2002.7.27
# IE gopher buffer overflow exploit
# only tested with my W2k Korean and Wme Korean windows OS...
# you maybe have to change some addresses with
Hello,
In message 284465 there is an "exploit" of IMail Server from Ipswitch
listed.
http://online.securityfocus.com/archive/1/284465
We have been unable to duplicate the problem and the code attached to the
above message is unknown in nature. We suspect that the "patch" released in
the messag
Abyss Web Server version 1.0.3 shows file and directory content
.oO Overview Oo.
Abyss Web Server version 1.0.3 shows file and directory content
Discovered on 2002, June, 30th
Vendor: Aprelium
Abyss Web Server 1.0.3 is a free personal web server available for Windows
and Linux operating syste
KDE 2/3 artsd 1.0.0 local root exploit PoC.
Cheers,
-kokane
bp_artsd.c
Description: Binary data
SCAN Associates Sdn Bhd Security Advisory
Product: dotProject 0.2.1.5 (possibly other)
Vendor URL: http://www.dotmarketing.org/dotproject/
Summary: php dotProject by pass authentication
Author: pokleyzz <[EMAIL PROTECTED]>, sk <[EMAIL PROTECTED]>,
shaharil <[EMAIL PROTECTED]>
Description
===
> Does anyone have a better solution that doesn't involve calling
> entropy-gathering routines from all over the program or running a
> continuous entropy-gathering thread? Are there any big problems in
> this solution, other than that it only has (by my pessimistic
> estimates) about 28 bits of
HTTP/1.0
Connection closed by foreign host.
uh oh, that isn't supposed to happen!@ let's chex those logs!
20020729 162041 Info - 192.168.0.1 GET /
Kragen Sitaker wrote:
>/dev/urandom *does* deplete the entropy pool; it's just that depletion
>of the entropy pool doesn't keep /dev/urandom from working, but it does
>keep /dev/random from working.
>
>My understanding is that /dev/random is only more secure than /dev/urandom
>if it turns out that
Date: 07/29/2002
Product: fakeidentd
Summary: remote root exploit
[ Overview ]
Fake Identd is a small standalone ident server with static replies. It is
designed to be suitable for firewalls, IP masquerading hosts, etc.
Docu
The artsd binary is not setuid, its supposed to be called by the setuid
artswrapper application (which sets a higher scheduling priority,
setuid(getuid())'s and executes the real artsd binary. I haven't bothered
to look through the shellcode for backdoors yet...
---
hdm@masada:/tools> head -n
At 02:16 AM 7/28/2002 -0600, Theo de Raadt wrote:
> > Does anyone have a better solution that doesn't involve calling
> > entropy-gathering routines from all over the program or running a
> > continuous entropy-gathering thread? Are there any big problems in
> > this solution, other than that it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: mm
Advisory ID:
On Mon, Jul 29, 2002 at 10:57:11AM -0700, Adam Megacz wrote:
> Exploit
>
> 1) Attacker controls DNS zone *.baz.com, configuring it as follows:
>
> a) foo.bar.baz.com -> some web server operated by the attacker
> b) bar.baz.com -> 10.0.0.9 (some address behind BigCo's firewall)
-BEGIN PGP SIGNED MESSAGE-
Hi All -
We'd like to set the record straight as regards the advisory
published today by the XWT Foundation. Microsoft thoroughly
investigated the issue described in the advisory, and discussed our
findings in detail with the advisory's author. When the XWT
> Thanks (and to Jim Paris).
>
> I of course did not mean that it was OK for the client to have code
> injection "portholes". I just meant that the particular exploit path
> that was described wasn't very interesting since someone who maliciously
> controls the sshd to which you are speaking has
Hi,
On Mon, Jul 29, 2002 at 11:39:55AM -0400, John Korsak wrote:
> We have been unable to duplicate the problem and the code attached to the
> above message is unknown in nature. We suspect that the "patch" released in
> the message is actually designed to open a vulnerability. At this time we
In-Reply-To: <[EMAIL PROTECTED]>
[Minor correction on upgrade eligibility dates]
We have released versions of SecureCRT that address this
vulnerability. This fix is available for ALL of our licensed
customers without charge. VanDyke Software recommends that all
users of SecureCRT upgrad
21 matches
Mail list logo
