RE: Windows 2000 Service Pack 3 now available.

Colin Stefani <[EMAIL PROTECTED]> wrote: > Be sure to read the new EULA/privacy statement for Windows update, it has an > interesting portion about how Windows Update and Automatic Update (which > gets installed with SP3) can, by agreeing to this license, send the > following pieces of info to Mi

Re: The SUPER bug

GOBBLES discovered a truly dumb bug in super. My thanks to him for that. Zero thanks to him for not bothering to notify the author before publishing. Zero thanks to him for the gratuitous insults. Thanks to Martin Schulze and Robert Luberda of debian.org for informing me and sending along a pa

Two more exploitable holes in the trillian irc module

Sent the following advisory to trillian: Tue, 16 Jul 2002 16:49:19 -0400 (EDT) Submitted by : Josh ([EMAIL PROTECTED]), omega ([EMAIL PROTECTED]) on July 16th, 2002 Vulnerability : Format strings bug and buffer overflow in the IRC client of Trillian Tested On : Trillian v0.73

Re: Winhelp32 Remote Buffer Overrun

I just installed servicepack 3 and the following code still crashed my my IE6 with a memory could not be refferenced error. I have been told this means it is most likely exploitable. I am not into buffer overflows myself though, maybe someone can confirm this. An

OpenSSL Vulnerabilities

The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are all producing server-side software: http://www.cert.org/advisories/CA-2002-23.html Does anyone know if Netscape, Opera, Internet Explorer or any of the other browsers are vulnerable to these issues? Thanks in advance --

Sun AnswerBook2 format string and other vulnerabilities

DynaWeb httpd Format String and AnswerBook 2 Unauthenticated Admin Script Execution Vulnerabilities Release Date: August 1, 2002 Application:Solaris ab2 1.4.2 / dwhttpd 4.1a6

Re: It takes two to tango

I've been looking at them for years, and so has FX, both of us will be giving talks at DEFCON this year (and no, unlike Gobbles, I'll be paying my own way this year and don't need anyone elses' help.) Epson is terrible at dealing with vulnerabilities in their systems, and so are the others.

Re: Windows 2000 Service Pack 3 now available.

In some mail from Colin Stefani, sie said: > > Be sure to read the new EULA/privacy statement for Windows update, it has an > interesting portion about how Windows Update and Automatic Update (which > gets installed with SP3) can, by agreeing to this license, send the > following pieces of info t

Fw: [slackware-security] Security updates for Slackware 8.1

Figured this would be of importance to bugtraq. Begin forwarded message: Date: Wed, 31 Jul 2002 13:11:28 -0700 (PDT) From: Slackware Security Team <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [slackware-security] Security updates for Slackware 8.1 From: Slackware Security Team <[

Re: Additional bugs in gallery

> # And the solution? > Go to > thold=0> to see how to solve the problem > > # Why do you post this problem again? > Because the author of the announcement on the gallery website said: > An alt

Re: trojan horse in recent openssh (version 3.4 portable 1)

On Thu, Aug 01, 2002 at 02:17:36PM +0200, Christian Bahls wrote: > 1.) i do not often check signatures an packets i install Particularly difficult when there _are no_ signatures available for the package you want to install (in this case, the non-"portable" tarballs). AFAIK there have never been

Re: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc

The FreeBSD patch says: > c = *sizep; > - if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) { > + if ((c > maxsize && UINT_MAX/elsize < c) && > + (xdrs->x_op != XDR_FREE)) { > return (FALSE); > } Is this fix correct? Previously, xdr_array would

trillian buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Problem: Trillian's irc modules suffers from a buffer overflow. This allows an attacker to execute code of their choice. I have attempted to contact the trillian developers about this issue with no success. John C. Hennessy Information securi

Re: Comment on DMCA, Security, and Vuln Reporting]

[I subscribe to bugtraq but haven't seen Glenn's message appear. It did go out to vuln-dev, and someone forwarded the message to me. I'm not on vuln-dev; feel free to forward this to the list.] "Wolf, Glenn" <[EMAIL PROTECTED]> wrote: >In light of the fact that 2600 was successfully sued over m

Formal Response to HP

All, A formal response to the DMCA threat from HP has been posted to our web site. The URL is http://www.snosoft.com/fr.html. Sincerely, Adriel T Desautels. Founder, Secure Network Operations, Inc. Phone: 978-897-0974

RE: Windows 2000 Service Pack 3 now available.

Be sure to read the new EULA/privacy statement for Windows update, it has an interesting portion about how Windows Update and Automatic Update (which gets installed with SP3) can, by agreeing to this license, send the following pieces of info to Microsoft, this was posted on the MS focus list by J

Re: OpenSSL Security Altert - Remote Buffer Overflows

"Ben Laurie" <[EMAIL PROTECTED]> writes: > OpenSSL Security Advisory [30 July 2002] > > This advisory consists of two independent advisories, merged, and is > an official OpenSSL advisory. I've done some work on running SSL/TLS code as a separate process in a chroot jail as an unprivileged user

Re: it's all about timing

The Responsible Disclosure Process draft specifically allows for researchers to release vulnerability information if the vendor is not sufficiently responsive. Some people may disagree with the delay of 30 days between initial notification and release, but I don't think there are good stats on h

FW: Windows 2000 Service Pack 3 now available.

FYI -Original Message- Subject: Windows 2000 Service Pack 3 now available. Microsoft has just release its final version of Service Pack 3. A list of fixes incorporated into SP3 can be found at: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320853 Service Pack 3 (128 mg) ca

RE: Comment on DMCA, Security, and Vuln Reporting

In light of the fact that 2600 was successfully sued over merely linking to DeCSS source code under the DMCA (and losing a subsequent appeal), and especially since News.com mentioned that fact in their article, I'm absolutely AMAZED that they would do just that, linking directly to exploit code in

code injection in gallery

Hi! Code injection in gallery - # What is gallery? The Gallery is actually the best web gallery application around in the world. I'm using it too ;-). Go to to get further information and download this very cool app. remote includ

iPlanet vulnerabilities on IRIX

-BEGIN PGP SIGNED MESSAGE- _ SGI Security Advisory Title: iPlanet vulnerabilities Number: 20020803-01-P Date: August 1, 2002 Reference: C

List of mirrors carrying trojaned OpenSSH

Hello, my first post to the list. Cool.. :) Sorry for the horrible formatting: this was posted in haste using Netscape's Mail client :( Anyways, we did some research here at Oulu regarding the propagation of the trojaned OpenSSH-3.4p1.tar.gz, and found out the following: Trojaned mirrors: 3ac

Re: IPSwitch IMail ADVISORY/EXPLOIT/PATCH

Today Ipswitch released IMail Version 7.12 which solve the buffer overflow bug in the Web Messaging Daemon. IMail Version 7.12 Relase Notes: http://support.ipswitch.com/kb/IM-20020731-DM02.htm Download: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail712.exe -- Tom Fischer

rpc.pcnfsd vulnerabilities on IRIX

-BEGIN PGP SIGNED MESSAGE- _ SGI Security Advisory Title: rpc.pcnfsd vulnerabilities Number: 20020802-01-I Date: August 1, 2002 Reference:

HiverCon 2002, Ireland - Earlybird registration now available

Developers, admins and security specialists alike meet to discuss the current state of computer security and the need for change. http://www.hivercon.com/ -- Dublin, Ireland will be the venue for this year's HiverCon. With a rich line-up of high-end technical talks, guests will be given the unpr

FreeBSD Security Advisory FreeBSD-SA-02:34.rpc [REVISED]

-BEGIN PGP SIGNED MESSAGE- = FreeBSD-SA-02:34.rpcSecurity Advisory The FreeBSD Project Topic: Sun RPC XDR

RPC analysis

The scope of this bug is somewhat limited. It depends on a particular multiplication overflowing: nodesize = c * elsize; In order for this to happen, you must have maxsize>max(nodesize)*elsize; otherwise the c>maxsize check will catch it. Hence the patch: - if ((c > maxsize) &&

Re: [Full-Disclosure] Re: it's all about timing

IMHO the threats against Snosoft are FUD, even more FUD than the Sklyarov FUD. I personally don't expect any court. What scares me is that the "Responsible Disclosure" FUD continues. On bugtraq people write that CERT and SecurtyFocus are "established parties" and everyone who does not give them

[SECURITY] [DSA 140-1] New libpng packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 140-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 1st, 2002 -

SuSE Security Announcement: wwwoffle (SuSE-SA:2002:029)

-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:wwwoffle Announcement-ID:SuSE-SA:2002:029 Date: Thursday

Re: Phenoelit Advisory 0815 ++ -- Brick

In-Reply-To: <[EMAIL PROTECTED]> ** Lucent Technologies Internet Security Products July 25, 2002 *** Advisory Notification Response *** SUMMARY This statement is in response to an advisory authored by individuals identifying themselves as kim

OpenSSH Security Advisory: Trojaned Distribution Files

OpenSSH Security Advisory (adv.trojan) 1. Systems affected: OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp server and potentially propagated via the normal mirroring process to other ftp servers. The code was inserted some time between the 30th and 31th of July. W

[SECURITY] [DSA 139-1] New super packages fix local root exploit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 139-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 1st, 2002 -

trojan horse in recent openssh (version 3.4 portable 1)

[ i am not subscribed to bugtraq .. so if you reply please include me in the cc] i did an analysis on the trojan horse that was hidden in the recent portable version of openssh (3.4p1) it could be found(and still can be) on ftp.openbsd.org and his mirrors. in openssh-3.4p1/openbsd-compat a c-f

openssh-3.4p1.tar.gz distribution recently trojaned

From http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security - Forwarded message from Edwin Groothuis <[EMAIL PROTECTED]> - Date: Thu, 1 Aug 2002 16:55:51 +1000 From: Edwin Groothuis <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: openssh-3.4p1.tar.gz trojaned