New l2tpd release 0.68

OK folks, there's a new release of l2tpd out there, version 0.68. The biggest change, and the reason that Bugtraq is getting a copy of this, is adding other sources of entropy for l2tpd to use. All versions of l2tpd up to this point used the rand() function to generate random numbers, but

Re: Implementation of Chosen-Ciphertext Attacks against PGP andGnuPG

On Mon, 12 Aug 2002 11:45:26 -0600, aleph1 said: must be taken into account in order to maintain confidentiality. We also recommend changes in the OpenPGP standard to reduce the effectiveness of our attacks in these settings. Countermeasures are defined in the OpenPGP drafts since

[SECURITY] [DSA 150-1] New interchange packages fix illegal file exposition

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 150-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 13th, 2002 -

[SECURITY] [DSA 152-1] New l2tpd packages adds better randomization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 152-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 13th, 2002 -

[SECURITY] [DSA 151-1] New xinetd packages fix local denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 151-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 13th, 2002 -

Re: The Large-Scale Threat of Bad Data in DNS

Let's analyze the problem. We observed fallibility of SSL which is supposed to identify the parties in conversation by binding them to some flesh-world entities. The implementation turns out to be insecure even though ideas are sound. Now you are suggesting to move this identity proof burden

Multiple Vulnerabilities in CafeLog Weblog Package

Security Advisory: Multiple Vulnerabilities in CafeLog Weblog Package Additional Details: http://www.murphy.101main.net/vulns/2002-26.txt Issue: Multiple vulnerabilities -- the most serious could allow malicious users to execute commands against a web server running the vulnerable package.

mantisbt security flaw

Hi, Mantis is php/MySQL/web based bug tracking system, available at http://mantisbt.sourceforge.net/. It currently suffers from a classical PHP bad coding practice (altough i would bet on distraction for this particular situation ), that may result on remote command execution via a include file.

Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow

I've downloaded this fixed version, but it seems to be vulnerable to something I've discovered last week: if you take a .swf and rot13 encode it (not all of it, so the headers are not messed up), you can crash the user's browser. There are quite literally a thousand ways to crash the Macromedia