OK folks, there's a new release of l2tpd out there, version 0.68.
The biggest change, and the reason that Bugtraq is getting a copy of
this, is adding other sources of entropy for l2tpd to use. All versions
of l2tpd up to this point used the rand() function to generate random
numbers, but
On Mon, 12 Aug 2002 11:45:26 -0600, aleph1 said:
must be taken into account in order to maintain confidentiality. We also
recommend changes in the OpenPGP standard to reduce the effectiveness of our
attacks in these settings.
Countermeasures are defined in the OpenPGP drafts since
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 150-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 13th, 2002
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 152-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 13th, 2002
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 151-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 13th, 2002
-
Let's analyze the problem. We observed fallibility of SSL which is
supposed to identify the parties in conversation by binding them to some
flesh-world entities. The implementation turns out to be insecure even
though ideas are sound.
Now you are suggesting to move this identity proof burden
Security Advisory: Multiple Vulnerabilities in CafeLog Weblog Package
Additional Details: http://www.murphy.101main.net/vulns/2002-26.txt
Issue: Multiple vulnerabilities -- the most serious could allow malicious
users to execute commands against a web server running the vulnerable
package.
Hi,
Mantis is php/MySQL/web based bug tracking system, available at
http://mantisbt.sourceforge.net/.
It currently suffers from a classical PHP bad coding practice (altough i
would bet on distraction for this particular situation ), that may
result on remote command execution via a include file.
I've downloaded this fixed version, but it seems to be vulnerable to
something I've discovered last week: if you take a .swf and rot13 encode
it (not all of it, so the headers are not messed up), you can crash the
user's browser.
There are quite literally a thousand ways to crash the Macromedia