-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
General Info
-
Researched by: James Martin
Full advisory: http://www.uuuppz.com/research/adv-002-mirc.htm
Exploit: Proof of concept code available at above URL.
Product: mIRC
Website: http://www.mirc.com
Version: V6.00, V6.01, V6.02.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 158-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 27th, 2002
I'm not sure how you can categorize this as human error since the default
SQL Server installation includes the 'guest' user in master, msdb, and
tempdb databases. This gives all logins, no matter how lowly, access to
thoses databases and objects inside that have permissions granted to the
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and
buffer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: xinetd
Advisory ID:
On Thu, 2002-08-22 at 12:18, Jun-ichiro itojun Hagino wrote:
This ambiguity creates chances to malicious party to trick victim nodes.
Here are a couple of examples:
How are these any different than with IPv4? I can send bad source
addresses in IPv4 just as easily as in IPv6. IPv6 might even
This ambiguity creates chances to malicious party to trick victim nodes.
Here are a couple of examples:
How are these any different than with IPv4? I can send bad source
addresses in IPv4 just as easily as in IPv6. IPv6 might even make it
easier to do, e.g., reverse-path filtering (less
Andrey Kolishak wrote:
There is also article of Symeon Xenitellis A New Avenue of Attack:
Event-driven system vulnerabilities http://www.isg.rhul.ac.uk/~simos/event_demo/
In fact, the problem is similar to U*ix signals, except that there is no
jump-to-address argument for usual. Remember
Im now 100% sure where I should post this or who to tell, but here goes.
I was messing around with just installing some chat programs when I came
across Yahoo Messenger. Well I started the install, and oddly enough its a
lil different. Yahoo decided it would be easier for the user to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE:gaim
SUMMARY:arbitrary program execution
On 2002-08-23 01:18:40 +0900, Jun-ichiro itojun Hagino wrote:
2. Threats due to the use of IPv4 mapped address on wire
When userland application on top of AF_INET6 API sees peers with IPv4
mapped addresses (like by getpeername(2) or recvfrom(2)), it cannot
detect if the packet actually was
Microsoft Baseline security analyser shows a red cross against MS02-008,
XMLHTTP Control Can Allow Access to Local Files on both my systems, and
this is backed up by the exploit http://jscript.dk/Jumper/xploit/xmlhttp.asp
is working on both my systems despite reapplying the required patch many
the key difference is that it may be possible to circumvent IPv4
filters by using IPv4 mapped address (= IPv6 address like
:::1.2.3.4). the problem is in additional complexity due to
the interaction between IPv4 packet and IPv6 API/packet.
I'll give you that
Thank you very much for your prompt response.
On Fri, 23 Aug 2002 [EMAIL PROTECTED] wrote:
IPv4 mapped address considered harmful
draft-itojun-v6ops-v4mapped-harmful-00.txt
[snip]
No change to the IPv6 protocol or network stacks is required, one only
Maybe I'm missing something, but I don't see whats so different about
using mapped IPv4 addresses on the wire, especially since your bogon
filters should already be dropping any use.
the problem is that some protocol proposal do not consider IPv4 mapped
address as bogon - they
On Fri, 23 Aug 2002, Jun-ichiro itojun Hagino wrote:
IPv4 mapped address considered harmful
draft-itojun-v6ops-v4mapped-harmful-00.txt
[snip]
I'm not sure that I agree with your analysis. The security implications
of IPv4-in-IPv6 addressing are no
On Tue, 2002-08-27 at 03:12, [EMAIL PROTECTED] wrote:
the problem is that some protocol proposal do not consider IPv4 mapped
address as bogon - they propose to actually use them in IPv6 traffic
on wire.
They used to be bogons, so any currently existing bogon filters (e.g.,
In-Reply-To: [EMAIL PROTECTED]
We've looked at some similar issues for Word and other
formats, and various PKI packages, in
K. Kain, S.W. Smith, R. Asokan.
``Digital Signatures and Electronic Documents: A
Cautionary Tale.'' Sixth IFIP Conference on
Communications and Multimedia Security.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For Immediate Disclosure
== Summary ==
Security Alert: NOVL-2002-2961546
Title: SNMPv1 Trap and Request Handling Vulnerabilities
Date: 15-Feb-2002
Revision:
If I might be so bold, but this seems to go on all the time.
We use a Contact Relationship Management (CRM) packare from e.Piphany called
ActiveSales (or e.Piphany Sales or eSales, whatever it is this week) that has a front
end client and a repository independant back end database (Access, SQL
IPv4 mapped address considered harmful
draft-itojun-v6ops-v4mapped-harmful-00.txt
I'm not sure that I agree with your analysis. The security implications
of IPv4-in-IPv6 addressing are no different than IPv4 addressing today.
Rolling out IPv6 will not remove
On Tue, 2002-08-27 at 03:23, [EMAIL PROTECTED] wrote:
no specification (as far as i know) never defined IPv4 mapped address
to be bogons.
Looking into it further, it seems you are correct. It was assigned out
of the 0/16 reserved block, but at least as far back as December, 1995
Abraham Lincoln wrote:
1] Multiple DOS vulnerabilities with Kerio Mail Server services
- By sending multiple SYN packet to every services of the mail
server (POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure
Web-mail) it would stop the mail server services from responding.
Sending
23 matches
Mail list logo