Hi all,
There is file disclosure bug in the application DB4Web. Attached you will
find the advisory with technical details and vendors response.
regards,
Stefan
Guardeonic Solutions AG (www.guardeonic.com)
Security Advisory #01-2002
Advisory Name:DB4Web (R) File Disclosure
Release
Lycos offers several advanced web applications through a service called
HTMLGear. Among the services offered are guestbooks. A vulnerability
exists in the Lycos guestbook that could enable someone to launch an attack
against visitors whose browsers supported inline CSS (IE, for example).
By
Hi all,
there's a minor problem with the popular opensource editor 'joe'
(http://sourceforge.net/projects/joe-editor/). The way how joe handles
backup files may create unwanted suid files.
Example situation:
(1) unprivileged user creates some file and puts suid bit on it:
trtko$ ls -l
Basically any normal user can get a dump of the passwd file and attempt
brute force attacks on the encrypted passwds, it includes the root passwd.
This problem has been around for well over a year, but Apple ignores it:
http://www.securitytracker.com/alerts/2001/Jul/1001946.html
NSSI-Research Labs Security Advisory
http://www.nssolution.com (Philippines / .ph)
Maximum e-security
http://nssilabs.nssolution.com
Sygate Personal Firewall 5.0 IP Spoofing Vulnerability
Author: Abraham Lincoln Hao / SunNinja
e-Mail: [EMAIL PROTECTED] / [EMAIL PROTECTED]
Advisory Code:
Florian Weimer [EMAIL PROTECTED] writes:
small overflow large overflow
pre-0.9.6eno crashcrash
0.9.6e crash crash
0.9.6g error error
When this bug first came out, I
Hi all. It's me again.
The application server DB4Web is able to initiate TCP connections to
arbitrary ports/IPs and can possibly misused as a portscanner. Please see
the attached advisory for deatils and vendors statement.
regards,
Stefan
Guardeonic Solutions AG (www.guardeonic.com)
On Sun, Sep 15, 2002 at 02:28:48PM -0700, Dale Harris wrote:
However Apple hasn't seemed to bother addressing it yet since it
still persists in OS X.2 (Jaguar). You'd think they might have
taken the opportunity to fix this problem with a new major release.
My understanding is that Apple is
I have just installed Windows XP Pro SP1 and found that the two
vulnerabilities announced earlier in the week have been addressed.
Microsoft Windows XP Remote Desktop denial of service is fixed.
Microsoft Windows Remote Desktop Protocol checksum and keystroke is
partially fixed: Microsoft
Nate Lawson wrote:
At 11:36 AM 9/10/2002 -0500, L. Adrian Griffis wrote:
I am aware of a company that has instituted a policy that limits a
specific character in people's passwords to being a numeric character.
This policy, as described, does seem to be a very bad idea. I can't tell
Disabling nidump wouldn't help, as this is NetInfo being a little too
generous. You can also use, for example, niutil:
niutil -read . /users/root
You'll note nidump isn't setid-anything, so someone can simply copy it
from another machine.
Bryan
On Sep 15, 2002 14:28, Dale Harris stated:
Discovered:
---
03 September 2002 By Me, Lance Fitz-Herbert (aka phrizer).
Vulnerable Applications:
Tested On Trillian .74 and .73, But im guessing older versions are also
vulnerable.
Impact:
---
Low-High. This could allow arbitary code to be executed on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities
Revision 1.0
For Public Release 2002 September 18 08:00 (UTC -0800)
--
Contents
Summary
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:xf86
Announcement-ID:SuSE-SA:2002:032
Date: Wed Sep 18
I cannot reproduce this on my 10.2 system. It does give you the crypted
password ofcurrent user but not the root user. However this does not prevent you
from using'sudo' so in way way you still get root.
/M
Basically any normal user can get a dump of the passwd file and attempt
brute
On Mon, 2002-09-16 at 17:48:42 -0400, Andrew Danforth wrote...
; During authentication, OpenSSH 3.4p1 with privsep enabled passes the
; cleartext password from the main process to the privsep child using a
; pipe. Using strace or truss, root can see the user's plaintext password
; flying by. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Microsoft Windows SMB Denial of Service
Vulnerabilities in Cisco Products - MS02-045
Revision 1.0 - Final
For Public Release 2002 September 18 16:00 (UTC -0400)
-
**
Subject : Cisco VPN 5000 client buffer overflow vulnerabilities
Platforms : Linux and Solaris
Versions : Linux versions prior to 5.2.7 and Solaris versions prior
to 5.2.8 are affected.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 168-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 18th, 2002
Minor detail really, but under Windows 2000, code had to include winsock2.h,
and remove include of windows.h to compile.
// #include windows.h
#include winsock2.h
#include stdio.h
#include stdlib.h
#include windows.h
#include stdio.h
#include stdlib.h
-- Jason
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 09.18.2002
Security Vulnerabilities in OSF1/Tru64 3.x
DESCRIPTION
Three buffer overflow vulnerabilities exist in older versions of
Tru64/OSF1.
ISSUE 1
The uucp utility in Compaqs Tru64/OSF1 3.x operating system
Foundstone Research Labs Advisory - 091802-ISSC
Advisory Name: Remotely Exploitable Buffer Overflow in ISS Scanner
Release Date: September 18, 2002
Application: ISS Scanner 6.2.1
Platforms: Windows NT/2000/XP
Severity: Remote code execution
Vendors: Internet Security
I wasn't able to duplicate this on a Windows 2000 SP3 box. I think it may
have been fixed there, seeing as this document was written before SP3 was
released.
--Steve
-Original Message-
From: Torbjörn Hovmark [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 1:35 PM
To:
On 2002-09-16 17:48:42 -0400, Andrew Danforth wrote:
During authentication, OpenSSH 3.4p1 with privsep enabled passes the
cleartext password from the main process to the privsep child using a
pipe. Using strace or truss, root can see the user's plaintext password
flying by.
Similar
followup to Lance Fitz-Herbert (aka phrizer)'s find earlier today.
trillian pro 1.0 is also vulnerable to the DoS. no need to run C code,
perl and netcat do it:
perl -e 'print Ax450; print \n' | nc ip 113
same precautions ... disable (or filter) identd on that host. enjoy.
Group,
I'm referring to the certificate validation issues that recently made huge
press:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0862
I have seen all sorts of apocalyptic reports and anti-MS propaganda
regarding the issue, but in-depth technical analysis can't be easily
On Sunday 15 September 2002 19:07 pm, Zeux wrote:
Read the attached advisory.
It does not crash konqueror from KDE 3.0.1 or KDE 3.0.3 on my machines. They
both load the image instantly. No large memory use or error messages.
KDE bugs team don't seem to accept bugs from anything but the most
Not seeing any announcement from my vendor (and not wanting to compile
SSL from source),
I set out to see if there was some way of avoiding being infected in the
first place. I decided to hack my Apache (1.3.26) source code to send a
bogus Server: header (seeing as this is how Slapper detects
On September 9th I wrote the following to [EMAIL PROTECTED]
-- START --
I noticed that you have published a list (
http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html ) of
security issues that have been fixed in Mozilla 1.0.1
I would recommend posting this list to the Bugtraq
This might be of interest since the isse at hand is fixed now.
- Original Message -
From: Daniel Vogel [EMAIL PROTECTED]
To: Arne Schwerdtfegger [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, September 14, 2002 11:11 PM
Subject: RE: [ut2003bugs] remote denial of service in ut2003
I found this on a site today, thought it might be of some intrest:
The Art of Unspoofing
Introduction
The amount and frequency of denial of service attacks are
escalating. It's becoming harder to track down the source who initiates
them due to trace-evasion techniques. A raw
| During authentication, OpenSSH 3.4p1 with privsep enabled passes the
| cleartext password from the main process to the privsep child using a
| pipe. Using strace or truss, root can see the user's plaintext password
| flying by. I observed this behavior from OpenSSH 3.4p1 built using
32 matches
Mail list logo