Advisory: File disclosure in DB4Web

Hi all, There is file disclosure bug in the application DB4Web. Attached you will find the advisory with technical details and vendors response. regards, Stefan Guardeonic Solutions AG (www.guardeonic.com) Security Advisory #01-2002 Advisory Name:DB4Web (R) File Disclosure Release

Lycos HTMLGear Guestbook Script Injection Vulnerability

Lycos offers several advanced web applications through a service called HTMLGear. Among the services offered are guestbooks. A vulnerability exists in the Lycos guestbook that could enable someone to launch an attack against visitors whose browsers supported inline CSS (IE, for example). By

joe editor backup problem

Hi all, there's a minor problem with the popular opensource editor 'joe' (http://sourceforge.net/projects/joe-editor/). The way how joe handles backup files may create unwanted suid files. Example situation: (1) unprivileged user creates some file and puts suid bit on it: trtko$ ls -l

nidump on OS X

Basically any normal user can get a dump of the passwd file and attempt brute force attacks on the encrypted passwds, it includes the root passwd. This problem has been around for well over a year, but Apple ignores it: http://www.securitytracker.com/alerts/2001/Jul/1001946.html

NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability

NSSI-Research Labs Security Advisory http://www.nssolution.com (Philippines / .ph) Maximum e-security http://nssilabs.nssolution.com Sygate Personal Firewall 5.0 IP Spoofing Vulnerability Author: Abraham Lincoln Hao / SunNinja e-Mail: [EMAIL PROTECTED] / [EMAIL PROTECTED] Advisory Code:

Re: Remote detection of vulnerable OpenSSL versions

Florian Weimer [EMAIL PROTECTED] writes: small overflow large overflow pre-0.9.6eno crashcrash 0.9.6e crash crash 0.9.6g error error When this bug first came out, I

Advisory: TCP-Connection risk in DB4Web

Hi all. It's me again. The application server DB4Web is able to initiate TCP connections to arbitrary ports/IPs and can possibly misused as a portscanner. Please see the attached advisory for deatils and vendors statement. regards, Stefan Guardeonic Solutions AG (www.guardeonic.com)

Re: nidump on OS X

On Sun, Sep 15, 2002 at 02:28:48PM -0700, Dale Harris wrote: However Apple hasn't seemed to bother addressing it yet since it still persists in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix this problem with a new major release. My understanding is that Apple is

Microsoft Windows Terminal Services vulnerabilities

I have just installed Windows XP Pro SP1 and found that the two vulnerabilities announced earlier in the week have been addressed. Microsoft Windows XP Remote Desktop denial of service is fixed. Microsoft Windows Remote Desktop Protocol checksum and keystroke is partially fixed: Microsoft

Re: Password Security Policy Question

Nate Lawson wrote: At 11:36 AM 9/10/2002 -0500, L. Adrian Griffis wrote: I am aware of a company that has instituted a policy that limits a specific character in people's passwords to being a numeric character. This policy, as described, does seem to be a very bad idea. I can't tell

Re: nidump on OS X

Disabling nidump wouldn't help, as this is NetInfo being a little too generous. You can also use, for example, niutil: niutil -read . /users/root You'll note nidump isn't setid-anything, so someone can simply copy it from another machine. Bryan On Sep 15, 2002 14:28, Dale Harris stated:

Trillian .74 and below, ident flaw.

Discovered: --- 03 September 2002 By Me, Lance Fitz-Herbert (aka phrizer). Vulnerable Applications: Tested On Trillian .74 and .73, But im guessing older versions are also vulnerable. Impact: --- Low-High. This could allow arbitary code to be executed on

Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities Revision 1.0 For Public Release 2002 September 18 08:00 (UTC -0800) -- Contents Summary

SuSE Security Announcement: xf86 (SuSE-SA:2002:032)

-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:xf86 Announcement-ID:SuSE-SA:2002:032 Date: Wed Sep 18

Re: nidump on OS X

I cannot reproduce this on my 10.2 system. It does give you the crypted password ofcurrent user but not the root user. However this does not prevent you from using'sudo' so in way way you still get root. /M Basically any normal user can get a dump of the passwd file and attempt brute

Re: OpenSSH 3.4p1 Privsep

On Mon, 2002-09-16 at 17:48:42 -0400, Andrew Danforth wrote... ; During authentication, OpenSSH 3.4p1 with privsep enabled passes the ; cleartext password from the main process to the privsep child using a ; pipe. Using strace or truss, root can see the user's plaintext password ; flying by. I

Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045 Revision 1.0 - Final For Public Release 2002 September 18 16:00 (UTC -0400) -

Cisco VPN 5000 client buffer overflow vulnerabilities.

** Subject : Cisco VPN 5000 client buffer overflow vulnerabilities Platforms : Linux and Solaris Versions : Linux versions prior to 5.2.7 and Solaris versions prior to 5.2.8 are affected.

[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 168-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 18th, 2002

Re: Trillian .74 and below, ident flaw.

Minor detail really, but under Windows 2000, code had to include winsock2.h, and remove include of windows.h to compile. // #include windows.h #include winsock2.h #include stdio.h #include stdlib.h #include windows.h #include stdio.h #include stdlib.h -- Jason

iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 09.18.2002 Security Vulnerabilities in OSF1/Tru64 3.x DESCRIPTION Three buffer overflow vulnerabilities exist in older versions of Tru64/OSF1. ISSUE 1 The uucp utility in Compaq’s Tru64/OSF1 3.x operating system

Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner

Foundstone Research Labs Advisory - 091802-ISSC Advisory Name: Remotely Exploitable Buffer Overflow in ISS Scanner Release Date: September 18, 2002 Application: ISS Scanner 6.2.1 Platforms: Windows NT/2000/XP Severity: Remote code execution Vendors: Internet Security

RE: Execution Rights Not Checked Correctly For 16-bit Applications

I wasn't able to duplicate this on a Windows 2000 SP3 box. I think it may have been fixed there, seeing as this document was written before SP3 was released. --Steve -Original Message- From: Torbjörn Hovmark [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 1:35 PM To:

Re: OpenSSH 3.4p1 Privsep

On 2002-09-16 17:48:42 -0400, Andrew Danforth wrote: During authentication, OpenSSH 3.4p1 with privsep enabled passes the cleartext password from the main process to the privsep child using a pipe. Using strace or truss, root can see the user's plaintext password flying by. Similar

trillian DoS: trillian 1.0 pro also vulnerable

followup to Lance Fitz-Herbert (aka phrizer)'s find earlier today. trillian pro 1.0 is also vulnerable to the DoS. no need to run C code, perl and netcat do it: perl -e 'print Ax450; print \n' | nc ip 113 same precautions ... disable (or filter) identd on that host. enjoy.

Web browser certificate Validation flaw: Netscape, Mozilla, MSIE vulnerable - still?

Group, I'm referring to the certificate validation issues that recently made huge press: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0862 I have seen all sorts of apocalyptic reports and anti-MS propaganda regarding the issue, but in-depth technical analysis can't be easily

Re: Bug in Opera and Konqueror

On Sunday 15 September 2002 19:07 pm, Zeux wrote: Read the attached advisory. It does not crash konqueror from KDE 3.0.1 or KDE 3.0.3 on my machines. They both load the image instantly. No large memory use or error messages. KDE bugs team don't seem to accept bugs from anything but the most

Re: Linux Slapper Worm

Not seeing any announcement from my vendor (and not wanting to compile SSL from source), I set out to see if there was some way of avoiding being infected in the first place. I decided to hack my Apache (1.3.26) source code to send a bogus Server: header (seeing as this is how Slapper detects

Mozilla vulnerabilities, an update

On September 9th I wrote the following to [EMAIL PROTECTED] -- START -- I noticed that you have published a list ( http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html ) of security issues that have been fixed in Mozilla 1.0.1 I would recommend posting this list to the Bugtraq

Fw: [ut2003bugs] remote denial of service in ut2003 demo

This might be of interest since the isse at hand is fixed now. - Original Message - From: Daniel Vogel [EMAIL PROTECTED] To: Arne Schwerdtfegger [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, September 14, 2002 11:11 PM Subject: RE: [ut2003bugs] remote denial of service in ut2003

The Art of Unspoofing

I found this on a site today, thought it might be of some intrest: The Art of Unspoofing Introduction The amount and frequency of denial of service attacks are escalating. It's becoming harder to track down the source who initiates them due to trace-evasion techniques. A raw

Re: OpenSSH 3.4p1 Privsep

| During authentication, OpenSSH 3.4p1 with privsep enabled passes the | cleartext password from the main process to the privsep child using a | pipe. Using strace or truss, root can see the user's plaintext password | flying by. I observed this behavior from OpenSSH 3.4p1 built using