phion Security Advisory 26/09/2002
Microsoft PPTP Server and Client remote vulnerability
Summary
-
The Microsoft PPTP Service shipping with Windows 2000 and XP contains a
remotely exploitable pre-authentication bufferoverflow.
Affected Systems
In-Reply-To: [EMAIL PROTECTED]
RC3.0.5 is released to fix a security vulnerability recently posted on
Bugtraq ML.
Overview
===
There was a vunerability when a user previews/submits a news in the News
module, HTML tags were allowed to process.
Solution
===
All users are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The CVE for this issue in gv should have been CAN-2002-0838 instead
of CAN-2001-0832. There was a little confusion when Red Hat
originally assigned it to us out of their reserved pool. Sorry for
any inconvenience.
From: David Endler [EMAIL PROTECTED]
Date: Thu, 26 Sep 2002 08:58:48 -0600 (MDT)
A proof of concept exploit for Red Hat Linux designed by zen-parse is
attached to this message. It packages the overflow and shellcode in
the %%PageOrder: section of the PDF.
[root@victim]# ls -al
I got an awful lot of email from BUGTRAQers saying that the solution
for PHPNUKE's problems is to use Postnuke. This is obviously not
a panacea.
http://news.postnuke.com/modules.php?op=modloadname=Newsfile=indexcatid=topic=scriptalert(document.cookie);/script
It's obviously apparent that CMS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Boris,
Does not work for me:
boris@reston-0491:~/convert$ gv -v
gv 3.5.8 (debian)
boris@reston-0491:~/convert$ gv gv-exploit.pdf
Segmentation fault
boris@reston-0491:~/convert$ ls -al /tmp/itworked
ls: /tmp/itworked: No such file or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 149-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 26th, 2002
Hello again,
just to say that PostNuke ( fork of PHP-Nuke ) is vulnerable to the same
bugs
AND
it is possible to inject different SQL code in order to do other funny
but dangerous things.
Note to the guys of those projects:
Filter those URL entries!!!
Cheers,
Pedro Inacio
As it turns out the Postnuke issue in particular is a red herring.
As the lead developer describes it -- the cookie generated is a local
site cookie that is sandboxed within the confines of the
browser/session.
It is not the remote user's cookie.
It is easy to be fooled by such a vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple vulnerabilities in WASD http server for OpenVMS
Version 1.0, 25 Sept 2002.
0. Contents
1. Summary
2. Severity: Critical
3. Vulnerable versions
4. Description
5. Solutions
6. Examples of site weaknesses
7.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 09.26.2002
Exploitable Buffer Overflow in gv
DESCRIPTION
The gv program that is shipped on many Unix systems contains a buffer
overflow which can be exploited by an attacker sending a malformed
postscript or Adobe pdf
11 matches
Mail list logo