NFS Denial of Service advisory from Sun

Hello all, Today, Sun released an advisory (47815) about how the lockd can be used to cause a DoS of NFS. However they did not provide any details about how the lockd can be killed to trigger this. See http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47815zone_32=category%3Asecurity

Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability

In-Reply-To: [EMAIL PROTECTED] We have been unable to reproduce NSSI#8217;s findings using the information they supplied. We communicated our inability to verify the test results to NSSI and continue to test possible scenarios. Bottom line: 1) The alleged behavior does not

[SECURITY] [DSA 178-1] New Heimdal packages fix remote command execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 178-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 17th, 2002

Re: Linux Kernel Exploits / ABFrag

Hi, exist rumors about this exploit since 3 months. The archive aparently explores an imperfection in the TCP Sync (i dont know details about problem). Due to rumors, exist more two exploits for the problem (maybe fake). Some forums like ByteRage's PRIVATE forum was dicussing it in private (it is

GLSA: ggv

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-003 - - PACKAGE : ggv SUMMARY : buffer overflow EXPLOIT : local

[SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 177-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 17th, 2002

Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)

NGSSoftware Insight Security Research Advisory Name: Microsoft SQL Server Webtasks privilege elevation Systems: Microsoft SQL Server 2000 and 7 Severity: High Risk Vendor URL: http://www.microsoft.com/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL:

Re: Linux Kernel Exploits / ABFrag

In-Reply-To: [EMAIL PROTECTED] From: Peter Pentchev ([EMAIL PROTECTED]) Subject: Re: *BSD remote kernel-level (TCP/IP stack) vulnerability! - ABFrag.c Newsgroups: fa.freebsd.bugs Date: 2002-09-23 07:04:01 PST On Sun, Sep 22, 2002 at 03:51:54PM +0300, [EMAIL PROTECTED] wrote: Hello,

PGP Corporation Beta License Agreement

Can any one enlighten me on this statement in the PGP Corporation Beta License Agreement? YOU HEREBY EXPRESSLY CONSENT TO PGP'S PROCESSING OF YOUR PERSONAL DATA (WHICH MAY BE COLLECTED BY PGP OR ITS DISTRIBUTORS) ACCORDING TO PGP'S CURRENT PRIVACY POLICY. This is one of those touchy

Re: phptonuke allows Remote File Retrieving

On Thu, Oct 17, 2002 at 05:50:10AM +0800, Zero-X ScriptKiddy wrote: The file phptonuke.php from myphpnuke allows Remote File Retrieving. Exploit Example: http://website.com/phptonuke.php?filnavn=/etc/passwd This is not really a specific vulnerability in the application, but a more general

[RHSA-2002:206-12] New kernel fixes local security issues

- Red Hat, Inc. Red Hat Security Advisory Synopsis: New kernel fixes local security issues Advisory ID: RHSA-2002:206-12 Issue date:2002-09-23 Updated on:2002-10-15 Product:

[RHSA-2002:205-15] New kernel fixes local security issues

- Red Hat, Inc. Red Hat Security Advisory Synopsis: New kernel fixes local security issues Advisory ID: RHSA-2002:205-15 Issue date:2002-09-20 Updated on:2002-10-15 Product:

TSLSA-2002-0068-kernel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0068 Package name: kernel Summary: New upstream version Date: 2002-10-17 Affected versions: TSL 1.1,

[RHSA-2002:210-06] New kernel 2.2 packages fix local vulnerabilities

- Red Hat, Inc. Red Hat Security Advisory Synopsis: New kernel 2.2 packages fix local vulnerabilities Advisory ID: RHSA-2002:210-06 Issue date:2002-09-23 Updated on:2002-10-10

Solution: Kill a Unisys Clearpath with nmap port scan

In-Reply-To: [EMAIL PROTECTED] We've determined that the dynamic initialization feature of the ClearPath MCP environment is contributing to the high processor utilization and excessive log entries. To solve this, the customer can either disable the dynamic initialization feature for those

Re: Linux Kernel Exploits / ABFrag

Le jeu 17/10/2002 à 22:55, huang po a écrit : Even if it were true, it would be very much more harder to write so that it would affect *different* OS's: the differences in the TCP stacks are not that large, but significant for at least this purpose. I completly agree this point. For now, only

TSLSA-2002-0069-apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0069 Package name: apache Summary: New upstram version Date: 2002-10-17 Affected versions: TSL 1.1,

Re: PGP Corporation Beta License Agreement

Hello, if you read the introduction, PGP means the company, the program is ,,SOFTWARE'' in the agreement. So your personal data means the personal data, you will provide to the PGP company, not that one, that you give to the SOFTWARE. So it's quite clear, what's your personal data.

Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882switches

On Wed, 16 Oct 2002, Mike Scher wrote: 1) The accounts (manuf and diag) are clearly present in the config and easily seen with 'show running-conf' or 'show startup-conf' They are also documented in the Cajun guides, usually they just say 'don't touch these accounts' 2) They are system

Re: [SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Oct 17, 2002 at 07:44:29PM +0200, Martin Schulze wrote: Package: pam Vulnerability : serious security violation Problem-Type : remote Debian-specific: no Distributions : unstable only Paul Aurich and Samuele Giovanni