[SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit

2003-01-16 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 227-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January, 13th, 2003

[SECURITY] [DSA 229-1] New IMP packages fix SQL injection

2003-01-16 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 229-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 15th, 2003

Re: Local/remote mpg123 exploit

2003-01-16 Thread Benjamin Tober
In-Reply-To: [EMAIL PROTECTED] I'm not going to address the veracity of the narrative text of this posting, however the exploit is real. I believe that the patch to mpg123 given below closes this particular hole. I have no affiliation with the authors of mpg123 and haven't contacted them,

[RHSA-2003:001-16] Updated PostgreSQL packages fix security issues and bugs

2003-01-16 Thread bugzilla
- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated PostgreSQL packages fix security issues and bugs Advisory ID: RHSA-2003:001-16 Issue date:2003-01-14 Updated on:

Re: Local/remote mpg123 exploit

2003-01-16 Thread 3APA3A
Dear [EMAIL PROTECTED], Beside all the noise: it's trivial stack overflow due to invalid maximum frame size calculation in mpg123. Maximum frame size is defined to be 1792 (mpglib/mpg123.h) and 1920 (common.c where overflow probably actually occures). Gobblez construct frame (160 *

MDKSA-2003:006 - Updated OpenLDAP packages fix multiple vulnerabilities

2003-01-16 Thread Mandrake Linux Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: openldap Advisory ID:

[OpenPKG-SA-2003.001] OpenPKG Security Advisory (png)

2003-01-16 Thread OpenPKG
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

stunnel - exploit

2003-01-16 Thread Darell Esfandia
Hi, I attached an exploit for: http://online.securityfocus.com/bid/3748/info/ bugtraq id 3748 object class Input Validation Error cve CVE-2002-0002 remote Yes local No published Dec 22, 2001 updated Jan 17, 2002 vulnerable Stunnel Stunnel 3.20 + MandrakeSoft Linux Mandrake 8.1 +

[SECURITY] [DSA 229-2] New IMP packages fix SQL injection and typo

2003-01-16 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 229-2 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 15th, 2003

Security Update: [CSSA-2003-SCO.2] UnixWare 7.1.1 : multiple vulnerabilities in BIND (CERT CA-2002-31)

2003-01-16 Thread security
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:UnixWare 7.1.1 : multiple vulnerabilities in BIND (CERT CA-2002-31)

Re: More information regarding Etherleak

2003-01-16 Thread Peter Turczak
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 10 January 2003 18:02, Ofir Arkin wrote: Who is vulnerable? -- Josh Anderson and I tested several Ethernet cards and device drivers. We have found several device drivers which are vulnerable but we never attempted to