rPath Security Advisory: 2007-0057-1
Published: 2007-03-16
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
libwpd=/[EMAIL PROTECTED]:devel//1/0.8.9-1-0.1
References:
http://www.cve.mitre.org/cgi-bin/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:064
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:063
http://www.mandriva.com/security/
___
Tom Walsh said:
>So... either it is patched in the version I am looking at (unlikely)
>or this is a bogus report (like god knows how many others).
In this case, it looks legitimate for OLDER versions. See informal
analysis below.
The cause was dynamic variable evaluation, which is one of the
f
Mark Litchfield wrote:
> I have heard the comment "It's a huge conflict of interest" for one
> company to provide both an operating platform and a security platform"
> made by John Thompson (CEO Symantec) many times from many different
> people.
The only conflict that occurs to me is the commercia
I think that the issue as posed is a false dichotomy. Security is not
just a function of the operating system and whatever security features
are added to it, but also of the third-party software packages which
are installed, everything from Corel Draw to TurboTax. Any program
which can accept inp
Wouldn't it be wonderful if we could have this discussion without mentioning
the M-word?
It seems to me that the OS vendor's ethical obligation is to produce the
most secure platform they reasonably can and to fix any and all problems in
it for free. Beyond that, lots of security problems exploit
-- "We make I.T. Safe."
[Advisory Information]
- ---
Contact : Adriel T. Desautels
Researcher : Kevin Finisterre
Advisory ID : NETRAGARD-20070316
Pr
Mark Litchfield wrote:
I have heard the comment "It's a huge conflict of interest" for one
company to provide both an operating platform and a security platform"
made by John Thompson (CEO Symantec) many times from many different
people. See article below.
http://www2.csoonline.com/blog_vie
Mark Litchfield wrote:
> I have heard the comment "It's a huge conflict of interest" for one
> company to provide both an operating platform and a security platform"
> made by John Thompson (CEO Symantec) many times from many different
> people. See article below.
>
> http://www2.csoonline.com/blo
Imo, what J Thompson _meant_ to say was, "It's a pain for security ISVs who
have to find creative ways of selling features which are part of the OS; We
don't care if it's better for the end user, we care about our bottom line.
OS vendors should make no efforts at securing their products so that we,
I have heard the comment "It's a huge conflict of interest" for one company
to provide both an operating platform and a security platform" made by John
Thompson (CEO Symantec) many times from many different people. See article
below.
http://www2.csoonline.com/blog_view.html?CID=32554
In my p
Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
iDefense Security Advisory 03.16.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 16, 2007
I. BACKGROUND
libwpd is a C++ library used to decode and encode word perfect documents.
It is commonly used as a plug-in in word
I think an issue is that if they are providing an OS and charging for it, that
it should have these security features
by default. The user shouldn't have to pay additional money to ensure the
initial product they purchased
is secure. Not to mention of course certain vendors are going to start see
rPath Security Advisory: 2007-0056-1
Published: 2007-03-16
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Deterministic Weakness
Updated Versions:
gnupg=/[EMAIL PROTECTED]:devel//1/1.4.7-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
Hi out there,
seems to be quite the same exploit as the one appeared in middle January
which isn't very public and was marked as "private". The exploit code is
nearly the same such as the bug.
For a quick fix change the following line
if (is_array($_POST['applicationids'])) while (list($appl
This issue was fixed immediately (which is now a while back) and the
administrators of this site were informed by both snail mail and email
concerning the simple fix.
Dear Specialists,
Call For Papers for IT Underground 2007 - Dublin edition is now open.
We kindly invite you as a speaker to our conference to come and share
your experiences and insights about IT Security.
Prepare your BYOL (Bring Your Own Laptop) presentation or a lecture to
pass your knowledg
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Rot 13 <= (enkrypt.php) Remote File Disclosure Vulnerability
Script: Rot 13
Download:
http://www.holtstraeter.com/cybercheffe/scriptsharing/php/categories/misc/rot13.zip
Class: Remote File Disclosure Vulnerability
Discover: BorN To K!LL
Title: [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve
Backup Tape Engine and Portmapper Vulnerabilities
CA Vuln ID (CAID): 34817, 35058, 35158, 35159
CA Advisory Date: 2007-03-15
Reported By: McAfee
Impact: Remote attackers can cause a denial of service or
potentially execute arbi
*The MS07-012 patch that came out on Black Tuesday in Feb 2007 is not a
complete solution to the problem.*
Title: MFC42u.dll Off-by-Two Overflow
Date: 15 March 2007
Affected: Windows 2000, XP, 2003 (those that were affected by the MS07-012
patch)
Reported by: Greg Sinclair (gssincla...nnlsoftware
-=[Fusi0n Group]=-
# Script name .: DirectAdmin
# Script site .: http://directadmin.com
# Release Date : 15/03/2007
# Version .: All
# Find by .: Mandr4ke
# Contact .: Mandr4ke.root[at]gmail.com
# Greetings ...: Fusi0nGroup & DevilTeam & Nof
---
http://www.netsw.org/net/ip/filetrans/ftp/libftp/
Description
the library has a multiple (sprintf(), strcpy()) buffer overflow in
various functions.
Source errors
fvuln = FtpArchie() FtpDebugDebug() FtpOpenDir() FtpSize()
the FtpString is a typedef of an array with 256bytes:
FtpLibrary.h:
April, 2007, will be designated the "Month of Myspace Bugs, Yuss!" Reasons:
1. Myspace is important, in that there are a bazillion users and a
kajillion dollars involved.
2. "Months of Bugs" are whiny, attention-seeking ploys for acceptance.
Myspace's design use is to enable whiny, attenti
This appears to be mitigated in Vista by Protected Mode, which is on by
default, and denies access to local resources. If people decide to disable UAC,
they must accept the potential risks that come with it, such as this XSS
attack. I appreciate that this is a valid risk for XP.
Hi All,
During pentest i have noticed XSS bug in
PORTAL.wwv_main.render_warning_screen application of oracle portal.
http://somesite/pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl='
alert('inT')&p_newurl='alert('ellect')
Greets,
d3nx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1267-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 15th, 2006
> Among other things (password stealer), this BHO has backdoor and
> "botnet" capabilities, implementing several remote commands:
> + upload
> + run
> + update
> ...
Yeah, I love the KILLWINANDREBOOT command, which will basically delete
NTLDR and NTDETECT.COM before rebooting Windows ...
> Watch
28 matches
Mail list logo
