-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1878-1 secur...@debian.org
http://www.debian.org/security/ Florian Weimer
September 02, 2009
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1877-1 secur...@debian.org
http://www.debian.org/security/ Sebastien Delafond
September 02, 2009
The 4th international hacking and security conference "POC2009"
by hackers will be held in Seoul, Korea on November 5 ~ 6.
'POC' means Power of Community. We believe that the power of
community can make the world safer. POC doesnt pursue money.
So we are free to show real hacking and sec
no, MKDIR is *not* required, also write access is *not* required.
Assuming a directory with a name that starts with "A" exists and that is
at least 14 chars long, this pattern will trigger the overflow:
NLST [Ax206]*/../A*/../A*/../A*/../A*/../A*/../A*/../A*/\r\n
At least on win2k3. Therefore,
Dear Vladimir,
"almost" is often enough :)
btw, it was about triggering the vuln, not about exploiting it.
Guido Landi
Vladimir '3APA3A' Dubrovin wrote:
> Dear Guido Landi,
>
> For DoS - yes, you can use existing file, but it's (almost) impossible
> to create reliable code excution exp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Research by Hernan Pereira and associates.
No response from Speedy in the past 15 days.
Proceeding with disclosure.
A DoS vulnerability exists in NetCache proxies of at least some areas
of Speedy Argentina ISP (201.255.64/18), by which a URL could b
Dear Thierry Zoller,
I think yes, MKDIR is required. It should be variation of
S99-003/MS02-018. fuzzer should be very smart to create directory and
user both oversized buffer and ../ in NLST - it makes path longer than
MAX_PATH with existing directory.
--Monday, August 31, 20
Confirmed.
Ask yourselves why your fuzzers haven't found that one - Combination of
MKDIR are required before reaching vuln code ?
--
http://blog.zoller.lu
Thierry Zoller
===
Ubuntu Security Notice USN-810-2 September 02, 2009
nss regression
https://launchpad.net/bugs/409864
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04
Dear Guido Landi,
For DoS - yes, you can use existing file, but it's (almost) impossible
to create reliable code excution exploit since you can not (fully)
control return address, like required in JMP ESP technique used in this
exploit.
--Wednesday, September 2, 2009, 12:33:47 PM, you wr
===
Ubuntu Security Notice USN-827-1 September 01, 2009
dnsmasq vulnerabilities
CVE-2009-2957, CVE-2009-2958
===
A security issue affects the following Ubuntu releases:
Ubuntu 8
11 matches
Mail list logo