-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SOFTWARE SECURITY RESPONSE TEAM
Compaq Global Services - Compaq Computer Corporation
Send Security Incident email to: [EMAIL PROTECTED]
JOIN OUR SECURITY ADVISORY MAILING LIST!
http://www.support.compaq.com/patches/mailing-list.shtml
=
Over the weekend, I will be returning the Bugtraq helm to Aleph One. It
has been a pleasure and an honor to moderate the list, and thank you all
for your patience with me while I "got the hang of it". It's certainly
more difficult than it looks :)
Best wishes,
Ben Greenbaum
D
-- Forwarded message --
Date: Thu, 1 Mar 2001 03:46:37 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
===
hat most
people need to know to run a secure network or even to clearly understand
the original problem, so I'm afraid this conversation is going to have to
go elsewhere. Thanks to everyone who participated.
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
Ivan Arce of CORE-SDI has written an excellent study of the issues
surrounding vulnerability publishing. It is very relevant to what we all
do here everyday, and I hope you find it interesting. It's available at:
http://tisc.corecom.com/newsletters/33.html
Enjoy,
Ben Greenbaum
Director of
-- Forwarded message --
Date: Mon, 26 Feb 2001 10:44:04 -0600
From: "Boren, Rich" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: FW: COMPAQ SSRT0708U Security Advisory Tru64 V5.1 (only) inetd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-- Forwarded message --
Date: Mon, 26 Feb 2001 03:46:38 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
==
elves constitute a risk. If people have specific examples of
scenarios where a lock-down procedure or product fails to block access to
something that is supposed to be blocked, that is a different matter, but
please do not submit things that only give you the same access level you
already have :)
Thank you
preciated.
Regards
FX
--
dev <[EMAIL PROTECTED]>
Phenoelit (http://www.phenoelit.de)
--------
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
-- Forwarded message --
Date: Thu, 22 Feb 2001 03:41:53 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
==
-- Forwarded message --
Date: Wed, 21 Feb 2001 03:51:18 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
==
this
message will trigger the same problem, but interested users can view the
original message at:
http://www.securityfocus.com/archive/1/163938
Yes, going to that URL may cause your AV software to act up again.
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
HP Support Information Digests
===
o IT Resource Center World Wide Web Service
---
If you subscribed through the IT Resource Center and would
HP Support Information Digests
===
o IT Resource Center World Wide Web Service
---
If you subscribed through the IT Resource Center and would
-- Forwarded message --
Date: Tue, 13 Feb 2001 03:53:58 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
==
$ ssh -l mypasswd host
> This even applies to Windows SSH vs. telnet clients.
Not always. I can think of one Windows SSH client off the top of my head
that will prompt for the username and password seperately - SecureCRT. I'm
sure there are others as well that I'm just not thi
176932 Nov 21 23:53 /usr/bin/ssh
[kerouac:mg:~]ssh -V
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
[kerouac:mg:~]rpm -qf /usr/bin/ssh
openssh-clients-2.3.0p1-4
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
el/unproven-pthreads
version 0.17 or later), or by NetBSD patches.
(Moderator, I'm presuming you'll either include this in your next
summary, or just ignore it. Either way is fine by me, as is clipping
the above for a summary.)
~ g r @ eclipsed.net
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
-- Forwarded message --
From: Microsoft Product Security <[EMAIL PROTECTED]>
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
ytes && sent_bytes == isc_bufferlist_usedcount(&bufferlist)) failed
Feb 7 09:21:15 XX named[223]: exiting (due to assertion failure)
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
t 10.1.1.2#137: error
sending response: operation canceled
Feb 6 21:06:45 x /usr/bind/named[56945]: mem.c:1404:
REQUIRE(mpctx->allocated == 0) failed
Feb 6 21:06:45 x /usr/bind/named[56945]: exiting (due to assertion
failure)
Feb 6 16:06:45 x /kernel: pid 56945 (named), uid 53: exi
ffect.
------
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
break;
default:
INSIST(0);
}
}
searching for INSIST in source code tree also reveals this :
in "bin/tests/system/resolver/tests.sh"
"# If the server has the "INSIST(!external)" bug, this query will kill it.
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1"
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
er a security vulnerability THAT
NO ONE ELSE IS! Makes *no* sense whatsoever. It strikes
me as arrogant, condescending, elitist hogwash.
I fear it would lull folks into a false sense of security
and that it is just another attempt at security through
obscurity.
From: Security Admin <[EMAIL PROTECTED]>
VERY harmful. This is screaming for a code-fork, for the same procedure
that happend with SSH. If ISC doesn't back off, we're soon gonna have
OpenBind.
> Requirements of bind-members will be:
> 4. Members will sign strong nondisclosure agreements
This is heavy. I wouldn't do that. I'd rather write my own DNS.
> Features and benefits of "bind-members" status will include:
>
> 2. Reception of early warnings of security or other important flaws
And this sounds rather fishy as well. Is nominum perhaps pulling strings?
--
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
I have been asked to forward this to the list by an anonymous
contributor:
Original Message-
I find this rather disturbing that some systems will still be vulnerable
till April, 2001. Luckily for any that are interested, you can integrate
Open Source bind wit
-- Forwarded message --
Date: Mon, 29 Jan 2001 22:21:39 -0800
From: Microsoft Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin (MS01-004)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
-- Forwarded message --
Date: Tue, 30 Jan 2001 11:00:47 -0800
From: Microsoft Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin (MS01-005)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
-- Forwarded message --
Date: Mon, 29 Jan 2001 03:50:20 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins
-- Forwarded message --
Date: Thu, 25 Jan 2001 11:23:44 -0800
From: Microsoft Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin (MS01-003)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
-- Forwarded message --
Date: Thu, 25 Jan 2001 19:14:17 -0800
From: Microsoft Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin MS01-002 (version 2.0)
The following is a Security Bulletin from the Microsoft Product Security
Notificati
Allaire posted the following security bulletin to their site recently. The
online version can be found at:
http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full
Allaire Security Bulletin (ASB01-02)
JRun 3.0: Patch available for JRun malformed URI WE
The URL given by Dan Kaminsky in a previous message for the Peter Gutmann
paper "Secure Deletion of Data from Magnetic and Solid-State Memory" seems
to be not working. A working URL is:
http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
Ben Greenbaum
Director of Site Content
Sec
-- Forwarded message --
Date: Thu, 18 Jan 2001 04:02:29 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
==
With the adoption of this new advisory format, we will once again be
posting Microsoft advisories to Bugtraq. Kudos to MS for listening to the
security community and reacting accordingly!
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
-- Forwarded
://www.cert.org/advisories/CA-2001-01.html
IBphoenix advisory:
http://www.cert.org/advisories/CA-2001-01.html
More details:
http://firebird.ibphoenix.com/home.nfs?a=ibphoenix&s=979249465:352&page=starkey
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
Summary of responses:
--
From: Jag <[EMAIL PROTECTED]>
On Wed, 10 Jan 2001, Thomas T. Veldhouse wrote:
> This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
> following your example.
I have reproduced it with glibc-2.2 and openssh-2.3.0p1 The k
summary of responses:
-
From: Allen Bolderoff <[EMAIL PROTECTED]>
latest reiserfs patches and 2.4 kernel is fine here
--
From: "Brandon S. Allbery KF8NH" <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
+
Summary of responses to .nsf/../ issue:
---
From: [EMAIL PROTECTED]
Domino is installed in D:\programme\notes, the data-directory
is D:\programme\notes\data (an NT4 box with Domino R4.6.7):
with http://myserver/.nsf/../Programme/notes/data/notes.ini
I might therefore rea
-- Forwarded message --
Date: Tue, 9 Jan 2001 03:53:04 -0800 (PST)
From: IT Resource Center <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security bulletins digest
HP Support Information Digests
===
roduce the problem
---
From: [EMAIL PROTECTED]
NT 4 (german) SP5 is vulnerable too, but Dominos below 5.0.4 doesn`t seem
to have this malfunction.
it was possible to get any file instead of NSFs, any suggestions why? could
it be possible to change the partition?
---
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
ailure
rate is highly dependent on the timing and speed of the scan, indicates
that this is a timing window or race condition in the TCP/IP stack on the
older JetDirect.
Ben Greenbaum
Director of Site Content
Security Focus
http://www.securityfocus.com
could
have been used. For example an alert box telling the user to uninstall or
disable other AV products, or a prompt asking the user for permission
before blowing other paid-for software away would be more reasonable.
My 2 cents,
Ben Greenbaum
Director of Site Content
Security Focus
http://www.securityfocus.com
nged to /exist
Much better...
Can anyone with prior versions check for this option?
Ben Greenbaum
Director of Site Content
Security Focus
http://www.securityfocus.com
ete table structure of a database,etc are frightening.
-End Forwarded Message-
This is a known issue with several web applications that use an SQL
database. More information on this particular case, including patch
locations, is available at:
http://www.securityfocus.com/bid/994
Thank you,
B
Dom2sid is now available at Security Focus at:
http://www.securityfocus.com/level2/?go=tools&id=1239
Also, sid2user and user2sid are available at:
http://www.securityfocus.com/level2/?go=tools&id=544
Thanks!
Ben Greenbaum
Director of Site Content
Security Focus
http://www.securityfocus.com
This was already discovered and publicized by Arne Vidstrom on Oct 1. For
more information, see:
http://www.securityfocus.com/bid/730
Ben Greenbaum
Site Content Manager
Security Focus
http://www.securityfocus.com
This was sent to [EMAIL PROTECTED] and is a good workaround for the
subst problem posted here earlier. I repost it to the list with the
author's permission. Thanks David!
Ben Greenbaum
Site Content Manager
Security Focus
http://www.securityfocus.com
-- Forwarded message --
-- Forwarded message --
Date: Mon, 29 Nov 1999 17:18:19 -0800
From: Microsoft Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin (MS99-051)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
, but at the time of this posting it wasn't up yet.
Ben Greenbaum
Site Content Manager
Security Focus
http://www.securityfocus.com
y cannot be used to delete or modify files on the
vulnerable IE5 client. The vulnerability can only retrieve text files or
small parts of binary files.
Ben Greenbaum
Site Content Manager
Security Focus
http://www.securityfocus.com
http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip
Ben Greenbaum
SecurityFocus
www.securityfocus.com
m/level2/?go=vulnerabilities&id=561
http://www.securityfocus.com/level2/?go=vulnerabilities&id=562
Ben Greenbaum
SecurityFocus
www.securityfocus.com
Network Engineer
[EMAIL PROTECTED]
________
Ben Greenbaum
SecurityFocus
www.securityfocus.com
explorer.exe,
nddeagnt.exe, taskmgr.exe and userinit.exe .
To test this: Log in as a normal user. Copy command.com to your home
directory and rename it explorer.exe. Log out and log back in.
Ben Greenbaum
SecurityFocus
www.securityfocus.com
54 matches
Mail list logo
