Your test scripts GPFed Netscape 4.51 on our lab's "victim" Windows 98 system,
but did not execute an exploit.
--Brett Glass
At 11:45 PM 9/2/99 +0900, DEF CON ZERO WINDOW wrote:
>Hi,
>
> I discovered a buffer overflow bug which causes huge security hole on the `Netsc
I'd recommend that all BSD users add Darren's rules as a first-pass
fix for the problem. IPFilter also runs on Linux, but doesn't come
with all distros. To get it, see http://cheops.anu.edu.au/~avalon/
--Brett Glass
Tim:
Good summary!
You might want to add that, under FreeBSD 3.4 and FreeBSD-Current,
you can also turn on tcp_restrict_rst and it will help some (not
an ideal fix, but it's something that can be done quickly.
You will most likely have to recompile the kernel
with the TCP_RESTRICT_RST option fir
ated users will know how to find and read them),
users are strongly motivated to click the button.
I do not know whether the URLs sent by either product are being
used to gather statistics on the frequency of attacks or as a
means of piracy detection. They certainly could be, if the vendors
had a min
x27;d like to do, since
Microsoft's patches (by its own admission) do not solve the
entire problem.
--Brett Glass
At 08:00 PM 3/29/2001, Microsoft Product Security wrote:
>The following is a Security Bulletin from the Microsoft Product Security
>Notification Service.
>
>Please
At 01:25 PM 4/12/2002, Manuel Bouyer wrote:
>NetBSD isn't vulnerable either.
What about Solaris? Its /bin/mail does not appear to have the -I
option.
--Brett Glass
Question: Is Ilfak's patch still needed for Windows 95, 98, SE and ME
systems, for which Microsoft is refusing to provide a patch? To what
extent are these systems vulnerable if not patched?
--Brett Glass
for logins than when
it can't -- allowing an attacker to focus password guessing attacks
on user IDs with which it would have a chance of gaining access.
For those folks out there who are more familiar with OpenSSH than I
am: How hard would it be to make the responses indistinguishable?
--Brett Glass
