Re: [Full-disclosure] Linux kernel exploit

On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote: Anyone tested this in sandbox yet? 00:37 linups:../expl/kernel cat /etc/*release* openSUSE 11.3 (i586) VERSION = 11.3 00:37 linups:../expl/kernel uname -r 2.6.34.4-0.1-desktop 00:37 linups:../expl/kernel gcc _2.6.37.local.c -o

Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability

On Mon, May 17, 2010 at 01:03:22PM +0100, Daniele Bianco wrote: #2010-001 multiple http client unexpected download filename vulnerability Description: The lftp, wget and lwp-download applications are ftp/http clients and file transfer tools supporting various network protocols. The

Re: Firefox 3.6 for Windows includes a forged CA cert

On Fri, Mar 19, 2010 at 08:22:16PM +, Francis Litterio wrote: In Firefox 3.6 for Windows, go to Tools - Options - Advanced - Encryption - View Certificates - Authorities and scroll down to the entry for Equifax Secure Inc. and you'll see a cert labeled MD5 Collisions Inc

Re: [Full-disclosure] month of PHP bugs, secondary message?

On Sun, Mar 04, 2007 at 05:56:09AM -0600, Gadi Evron wrote: - 3. Are PHP applications also a target of this initiative? No they are not. If you want a month of PHP application bugs you can subscribe to the bugtraq or full-disclosure mailinglists. snip -

Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!

On Sun, Dec 17, 2006 at 06:05:14PM +0800, Kamchybek Jusupov wrote: It's openoffice-2.0.4 (gentoo), and it did crashed with the below error... synack ~ $ oowriter2 12122006-djtest.doc Application ErrorApplication Error Fatal exception: Signal 6 Stack:

SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:gpg,liby2util Announcement ID:SUSE-SA:2006:009 Date:

Not completely fixed? (was: False positive signature verification in GnuPG)

On Wed, Feb 15, 2006 at 08:49:25AM +0100, Werner Koch wrote: False positive signature verification in GnuPG == Summary === The Gentoo project identified a security related bug in GnuPG. When using any current version

SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:nfs-server Announcement ID:SUSE-SA:2006:005 Date:

SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:novell-nrm Announcement ID:SUSE-SA:2006:002 Date:

SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:068)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:kernel Announcement ID:SUSE-SA:2005:068 Date:

SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:kernel Announcement ID:SUSE-SA:2005:067 Date:

Re: Webmin Doesn't Clean Env (root exploit)

and just quitted his browser or has it still open). Ciao, Marcus -- _ ___ / __// /Caldera (Deutschland) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_//_/ // Dipl. Inf. Marcus Meissner, email: [EMAIL PROTECTED

Re: Unsafe assumptions (Re: Mail delivery...)

/_//_/ // Dipl. Inf. Marcus Meissner, email: [EMAIL PROTECTED] /_/ ==phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux #include stdio.h #include stdlib.h #include paths.h #include sys/fcntl.h #include pwd.h int main(int argc, char **argv) { struct passwd

Re: /usr/bin/Mail buffer 0verfl0w

land) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_//_/ // Dipl. Inf. Marcus Meissner, email: [EMAIL PROTECTED] /_/ ==phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux