[Full-disclosure] Advisory 2006-03-11 Directory Transversal in

2006-03-11 Thread Suresec Advisories \r\n
ed on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-891531 to this issue. APPENDIX A. - Vendor Information http://www.tripwire.com/ APPENDIX B. - References NONE CONTACT: * Suresec Advisories [EMAIL PROTECTED] *1-888-LOL-

[Full-disclosure] [ Suresec Advisories ] - Mac OS X (xnu) multiple information leaks.

2005-11-07 Thread suresec advisories
Suresec Security Advisory - #8 07/11/2005 Mac OS X (xnu) - Multiple information leaks. Advisory: http://www.suresec.org/advisories/adv8.pdf Description: The Mac OS X kernel has several information leaks. In certain cases this might be sensitive information, such as portions of the file c

[Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.

2005-09-25 Thread [ Suresec Advisories ]
Suresec Security Advisory - #7 25/09/2005Mac OS X - malloc() insecure use of environment variable. Advisory: http://www.suresec.org/advisories/adv7.pdf Description: The malloc() function on Mac OS X insecurely trusts a debug variable, regardless of the fact that the calling application may be s

[Full-disclosure] [ Suresec Advisories ] - Kcheckpass file creation vulnerability

2005-09-07 Thread Suresec Advisories
Suresec Security Advisory - #6 05/09/05 Kcheckpass file creation vulnerability Advisory: http://www.suresec.org/advisories/adv6.pdf Description: A lockfile handling error was found in kcheckpass which can, in certain configurations be used to create world writable files. Exploitation of t

[Full-disclosure] [ Suresec Advisories ] - Several MacOS X vulnerabilities

2005-08-22 Thread Suresec Advisories
Suresec Security Advisory - #5 22/08/05 Several MacOS X vulnerabilities Advisory: http://www.suresec.org/advisories/adv5.pdf Description: 2 bufferoverflows in ping and traceroute were found. Additionaly a vulnerability was found in dsindentity that allows any user to remove useraccounts

[Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition

2005-07-10 Thread Suresec Advisories
Suresec Security Advisory - #4 10/07/05 Linux kernel ia32 compatibility race condition Advisory: http://www.suresec.org/advisories/adv4.pdf Description: A race condition vulnerability has been found in the ia32 compatibility execve() systemca

[Full-disclosure] [ Suresec Advisories ] - Mac OS X 10.4 - launchd local root vulnerability

2005-06-08 Thread [ Suresec Advisories ]
Securesec Security Advisory - #3 09/06/05 Apple Mac OS X 10.4 launchd race condition vulnerability Advisory: http://www.suresec.org/advisories/adv3.pdf Description: A race condition vulnerability has been found in the temporary file creation done by the suid launchd program on Mac OSX 1