-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2130-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 10, 2010

[ more ]  [ reply ]

Hi All,

I was reading http://security.ece.cmu.edu/aeg/aeg-current.pdf. Is
anyone aware of recent patches to iwconfig for a buffer overrun? I did
not find any recent CVEs covering iwconfig.

Jeff

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02616748
Version: 1

HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities

NOTICE: The information in this Se

[ more ]  [ reply ]

Wow. I guess you didn't read the post either. I'm a bit surprised that a Sr. Network Engineer thinks that Group Policies "differentiate between local and Domain administrators." You're making it sound like you think Group Policy application has some "magic permissions" or something, or that a "do

[ more ]  [ reply ]

Trustwave's SpiderLabs Security Advisory TWSL2010-008:
Clear iSpot/Clearspot CSRF Vulnerabilities

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt

Published: 2010-12-10 Version: 1.0

Vendor: Clear (http://www.clear.com <http://www.clear.com/>)
Products: iSpot / ClearSpot 4G (http:/

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1032-1 December 11, 2010
exim4 vulnerability
CVE-2010-4344
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04

[ more ]  [ reply ]

I tested it on a VM with CentOS 5.5 i386 updated and did not work.

Last login: Tue Dec 13 12:48:54 2010
[root@localhost~]#nano full-nelson.c
[root@localhost~]#gcc-o full-nelson.c full-nelson
[root@localhost~]#./full-nelson
[*] Failed to open file descriptors.
[root@localhost~]# uname-a
Linux localh

[ more ]  [ reply ]

In whose universe? Did you even read the post? Local admins become LOCAL ADMINS by using a cached domain account who is a LOCAL ADMIN. You have to do it with the network cable unplugged. There is no privilege escalation here.

StenoPlasma's intent was to educate people on how things worked, an

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2132-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 11, 2010

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It has come to the attention of The Exim Maintainers that there is
an exploit circulating in the wild which affects versions of Exim
versions 4.69 and below -- Exim 4.70 was released in November 2009.
The flaw permits remote code execution over SMTP and

[ more ]  [ reply ]

Well, I'm a first time writer to Bugtraq, but this is interesting. I
commented out the call to clone(), and after it simply called
trigger(fildes), and apparently, it works. Only tested on a stock
install of Ubuntu 10.10, but I thought the bug was in clone()?

On 12/7/2010 2:25 PM, Dan Rosenberg wro

[ more ]  [ reply ]

"George Carlson" <gcarlson (at) vccs (dot) edu [email concealed]> wrote:

> Your objections are mostly true in a normal sense.

And in abnormal sense?

> However, it is not true when Group Policy is taken into account.

Group Policies need an AD. Cached credentials are only used locally,
for domain accounts, when the computer c

[ more ]  [ reply ]

iDefense Security Advisory 12.10.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 10, 2010

I. BACKGROUND

RealPlayer is RealNetworks's media player product used to render video
and other media. For more information, visit http://www.real.com/

II. DESCRIPTION

Remote exploitation of a

[ more ]  [ reply ]

# LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD
# bug discovered & exploited by Kingcope
#
# Dec 2010
# Lame Xploit Tested with success on
# FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86
# FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterp

[ more ]  [ reply ]

Your objections are mostly true in a normal sense. However, it is not
true when Group Policy is taken into account. Group Policies
differentiate between local and Domain administrators and so this
vulnerability is problematic for shops that differentiate between
desktop support and AD support.

G

[ more ]  [ reply ]

Title: Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability
Risk (CVSS2 Base Score): High (7.0)
Solutionary ID: SERT-VDN-1002
CVE ID: CVE-2010-4322
Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-
3-XSS-vulnerability.html
Product: Vib

[ more ]  [ reply ]

"StenoPlasma @ www.ExploitDevelopment.com" wrote:

Much ado about nothing!

> TITLE:
> Flaw in Microsoft Domain Account Caching Allows Local Workstation
> Admins to Temporarily Escalate Privileges and Login as Cached Domain
> Admin Accounts

There is NO privilege escalation. A local administrator is

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2131-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
December 10, 2010

[ more ]  [ reply ]

Title: ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability
Risk (CVSS2 Base Score): High (7.8)
Solutionary ID: SERT-VDN-1000
CVE ID: Pending
Solutionary Disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-Even
tlog-Analyzer-Syslog-Renite-DoS-v

[ more ]  [ reply ]

Title: ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities
Risk (CVSS2 Base Score): Low (3.9)
Solutionary ID: SERT-VDN-1001
CVE ID: Pending
Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-
vulnerabilities.html
Product:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[ PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow ]

Author: Maksymilian Arciemowicz

http://securityreason.com/

http://cxib.net/

Date:

- - Dis.: 11.11.2010

- - Pub.: 10.12.2010

CERT: VU#479900

CVE: CVE-2010-4409

CWE: CWE-189

Status

[ more ]  [ reply ]

www.eVuln.com advisory:
Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/159/summary.html
Details: http://evuln.com/vulns/159/description.html

-----------Summary-----------
eVuln ID: EV0159
Software: slickMsg
Version: 0.7-alpha
Critical Level: low
Type: Cross Site Scripting
Status:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:251
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1031-1 December 10, 2010
clamav vulnerabilities
CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
===========================================================

A security issue affects the following Ubuntu releas

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1020-1 December 09, 2010
thunderbird, thunderbird-locales vulnerabilities
CVE-2010-3768, CVE-2010-3776, CVE-2010-3777, CVE-2010-3778
===========================================================

A security

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1019-1 December 09, 2010
firefox, firefox-{3.0,3.5}, xulrunner-1.9.{1,2} vulnerabilities
CVE-2010-3766, CVE-2010-3767, CVE-2010-3768, CVE-2010-3770,
CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-37

[ more ]  [ reply ]

------------------------------------------------------------------------
--
www.ExploitDevelopment.com 2010-M$-002
------------------------------------------------------------------------
--

TITLE:
Flaw in Microsoft Domain Account Caching Allows Local Workstation
Admins to Temporarily Escalate Privil

[ more ]  [ reply ]

www.eVuln.com advisory:
Non-persistent XSS in BizDir
Summary: http://evuln.com/vulns/158/summary.html
Details: http://evuln.com/vulns/158/description.html

-----------Summary-----------
eVuln ID: EV0158
Software: BizDir
Vendor: LEXIPIXEL
Version: v.05.10
Critical Level: low
Type: Cross Site Script

[ more ]  [ reply ]

On Wed Dec 08, 2010 at 11:58:58, John Jacobs wrote:
>
> > I've included here a proof-of-concept local privilege escalation exploit
> > for Linux. Please read the header for an explanation of what's going
> > on. Without further ado, I present full-nelson.c:
>
> Hello Dan, is this exploitation no

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

CA20101209-01: Security Notice for CA XOsoft

Issued: December 9, 2010

CA Technologies support is alerting customers to a security risk with
CA XOsoft. A vulnerability exists that can allow a remote attacker to
execute arbitrary code. CA has issued a patch to ad

[ more ]  [ reply ]