|
|
Colapse all |
Post message
Re: Linux zero IP ID vulnerability? 2006-03-22 GomoR (bugtraq gomor org) On Wed, Mar 15, 2006 at 10:26:00AM +0100, Marco Ivaldi wrote: [..] > Not sure i fully understand your comments... Anyway, here's an host > showing the flawed behaviour (Gentoo Linux 2.6.14-gentoo-r5 + grsec): Well, it may be related to GR security. SinFP[1] exploits a difference in IP ID generati [ more ] [ reply ] [HV-PAPER] Security Product Evaluation Tips 2006-03-22 vuln hexview com HexView is pleased to announce a publication on product evaluation techniques. The paper features 10 tips on how to perform an effective evaluation and choose the right product in the evolving information security market. The paper is targeted at the information security audiences in medium to large [ more ] [ reply ] Sudo tricks 2006-03-22 John Richard Moser (nigelenki comcast net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is kind of dumb, just a quick response to some of the stuff I've been seeing floating around the past few days WRT sudo. I was toying with the idea of equivalating access to the account to access to root. Here is a simple hack to break sudo and s [ more ] [ reply ] Popup Blocker Bypass Script 2006-03-23 James C. Slora, Jr. (james slora phra com) Tribal Fusion and other advertising sites are using virtually identical copies of a multi-exploit popup blocker bypass script. The script uses exploits of ocget.dll, OffProv11 and OfficeObj10 classes, the Google Toolbar, and JavaScript within a Shockwave Flash file. Some exploits look like a short [ more ] [ reply ] Re: Linux zero IP ID vulnerability? 2006-03-23 Marco Ivaldi (raptor 0xdeadbeef info) On Fri, 17 Mar 2006, Marco Ivaldi wrote: > After further testing, i confirm that Linux 2.6 seems to be vunerable in > every configuration i've seen so far. Since i didn't get any feedback > yet from the Linux kernel developers nor from Cisco (other vendors may > also be affected) i've the feeling t [ more ] [ reply ] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) 2006-03-23 Gadi Evron (ge linuxbox org) (2 replies) Tech details: Sendmail vulnerabilities were released yesterday. No real public announcements to speak of to the security community. SecuriTeam released some data: "Improper timeout calculation, usage of memory jumps and integer overflows allow attackers to perfom a race condition DoS on sendmail, a [ more ] [ reply ] Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) 2006-03-23 Dragos Ruiu (dr kyx net) trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] 2006-03-23 Gadi Evron (ge linuxbox org) Digital Armaments April-2006 Hacking Challenge: Oracle Database 2006-03-22 info digitalarmaments com Digital Armaments April Hacking Challenge: Oracle Challenge Publication is 03.22.2006 http://www.digitalarmaments.com/challenge200604647384.html I. Details Digital Armaments officially announce the launch of April hacking challenge. The challenge starts on April 1. For the April Challenge, Di [ more ] [ reply ] Secunia Research: Orion Application Server JSP Source DisclosureVulnerability 2006-03-23 Secunia Research (remove-vuln secunia com) Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution 2006-03-23 Secunia Research (remove-vuln secunia com) [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation 2006-03-23 Sune Kloppenborg Jeppesen (jaervosz gentoo org) iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability 2006-03-23 labs-no-reply (labs-no-reply idefense com) RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability iDefense Security Advisory 03.23.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404 March 23, 2006 I. BACKGROUND RealPlayer is an application for playing various media formats, develop [ more ] [ reply ] iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability 2006-03-23 labs-no-reply (labs-no-reply idefense com) ISS Multiple Products Local Privilege Escalation Vulnerability iDefense Security Advisory 03.23.05 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403 March 23, 2006 I. BACKGROUND Internet Security Systems (ISS) has developed a suite of tools aimed at securing server and deskt [ more ] [ reply ] Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution 2006-03-22 advisories computerterrorism com Computer Terrorism (UK) :: Incident Response Centre ====================================== Security Advisory :: CT22-03-2006 ------------------------------------------- Title: Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution Organisation: Computer Terrorism (UK) Web: www.c [ more ] [ reply ] [SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities 2006-03-23 Moritz Muehlenhoff (jmm debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- Debian Security Advisory DSA 1017-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Dann Frazier, Simon Horman March 23th, 2006 [ more ] [ reply ] Vulnerability Alert Services - Independent List 2006-03-23 Andy Cuff (AndyCuff securitywizardry com) Hello Love them or loathe them, commercial vulnerability alert services which report salient detail from lists such as Bugtraq and Full Disclosure fulfil a valuable security function to many organisations. We would like some help in updating the vendor agnostic view of all vulnerability alert serv [ more ] [ reply ] [KAPDA::#37] - CoMoblog XSS 2006-03-23 farhadkey kapda ir [KAPDA::#37] - CoMoblog XSS KAPDA New advisory CoMoblog XSS ------------------------------------------ Bug: http://victim/path/img.php?i=[CODE] Vendor: http://www.easymoblog.org/ Vulnerable: CoMoblog 1.1 ------------------------------------------ ------------------------------------------ Orgin [ more ] [ reply ] PasswordSafe 3.0 weak random number generator allows key recovery attack 2006-03-23 info elcomsoft com (1 replies) Title : PasswordSafe 3.0 weak random number generator allows key recovery attack Date : March 23, 2006 Product : PasswordSafe 3.0 Discovered by : ElcomSoft Co.Ltd. Overview ====================================================================== PasswordSafe is a program ori [ more ] [ reply ] Re: PasswordSafe 3.0 weak random number generator allows key recovery attack 2006-03-23 Dave Korn (davek_throwaway hotmail com) [SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution 2006-03-23 joey infodrom org (Martin Schulze) [ MDKSA-2006:059 ] - Updated kernel packages fix multiple vulnerabilities 2006-03-23 security mandriva com [SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution 2006-03-23 joey infodrom org (Martin Schulze) [USN-265-1] cairo/Evolution library vulnerability 2006-03-23 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-265-1 March 23, 2006 libcairo vulnerability CVE-2006-0528 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The [ more ] [ reply ] Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow 2006-03-23 Stefan Esser (sesser hardened-php net) sendmail vuln advisories (CVE-2006-0058) 2006-03-22 Marc Bejarano (bugtraq beej org) (1 replies) the official advisory from http://www.sendmail.com/company/advisory/ === Sendmail MTA Security Vulnerability March 22, 2006 I. Overview Sendmail, Inc. has recently become aware of a security vulnerability in certain versions of sendmail Mail Transfer Agent (MTA) and UNIX and Linux products that [ more ] [ reply ] |
|
Privacy Statement |
[ more ] [ reply ]