|
|
Colapse all |
Post message
[ GLSA 200508-02 ] ProFTPD: Format string vulnerabilities 2005-08-01 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [security bulletin] SSRT5931 rev.1 Apache on HP-UX Remote Denial of Service and client restriction bypass 2005-08-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01123 REVISION: 1 SSRT5931 rev.1 Apache on HP-UX Remote Denial of Service and client restriction bypass NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and [ more ] [ reply ] [USN-159-1] unzip vulnerability 2005-08-01 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-159-1 August 01, 2005 unzip vulnerability CAN-2005-0602 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] MySQL Eventum Multiple Vulnerabilities 2005-07-31 GulfTech Security Research (security gulftech org) [ GLSA 200507-28 ] AMD64 x86 emulation base libraries: Buffer overflow 2005-07-30 Thierry Carrez (koon gentoo org) [USN-158-1] gzip utility vulnerability 2005-08-01 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-158-1 August 01, 2005 gzip vulnerability CAN-2005-0758 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) U [ more ] [ reply ] [USN-157-1] Mozilla Thunderbird vulnerabilities 2005-08-01 Martin Pitt (martin pitt canonical com) ========================================================== Ubuntu Security Notice USN-157-1 August 01, 2005 mozilla-thunderbird vulnerabilities CAN-2005-0989, CAN-2005-1159, CAN-2005-1160, CAN-2005-1532, CAN-2005-2261, CAN-2005-2265, CAN-2005-2269, CAN-2005-2270, CAN-2005-2353 ============ [ more ] [ reply ] Re: On classifying attacks 2005-07-28 Daniel Weber (djweber alum mit edu) Crispin Cowan wrote: > I participated in that Lincoln Labs study, and my recollection is > that the remote/local distinction was already popular on bugtraq at > the time. I was working on that project, and Dr. Cowan's recollection matches mine. Talks of "local" and "remote" were already in use so [ more ] [ reply ] RE: uguestbook exploit 2005-07-28 Earnhart, Benjamin J (benjamin-earnhart uiowa edu) That's not a product-specific exploit or a flaw in the product. If somebody mis-configures their installation of it by putting the database file in a directory accessible via the web, then getting the database file is trivial for any package. The very first step in the documentation for uguestboo [ more ] [ reply ] ICMP attacks against TCP: Conclusions 2005-07-28 Fernando Gont (fernando frh utn edu ar) Folks, My posts to this list have tried to show how easy it is to perform ICMP attacks against TCP. The attacks are blind, so the attacker does not need to be a "man in the middle" to perform then. The typical number of packets required to perform any of these attacks is about 16000 (in many ca [ more ] [ reply ] Vulnerability in Trendmicro Officescan 2005-07-28 sylvain roger solucom fr I found a weakness in Trendmicro Office scan product which can be used by malicious people to fake a virus description. The vulnerability has been tested with Officescan 5.58, VSApINT : 7.510-1002, TmFilter 7.510.0.1002, Pattern 2.749 The vulnerability is the shared section weaknesses. The Pop3Trap. [ more ] [ reply ] ChurchInfo Multiple Vulnerabilities 2005-08-01 thegreatone2176 yahoo com ---------------------------------- ChurchInfo Multiple Vulnerabilities ---------------------------------- ChurchInfo is affected by mutliple path disclosures and sql injections. Vulnerabilties -------------- 1) The "PersonID" parameter on the following pages are vulnerable to sql injection and pa [ more ] [ reply ] [SECURITY] [DSA 771-1] New pdns packages fix denial of service 2005-08-01 joey infodrom org (Martin Schulze) Buffer overflow in BusinessMail email server system 4.60.00 2005-08-01 Reed Arvin (reedarvin gmail com) Summary: Buffer overflow in BusinessMail email server system 4.60.00 (http://www.netcplus.com/) Details: Input to the SMTP HELO and MAIL FROM: commands is not properly checked and/or filtered. Issuing a long argument to the HELO and MAIL FROM: commands will cause the corresponding process to die. [ more ] [ reply ] PHPList Vunerability 2005-07-31 ziot whataboutpp com http://example.com/lists/admin/?page=members&id=1%20union%20select%20nul l,password,null,null%20from%20phplist_admin%20where%20superuser=1/*sp_pa ssword Although not completely open because one must authenticate, but completely leaves the database open.. thus being a SQL Injection hole. [ more ] [ reply ] The Java applet sandbox and stateful firewalls 2005-07-30 Florian Weimer (fw deneb enyo de) The Java/Firewall vulnerability =============================== Current version: <http://www.enyo.de/fw/security/java-firewall/> The Java sandbox for applets and stateful firewalls interact in a surprising way. As a result, external hosts can initiate TCP connections to supposedly protected networ [ more ] [ reply ] [ GLSA 200508-01 ] Compress::Zlib: Buffer overflow 2005-08-01 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Undisclosed Sudo Vulnerability ? 2005-07-30 Esler, Joel - Contractor (joel esler rcert-s army mil) (1 replies) About two weeks ago, our proprietary LIDS detected some suspicious shell activity on an internal .mil machine i am in charged of. Our server runs latest up2date Debian GNU/Linux on 2.4.31 x86 with grsec/PaX enabled. Before shutting down the machine and reinstalling it from scratch, we installed sebe [ more ] [ reply ] RO CP root exploit 2005-07-30 fjlj wvi com effects all versions of ROCP on an apache based system how it is done first of all i was testing on my friends ragnarok server witch uses ROCP Version 4.3.4a on an apache based system and so i was stunmling through various files i shouldnt have access to such as http://server.com/CP/account_manage [ more ] [ reply ] Trillian Ver 3.1 saves password's in plain Text 2005-07-30 Suramya Tomar (security suramya com) Hi Everyone, I was playing around with Trillian Pro 3.1 Build 121 and noticed a very disturbing behavior when using it to check my yahoo mail. When you choose the option to check your yahoo email from Trillian (The little connection ball -> Check Yahoo Mail) it creates a temp file in the <Insta [ more ] [ reply ] Tool release: Xprobe2 v0.3 2005-07-29 Ofir Arkin (bugtraq sys-security com) The xprobe2 development team is pleased to announce the immediate availability of Xprobe2 v0.3. Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques, some which where first to be introduced with Xprobe2, such as the usage of statistical analysis ('fu [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]