|
|
Colapse all |
Post message
Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports 2005-07-19 ak red-database-security com Re: Anonymous Anonymity - Request For Comments 2005-07-19 gandalf digital net Greetings and Salutations: From: Craig Skelton <cskelton (at) gmail (dot) com [email concealed]> > Take a look at Tor. > http://tor.eff.org/ > One of the biggest problems with Tor is bandwidth disparity. Many people have suggested that I take a look at TOR, and I have. In fact I was able to talk to some of the authors of tha [ more ] [ reply ] Mozilla cleartext credentials leak bug report to excuse myself (Re[2]: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein) 2005-07-19 3APA3A (3APA3A SECURITY NNOV RU) Dear Amit Klein (AKsecurity), --Tuesday, July 19, 2005, 10:22:59 PM, you wrote to 3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]: AKA> For example, no-one expects NTLM auth to protect data in transit. Actually, it may with NTLM Session Security. AKA> Few years ago Internet Explorer was patched to use NTLM [ more ] [ reply ] Re: On classifying attacks 2005-07-19 Crispin Cowan (crispin novell com) Black, Michael wrote: >You might try re-using the rather large effort that went into the CERT >taxonomy: >http://www.cert.org/research/taxonomy_988667.pdf > >You'll note the complete lack of "local" and "remote" in the taxonomy. > That pretty much tells me everything I need to know about whether I [ more ] [ reply ] Oracle Security Advisory: Run any OS Command via unauthorized Oracle Forms 2005-07-19 ak red-database-security com Dear Bugtraq Reader 3 months ago (15-april-2005) I informed the Oracle Security Team (secalert_us (at) oracle (dot) com [email concealed]) that I will publish bug details if the bugs are not fixed with the next critical patch update (CPU July 2005). I know that Oracle products are complex and a good patch quality need some tim [ more ] [ reply ] Oracle Security Advisory: Overwrite any file via desname in Oracle Reports 2005-07-19 ak red-database-security com Dear Bugtraq Reader 3 months ago (15-april-2005) I informed the Oracle Security Team (secalert_us (at) oracle (dot) com [email concealed]) that I will publish bug details if the bugs are not fixed with the next critical patch update (CPU July 2005). I know that Oracle products are complex and a good patch quality need some tim [ more ] [ reply ] HPSBUX01164 SSRT4884 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS) 2005-07-19 Security Alert (secure hpchs cup hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01164 REVISION: 4 SSRT4884 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS) NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information [ more ] [ reply ] Re: On classifying attacks 2005-07-19 Adam Shostack (adam homeport org) On Mon, Jul 18, 2005 at 10:49:00AM -0500, James Longstreet wrote: | > We disagree here. The vulnerability is neither truly remote nor | > local, in the normal senses as we have defined them here. It is a | > different kind of vulnerability altogether. The vulnerability is one | > to automatically [ more ] [ reply ] HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS) 2005-07-19 Security Alert (secure hpchs cup hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01137 REVISION: 4 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS) NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information [ more ] [ reply ] [SECURITY] [DSA 762-1] New affix packages fix arbitrary command and code execution 2005-07-19 joey infodrom org (Martin Schulze) [SECURITY] [DSA 761-1] New heartbeat packages fix insecure temporary files 2005-07-19 joey infodrom org (Martin Schulze) MDKSA-2005:121 - Updated nss_ldap/pam_ldap packages fix vulnerabilities 2005-07-19 Mandriva Security Team (security mandriva com) Re: On classifying attacks 2005-07-17 Crispin Cowan (crispin novell com) James Longstreet wrote: > On Jul 14, 2005, at 9:39 PM, Derek Martin wrote: > > >> This kind of attack has a name already: it is a trojan horse. > <snip> > >> But is this a remote exploit? > > No, it's not an exploit at all. Systems are not vulnerable to it > unless a local user runs an executable. [ more ] [ reply ] Anonymous Anonymity - Request For Comments 2005-07-17 Gandalf The White (gandalf digital net) (1 replies) Greetings and Salutations: I realize that this is not specifically a Bugtraq issue, but I have posted this to Usenet to the Privacy forums and received little to no response. I also consider Bugtraq to be the haven of the most premier security analysts available on "The Internet". I would apprec [ more ] [ reply ] Re: On classifying attacks 2005-07-18 Steven M. Christey (coley mitre org) Derek Martin said: >The vulnerability is neither truly remote nor local, in the normal >senses as we have defined them here. It is a different kind of >vulnerability altogether. The vulnerability is one to automatically >triggering trojan horses.... I agree with you on the need for a third cate [ more ] [ reply ] [SECURITY] [DSA 757-1] New krb5 packages fix multiple vulnerabilities 2005-07-17 Michael Stone (mstone klecker debian org) Re: Installation of software, and security. . . 2005-07-17 John Richard Moser (nigelenki comcast net) (4 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Klaus Schwenk wrote: > I had some similar thoughts on that topic recently and do agree with you that > the current habit of installation handling has several problems. > > First of all (at least on MS-based OS's) it's pretty hard to tell what exactly [ more ] [ reply ] Re: Installation of software, and security. . . 2005-07-19 Kerry Thompson (bugtraq security geek nz) RE: Installation of software, and security. . . 2005-07-18 Burton Strauss (Burton SmallNetSolutions com) Shorewall MACLIST Problem 2005-07-17 Patrick Blitz (blitz post891 org) Shorewall MACLIST Rules-Override Problem ------------------------------------ Release Date: 17.07.05 Severity: High Affected Version: Shorewall 2.2.x and 2.4.x ------------------------------------ Synopsis: A Problem has been reported in the Shorewall Firewall (http://shorewall.net) that enables a [ more ] [ reply ] [ GLSA 200507-17 ] Mozilla Thunderbird: Multiple vulnerabilities 2005-07-18 Thierry Carrez (koon gentoo org) |
|
Privacy Statement |
3 months ago (15-april-2005) I informed the Oracle Security Team (secalert_us (at) oracle (dot) com [email concealed]) that I will publish bug details if the bugs are not fixed with the next critical patch update (CPU July 2005). I know that Oracle products are complex and a good patch quality need some tim
[ more ] [ reply ]