|
|
Colapse all |
Post message
[SECURITY] [DSA 749-1] New ettercap packages fix arbitrary code execution 2005-07-10 Michael Stone (mstone klecker debian org) [ GLSA 200507-08 ] phpGroupWare, eGroupWare: PHP script injection vulnerability 2005-07-10 Matthias Geerdsen (vorlon gentoo org) [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition 2005-07-11 Suresec Advisories (advisories suresec org) Suresec Security Advisory - #00004 10/07/05 Linux kernel ia32 compatibility race condition Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf> Description: A race condition vulnerability has been found in the ia32 compatibility execve() systemcall. [ more ] [ reply ] Bug Hosting Controller New (v6.1 - Hotfix 2.1) 2005-07-11 kehieuhoc yahoo com -= KeHieuHoc ? HCE GROUP =- Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerability : Multiple Unauthenticated information disclose Risk : high Vulnerable Versions: All versio [ more ] [ reply ] [SECURITY] [DSA 750-1] New dhcpcd packages fix denial of service 2005-07-11 joey infodrom org (Martin Schulze) [SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution 2005-07-11 Michael Stone (mstone klecker debian org) Re: [Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition 2005-07-11 Juergen Schmidt (ju heisec de) On Mon, 11 Jul 2005, Suresec Advisories wrote: > Suresec Security Advisory - #00004 > 10/07/05 > > Linux kernel ia32 compatibility race condition > Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf> > > Description: > > A race condition vulnerability [ more ] [ reply ] [ GLSA 200507-09 ] Adobe Acrobat Reader: Buffer overflow vulnerability 2005-07-11 Matthias Geerdsen (vorlon gentoo org) [SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability 2005-07-11 joey infodrom org (Martin Schulze) Re: A comment on using CPU resources 2005-07-09 Steven Champeon (schampeo hesketh com) on Sun, Jul 10, 2005 at 12:23:51AM +0530, Raghu Chinthoju wrote: > This isn't a new thing, stealing CPU cycles this way is known for some > time now. The following are the reasons I guess why this isn't > feasible: > > 1. No anonymity. The code is directly visible to the victim. It is, however, en [ more ] [ reply ] Re: A comment on using CPU resources 2005-07-09 Steven Champeon (schampeo hesketh com) on Sat, Jul 09, 2005 at 08:11:42PM +0200, Jeroen van Rijn wrote: > It is not inconceivable one could do something useful with > ecma/java/j-script too, however it would have to be some variant of > AJAX to be useful to whomever wrote/hosted the script? Only if you wanted the results posted back to [ more ] [ reply ] RE: A comment on using CPU resources 2005-07-09 Scott Marburger (s_marburger ip3 org) Several thoughts- I am reminded of some responses concerning "social engineering", and marvel as I see people with seven or eight browser windows open and minimized- in order to maintain "productivity". I have noticed on my own machine after having two or three windows open and closing all, that t [ more ] [ reply ] RE: A comment on using CPU resources 2005-07-09 Joseph Finley (jfinley securium net) (1 replies) Kind of like the commercialization of the SETI project combined with same approach of how these spyware company's drop code on your machine. I'm sure it's feasible and if it wasn't thought of before, you just now gave the idea :) Joe -----Original Message----- From: Gandalf The White [mailto:gan [ more ] [ reply ] A comment on using CPU resources, addendum. 2005-07-09 Jeroen van Rijn (xananda gmail com) Some other thoughts concerning the matter. Do keep in mind people don't usually spend a lot of time on a particular page, so if it's run in the background without people's consent, it's unlikely to be very useful. This may however not stop someone from trying to write some client gathering info [ more ] [ reply ] RE: [VOIPSEC] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages 2005-07-08 Walton, John Michael (John) (jmwalton avaya com) All- The Avaya Product Security Support Team (PSST) has been alerted to the "Weakness in processing SIP-Notify-Messages" advisory. We are in the process of investigating whether any Avaya SIP-enabled or H.323-enabled devices are affected by these issues. In addition, we are attempting to work wit [ more ] [ reply ] A comment on using CPU resources 2005-07-09 Gandalf The White (gandalf digital net) (6 replies) Greetings and Salutations: I had an issue with my Firefox browser. The browser was static, yet it was using 70% or 80% of the CPU of the system. It got me to thinking. Java is a programming language. What would prevent companies from running a java script on your computer while you are viewing [ more ] [ reply ] Re: /dev/random is probably not (fwd) 2005-07-08 Bencsath Boldizsar (boldi mail2005 etl hu) If interested, check out our old (2001) paper about gaining entropy from the network delays 'Collecting randomness from the net' http://citeseer.ist.psu.edu/565210.html or directly: http://www.crysys.hu/publications/files/BencsathV2001cms.pdf abstract: Random data in the work is collected from n [ more ] [ reply ] Re: /dev/random is probably not 2005-07-08 Stefan Bethke (s bethke tallence com) Am 07.07.2005 um 02:53 schrieb Kai Howells: [ Mac OS X entropy pool being periodically saved to a file and used on boot to prime the PRNG ] > Now this raises some interesting issues - such as where is the > entropy written to, and how much does this pool of entropy set the > state of the RNG [ more ] [ reply ] WindowsUpdate sending unsigned ActiveX ? 2005-07-08 Nestor Burma (goudron_et_plumes yahoo fr) Hello, As for today (July 8th), when contacting Windows Update, our Microsoft fiends sends back an _unsigned_ ActiveX (URL is http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu web_site.cab?1120844700102) Seems quite weird, especially since the web page says (as usual) to chec [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA 749-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 10, 2005
[ more ] [ reply ]