SecurityFocus

[SECURITY] [DSA 736-1] New spamassassin packages fix potential DOS 2005-07-01
Michael Stone (mstone klecker debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory 736-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 01, 2005

[ more ] [ reply ]

[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race 2005-07-01
Michael Stone (mstone klecker debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory 735-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 01, 2005

[ more ] [ reply ]

MDKSA-2005:111 - Updated 2.4 kernel packages fix multiple vulnerabilities 2005-06-30
Mandriva Security Team (security mandriva com)

MDKSA-2005:110 - Updated 2.6 kernel packages fix multiple vulnerabilities 2005-06-30
Mandriva Security Team (security mandriva com)

MDKSA-2005:109 - Updated php-pear packages fix remotely exploitable vulnerability 2005-06-30
Mandriva Security Team (security mandriva com)

MDKSA-2005:108 - Updated squirrelmail packages fix XSS vulnerabilities 2005-06-30
Mandriva Security Team (security mandriva com)

NetBSD Security Advisory 2005-001: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only) 2005-06-30
NetBSD Security-Officer (security-officer netbsd org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetBSD Security Advisory 2005-001
=================================

Topic: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only)

Version: NetBSD-current: affected, i386 on P4 with HTT and SMP kernels
NetBSD 2.0: affected, i386 on

[ more ] [ reply ]

Re: [Full-disclosure] Publishing exploit code - what is it good for 2005-06-30
devnull Rodents Montreal QC CA

[Because of all the broken autoresponders on bugtraq, the header From:
is a bitbucket. Use the address in the signature to reach me.]

>> Quote: " If I speak to an end-user organization and they express
>> legitimate needs for exploit code, then I'll change my opinion."

Well, I'm not an end-user o

[ more ] [ reply ]

Microsoft Windows NTFS Information Disclosure 2005-06-30
Matthew Murphy (mattmurphy kc rr com)

Microsoft Windows NTFS Information Disclosure

I. Synopsis

Affected Systems:
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003

Risk: Moderate
Impact: Local Information Leak
Status: Maintenance Release Planned (Uncoordinated release)
Author: Matthew Murphy

[ more ] [ reply ]

Anyone else having serious repercussions from applying W2k sp4 security rollup patch? 2005-06-30
gerald (geraldf westernsaw com)

Hi,all;

Has anyone else had serious trouble after applying Security rollup patch for
w2k server sp4?

Immediately after applying patch, DNS zones disappeared and all file
replication between DCs was terminated. Enforced replication was prevented
with "Access denied" message. DCs just stopped talk

[ more ] [ reply ]

[DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue 2005-06-29
Uwe Hermann (uwe hermann-uwe de)

------------------------------------------------------------------------
----
Drupal security advisory DRUPAL-SA-2005-003
------------------------------------------------------------------------
----
Advisory ID: DRUPAL-SA-2005-003
Date: 2005-jun-29
Securi

[ more ] [ reply ]

[DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue 2005-06-29
Uwe Hermann (uwe hermann-uwe de)

------------------------------------------------------------------------
----
Drupal security advisory DRUPAL-SA-2005-002
------------------------------------------------------------------------
----
Advisory ID: DRUPAL-SA-2005-002
Date: 2005-jun-29
Securi

[ more ] [ reply ]

Publishing exploit code - what is it good for 2005-06-30
Aviram Jenik (aviram beyondsecurity com) (2 replies)

Hi,

I recently had a discussion about the concept of full disclosure with one of
the top security analysts in a well-known analyst firm. Their claim was that
companies that release exploit code (like us, but this is also relevant for
bugtraq, full disclosure, and several security research firms)

[ more ] [ reply ]

Re: [Full-disclosure] Publishing exploit code - what is it good for 2005-06-30
Joachim Schipper (j schipper math uu nl)

Re: [Full-disclosure] Publishing exploit code - what is it good for 2005-06-30
bruen coldrain net

[SECURITY] [DSA 733-1] New crip packages fix insecure temporary files 2005-06-30
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 733-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 30th, 2005

[ more ] [ reply ]

Advisory 02/2005: Remote code execution in Serendipity 2005-06-29
Christopher Kunz (christopher kunz hardened-php net) (1 replies)

Hardened PHP Project
www.hardened-php.net

-= Security Advisory =-

Advisory: Remote code execution in Serendipity
Release Date: 2005/06/29
Last Modified: 2005/06/29
Author: Christopher Kunz <christopher.kunz

[ more ] [ reply ]

Re: Advisory 02/2005: Remote code execution in Serendipity 2005-06-29
GulfTech Security Research (security gulftech org)

Re: [Full-disclosure] Solaris 9/10 ld.so fun 2005-06-29
Casper Dik Sun COM

>I did the same. Patchrm-ed 112963-19 to -12. It still works for me.
>
>Uname -a :
>
>SunOS cf-node000 5.9 Generic_118558-09 sun4u sparc SUNW,Ultra-1

Please verify the md5 checksums of the resulting ld.so binaries
with the Solaris fingerprint database so you are certain exactly which
version yo

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-05:15.tcp 2005-06-29
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-05:14.bzip2 2005-06-29
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-05:13.ipfw 2005-06-29
FreeBSD Security Advisories (security-advisories freebsd org)

Mozilla Multiple Product JavaScript Issue 2005-06-29
Kurczaba Associates Advisories (advisories kurczaba com)

Mozilla Multiple Product JavaScript Issue
http://www.kurczaba.com/html/security/0506241.htm
-------------------------------------------------

Vendor:
Mozilla (http://www.mozilla.org)

Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4

Vulnerability/Exploit:
By using a specially crafted

[ more ] [ reply ]

In-game /ignore crash in Soldier of Fortune II 1.03 2005-06-29
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Soldier of Fortune II
http://sof2.ravensoft.com
Versions: 1.02x and 1.03
Platforms: Windows, Linux and Mac
Bug: bad memory access
Exploit

[ more ] [ reply ]

RE: Cisco VPN Concentrator Groupname Enumeration Vulnerability 2005-06-29
Dario Ciccarone (dciccaro) (dciccaro cisco com)

Cisco has made public a Security Notice, available at

http://www.cisco.com/warp/public/707/cisco-sn-20050624-vpn-grpname.shtml

which includes information about the issue, mitigation measures and
fixed software
availability.

We would like to thank Roy Hills and NTA-Monitor for following
responsi

[ more ] [ reply ]

[USN-146-1] Ruby vulnerability 2005-06-29
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-146-1 June 29, 2005
ruby1.8 vulnerability
CAN-2005-1992
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubunt

[ more ] [ reply ]