SecurityFocus

Insecure pty permissions in OS X < 10.4 2005-05-01
Matt Johnston (matt ucc asn au)

Hi all.

Mac OS X 10.3.x and earlier doesn't provide any mechanism
for non-setuid-root programs to change permissions on ptys.

Hence xterms, screen sessions, and Terminal.app windows (with
explicitly specified commands) are vulnerable to tty
sniffing. Note that using Terminal.app's standard termina

[ more ] [ reply ]

Clients format string and server crash in Mtp-Target 1.2.2 2005-05-01
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Mtp-Target
http://www.mtp-target.org
Versions: <= 1.2.2
Platforms: Windows and Linux
Bugs: A] clients format string
B] serve

[ more ] [ reply ]

[ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabilities 2005-05-01
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Multiple Vulnerabilities in Video Cam Server 1.0.0 2005-05-02
Donato Ferrante (fdonato autistici org)

Donato Ferrante

Application: Video Cam Server
http://vcs.raybase.com/

Version: 1.0.0

Bugs: Multiple Vulnerabilities

Date: 02-May-2005

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web:

[ more ] [ reply ]

DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' 2005-04-30
KF (lists) (kf_lists digitalmunition com)

as usual enjoy the typos!

[ more ] [ reply ]

Apache hacks (./atac, d0s.txt) 2005-04-29
Andrew Y Ng (ayn AndrewNg com)

My server has been seeing some usual activities today, I don't have much time
to get down to the bottom of things, but after I investigated briefly I have
decided to disable PERL executable permission for www-data (Apache process's
user), also locked /var/tmp so www-data cannot write to it.

Looks

[ more ] [ reply ]

Snmppd SNMP proxy daemon format string exploit 2005-04-29
cybertronic gmx net

/*
* Snmppd SNMP proxy daemon format string exploit
*
* cybertronic[at]gmx[dot]net
*
* 04/29/2005
*
* buffer space is 1024 bytes ( MAX_SNMPPD_OID_LEN
defined in snmppd-0.4.5/snmppd.h )
*
* Apr 29 16:01:31 ctronic snmppd[6274]: fd 5:
Request:
XAAAA_804a81e.bfffb9d4.0.0.0.0.352

[ more ] [ reply ]

Mac OS X Cocktail 3.5.4 admin password disclosure 2005-04-29
sonderling (sonderling hushmail com)

Application: Mac OS X Cocktail
Version: 3.5.4 and probably below
URL: www.macosxcocktail.com
Vulnerability: admin password disclosure

=======================================================

Vendor's description:

"Cocktail is a general purpose utility for Mac OS X. The
application serves up a scru

[ more ] [ reply ]

DEF CON - New CTF Organizers chosen! 2005-04-29
The Dark Tangent (dtangent defcon org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

DEF CON is proud to announce that the new hosts for Capture the Flag this year will be Kenshoto!

COMPETE! Capture the Flag has been reborn. A brave new group has stepped up to the plate and is continuing the tradition of savage virtual warfare. ?KENSH

[ more ] [ reply ]

[CAN-2005-1062] Administration protocol abuse allows local/remote password cracking 2005-04-29
Secure Computer Group (scg udc es)

______________________________________________________________________

Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/

-- x --

dotpi.com Information Technologies Research Labs

[ more ] [ reply ]

[CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service 2005-04-29
Secure Computer Group (scg udc es)

______________________________________________________________________

Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/

-- x --

dotpi.com Information Technologies Research Labs

[ more ] [ reply ]

MDKSA-2005:078 - Updated squid packages fix vulnerability 2005-04-29
Mandriva Security Team (security mandriva com)

MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability 2005-04-29
Mandriva Security Team (security mandriva com)

Multiples Full Path Disclosure in php-nuke 7.6 (and below) 2005-04-29
Luis Fernando (spiderkid gmail com)

Multiples Full Path Disclosure in php-nuke 7.6 (and below)
------------------------------------------------------------------------
---

Author: project-restart
Date: 27. April 2005
Location: Brazil
Web: http://www.project-restart.org/
Target: PHP-nuke 7.6 (and below)

------------------------------

[ more ] [ reply ]

MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities 2005-04-29
Mandriva Security Team (security mandriva com)

Golden FTP Server Pro remote stack BOF exploit (IHSTeam) 2005-04-29
c0d3r ihsteam com

see the attachment for details

[ more ] [ reply ]

NY sues Spyware Intermix, funded by Tiaa-Cref 2005-04-28
Paul Laudanski (zx castlecops com)

In a very revealing article:
http://castlecops.com/article-5943-nested-0-0.html the company Intermix
currently being sued by Attorney General Eliot Spitzer for being a "major
spyware distributor" has a wide and reaching/tangled web of funding and
history. Tiaa-Cref is one such funding institution

[ more ] [ reply ]

Safari HTTPS Overflow 2005-04-28
Gilbert Verdian (gverdian neoresearch org) (2 replies)

Found a bug in the latest Safari that comes with Panther 10.3.9 -
Safari 1.3 (v312), previous versions of Panther are also vulnerable.

The problem is with the URI input for HTTPS which causes Safari to
crash by inputting a large amount of A's i.e.

https://
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

[ more ] [ reply ]

Re: Safari HTTPS Overflow 2005-04-29
Braden Thomas (braden127 myrealbox com)

Re: Safari HTTPS Overflow 2005-04-29
David Riley (oscar the-rileys net)

Multiple Sql injections in phpCoin v1.2.2 and below 2005-04-28
dcrab (dcrab hackerscenter com)

Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple Sql injections in

[ more ] [ reply ]

DHS Security Contact 2005-04-28
Jason Coombs (jasonc science org)

Hi there,

Does anyone have a security contact at the Department of Homeland Security?

My past experience with CERT leads me to believe that real security issues that involve substantial threats rather than mere infosec trivial risks cannot be escalated through CERT.

How do we communicate computer

[ more ] [ reply ]

Cross Site Scripting in BEA Admin Console 2005-04-28
Alexander Kornbrust (ak red-database-security com)

Red-Database-Security GmbH Research Advisory

Name Cross Site Scripting in BEA Admin Console
Systems Affected BEA Admin Console 8.1
Severity Low Risk
Category Cross Site Scripting (CSS/XSS)
Vendor URL http://www.bea.com
Author Alexander Kor

[ more ] [ reply ]

[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection 2005-04-28
Zinho (zinho hackerscenter com)

Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory

Desc: SQL injection : Ocean12 Mailing list manager PRO 1.06
Vendor: www.ocean12scripts.com
Risk: High

An sql injection allows anyone to login as admin using this sql query in the logi

[ more ] [ reply ]