|
|
Colapse all |
Post message
MDKSA-2005:057 - Updated gnupg packages fix vulnerability 2005-03-15 Mandrakelinux Security Team (security linux-mandrake com) SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016) 2005-03-16 Marcus Meissner (meissner suse de) MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms 2005-03-15 Mandrakelinux Security Team (security linux-mandrake com) PlatinumFTPserver format string vulnerability ( IHSTeam ) 2005-03-16 c0d3r ihsteam com ********************************************************************** advisory URL : http://www.ihsteam.com/advisory/PlatinumFTPserver.txt ********************************************************************** ******************************************** IHS Iran Hackers Sabotage Public advisory [ more ] [ reply ] Multiple KDE Security Advisories (2005-03-16) 2005-03-16 Waldo Bastian (bastian kde org) Three KDE security advisories have been issued today. KDE Security Advisory: Local DCOP denial of service vulnerability Original Release Date: 20050316 URL: http://www.kde.org/info/security/advisory-20050316-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396 [ more ] [ reply ] ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability 2005-03-16 Piotr Bania (bania piotr gmail com) DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info Severity: High / Medium - code execution. Versions affected: Probably all versions, however tested on 4.7.0.830. [ more ] [ reply ] MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities 2005-03-15 Mandrakelinux Security Team (security linux-mandrake com) MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability 2005-03-15 Mandrakelinux Security Team (security linux-mandrake com) MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities 2005-03-15 Mandrakelinux Security Team (security linux-mandrake com) Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning 2005-03-15 Thierry Zoller (Thierry sniff-em com) Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning 2005-03-15 Dr. Peter Bieringer (pbieringer aerasec de) Hi Michael, --On Tuesday, March 15, 2005 01:51:55 PM -0600 "Michael J. Pomraning" <mjp-bugtraq (at) securepipe (dot) com [email concealed]> wrote: > On Mon, 14 Mar 2005, Dr. Peter Bieringer wrote: > >> during investigation of Sober.l we got the idea to replace the spaces of >> a filename contained in the ZIP archive by some [ more ] [ reply ] RE: SAV9 Functionality Hole - misses virus files 2005-03-15 Dewyngaert Brian Contr ANG/C4 (Brian Dewyngaert ang af mil) Please advise as to what version of SAV your refer to, as we have done several tests with File servers over here and are unable to reproduce the issue you state. In fact we see the exact opposite. We tested on SAV 9 MR3, with the Eicar test virus and each time we tried to push the file to the ser [ more ] [ reply ] GoodTech Telnet Server Buffer Overflow Vulnerability 2005-03-15 Komrade (unsecure altervista org) AUTHOR Komrade unsecure (at) altervista (dot) org [email concealed] Original advisory: http://unsecure.altervista.org/security/goodtechtelnet.htm DATE 15/03/2005 PRODUCT The product turns a Windows NT/2000/XP/2003 system into a multi-user Telnet server. Gives Telnet users full access to Windows NT command line. (informations [ more ] [ reply ] Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning 2005-03-15 bipin gautam (visitbipin yahoo com) Dr. Peter, My rants regarding similar issue dates back, Mar 05, 2004. There was some other issues in NAV product that i tried contacting SYMANTEC in 2003 (i guess). Symantec, discarded this issue. http://www.securityfocus.com/archive/1/357065 So did they to latest advisory!!! http://www.geocities [ more ] [ reply ] Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning 2005-03-15 Dr. Peter Bieringer (pbieringer aerasec de) (1 replies) --On Dienstag, 15. März 2005 08:34 -0800 bipin gautam <visitbipin (at) yahoo (dot) com [email concealed]> wrote: > I STIL FIND IT happy to > see there are lot of AV out there that cant scan such > file properly to detect virus. The problem must be located in the unzip engine: We've created a mixed ZIP now: # unzip -l mix [ more ] [ reply ] Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning 2005-03-15 Rodrigo Barbosa (rodrigob suespammers org) RE: SAV9 Functionality Hole - misses virus files 2005-03-15 Polazzo Justin (Justin Polazzo facilities gatech edu) Just got off the phone with Symantec gold support for a different reason but they had stated that while they do not scan Memory or the Swap File, the 0 Ring driver they use will scan anything written to a HDD. This would mean that if you have scanning of network drives enabled on the client, both se [ more ] [ reply ] UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities 2005-03-15 Thierry Carrez (koon gentoo org) [USN-95-1] Linux kernel vulnerabilities 2005-03-15 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-95-1 March 15, 2005 linux-source-2.6.8.1 vulnerabilities CAN-2005-0209, CAN-2005-0210, CAN-2005-0384, CAN-2005-0529, CAN-2005-0530, CAN-2005-0531, CAN-2005-0532, CAN-2005-0736 =============================== [ more ] [ reply ] [ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability 2005-03-15 Luke Macken (lewk gentoo org) Denial of Service Vulnerability in MySQL Server for Windows 2005-03-15 Luca Ercoli (io lucaercoli it) Package: MySQL Database Server for Windows Auth: http://www.mysql.com/ Version(s): 4.1.XX/4.0.XX/5.0.XX Vulnerability Type: Denial of Service Disclaimer: ========== The information is provided "as is" without warranty of any kind. The author of this issue shall not be held liable for any down [ more ] [ reply ] [ISR] Insecure communication and Reproduce the Session authentication 2005-03-15 Francisco Amato (famato infobyte com ar) || || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 03.15.2005 || .:: SUMMARY Novell iChain Administration HTTP Server: - Insecure communication - Reproduce the Session authentication Version: IChain Version v2.3, It is suspected that all previous versions of IChan are vulnerable [ more ] [ reply ] [ISR] - Novell iChain Mini FTP Server Bruteforce Problem 2005-03-15 Francisco Amato (famato infobyte com ar) || || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 03.15.2005 || .:: SUMMARY Novell iChain Mini FTP Server Bruteforce Problem .:: BACKGROUND The Novell iChain product provides identity-based web security services that control access to application and network resources across t [ more ] [ reply ] [ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability 2005-03-15 Francisco Amato (famato infobyte com ar) || || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 03.15.2005 || .:: SUMMARY Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability Version: IChain Version v2.3, It is suspected that all previous versions of IChan are vulnerable. .:: BACKGROUND The Nove [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gnupg
Advisory ID:
[ more ] [ reply ]