|
|
Colapse all |
Post message
iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability 2005-02-11 iDefense Customer Service (customerservice idefense com) ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability iDEFENSE Security Advisory 02.11.05 www.idefense.com/application/poi/display?id=199&type=vulnerabilities February 11, 2005 I. BACKGROUND Zone Labs ZoneAlarm provides personal firewall protection. More information is available from: http [ more ] [ reply ] Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability 2005-02-11 Zone Labs Product Security (Product-Security zonelabs com) BrightStor ARCserve Backup buffer overflow PoC 2005-02-11 cybertronic gmx net //cybertronic (at) gmx (dot) net [email concealed] #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <netinet/in.h> #include <netdb.h> #define RED "\E[31m\E[1m" #define GREEN "\E[32m\E[1m" #define YELLOW "\E[33m\E[1m" #define BLUE "\E[34m\E[1m" #define NORMAL "\E[m" #define PORT 4 [ more ] [ reply ] [FLSA-2005:2353] Updated gpdf package fixes security issues 2005-02-10 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:2252] Updated iptables packages resolve security issues 2005-02-10 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:2352] Updated Xpdf package fixes security issues 2005-02-10 Marc Deslauriers (marcdeslauriers videotron ca) [USN-81-1] iptables vulnerability 2005-02-11 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-81-1 February 11, 2005 iptables vulnerability CAN-2004-0986 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The [ more ] [ reply ] [FLSA-2005:2188] Updated gaim package resolves security issues 2005-02-10 Marc Deslauriers (marcdeslauriers videotron ca) [USN-80-1] mod_python vulnerability 2005-02-11 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-80-1 February 11, 2005 libapache2-mod-python vulnerabilities CAN-2005-0088 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Wart [ more ] [ reply ] [SECURITY] [DSA 677-1] New sympa packages fix potential arbitrary code execution 2005-02-11 joey infodrom org (Martin Schulze) [SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root 2005-02-11 joey infodrom org (Martin Schulze) insecure temporary file creation in kdelibs 3.3.2 2005-02-11 Davide Madrisan (davide madrisan qilinux it) The `dcopidlng' script in the KDE library package (kdelibs-3.3.2/dcop/dcopidlng/dcopidlng) creates temporary files in a unsecure manner. This bug has been fixed in 32 minutes (!) by Stephan Kulow, the KDE team leader. Here you can found the official patch: http://bugs.kde.org/show_bug.cgi?id=9760 [ more ] [ reply ] [SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities 2005-02-11 joey infodrom org (Martin Schulze) Remotely Controlling XSS Attacks - Announcing XSS-Proxy 2005-02-11 Rager, Anton (Anton) (arager avaya com) All, I presented on this topic this past weekend at Shmoocon, but wanted to also brief the list on my persistent remote control XSS attack methods and a demonstration tool I've developed. I've combined common XSS exploitation techniques with Javascript Remoting and Session-Riding to create an att [ more ] [ reply ] MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability 2005-02-11 Mandrakelinux Security Team (security linux-mandrake com) MDKSA-2005:035 - Updated python packages fix vulnerability 2005-02-11 Mandrakelinux Security Team (security linux-mandrake com) MDKSA-2005:034 - Updated squid packages fix multiple vulnerabilities 2005-02-10 Mandrakelinux Security Team (security linux-mandrake com) MDKSA-2005:033 - Updated enscript packages fix multiple vulnerabilities 2005-02-10 Mandrakelinux Security Team (security linux-mandrake com) MDKSA-2005:032 - Updated cpio packages fix vulnerability 2005-02-10 Mandrakelinux Security Team (security linux-mandrake com) [SECURITY] [DSA 678-1] New netkit-rwho packages fix denial of service 2005-02-11 joey infodrom org (Martin Schulze) Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0 2005-02-10 Luigi Auriemma (aluigi autistici org) iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow 2005-02-09 iDefense Customer Service (customerservice idefense com) Computer Associates BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow Vulnerability iDEFENSE Security Advisory 02.09.05 www.idefense.com/application/poi/display?id=194&type=vulnerabilities February 09, 2005 I. BACKGROUND BrightStor ARCserve Backup for Windows delivers backup [ more ] [ reply ] |
|
Privacy Statement |
Symantec Security Advisory
SYM05-003
08 February, 2005
Symantec UPX Parsing Engine Heap Overflow
Revision History
2/9/2005 - Updated Vulnerability details and mitigations. Updated CVE Candidate Number
2/11/2005 - Configuration modifications tested and added to disable vulnerable module in SA
[ more ] [ reply ]