SecurityFocus

[Security Bulletin] SSRT4867 rev.0 Netscape Directory Server on HP-UX LDAP remote buffer overflow 2004-12-23
Boren, Rich (SSRT) (rich boren hp com)

[ Security Bulletin ] SSRT4699 rev.0 HP-UX SAM local privilege increase 2004-12-23
Boren, Rich (SSRT) (rich boren hp com)

[USN-52-1] vim vulnerability 2004-12-23
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-52-1 December 23, 2004
vim vulnerability
CAN-2004-1138
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The foll

[ more ] [ reply ]

[USN-51-1] teTeX auxiliary script vulnerability 2004-12-23
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-51-1 December 23, 2004
tetex-bin vulnerability
http://bugs.debian.org/286370
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Wa

[ more ] [ reply ]

[USN-49-1] debmake vulnerability 2004-12-23
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-49-1 December 23, 2004
debmake vulnerability
CAN-2004-1179
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The

[ more ] [ reply ]

RE: phpBB Worm 2004-12-23
Ofer Shezaf (Ofer Shezaf breach com)

Interestingly enough the worm was probably developed on *nix and than
checked and corrected to work on Windows:

eval{
while(my @a = getpwent()) { push(@dirs, $a[7]);}
};

push(@dirs, '/ ');

the getpwent function is not supported on Windows. Actually the entire
loop that gets users home direc

[ more ] [ reply ]

[USN-48-1] xpdf, tetex-bin vulnerabilities 2004-12-23
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-48-1 December 23, 2004
xpdf, tetex-bin vulnerabilities
CAN-2004-1125
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Wart

[ more ] [ reply ]

RE: Crystal FTP Pro 2.8 PoC 2004-12-24
cybertronic gmx net

v0.2

ChangeLog:

-added 1 code, replaced bindcode & reversecode

-added way how to write to addr 0x0012f496

-removed register jumps

/*

12/23/2004

NOTES: -this piece of code is supposed to be PoC !

-Target Buffer Size: 328-68-4 is about 254 bytes

-RET Addr Space: 0x0012f496

[ more ] [ reply ]

RE: Local versus remote security holes 2004-12-22
David Brodbeck (DavidB mail interclean com)

> -----Original Message-----
> From: Adam Shostack [mailto:adam (at) homeport (dot) org [email concealed]]

> There is a rough standard for what local and remote mean. The
> standard may not be as precise as you'd like. Using old terms with
> new definitions doesn't advance the debate, it generates confusion.
> This is especi

[ more ] [ reply ]

WPkontakt message parsing error 2004-12-23
Jaroslaw Sajko (sloik man poznan pl)

Product: WPKontakt (<= 3.0.1)
Vendor: Wirtualna Polska (http://kontakt.wp.pl/index.html)
Impact: Remote script execution in Internet Zone
Severity: Medium
Authors: Blazej Miga <bla (at) man.poznan (dot) pl [email concealed]>,
Jaroslaw Sajko <sloik (at) man.poznan (dot) pl [email concealed]>
Advisory: http://www.man.poznan.pl/security/wpkontakt.html

[ more ] [ reply ]

Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-22
Crispin Cowan (crispin immunix com)

robert (at) dyadsecurity (dot) com [email concealed] wrote:

>What you have to ask yourself here is what do you fear more?:
>A) Do you fear wide spread worm based attacks where everyone knows about
>the problems at about the same time, and is more annoying than
>devistating?
>
>B) Do you fear directed malice attacks using infor

[ more ] [ reply ]

Inexcusable weakness in Kmail / GnuPG 2004-12-23
Thomas C. Greene (thomas greene theregister co uk)

This might well affect more than Kmail on Linux, but i don't do windows so i
wouldn't know. I'm dealing with GnuPG 0.9.5, Kmail 1.5.1, KDE 3.1.1, and
kernel 2.4.20, all patched within the past week.

I do hope that this problem has been discussed previously, because if i'm the
first person to n

[ more ] [ reply ]

RE: DJB's students release 44 *nix software vulnerability advisories 2004-12-23
Palmer, Paul (ISSAtlanta) (PPalmer iss net)

Jonathan,

You touch on a couple of topics which are worthy of exploring further.

First, lets talk about the nature of risk. It is not black and white. It
is a continuum, very difficult to measure exactly but can usually be
estimated. In the security profession you quickly learn that not only
can y

[ more ] [ reply ]

Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier 2004-12-23
GulfTech Security (security gulftech org)

##########################################################
# GulfTech Security Research December 22nd, 2004
##########################################################
# Vendor : Jason Morriss
# URL : http://www.psychostats.com/
# Version : PsychoStats 2.2.4 Beta && Earlier
# Risk :

[ more ] [ reply ]

[USN-47-1] Linux kernel vulnerabilities 2004-12-23
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-47-1 December 23, 2004
linux-source-2.6.8.1 vulnerabilities
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030011.h
tml
===========================================================

A security is

[ more ] [ reply ]

Crystal FTP Pro 2.8 PoC 2004-12-23
cybertronic gmx net

/*

12/23/2004

NOTES: this piece of code is supposed to be PoC !

-Target Buffer Size: 328-68-4 is about 254 bytes

-RET Addr Space: 0x0012f496 to 0x0012f594

-I tried some register jumps on WINXP PRO SP2

(see offset1 and offset2)

-Suggestions? Mail me! cyber

[ more ] [ reply ]

SHOUTcast remote format string vulnerability 2004-12-23
Damian Put (pucik cc-team org)

Product: SHOUTcast v1.9.4 (and older?)
Vendor: http://www.shoutcast.com
Vuln: Remote format string
BugFinder: Tomasz Trojanowski (onestep)
Author: Damian Put <pucik (at) cc-team (dot) org [email concealed]> www.CC-Team.org
Date: Dec 23, 2004

1. BACKGROUND

"SHOUTcast is Nullsoft's Free Winamp-based dis

[ more ] [ reply ]

Re: stick with "anonymous" or "authenticated" when describing 2004-12-23
Steven M. Christey (coley mitre org)

"Jonathan G. Lampe" <jonathan.lampe () standardnetworks ! com> said:

>So...I'd stick with "anonymous" or "authenticated" [instead of
>"credentialed"] when describing attacks on servers.

Based on what I've seen emerging in researcher reports and
vulnerability databases/notification services, the t

[ more ] [ reply ]

Microsoft Windows LoadImage API Integer Buffer overflow 2004-12-23
flashsky fangxing (flashsky xfocus org)

[Security Advisory]

Advisory: [AD_LAB-04004]Microsoft Windows LoadImage API Integer Buffer overflow

Class: Boundary Condition Error

DATE:12/20/2004

Remote: Yes

Vulnerable:

Windows NT

Windows 2000 SP0

Windows 2000 SP1

Windows 2000 SP2

Windows 2000 SP3

Windows 2000 S

[ more ] [ reply ]

Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation 2004-12-23
flashsky fangxing (flashsky xfocus org)

Venustech AD-Lab

www.venustech.com.cn

[Security Advisory]

Advisory: [AD_LAB-04003]Linux 2.6.* Kernel Capability LSM Module Local Privilege Elevation

Authors: liangbin (at) venustech.com (dot) cn [email concealed]

Release: 09/12/04

Class: Design Error

Remote: No, local

Vul

[ more ] [ reply ]