SecurityFocus

Permission problem in Skype BETA for linux 2004-12-22
Peter Conrad (conrad tivano de)

Date: December 2004

Product: Skype (http://skype.com/)

"Skype is free Internet telephony that just works.
Skype is for calling other people on their computers or phones.
Download Skype and start calling for free all over the world."

Affected versions:

Linux RPM's version 0.92.0.12, possibly ot

[ more ] [ reply ]

Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-21
Steven M. Christey (coley mitre org)

Besides which packages were found to be vulnerable, it seems like it
would be equally or more informative to know which other packages were
audited and not found to have bugs. The bulk of the "7500 man-hours"
were probably spent *confirming* the security of some of the software,
and some students

[ more ] [ reply ]

Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser Crash 2004-12-22
Wei Li (pcocop hotmail com)

Impact: Denial of service via network

Version(s):Realone 2.0(build 6.0.11.868)

I. BACKGROUND

<EMBED ...> puts a browser plugin in the page. A plugin is a special program located on the client computer (i.e. not on your web server) that handles its own special type of data file. The mo

[ more ] [ reply ]

possible local exploit via sendmail with procmail on solaris 2004-12-21
Michael Barnes (mbarnes compsci wm edu)

I was debugging a new procmail rule and noticed some strange information
in the logfile. It ended up to be mkdir complaining that it could not
create a directory because it existed. I found out that this was coming
from a user's .cshrc file that had something like:

if ( ! -r /home/user/TMPDIR ) t

[ more ] [ reply ]

[ GLSA 200412-23 ] Zwiki: XSS vulnerability 2004-12-21
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Re: phpBB Worm 2004-12-22
ycw1bh302 sneakemail com

In-Reply-To: <Pine.LNX.4.61.0412212325470.1764 (at) mailbox.prolocation (dot) net [email concealed]>

Forgive me if this is a newbie question, but a site I help run was hit by this, and I'm trying to understand it to protect against future worms.

The worm exploits the phpBB highlight vulnerability. It uses PHP to run Perl t

[ more ] [ reply ]

Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability 2004-12-22
Marc Schoenefeld (schonef uni-muenster de)

malware effecting broadband users in Israel 2004-12-22
Gadi Evron (gadi tehila gov il)

I got reports from several fellow ISP's here in Israel about this
happening, originally on an Israeli ISP's security information sharing list.

The dialer configuration is being modified, from "advanced" to "Basic",
a random host and the user name are changed to <random number>username
and some say

[ more ] [ reply ]

Sybase ASE 12.5.2 vulnerabilities 2004-12-22
NGSSoftware Insight Security Research (nisr ngssoftware com)

Sherief Hammad of NGSSoftware has discovered three high risk security
vulnerabilities in Sybase Adaptive Server Enterprise 12.5.2.

Sybase ASE versions 12.5.2 and older are vulnerable to these issues.

These vulnerabilities have now been fixed by Sybase in the Sybase
ASE 12.5.3 interim release which

[ more ] [ reply ]

MDKSA-2004:156 - Updated krb5 packages fix buffer overflow vulnerability 2004-12-22
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:155 - Updated logcheck packages fix temporary file vulnerability 2004-12-22
Mandrake Linux Security Team (security linux-mandrake com)

Local versus remote security holes 2004-12-22
D. J. Bernstein (djb cr yp to) (1 replies)

Stephen Harris writes:
> In your example, a local user MUST take action in order to perform
> the exploit, therefore the exploit is local.

Practically all UNIX security holes are ``local'' according to your
criterion. A peer-to-peer server, for example, or even a DNS server,
isn't started without a

[ more ] [ reply ]

Re: Local versus remote security holes 2004-12-22
Adam Shostack (adam homeport org)

SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2004:046) 2004-12-22
Marcus Meissner (meissner suse de)

[SECURITY] [DSA 615-1] New debmake package fixes insecure temporary directories 2004-12-22
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 615-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 22nd, 2004

[ more ] [ reply ]

MDKSA-2004:154 - Updated kdelibs packages fix multiple vulnerability 2004-12-22
Mandrake Linux Security Team (security linux-mandrake com)

SUSE Security Announcement: samba (SUSE-SA:2004:045) 2004-12-22
krahmer suse de (Sebastian Krahmer)

Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer. 2004-12-21
Berend-Jan Wever (skylined edup tudelft nl)

I thought it looked familiar:
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021272.html
It'll probably never get fixed.

Berend-Jan Wever
<skylined (at) edup.tudelft (dot) nl [email concealed]>
http://www.edup.tudelft.nl/~bjwever
SkyLined in #SkyLined on EFNET
PGP key ID: 0x48479882

----- Original Message -----
F

[ more ] [ reply ]

[SECURITY] [DSA 613-1] New ethereal packages fix denial of service 2004-12-21
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 613-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 21st, 2004

[ more ] [ reply ]