|
|
Colapse all |
Post message
Re: AIX 5.1/5.2/5.3 local root exploits (paginit issue) 2004-12-21 Shiva Persaud (shivapd us ibm com) cees-bart <ceesb (at) cs.ru (dot) nl [email concealed]> wrote on 12/20/2004 05:10:41 AM: > 2) the second is a classical stack overflow in a tool called paginit. > Note from the advisory below that AIX 5.1 is not affected by this issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Mon D [ more ] [ reply ] RE: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 Devin Ganger (DevinG 3sharp com) Jonathan T Rockway writes: > Regarding local versus remote, look at it this way: You have > a 100% secure system. Then you install NASM. Now a user > FROM THE NETWORK can send you some tainted assembly code for > you to assemble and he can compromise your account. That is > why it is consid [ more ] [ reply ] iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability 2004-12-21 customer service mailbox (customerservice idefense com) Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=175&type=vulnerabilities December 21, 2004 I. BACKGROUND HP-UX FTP Daemon is a service included in HP-UX that implements the File Transfer Protocol. II [ more ] [ reply ] iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability 2004-12-21 customer service mailbox (customerservice idefense com) libtiff STRIPOFFSETS Integer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=173&type=vulnerabilities December 21, 2004 I. BACKGROUND libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. [ more ] [ reply ] iDEFENSE Security Advisory 12.21.04: libtiff Directory Entry Count Integer Overflow Vulnerability 2004-12-21 customer service mailbox (customerservice idefense com) libtiff Directory Entry Count Integer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=174&type=vulnerabilities December 21, 2004 I. BACKGROUND This software provides support for the Tag Image File Format (TIFF), a widely used format for st [ more ] [ reply ] iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability 2004-12-21 customer service mailbox (customerservice idefense com) Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=176&type=vulnerabilities December 21, 2004 I. BACKGROUND Xine is a multimedia player which runs on multiple platforms. More informati [ more ] [ reply ] iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability 2004-12-21 customer service mailbox (customerservice idefense com) Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=177&type=vulnerabilities December 21, 2004 I. BACKGROUND Xine is a multimedia player which runs on multiple platforms. [ more ] [ reply ] iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability 2004-12-21 customer service mailbox (customerservice idefense com) Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=172&type=vulnerabilities December 21, 2004 I. BACKGROUND Xpdf is an open-source viewer for Portable Document Format (PDF) files. II. DESCRIPTION Remote [ more ] [ reply ] SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044) 2004-12-21 Marcus Meissner (meissner suse de) Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-20 Jonathan T Rockway (jrockw2 uic edu) (4 replies) Two points. Regarding local versus remote, look at it this way: You have a 100% secure system. Then you install NASM. Now a user FROM THE NETWORK can send you some tainted assembly code for you to assemble and he can compromise your account. That is why it is considered remote. Local would mea [ more ] [ reply ] Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 David F. Skoll (dfs roaringpenguin com) Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 Thor (thor hammerofgod com) Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 Dave Holland (dh3 sanger ac uk) Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 milw0rm Inc. (milw0rm gmail com) (1 replies) Re: DJB's students release 44 *nix software vulnerabilityadvisories 2004-12-21 Antoine Martin (antoine nagafix co uk) Xprobe 0.2.1 Released 2004-12-21 bugtraq sys-security com The xprobe2 development team is pleased to announce the immediate availability of Xprobe2 v0.2.1. Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques, some which where first to be introduced with Xprobe2, such as the usage of statistical analysis ('fuzz [ more ] [ reply ] phpBB Worm 2004-12-20 Shannon Lee (shannon webhostworks net) (2 replies) This morning one of our client's sites was found to have been defaced with the words "NeverEverNoSanity WebWorm Generation 9." The defacement appeared to take place on all .html files in the web root trees of multiple virtual hosts on the web server in a very short period of time. After some inves [ more ] [ reply ] Re: AIX 5.1/5.2/5.3 local root exploits (diag issue) 2004-12-21 Shiva Persaud (shivapd us ibm com) cees-bart <ceesb (at) cs.ru (dot) nl [email concealed]> wrote on 12/20/2004 05:10:41 AM: > 1) the first is a bug in all setuid diag related tools that use an > environment variable as a prefix to an external binary executed as root. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Mon Dec [ more ] [ reply ] [SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution 2004-12-21 joey infodrom org (Martin Schulze) Re: Wordpress 1.2.2 is still vulnerable 2004-12-21 Thomas Waldegger (bugtraq morph3us org) In-Reply-To: <20041216062119.9218.qmail (at) www.securityfocus (dot) com [email concealed]> Sry, but it's getting ridiculous. The new releases of wordpress - 1.2.2 stable and 1.3-alpha-5 unstable - are still vulnerable for some bugs I mentioned in my last message. XSS: /wp-login.php?action=login&redirect_to=[XSS] /wp- [ more ] [ reply ] [USN-43-1] groff utility vulnerabilities 2004-12-20 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-43-1 December 20, 2004 groff vulnerabilities http://bugs.debian.org/286371, http://bugs.debian.org/286372 =========================================================== A security issue affects the following Ubu [ more ] [ reply ] |
|
Privacy Statement |
vulnerability.
The worm uses this to create a perl script on the server and start it.
After the perl script starts it wipes itself out, then begans to search
via google.com/advanced_search for exploitable viewtopic.php files part from
[ more ] [ reply ]