|
|
Colapse all |
Post message
[ GLSA 200411-17 ] mtink: Insecure tempfile handling 2004-11-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service 2004-11-09 Marc Maiffret (mmaiffret eeye com) Kerio Personal Firewall Multiple IP Options Denial of Service Release Date: November 9, 2004 Date Reported: October 30, 2004 Severity: High (Remote Denial of Service) Vendor: Kerio Systems Affected: Kerio Personal Firewall 4.1.1 and prior Overview: eEye Digital Security has discovered a severe [ more ] [ reply ] [SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution 2004-11-09 joey infodrom org (Martin Schulze) [SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution 2004-11-09 joey infodrom org (Martin Schulze) [USN-20-1] Ruby CGI module vulnerability 2004-11-08 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-20-1 November 08, 2004 ruby1.8 vulnerability CAN-2004-0983 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The [ more ] [ reply ] Re: [HV-LOW] Symantec LiveUpdate issues may cause DoS 2004-11-09 secure symantec com Symantec is aware of this posting. Symantec engineers are reviewing the issue. If it is validated we will respond accordingly. According to HexView's advisory, Symantec was notified 2004-11-03 and did not respond prior to HexView's posting. However, HexView's initial notification to Syman [ more ] [ reply ] [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution 2004-11-09 joey infodrom org (Martin Schulze) Vulnerabilities in JAF CMS 2004-11-09 y3dips (at) www.securityfocus (dot) com [email concealed],[ echo|staff ]@securityfocus.com (at) www.securityfocus (dot) com [email concealed] (y3dips echo or id) Re: Update: Web browsers - a mini-farce (MSIE gives in) 2004-11-09 Heikki Kortti (hkortti codenomicon com) It's been interesting to follow the discussion after Michal's original submission. Those readers who are familiar with the PROTOS style of testing and the results of that research will know how effective protocol-based invalid input testing has proven to be in catching at least a majority of common [ more ] [ reply ] BoF in Windows 2000: ddeshare.exe 2004-11-09 Jack C (jack crepinc com) (2 replies) Hello all, I found a static buffer overflow in ddeshare.exe on my Windows 2000, latest updates/service packs box tonight. It appears as though no bounds checking is performed on the share name before it is copied to the variable. Exploiting: Start up c:\winnt\system32\ddeshare.exe. Click shares [ more ] [ reply ] Re: New URL spoofing bug in Microsoft Internet Explorer 2004-11-08 roozbeh afrasiabi (roozbeh_afrasiabi yahoo com) MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability 2004-11-08 Mandrake Linux Security Team (security linux-mandrake com) Evidence Mounts that the Vote Was Hacked 2004-11-08 Atom 'Smasher' (atom suspicious org) (1 replies) [CLA-2004:886] Conectiva Security Announcement - xpdf 2004-11-08 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : xpdf SUMMARY : Fixes for xpdf vulnerabilities [ more ] [ reply ] [CLA-2004:888] Conectiva Security Announcement - libtiff3 2004-11-08 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : libtiff3 SUMMARY : Fixes for libtiff vulnerab [ more ] [ reply ] Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) 2004-11-08 Menashe Eliezer (menashe finjan com) In-Reply-To: <BAY10-DAV29UqLpHkat00000751 (at) hotmail (dot) com [email concealed]> The published exploit is working also with the <EMBED> tag, and not just with the <IFRAME> and the <FRAME> tags. Finjan's advisory can be found at: http://www.finjan.com/SecurityLab/AttackandExploitReports/alert_show.asp ?attack_release_i [ more ] [ reply ] [SECURITY] [DSA 586-1] New ruby packages fix denial of service 2004-11-08 joey infodrom org (Martin Schulze) [HV-LOW] Symantec LiveUpdate issues may cause DoS 2004-11-04 vuln hexview com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec LiveUpdate issues may cause DoS Classification: =============== Level: [LOW]-med-high-crit ID: HEXVIEW*2004*11*04*1 URL: http://www.hexview.com/docs/20041104-1.txt Overview: ========= Symantec LiveUpdate is an application designed to provide [ more ] [ reply ] [ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable bufferoverflow 2004-11-07 Luke Macken (lewk gentoo org) up-imapproxy DoS vulnerabilities 2004-11-07 Timo Sirainen (tss iki fi) Intro ----- up-imapproxy is an IMAP proxy which keeps connections open after client has logged out, and reuses it when client connects back. This is mostly useful for webmail-type clients. Summary ------- There are various bugs in up-imapproxy which can crash it. Since up-imapproxy runs in a sin [ more ] [ reply ] [ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling 2004-11-08 Thierry Carrez (koon gentoo org) Offline WPA-PSK auditing tool (coWPAtty) 2004-11-08 Joshua Wright (jwright hasborg com) A while back, Robert Moskowitz published a paper titled "Weakness in Passphrase Choice in WPA Interface" [1] that described a dictionary attack against wireless networks using the TKIP protocol with a pre-shared key (PSK). Even though the WPA-PSK authentication mechanism was intended to be used [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200411-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]