SecurityFocus

[SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files 2004-11-08
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 588-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 8th, 2004

[ more ] [ reply ]

[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7 2004-11-08
Gerald (Jerry) Carter (jerry samba org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Potential Remote Denial of Service
CVE #: CAN-2004-0930
Affected
Versions: Samba 3.0.x <= 3.0.7

Summary: A remote attacker could cause and smbd process
to consume abnormal amounts of system resources
due to an input validation error when

[ more ] [ reply ]

DOS against Java JNDI/DNS 2004-11-08
Kurt Huwig (k huwig iku-ag de)

[SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution 2004-11-08
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 587-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 8th, 2004

[ more ] [ reply ]

MSIE src&name property disclosure 2004-11-08
Berend-Jan Wever (skylined edup tudelft nl) (1 replies)

Hi all,

In response to statements found at
http://news.com.com/Exploit+code+makes+IE+flaw+more+dangerous/2100-1002_
3-5439370.html
"Microsoft is concerned that this new report of a vulnerability in
Internet Explorer was not disclosed responsibly, potentially putting
computer users at risk," the com

[ more ] [ reply ]

Re: [Full-Disclosure] MSIE src&name property disclosure 2004-11-08
Michal Zalewski (lcamtuf ghettot org)

[ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities 2004-11-07
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-13:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Microsoft Internet Explorer permits to examine the existence of local files 2004-11-06
Benjamin Tobias Franz (0-1-2-3 gmx de)

Microsoft Internet Explorer permits to examine the existence of local files

Description:
There is a security bug in Microsoft Internet Explorer, which allows to
check up existence of local files in system directories (Root (C:/),
WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND, Internet Explorer).
Suc

[ more ] [ reply ]

[USN-19-1] squid vulnerabilities 2004-11-06
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-19-1 November 06, 2004
squid vulnerabilities
CAN-2004-0832, CAN-2004-0918
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty

[ more ] [ reply ]

[ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow 2004-11-06
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-11:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Resources consumption in 602 Lan Suite 2004.0.04.0909 2004-11-06
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: 602 Lan Suite
http://www.software602.com/products/ls/
Versions: <= 2004.0.04.0909
Platforms: Windows
Bugs: A] resources consumption throug

[ more ] [ reply ]

[ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability 2004-11-06
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-10:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf 2004-11-06
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-30:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows 2004-11-06
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour 2004-11-05
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 585-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 5th, 2004

[ more ] [ reply ]

Making distinctions between similar-looking vulnerabilities 2004-11-05
Steven M. Christey (coley mitre org)

This is an obscure topic, but hopefully it's also informative.

Recently on Bugtraq, there was a thread regarding a dhcpd format
string bug that was accidentally linked to an unrelated bug, as begun
by infamous41md [1] and later clarified by Javier Fernandez-Sanguino
[2]. The thread illustrates a

[ more ] [ reply ]

SSC Advisory TSA-053 (Ureach.com) 2004-11-05
Secure Science Corporation Advisory Notice (bugtraq securescience net)

[ more ] [ reply ]

[USN-17-1] passwd vulnerability 2004-11-04
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-17-1 November 04, 2004
passwd vulnerabilities
CAN-2004-1001
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The

[ more ] [ reply ]

In-game format string bug in the Lithtech engine 2004-11-05
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Lithtech engine
http://www.lithtech.com
Games: Alien vs Predator 2 <= 1.0.9.6
Blood 2

[ more ] [ reply ]

[FLSA-2004:2076] Updated foomatic package fixes securityvulnerability 2004-11-05
Marc Deslauriers (marcdeslauriers videotron ca)

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated foomatic package fixes security vulnerability
Advisory ID: FLSA:2076
Issue date: 2004-11-05
Product: Fedora Core
Keywords:

[ more ] [ reply ]

TSLSA-2004-0056 - apache 2004-11-05
Trustix Security Advisor (tsl trustix org)

FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall 2004-11-05
Graham, Brian (Brian Graham negt com)

I haven't seen this posted on Bugtraq yet so I thought I'd pass it along.

Cheers!

Brian Graham
Systems Administrator, NEGT

----------------------------------------------------------------
To err is human... to really foul up requires the root password.
-------------------------------------------

[ more ] [ reply ]

[USN-18-1] zip vulnerability 2004-11-05
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-18-1 November 05, 2004
zip vulnerability
CAN-2004-1010
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The foll

[ more ] [ reply ]

Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems. 2004-11-05
ShineShadow (ss_contacts hotmail com)

TITLE: Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems.

BACKGROUND

Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest, most stable, secure and 100% virus fre

[ more ] [ reply ]

RE: New Whitepaper - "Second-order Code Injection Attacks" 2004-11-05
Gunter Ollmann (NGS) (gunter ngssoftware com)

Jeff,

I see XSS as merely a subgroup of code injection attacks - and it is
important to make that distinction. While they (as in XSS) still get a lot
of press coverage, they're not particularly remarkable. The most effective
attacks abusing XSS vulnerabilities to date would probably be within
Phi

[ more ] [ reply ]

MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities 2004-11-05
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability 2004-11-05
Mandrake Linux Security Team (security linux-mandrake com)