SecurityFocus

Resources consumption in 602 Lan Suite 2004.0.04.0909 2004-11-06
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: 602 Lan Suite
http://www.software602.com/products/ls/
Versions: <= 2004.0.04.0909
Platforms: Windows
Bugs: A] resources consumption throug

[ more ] [ reply ]

[ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability 2004-11-06
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-10:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf 2004-11-06
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-30:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows 2004-11-06
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour 2004-11-05
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 585-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 5th, 2004

[ more ] [ reply ]

Making distinctions between similar-looking vulnerabilities 2004-11-05
Steven M. Christey (coley mitre org)

This is an obscure topic, but hopefully it's also informative.

Recently on Bugtraq, there was a thread regarding a dhcpd format
string bug that was accidentally linked to an unrelated bug, as begun
by infamous41md [1] and later clarified by Javier Fernandez-Sanguino
[2]. The thread illustrates a

[ more ] [ reply ]

Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow 2004-11-05
Josh Bressers (bressers redhat com)

On Fri, Nov 05, 2004 at 02:26:33PM +0100, Martin Pitt wrote:
> I prepared a small fix for this (see below). It does not make zip work
> with long file names, but at least it exits cleanly with giving the
> reason, and does not segfault.

This fix will allow zip to create an archive with very long fi

[ more ] [ reply ]

SSC Advisory TSA-053 (Ureach.com) 2004-11-05
Secure Science Corporation Advisory Notice (bugtraq securescience net)

[ more ] [ reply ]

[USN-17-1] passwd vulnerability 2004-11-04
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-17-1 November 04, 2004
passwd vulnerabilities
CAN-2004-1001
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The

[ more ] [ reply ]

In-game format string bug in the Lithtech engine 2004-11-05
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Lithtech engine
http://www.lithtech.com
Games: Alien vs Predator 2 <= 1.0.9.6
Blood 2

[ more ] [ reply ]

[FLSA-2004:2076] Updated foomatic package fixes securityvulnerability 2004-11-05
Marc Deslauriers (marcdeslauriers videotron ca)

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated foomatic package fixes security vulnerability
Advisory ID: FLSA:2076
Issue date: 2004-11-05
Product: Fedora Core
Keywords:

[ more ] [ reply ]

TSLSA-2004-0056 - apache 2004-11-05
Trustix Security Advisor (tsl trustix org)

FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall 2004-11-05
Graham, Brian (Brian Graham negt com)

I haven't seen this posted on Bugtraq yet so I thought I'd pass it along.

Cheers!

Brian Graham
Systems Administrator, NEGT

----------------------------------------------------------------
To err is human... to really foul up requires the root password.
-------------------------------------------

[ more ] [ reply ]

Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow 2004-11-05
Martin Pitt (martin pitt canonical com)

Hi!

vuln (at) hexview (dot) com [email concealed] [2004-11-03 15:11 -0800]:
> When zip performs recursive folder compression, it does not check
> for the length of resulting path. If the path is too long, a buffer
> overflow occurs leading to stack corruption and segmentation fault.
> It is possible to exploit this vulnerabili

[ more ] [ reply ]

[USN-18-1] zip vulnerability 2004-11-05
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-18-1 November 05, 2004
zip vulnerability
CAN-2004-1010
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The foll

[ more ] [ reply ]

Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems. 2004-11-05
ShineShadow (ss_contacts hotmail com)

TITLE: Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems.

BACKGROUND

Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest, most stable, secure and 100% virus fre

[ more ] [ reply ]

Re: debian dhcpd, old format string bug 2004-11-05
Martin Schulze (joey infodrom org)

Tarragon Allen wrote:
> > Debian dhcpd package.
> >
> > http://packages.debian.org/stable/net/dhcp
> >
> > It is vulnerable to the '02 format string bug.
> >
> > http://www.cert.org/advisories/CA-2002-12.html
>
> Firstly, good etiquette would have been for you to actually report the bug
> with Deb

[ more ] [ reply ]

RE: New Whitepaper - "Second-order Code Injection Attacks" 2004-11-05
Gunter Ollmann (NGS) (gunter ngssoftware com)

Jeff,

I see XSS as merely a subgroup of code injection attacks - and it is
important to make that distinction. While they (as in XSS) still get a lot
of press coverage, they're not particularly remarkable. The most effective
attacks abusing XSS vulnerabilities to date would probably be within
Phi

[ more ] [ reply ]

MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities 2004-11-05
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability 2004-11-05
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:125 - Updated iptables packages fix vulnerability 2004-11-04
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities 2004-11-04
Mandrake Linux Security Team (security linux-mandrake com)

Re: [ GLSA 200411-09 ] shadow: Unauthorized modification of account information 2004-11-04
Solar Designer (solar openwall com)

On Thu, Nov 04, 2004 at 09:22:24PM +0100, Matthias Geerdsen wrote:
> Severity: Low
> Title: shadow: Unauthorized modification of account information
[...]
> A flaw in the chfn and chsh utilities might allow modification of
> account properties by unauthorized users.
[...]
> A local attacker m

[ more ] [ reply ]

SSC Advisory TSA-052 (Callwave.com) 2004-11-04
Secure Science Corporation Advisory Notice (bugtraq securescience net)

--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com

[ more ] [ reply ]

[ GLSA 200411-09 ] shadow: Unauthorized modification of account information 2004-11-04
Matthias Geerdsen (vorlon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

SSC Advisory TSA-052 (Callwave.com) 2004-11-03
Secure Science Corporation Advisory Notice (bugtraq securescience net)

--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com

[ more ] [ reply ]

[ GLSA 200411-08 ] GD: Integer overflow 2004-11-03
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability 2004-11-04
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 584-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 4th, 2004

[ more ] [ reply ]

[CLA-2004:883] Conectiva Security Announcement - subversion 2004-11-04
Conectiva Updates (secure conectiva com br)

[CLA-2004:884] Conectiva Security Announcement - gaim 2004-11-04
Conectiva Updates (secure conectiva com br)