SecurityFocus

[SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability 2004-10-28
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 575-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 28th, 2004

[ more ] [ reply ]

[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal 2004-10-28
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 574-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 28th, 2004

[ more ] [ reply ]

Presentation: Bypassing client application protection techniques with notepad 2004-10-28
3APA3A (3APA3A security nnov ru)

Topic: Bypassing client application protection techniques
Category: Protection bypass
Affected products:
CheckPoint VPN-1(TM) & FireWall-1(R) NG with Application Intelligence
(R55) HFA 9
Microsoft Windows XP SP2
Agnitum Outpost Pro 2.1, 2.5
Tiny Firewall Pro v6.0.100
ZoneAlarm Pro with Web

[ more ] [ reply ]

High Risk Vulnerability in RealPlayer 2004-10-27
NGSSoftware Insight Security Research (nisr ngssoftware com)

John Heasman of NGSSoftware has discovered a high risk vulnerability in
RealPlayer.
Versions affected include:

RealPlayer 10.5 (6.0.12.1056)
RealPlayer 10.5 (6.0.12.1053)
RealPlayer 10.5 (6.0.12.1040)
RealPlayer 10.5 Beta (6.0.12.1016)
RealPlayer 10
RealOne Player v1, v2

The flaw permits executi

[ more ] [ reply ]

[security bulletin] SSRT3526 Serviceguard potential increase in privilege 2004-10-26
Boren, Rich (SSRT) (rich boren hp com)

RE: Update: Web browsers - a mini-farce (MSIE gives in) 2004-10-27
Michael Wojcik (Michael Wojcik microfocus com)

> From: Valdis.Kletnieks (at) vt (dot) edu [email concealed] [mailto:Valdis.Kletnieks (at) vt (dot) edu [email concealed]]
> Sent: Wednesday, 27 October, 2004 12:24
>
> On Wed, 27 Oct 2004 06:32:07 PDT, Michael Wojcik said:
>
> > > "A program designed for inputs from people is usually
> > > stressed beyond breaking point by computer-generated inputs.
>

[ more ] [ reply ]

High Risk Vulnerability in Quicktime for Windows 2004-10-27
NGSSoftware Insight Security Research (nisr ngssoftware com)

John Heasman of NGSSoftware has discovered a high risk vulnerability in
Quicktime for Windows.
Versions affected include:

Quicktime 6.5.2 and earlier

The flaw permits execution of arbitrary code from an HTML environment. The
patch can be downloaded from

http://www.apple.com/support/security/sec

[ more ] [ reply ]

[ GLSA 200410-29 ] PuTTY: Pre-authentication buffer overflow 2004-10-27
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

EEYE: RealPlayer Zipped Skin File Buffer Overflow 2004-10-27
Marc Maiffret (mmaiffret eeye com)

RealPlayer Zipped Skin File Buffer Overflow

Release Date:
October 27, 2004

Date Reported:
October 11, 2004

Severity:
High (Code Execution)

Vendor:
RealNetworks

Systems Affected:
For Microsoft Windows
RealPlayer 10.5 (6.0.12.1053 and earlier)
RealPlayer 10
RealOne Player v2
RealOne Player v1

Ov

[ more ] [ reply ]

Multiple Vulnerabilites in Quake II Server 2004-10-27
Richard Stanway (bugtraq secur1ty net)

Multiple Vulnerabilites in Quake II Server
==========================================
Product: Quake II
Version: Tested on 3.2x, likely all
Vendor: iD Software (http://www.idsoftware.com/)
Date: 2004-10-27
Risk: High (possible remote code execution)
URL: http://secur1ty.net/advisories/001

[ more ] [ reply ]

iDEFENSE Security Advisory 10.27.04 - PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability 2004-10-27
customer service mailbox (customerservice idefense com)

PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.27.04
www.idefense.com/application/poi/display?id=155&type=vulnerabilities
October 27, 2004

I. BACKGROUND

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix
platforms, along with an xterm terminal em

[ more ] [ reply ]

[CLA-2004:880] Conectiva Security Announcement - foomatic-filters 2004-10-27
Conectiva Updates (secure conectiva com br)

Crashs in Master of Orion III 1.2.5 2004-10-27
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Master of Orion III
http://moo3.quicksilver.com
Versions: <= 1.2.5
Platforms: Windows and MacOS
Bugs: - allocation error
- b

[ more ] [ reply ]

RE: Update: Web browsers - a mini-farce (MSIE gives in) 2004-10-27
Michael Wojcik (Michael Wojcik microfocus com) (1 replies)

> From: Valdis.Kletnieks (at) vt (dot) edu [email concealed] [mailto:Valdis.Kletnieks (at) vt (dot) edu [email concealed]]
> Sent: Monday, 25 October, 2004 21:25
>
> On Mon, 25 Oct 2004 09:03:20 EDT, David Brodbeck said:
>
> > Software should be able to deal with any input that's thrown at it.
>
> Two quotes come to mind:
>
> "A program designed for i

[ more ] [ reply ]

Re: Update: Web browsers - a mini-farce (MSIE gives in) 2004-10-27
Valdis Kletnieks vt edu

PuTTY SSH client vulnerability 2004-10-27
Anatole Shaw (anatole nationalsky com)

From http://www.chiark.greenend.org.uk/~sgtatham/putty/

======================================================================

2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56

PuTTY 0.56, released today, fixes a serious security hole which can
allow a server to execute code of its choice on

[ more ] [ reply ]

MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86 2004-10-27
Ramon de Carvalho Valle (ramondecarvalho yahoo com br)

Hi,

I have written a proof of concept code for one of the various buffer overflows reported by Deprotect and SCO in:

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7/SCOSA-2004.7.txt

http://www.deprotect.com/advisories/DEPROTECT-20040206.txt

The Common Vulnerabilities and Exposures pr

[ more ] [ reply ]

[CLA-2004:879] Conectiva Security Announcement - kernel 2004-10-26
Conectiva Updates (secure conectiva com br)

PTms04-030 2004-10-26
pigrelax (pigrelax yandex ru)

PTms04-030 - tool for checking WebDAV XML DoS vulnerability.

More information and download:

http://www.securitylab.ru/tools/48998.html

[ more ] [ reply ]

debian dhcpd, old format string bug 2004-10-26
infamous41md hotpop com

Subject:

Debian dhcpd package.

http://packages.debian.org/stable/net/dhcp

It is vulnerable to the '02 format string bug.

http://www.cert.org/advisories/CA-2002-12.html

--
-sean

[ more ] [ reply ]

Rendering large binary file as HTML makes Mozilla Firefox stop responding 2004-10-26
Peter Kruse (kruse krusesecurity dk)

Rendering large binary file as HTML makes Mozilla Firefox stop responding

Summary
Mozilla Firefox, Web-browser and a strong alternativ to Internet Explorer.
The Mozilla Firefox shippes with several bugs, making it possible to hang
the browser, eat up virtual memory, simply by hosting a binary renam

[ more ] [ reply ]

zgv image viewing heap overflows 2004-10-26
infamous41md hotpop com

++++++++++++++++++++++++++++++++++++++++++++

Subject:

zgv multiple heap overflows

++++++++++++++++++++++++++++++++++++++++++++

Product:

zgv is a picture viewer with a thumbnail-based file selector, for the Linux and
FreeBSD console (it uses svgalib). It's pretty featureful, and is probably the

[ more ] [ reply ]

[ GLSA 200410-23 ] Gaim: Multiple vulnerabilities 2004-10-24
Matthias Geerdsen (vorlon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

wvtfpd remote root heap overflow 2004-10-26
infamous41md hotpop com

Subject:

WVTFTPD heap overflow, remote root exploit

++++++++++++++++++++++++++++++++++++++++++++

Product:

WVTFTPD ... the world's fastest TFTP server.
http://open.nit.ca/wiki/index.php?page=WvTftp

Not used much yet b/c it's rather new, but other software by this company seems
to be in circulati

[ more ] [ reply ]

[ GLSA 200410-25 ] Netatalk: Insecure tempfile handling inetc2ps.sh 2004-10-25
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

pppd out of bounds memory access, possible DOS 2004-10-26
infamous41md hotpop com

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++

Subject:

pppd remote DOS.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++

Product Description:

ppp is an implementation of (PPP) Point-to-Point Protocol for Unix systems.

http://www.

[ more ] [ reply ]

Hawking Technologies HAR11A router considered insecure 2004-10-26
Marcus Garvey (dartroller mad scientist com)

The Hawking Technologies HAR11A modem//router is shipped insecure. It

suffers from the infamous Conexant security hole (

http://www.chiark.greenend.org.uk/~theom/security/origo.html ). You can

find lots of references to this in a google search for "conexant port

254".

You can see the Hawk

[ more ] [ reply ]