|
|
Colapse all |
Post message
[SECURITY] [DSA 572-1] New ecartis packages fix unauthorised access to admin interface 2004-10-21 joey infodrom org (Martin Schulze) NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability 2004-10-21 NSFOCUS Security Team (security nsfocus com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NSFOCUS Security Advisory(SA2004-02) Topic: HP-UX stmkfont Local Privilege Escalation Vulnerability Release Date: 2004-10-20 CVE CAN ID: CAN-2004-0965 http://www.nsfocus.com/english/homepage/research/0402.htm Affected system: =================== - [ more ] [ reply ] CAN-2004-0814: Linux terminal layer races 2004-10-20 Alan Cox (alan lxorguk ukuu org uk) Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places. Firstly a user can cause crashes and other undefined behaviour by issuing a TIOCSETLD ioctl on a terminal interfac [ more ] [ reply ] Critical Vulnerability in Altiris Deployment Server architecture 2004-10-21 Brian Gallagher (bugtraq diamondsea com) Subject: Design flaw in Altiris Deployment Server - Attacker can take over all clients on a network with Admininstrator Rights and Remote Control ability PRODUCTS AFFECTED: ------------------------------------------------------------------------ --------------------- ALTIRIS DEPLOYMENT S [ more ] [ reply ] [SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution 2004-10-21 joey infodrom org (Martin Schulze) MDKSA-2004:107 - Updated mozilla packages fix vulnerabilities 2004-10-20 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:108 - Updated cvs packages fix vulnerability 2004-10-20 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities 2004-10-20 joey infodrom org (Martin Schulze) [SECURITY] [DSA 571-1] New libpng3 packages fix several vulnerabilities 2004-10-20 joey infodrom org (Martin Schulze) Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) 2004-10-19 secure symantec com In-Reply-To: <20041018172444.19798.qmail (at) www.securityfocus (dot) com [email concealed]> Update: October 19, 2004 Recent published advisories and media stories are reporting that this attack can kill the Auto-Protect feature of Norton AntiVirus. This is incorrect. Investigations into this issue by Symantec have dete [ more ] [ reply ] RE: How to Break Windows XP SP2 + Internet Explorer 6 SP2 2004-10-20 Thor Larholm (thor pivx com) I successfully reproduced this exploit on a fully patched XPSP2 installation and can verify that malware.htm is planted locally after which HTML Help is used to launch it and circumvent the XPSP2 browser security improvements, compromising the system. However, this exploit did not work on any syste [ more ] [ reply ] [EXPL] (MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow (PoC) 2004-10-19 houseofdabus HOD (houseofdabus inbox ru) MDKSA-2004:109 - Updated libtiff packages fix multiple vulnerabilities 2004-10-20 Mandrake Linux Security Team (security linux-mandrake com) How to Break Windows XP SP2 + Internet Explorer 6 SP2 2004-10-20 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Tuesday, October 19, 2004 The following technical exercise demonstrates the enormously elaborate methods required to defeat the current [as of today's date] security mechanisms in place in both Microsoft Windows XP SP2 and Internet Explorer 6.00 SP2 fully patched: It is by no means easy. Th [ more ] [ reply ] Google Script Insertion Exploit 2004-10-19 Jim Ley (jim jibbering com) Website: www.google.com Description: Google's custom websearch does not prevent javascript from being inserted into the url of the image, allowing malicious users to modify the content of the google page allowing in phishing attacks, or silently steal search terms/results/clicks or modi [ more ] [ reply ] Multiple AntiVirus Reserved Device Name Handling Vulnerability 2004-10-19 Sowhat . (smaillist gmail com) Multiple AntiVirus Reserved Device Name Handling Vulnerability Author:Sowhat Date:October,9th,2004 http://secway.org/Advisory/Ad20041009.txt Vendor: AntiVir www.hbedv.com Twister www.filseclab.com Protector plus 2000 www.pspl.com Overview: As many popular AV's "Reserved Device Name Handling V [ more ] [ reply ] avoiding stackguard 2004-10-18 vallez gmail com hi, im posting here a manner for avoiding stackguard. Shellcode without zeros. /***************************************************************/ /*Shellcode avoiding stack protections sample--------Vallez/29a*/ /***************************************************************/ /* All we [ more ] [ reply ] RE: [IE 6 SP2] Possible URL Spoofing 2004-10-19 Dror Shalev (dshalev finjan com) <snip> > javascript:document.write("<iframe src='http://www.google.com' > width='100%' height='100%'></iframe>"); </snip> If you put <iframe frameborder=0 scrolling=no height=100% width=100% src='http://www.google.com'></iframe> And the Frame become invisible. Dror -----Original Message- [ more ] [ reply ] UnixWare 7.1.4 UnixWare 7.1.3 : The error handling in the inflate and inflateBack functions in ZLib compression library allows local users to cause a denial of service 2004-10-18 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 : The error handling in the inflate and inflateBack functions in ZLib compression library allows local us [ more ] [ reply ] [CLA-2004:875] Conectiva Security Announcement - gtk+ 2004-10-18 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : gtk+ SUMMARY : Fixes for image loading vulner [ more ] [ reply ] [ GLSA 200410-14 ] phpMyAdmin: Vulnerability in MIME-based transformation system 2004-10-18 Thierry Carrez (koon gentoo org) apexec.pl is still vulnerable against Directory Traversal. 2004-10-17 Zero_X www.lobnan.de Team (zero-x linuxmail org) RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall 2004-10-18 Simon Zuckerbraun (szucker sst-pr-1 com) An EXE would only be able to change firewall settings if it was running under an account with administrative privileges. Indeed, a user who conducts day-to-day activities using an administrative account is very much exposed to the type of attack you describe (malicious exe writing to HKEY_LOCAL_ [ more ] [ reply ] Re: Writing Trojans that bypass Windows XP Service Pack 2 Firewall 2004-10-15 Jay Calvert (jrcalvert gmail com) In-Reply-To: <FEBC66CCD411744381228574BAB53A9B8035D0 (at) MAIL.fac.gatech (dot) edu [email concealed]> A trojan could just as easily, disable the firewall with a simple net stop command. I posted this yesterday but failed to get it listed for some reason. http://habaneronetworks.com/viewArticle.php3?ID=51 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 572-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 21st, 2004
[ more ] [ reply ]