|
|
Prev week |
Colapse all |
Post message
MDKSA-2004:098 - Updated libxpm4 packages fix libXpm overflow vulnerabilities 2004-09-16 Mandrake Linux Security Team (security linux-mandrake com) Re: cdrecord local root exploit 2004-09-16 Jason T. Miller (jasomill shaffstall com) > I think that the reason the author states that it must be installed > setuid root is so that it can be run by a normal user to burn cd images > (versus having to su to root). Try using sudo, or set up something to > modify the permissions on your cd device to allow it to access them. This is a mu [ more ] [ reply ] RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Angelidis, Fotis(NSASOUDABAY) (AngelidisF nsa souda navy mil) -----Original Message----- From: Polazzo Justin [mailto:Justin.Polazzo (at) facilities.gatech (dot) edu [email concealed]] Sent: Wednesday, September 15, 2004 6:24 PM To: Nick D.; bugtraq (at) securityfocus (dot) com [email concealed] Subject: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow >Ps: ARRRgh!! > >P.p.s: Am I missing the all in o [ more ] [ reply ] [SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities 2004-09-16 joey infodrom org (Martin Schulze) www.proboards.com / YaBB XSS Vuln 2004-09-15 admin leetflash com A Cross Site scripting vulnerability exists currently for all boards of the ever popular www.proboards.com which has code based off of the popular YaBB Forums. This can result in an attacker stealing users Cookie Information and possible defacing/hijacking of the message board and its users acc [ more ] [ reply ] RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Polazzo Justin (Justin Polazzo facilities gatech edu) Let me get this straight: It really doesn't matter if the version of Frogger I run has the older dll, to exploit the flaw you would have to get a user to view a malformed jpeg via the Frogger app which would call the older dll and voila! Right? Assuming that is correct; AutoCAD, while a big app on [ more ] [ reply ] [SECURITY] [DSA 548-1] New imlib packages fix arbitrary code execution 2004-09-16 joey infodrom org (Martin Schulze) wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities 2004-09-16 Paul Johnston (paul westpoint ltd uk) Westpoint Security Advisory --------------------------- Title: Multiple Browser Cookie Injection Vulnerabilities Risk Rating: Low Software: Multiple Web Browsers Platforms: Unix and Windows Author: Paul Johnston <paul (at) westpoint.ltd (dot) uk [email concealed]> assisted by Richard Moore < [ more ] [ reply ] Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 sheep explode (sheep explode gmail com) According to the information I have from MSFT. You do not need to replace all instances of gdiplus.dll on a system and they actually recommend that you not do this. some instances of gdipluss.dll are not affected by this, It will depend on the application and they way it uses gdiplus.dll. Accordi [ more ] [ reply ] [SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows 2004-09-16 joey infodrom org (Martin Schulze) [OpenPKG-SA-2004.041] OpenPKG Security Advisory (spamassassin) 2004-09-15 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Re: cdrecord local root exploit 2004-09-15 Coleman (cokane cokane org) I think that the reason the author states that it must be installed setuid root is so that it can be run by a normal user to burn cd images (versus having to su to root). Try using sudo, or set up something to modify the permissions on your cd device to allow it to access them. On Mon, 2004-09-13 a [ more ] [ reply ] MDKSA-2004:097 - Updated cups packages fix DoS vulnerability 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-15 David F. Skoll (dfs roaringpenguin com) On Wed, 15 Sep 2004, David Covin wrote: > Two points: > It's fair to argue > that canonicalizing is the more useful policy, but not that it is the > only secure one. Fair enough, with the caveat that it's probably easier to canonicalize than to detect all MIME messages that might possibly be misi [ more ] [ reply ] Re: cdrecord local root exploit 2004-09-15 Marcus Meissner (meissner suse de) On Tue, Sep 14, 2004 at 01:51:51PM +1200, Volker Kuhlmann wrote: > > > echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)" > > > I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by > > shipping cdrecord setuid root. You could do th [ more ] [ reply ] iDEFENSE Security Advisory 09.15.04: GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability 2004-09-15 customer service mailbox (customerservice idefense com) GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability iDEFENSE Security Advisory 09.15.04 www.idefense.com/application/poi/display?id=141&type=vulnerabilities September 15, 2004 I. BACKGROUND Radius is used for remote user authentication and accounting. For more informat [ more ] [ reply ] RE: Correction to latest Colsaire advisories 2004-09-15 David Litchfield (davidl ngssoftware com) >The Corsaire research project produced test cases for around 200 working >attack vectors, that when passed through the top 10 content products >produced over 800 individual vulnerabilities (needless to point out that >there are a lot more than 10 products in this arena). Not wanting to quibble, bu [ more ] [ reply ] RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-15 Polazzo Justin (Justin Polazzo facilities gatech edu) I am trying to distribute the patch via patch management software, the problem is, Do I replace all incarnations if gdiplus.dll? If I have a win2k box running IE6 sp1, I install the IE6 patch. Fine, I can handle that, but what about my win2k boxes running AutoCAD 2004, Visio, IE6 and Dreamweave [ more ] [ reply ] CESA-2004-004: libXpm 2004-09-15 chris scary beasts org CESA-2004-003 - rev 2 http://scary.beasts.org/security/CESA-2004-003.txt libXpm multiple image parsing flaws =================================== Programs affected: libXpm, and any programs which use libXpm to decode XPM files. For example, the GIMP seems to use libXpm. Severity: Compromise of acc [ more ] [ reply ] Re: Correction to latest Colsaire advisories 2004-09-15 Andreas Marx (amarx gega-it de) Hello! > Just to keep correctness. ... and 3APA3A was not the only one who has discovered a high number of vulnerabilities. In 2002 we have started the so-called "Malformed Mail Project". You can find more information about this project at this website (look for "Virus Bulletin" papers): <ht [ more ] [ reply ] Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access 2004-09-15 Michael Scheidell (scheidell secnap net) Vulnerability in IBM Windows XP default hidden Administrator account allows local Administrator access Systems: IBM Workstations, Laptops, etc. Vulnerable: IBM Systems with preinstalled Microsoft Windows XP Professional RTM and SP1 Not Vulnerable: IBM Systems without Windows XP Professional Severity [ more ] [ reply ] [ANNOUNCE] Apache HTTP Server 2.0.51 Released 2004-09-15 Sander Striker (striker apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This ve [ more ] [ reply ] [SECURITY] [DSA 545-1] New cupsys packages fix denial of service 2004-09-15 joey infodrom org (Martin Schulze) PHP Vulnerability N. 1 2004-09-15 Stefano Di Paola (stefano dipaola wisec it) Hi all, This summer i have been playing around with some php issue and got some php vulnerabilities.. Let's go for the first one: ========================================================== Title: php(super)info(). Affected: Php <= 5.0.1 Not Affected: it seems Php <= 4.1.2 Vulnerability Type: Ex [ more ] [ reply ] MDKSA-2004:095 - Updated gdk-pixbuf packages fix image loading vulnerabilities 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libxpm4
Advisory ID:
[ more ] [ reply ]