SecurityFocus

Correction to latest Colsaire advisories 2004-09-13
3APA3A (3APA3A SECURITY NNOV RU)

Just to keep correctness.

Colsaire could provide better service to it's customers by better
researching available information on researched topic.

Most of reported content filtering bypassing techniques are already
known and described in [1] with credentials believed to be valid.

[ more ] [ reply ]

[XSS]/SQL Injection PHP-Nuke Edit/Save Message(s) Bug 2004-09-14
bima tampan (iko94 yahoo com)

=================================================================

[XSS]/SQL Injection PHP-Nuke Edit/Save Message(s) Bug by bima_

=================================================================

Php-Nuke is a popular freeware content management system.

Based on information at :

http://www

[ more ] [ reply ]

Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue 2004-09-14
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: Multiple vendor MIME Content-Transfer-Encoding mechanism issue
Date: 04.08.03
Application: various
Environment: various
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030804-005

-- Scope --

The aim of this doc

[ more ] [ reply ]

SUS 2.0.2 local root vulnerability 2004-09-14
LSS Security (exposed lss hr)

LSS Security Advisories
http://security.lss.hr

---

Title : SUS 2.0.2 local root vulnerability
Advisory ID : LSS#2004-09-01
Date : September 14th, 2004
Advisory URL: : http://security.lss.hr/index.php?page=details&ID=LSS-2004-09-01
Impact

[ more ] [ reply ]

Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue 2004-09-14
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: Multiple vendor MIME field multiple occurrence issue
Date: 04.08.03
Application: various
Environment: various
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030804-002

-- Scope --

The aim of this document is t

[ more ] [ reply ]

Corsaire Security Advisory - Multiple vendor MIME separator issue 2004-09-14
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: Multiple vendor MIME separator issue
Date: 04.08.03
Application: various
Environment: various
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030804-006

-- Scope --

The aim of this document is to clearly define

[ more ] [ reply ]

[SECURITY] [DSA 544-1] New webmin packages fix insecure temporary directory 2004-09-14
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 544-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 14th, 2004

[ more ] [ reply ]

Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue 2004-09-14
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: Multiple vendor MIME RFC822 comment issue
Date: 04.08.03
Application: various
Environment: various
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030804-009

-- Scope --

The aim of this document is to clearly d

[ more ] [ reply ]

Inkra 1504GX DoS vulnerability in conducting IP protocol 2004-09-14
felix zhou (felix__zhou hotmail com)

Inkra 1504GX DoS vulnerability in conducting IP protocol

Author:　 Felix Zhou(felix__zhou (at) hotmail (dot) com [email concealed])

　　　　　Song Liu (songsong (at) shaw (dot) ca [email concealed])

Release date: 2004-08-25

Affected system:

　　Inkra 1504GX with router VSM release 2.1.4.b00

[ more ] [ reply ]

TSL-2004-0046 - multi 2004-09-14
Trustix Security Advisor (tsl trustix org)

The ArpSucker is b0rn! Be yourself, be the net. 2004-09-13
Alpt (alpt freaknet org)

Freaknet Death C is pride to present ya:
}----------------- (The ArpSucker) ----------------{

Hi folks,
Did you ever dreamed to become the net, to be a big, bad, black, black,
black hole?
Yep! I did.

This code was made the "12 Sept 2004".
It started to dawn and I, Tomak and Nirvana, aft

[ more ] [ reply ]

Re: cdrecord local root exploit 2004-09-13
Sean Davis (dive endersgame net)

On Mon, Sep 13, 2004 at 02:51:07PM +0800, newbug wrote:
> Dear Sean Davis,
>
> I think this is a bug in cdrecord,
> my reason is:
<snip>

Yes, now that I read your reply and the reply from Dustin, I agree, it is
an issue in cdrecord. I stand corrected. Sorry for the line noise.

-Sean

--
/~\ The A

[ more ] [ reply ]

MDKSA-2004:092 - Updated samba packages fix multiple vulnerabilities 2004-09-13
Mandrake Linux Security Team (security linux-mandrake com)

@stake advisory: Pingtel Xpressa Denial of Service 2004-09-13
Advisories (advisories atstake com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: Pingtel Xpressa Denial of Service
Release Date: 09-13-2004
Device: Xpressa phone (Model PX

[ more ] [ reply ]

RE: New Data Wipe Tools 2004-09-13
Altheide, Cory B. (IARC) (AltheideC nv doe gov)

> -----Original Message-----
> From: Jake Appelbaum [mailto:jacob (at) appelbaum (dot) net [email concealed]]
> Sent: Friday, September 10, 2004 10:42 AM
> To: Thomas C. Greene; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Re: New Data Wipe Tools
>
> Magnetic force microscopy is a threat that is very real for
> many people.
>
> It

[ more ] [ reply ]

QNX crrtrap possible race condition vulnerability 2004-09-13
Jérôme ATHIAS (jerome athias caramail com)

*** rfdslabs security advisory ***

Title: QNX crrtrap possible race condition vulnerability [RLSA_04-2004]

Versions: QNX RTP 6.1 (possibly others)

Vendor: http://www.qnx.com

Date: Sep 13 2004

Author: Julio Cesar Fort <julio at rfdslabs com br>

1. Introduction

crr

[ more ] [ reply ]

[RLSA_04-2004] QNX crrtrap possible race condition vulnerability 2004-09-13
Julio Cesar Fort (julio rfdslabs com br)

[RLSA_03-2004] QNX ftp client format string bug 2004-09-13
Julio Cesar Fort (julio rfdslabs com br)

*** rfdslabs security advisory ***

Title: QNX ftp client format string bug [RLSA_03-2004]

Versions: QNX RTP 6.1 (possibly others)

Vendor: http://www.qnx.com

Date: 13 Sep 2004

Author: Julio Cesar Fort <julio at rfdslabs com br>

1. Introduction

"QNX Software System

[ more ] [ reply ]

Zyxel Prestige 681 SDSL router information leak 2004-09-13
Przemyslaw Frasunek (venglin freebsd lublin pl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Zyxel P681 with ZyNOS S/W Version: Vt020225a | 2/25/2002 installed leaks
random portions of memory in ARP requests:

21:47:05.709295 arp who-has x.x.x.x tell x.x.x.x
0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................
0x0010

[ more ] [ reply ]

Samba nmbd Invalid Length Denial of Service Vulnerability [iDEFENSE] 2004-09-13
Jérôme ATHIAS (jerome athias caramail com)

Samba nmbd Invalid Length Denial of Service Vulnerability

iDEFENSE Security Advisory 09.13.04a

www.idefense.com/application/poi/display?id=138&type=vulnerabilities

September 13, 2004

I. BACKGROUND

Samba is a software suite that provides file and print services to

SMB/CIFS clients, such

[ more ] [ reply ]

[RLSA_02-2004] QNX Photon multiple buffer overflows 2004-09-13
Julio Cesar Fort (julio rfdslabs com br)

*** rfdslabs security advisory ***

Title: QNX Photon multiple buffer overflows [RLSA_02-2004]

Versions: QNX RTP 6.1 (possibly others)

Vendor: QNX Software Systems <http://www.qnx.com>

Date: 13 Sep 2004

Author: Julio Cesar Fort <julio at rfdslabs com br>

1. Introduction

QNX Ph

[ more ] [ reply ]

Insecure file permissions in the Firefox browser for Linux >= v0.9 2004-09-13
Max (spamhole gmx at)

after installing firefox many of the permissions are set to 777, allowing
anyone on the system to change the contents of the (executable) files.

this first occured in the 0.9 release (in the tar.gz release as well as in the
installer). the problem (or is it called a feature now?) still exists in

[ more ] [ reply ]

@stake advisory: Lexar JumpDrive Secure Password Extraction 2004-09-13
Chris Wysopal (weld atstake com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com
Security Advisory

Advisory Name: Lexar JumpDrive Secure(tm) Password Extraction
Release Date: 09-13-2004
Application: JumpDrive Secu

[ more ] [ reply ]

[ GLSA 200409-16 ] Samba: Denial of Service vulnerabilities 2004-09-13
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808) 2004-09-13
Gerald (Jerry) Carter (jerry samba org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Samba 3.0.x Denial of Service Flaw

Summary: (i) A DoS bug in smbd may allow an
unauthenticated user to cause smbd to
spawn new processes each one entering
an infinite loop. After sending a sufficient
amount of packets it is possible t

[ more ] [ reply ]

Directory Traversal Vulnerability in TwinFTP Server allows overwriting 2004-09-13
Jérôme ATHIAS (jerome athias caramail com)

SIG^2 Vulnerability Research Advisory

Directory Traversal Vulnerability in TwinFTP Server allows overwriting

of files outside FTP directory

by Tan Chew Keong

Release Date: 12 Sept 2004

ADVISORY URL

http://www.security.org.sg/vuln/twinftp103r2.html

SUMMARY

TwinFTP S

[ more ] [ reply ]