|
|
Prev week |
Colapse all |
Post message
The ArpSucker is b0rn! Be yourself, be the net. 2004-09-13 Alpt (alpt freaknet org) Freaknet Death C is pride to present ya: }----------------- (The ArpSucker) ----------------{ Hi folks, Did you ever dreamed to become the net, to be a big, bad, black, black, black hole? Yep! I did. This code was made the "12 Sept 2004". It started to dawn and I, Tomak and Nirvana, aft [ more ] [ reply ] Re: cdrecord local root exploit 2004-09-13 Sean Davis (dive endersgame net) On Mon, Sep 13, 2004 at 02:51:07PM +0800, newbug wrote: > Dear Sean Davis, > > I think this is a bug in cdrecord, > my reason is: <snip> Yes, now that I read your reply and the reply from Dustin, I agree, it is an issue in cdrecord. I stand corrected. Sorry for the line noise. -Sean -- /~\ The A [ more ] [ reply ] MDKSA-2004:092 - Updated samba packages fix multiple vulnerabilities 2004-09-13 Mandrake Linux Security Team (security linux-mandrake com) RE: New Data Wipe Tools 2004-09-13 Altheide, Cory B. (IARC) (AltheideC nv doe gov) > -----Original Message----- > From: Jake Appelbaum [mailto:jacob (at) appelbaum (dot) net [email concealed]] > Sent: Friday, September 10, 2004 10:42 AM > To: Thomas C. Greene; bugtraq (at) securityfocus (dot) com [email concealed] > Subject: Re: New Data Wipe Tools > > Magnetic force microscopy is a threat that is very real for > many people. > > It [ more ] [ reply ] QNX crrtrap possible race condition vulnerability 2004-09-13 Jérôme ATHIAS (jerome athias caramail com) [RLSA_04-2004] QNX crrtrap possible race condition vulnerability 2004-09-13 Julio Cesar Fort (julio rfdslabs com br) RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-13 Ron DuFresne (dufresne winternet com) others will correct me if I'm wrong, but, I beleive one can tune this with sysctl params, and lower the time limits such to minimise problems. But also, issues like this are long known, and not limited to linux nor the current stable kernel. Thanks, Ron DuFresne On Sat, 11 Sep 2004, Wolfpaw - D [ more ] [ reply ] Zyxel Prestige 681 SDSL router information leak 2004-09-13 Przemyslaw Frasunek (venglin freebsd lublin pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Zyxel P681 with ZyNOS S/W Version: Vt020225a | 2/25/2002 installed leaks random portions of memory in ARP requests: 21:47:05.709295 arp who-has x.x.x.x tell x.x.x.x 0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................ 0x0010 [ more ] [ reply ] Samba nmbd Invalid Length Denial of Service Vulnerability [iDEFENSE] 2004-09-13 Jérôme ATHIAS (jerome athias caramail com) Samba nmbd Invalid Length Denial of Service Vulnerability iDEFENSE Security Advisory 09.13.04a www.idefense.com/application/poi/display?id=138&type=vulnerabilities September 13, 2004 I. BACKGROUND Samba is a software suite that provides file and print services to SMB/CIFS clients, such [ more ] [ reply ] [RLSA_02-2004] QNX Photon multiple buffer overflows 2004-09-13 Julio Cesar Fort (julio rfdslabs com br) Insecure file permissions in the Firefox browser for Linux >= v0.9 2004-09-13 Max (spamhole gmx at) after installing firefox many of the permissions are set to 777, allowing anyone on the system to change the contents of the (executable) files. this first occured in the 0.9 release (in the tar.gz release as well as in the installer). the problem (or is it called a feature now?) still exists in [ more ] [ reply ] @stake advisory: Lexar JumpDrive Secure Password Extraction 2004-09-13 Chris Wysopal (weld atstake com) [ GLSA 200409-16 ] Samba: Denial of Service vulnerabilities 2004-09-13 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808) 2004-09-13 Gerald (Jerry) Carter (jerry samba org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: Samba 3.0.x Denial of Service Flaw Summary: (i) A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible t [ more ] [ reply ] Directory Traversal Vulnerability in TwinFTP Server allows overwriting 2004-09-13 Jérôme ATHIAS (jerome athias caramail com) Re: cdrecord local root exploit 2004-09-12 Sean Davis (dive endersgame net) On Fri, Sep 10, 2004 at 01:30:17AM -0000, newbug Tseng wrote: > > > #!/bin/bash > > echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)" > echo "Author : newbug [at] chroot.org" > echo "IRC : irc.chroot.org #chroot" > echo "Date :09.09.2004" [ more ] [ reply ] Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-12 David S. Miller (davem davemloft net) On Sat, 11 Sep 2004 20:45:43 -0600 "Wolfpaw - Dale Corse" <admin (at) wolfpaw (dot) net [email concealed]> wrote: > As for it being an application bug - it may be one in Mysql not > closing the sockets, but it is a Kernel Bug that allows CLOSE_WAIT > sockets to clog up the connection queues, and cause a DOS conditions > on oth [ more ] [ reply ] [ GLSA 200409-15 ] Webmin, Usermin: Multiple vulnerabilities in Usermin 2004-09-12 Dan Margolis (krispykringle gentoo org) Posible Inclusion File in Perl Desk 2004-09-12 Nikyt0x Argentina (nikyt0x hotmail com) Posible Inclusion File in Perl Desk 0000-0002 Adv-Nkxtox [Date] 12/09/04 [Author] Nikyt0x nikyt0x[at]hotmail[dot]com [Site] Http://nikyt0x.webcindario.com [Information] PerlDesk is a feature packed web based help desk and email management application designed to streamline the operat [ more ] [ reply ] [CLA-2004:865] Conectiva Security Announcement - zlib 2004-09-13 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : zlib SUMMARY : Fix for denial of service vuln [ more ] [ reply ] Re: Remote buffer overflow in Apache mod_ssl when reverse proxying SSL 2004-09-13 3APA3A (3APA3A SECURITY NNOV RU) Dear Jérôme ATHIAS, According to provided information and fix (without code analysis) it looks like access to unallocated memory, not like buffer overflow. It's just non-working feature of Apache and it unconditionally crashes on any request in specified configuration. Probably it means you [ more ] [ reply ] RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-12 Wolfpaw - Dale Corse (admin wolfpaw net) Hi David, Hmm.. I was more looking for the correct kernel developer to send it to, rather then just releasing exploit code into the wild, and having it end up a zero day hack. It was not in any way my intention to waste anyone's time. I will however, comply with your politely stated request :) As [ more ] [ reply ] [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) 2004-09-13 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Re: New Data Wipe Tools 2004-09-12 Derek Martin (code pizzashack org) On Fri, Sep 10, 2004 at 10:17:05AM -0700, Thomas C. Greene wrote: > Data hygiene is generally easier on *nix because there are fewer hiding > places than on a Windows system, but there are no free wipe tools that i'm > aware of. So I got busy. Well, there's GNU shred, which is part of the GNU coreu [ more ] [ reply ] Gadu-Gadu (all versions with image-send feature) Heap Overflow 2004-09-12 Sec-Labs Team (noreply sec-labs hack pl) [CLA-2004:864] Conectiva Security Announcement - kde 2004-09-13 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kde SUMMARY : Fix for multiple security vulne [ more ] [ reply ] Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-11 Wolfpaw - Dale Corse (admin-lists wolfpaw net) Greetings, My apologies if this is to the wrong place - it happens to be the first kernel bug I have found (or what appears to be one), and I'm not entirely sure how to properly inform the Linux community about it. Anyway - on to the bug :) ========================== Severity: HIGH Title: KERNEL [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Trustix Secure Linux Bugfix Advisory #2004-0046
Package name: kernel, samba, swup
Summary: Multiple bugfixes
Date: 2004-09-14
Affected versions: Tr
[ more ] [ reply ]