SecurityFocus

[ GLSA 200409-15 ] Webmin, Usermin: Multiple vulnerabilities in Usermin 2004-09-12
Dan Margolis (krispykringle gentoo org)

Posible Inclusion File in Perl Desk 2004-09-12
Nikyt0x Argentina (nikyt0x hotmail com)

Posible Inclusion File in Perl Desk

0000-0002 Adv-Nkxtox

[Date] 12/09/04

[Author] Nikyt0x nikyt0x[at]hotmail[dot]com

[Site] Http://nikyt0x.webcindario.com

[Information]

PerlDesk is a feature packed web based help desk and email management application designed

to streamline the operat

[ more ] [ reply ]

[CLA-2004:865] Conectiva Security Announcement - zlib 2004-09-13
Conectiva Updates (secure conectiva com br)

RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-12
Wolfpaw - Dale Corse (admin wolfpaw net)

Hi David,

Hmm.. I was more looking for the correct kernel developer to send
it to, rather then just releasing exploit code into the wild, and
having it end up a zero day hack. It was not in any way my intention
to waste anyone's time. I will however, comply with your politely
stated request :)

As

[ more ] [ reply ]

[OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) 2004-09-13
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Gadu-Gadu (all versions with image-send feature) Heap Overflow 2004-09-12
Sec-Labs Team (noreply sec-labs hack pl)

Sec-Labs Team proudly presents:

Gadu-Gadu (all versions with image-send feature) Heap Overflow
by Lord YuP
12/09/2004

Severity: High / Critical - Remote Code Execution

Version affected: Probably all versions with image-send feature
Tested on ver. 6.0 build 149 (t

[ more ] [ reply ]

[CLA-2004:864] Conectiva Security Announcement - kde 2004-09-13
Conectiva Updates (secure conectiva com br)

Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-11
Wolfpaw - Dale Corse (admin-lists wolfpaw net) (1 replies)

Greetings,

My apologies if this is to the wrong place - it happens to be the
first kernel bug I have found (or what appears to be one), and I'm
not entirely sure how to properly inform the Linux community about
it.

Anyway - on to the bug :)
==========================
Severity: HIGH
Title: KERNEL

[ more ] [ reply ]

Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service 2004-09-12
David S. Miller (davem davemloft net)

problem in voip environment 2004-09-11
Pasquiet Loic (M.) (Loic Pasquiet Polytechnique fr)

1. Topic
Security issues have been identified that allows an attacker to
compromise ip phones.

2. Description

We are testing voip solutions and here's what we've found :

take a layer 2 switch, here, an avaya cajun switch like P33xT or
P334T-ML (layer 2).

configure 2 ports like it's recommended

[ more ] [ reply ]

CAU-EX-2004-0002: cdrecord-suidshell.sh 2004-09-10
I)ruid (druid caughq org)

____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |#

[ more ] [ reply ]

Remote buffer overflow in Apache mod_ssl when reverse proxying SSL 2004-09-11
Jérôme ATHIAS (jerome athias caramail com) (1 replies)

http://issues.apache.org/bugzilla/show_bug.cgi?id=30134

Summary: Segmentation fault in char_buffer_read when reverse proxying SSL (Version 2.0.50)

Reporter: lxhankins002 at fastmail.fm (M. "Alex" Hankins)

Overview Description:

Intermittent segmentation faults occur in char_buffer_read

[ more ] [ reply ]

Re: Remote buffer overflow in Apache mod_ssl when reverse proxying SSL 2004-09-13
3APA3A (3APA3A SECURITY NNOV RU)

Re: New Data Wipe Tools 2004-09-10
Thomas C. Greene (thomas greene theregister co uk) (1 replies)

Dear List,

I have to apologize. I carelessly packed an old version of one of the Linux
wipe scripts (wipefree1.sh) in the archive (LinuxWipeTools.tar.gz) that I
posted. I corrected it on Friday night. If you've downloaded the archive
already, I suggest you do so again from http://basicsec.org

[ more ] [ reply ]

Re: New Data Wipe Tools 2004-09-12
Derek Martin (code pizzashack org)

Serv-U up to 5.2 Denial of Service 2004-09-11
Patrick (patrickthomassen gmail com)

Serv-U FTP server is a secure, advanced FTP server for Windows. However, like most programs, it is not completely bugfree.

I (and maybe more people with me) found this bug some time ago. It can be triggered as *every* user that can log in, anonymous included, and exists in possibly every versio

[ more ] [ reply ]

[CLA-2004:863] Conectiva Security Announcement - wv 2004-09-10
Conectiva Updates (secure conectiva com br)

cdrecord local root exploit 2004-09-10
newbug Tseng (newbug chroot org)

#!/bin/bash

echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"

echo "Author : newbug [at] chroot.org"

echo "IRC : irc.chroot.org #chroot"

echo "Date :09.09.2004"

cd /tmp

cat > s.c <<_EOF_

#include <unistd.h>

#include <sys/types.

[ more ] [ reply ]

Multiple vulnerabilities in Icewarp Web Mail 5.2.7 2004-09-10
ShineShadow (ss_contacts hotmail com)

ShineShadow Security Report 10092004-01

TITLE: Multiple vulnerabilities in Icewarp Web Mail 5.2.7

BACKGROUND

Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest, most stable, secure and

[ more ] [ reply ]

Axis Network Camera and Video Server Security Advisory 2004-09-07
product-security axis com

1. Topic

Security issues have been identified that allows an attacker to
compromise Axis Network Cameras, Video Servers, Serial Servers and
Network Digital Video Recorders.

2. Description

The first issue allows arbitrary shell command execution via HTTP
requests due to erroneous shell command and

[ more ] [ reply ]

ERRATA: [ GLSA 200409-14 ] Samba: Remote printing non-vulnerability 2004-09-10
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

[CLA-2004:860] Conectiva Security Announcement - krb5 2004-09-09
Conectiva Updates (secure conectiva com br)

Bug XSS in PsNews 1.1 2004-09-05
Michal Blaszczak (wacky nicponie org)

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

*5-9-2004

*Autor: wacky

*E-mail: wacky (at) nicponie (dot) org [email concealed]

*WWW: http://www.nicponie.org

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

-----------------------------------------------

|Błąd Cross-Site Scripting (X

[ more ] [ reply ]

New Data Wipe Tools 2004-09-09
Thomas C. Greene (thomas greene theregister co uk) (2 replies)

I've created a few simple shell scripts that use /dev/urandom to wipe data
from the swap partition, wipe unused disk space on the root partition, or
wipe an entire disk. You'll find them at http://basicsec.org/tools.html.

Data hygiene is generally easier on *nix because there are fewer hiding pl

[ more ] [ reply ]

Re: New Data Wipe Tools 2004-09-11
Brendan Murray (brendan wolfhoundsecurity com)

Re: New Data Wipe Tools 2004-09-10
Jake Appelbaum (jacob appelbaum net)

BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included] 2004-09-10
Jérôme ATHIAS (jerome athias caramail com)

SapporoWorks BlackJumboDog is an integrated open-source proxy server, web server and FTP server developed by SapporoWorks for Microsoft Windows platforms.

BlackJumboDog version 3.6.1 is vulnerable to a buffer overflow in its FTP server.

Vulnerable Systems:

* BlackJumboDog version 3.6.1

[ more ] [ reply ]

OpenOffice World-Readable Temporary Files Disclose Files to Local Users 2004-09-10
Jérôme ATHIAS (jerome athias caramail com)

OpenOffice World-Readable Temporary Files Disclose Files to Local Users

Date: Thu, 9 Sep 2004 23:52:18 -0400

Subject: http://www.openoffice.org/issues/show_bug.cgi?id=33357

Reporter: pmladek

OS: Linux

Version: OOo 1.1.2

Summary: Insecure permissions on temporary files at

[ more ] [ reply ]

F-Secure Internet Gatekeeper Content Scanning Server Denial of Service [iDEFENSE] 2004-09-10
Jérôme ATHIAS (jerome athias caramail com)

F-Secure Internet Gatekeeper Content Scanning Server Denial of Service

Vulnerability

iDEFENSE Security Advisory 09.09.04

www.idefense.com/application/poi/display?id=137&type=vulnerabilities

September 9, 2004

I. BACKGROUND

F-Secure Internet Gatekeeper is an antivirus and content filteri

[ more ] [ reply ]

SQL-Injection in Subjects 2.0 for Postnuke 2004-09-10
Criolabs (security criolabs net)

************************************************************************
****************************
CRIOLABS

- Software: Subjects 2.0
- Type: Postnuke module
- Vendor: Postnuke Modules Factory.

*********************************************

[ more ] [ reply ]