SecurityFocus

[CLA-2004:858] Conectiva Security Announcement - squirrelmail 2004-08-12
Conectiva Updates (secure conectiva com br)

[ GLSA 200408-10 ] gv: Exploitable Buffer Overflow 2004-08-12
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

[ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability 2004-08-12
Sune Kloppenborg Jeppesen (jaervosz gentoo org)

Metasploit Framework v2.2 2004-08-12
H D Moore (sflist digitaloffense net)

The Metasploit Framework is an advanced open-source exploit development
platform. The 2.2 release includes three user interfaces, 30 exploits and
40 payloads. Additionally, this is the first public release to contain
the new in-memory DLL-injection system[1] and the VNC (remote desktop)
payload[2

[ more ] [ reply ]

ISS BlackIce Server Protect Unprivileged User Attack 2004-08-11
Thomas Ryan (tommy providesecurity com)

Release Date:
August 11, 2004

Severity:
Medium

Vendor:
Internet Security Systems

Software:
BlackIce Server Protect 3.6cno and below

Remote:
Remotely Executable from Local and Trusted Networks

Vulnerabilities:
Unpriviledged User Attack

Technical Details:
Unpriviledged User Attack was originally

[ more ] [ reply ]

RE: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability 2004-08-11
Thor Larholm (tlarholm pivx com)

Deleting the "HKEY_CLASSES_ROOT\aim" registry key is not a permanent
mitigation but a per-session change that has to be implemented every
time AOL Instant Messenger is instantiated. The reason for this is that
if the HKCR\aim key is missing when AIM is launched AIM will simply
recreate the key and t

[ more ] [ reply ]

SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) 2004-08-11
Secure Science Corporation Advisory Notice (bugtraq securescience net)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Secure Science Corporation Advisory TSA-051
http://www.securescience.net
e-response (at) securescience (dot) net [email concealed]
877-570-0455

- ---------------------------------------------------------

T-mobile Wireless and Verizon Northwest are vulnerable to caller-ID
authenti

[ more ] [ reply ]

[ GLSA 200408-09 ] Roundup filesystem access vulnerability 2004-08-11
Kurt Lieber (klieber gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Re: Clearswift Mimesweeper Path Traversal Vulnerability 2004-08-11
Pete Simpson (pete simpson clearswift com)

In-Reply-To: <20040811154715.31487.qmail (at) mail2.securityfocus (dot) com [email concealed]>

Two important points of clarification are needed.

Firstly, the vulnerability as described should refer specifically to the MIMEsweeper for Web product. It does not apply to the MAILsweeper for SMTP product.

Secondly, this vulne

[ more ] [ reply ]

KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities 2004-08-11
Waldo Bastian (bastian kde org)

Three security advisories have been issued today for KDE. The first advisory
concerns the unsafe handling of KDE's temporary directory in certain
circumstances. The second advisory relates to the unsafe creation of
temporary files by KDE 3.2.x's dcopserver . The third advisory is about a
frame i

[ more ] [ reply ]

NGSEC's response to Idefense overflow protections whitepaper. 2004-08-11
lists@NGSEC (lists ngsec com)

Recently Idefense has made public the whitepaper[1] called "A

Comparison of Buffer Overflow Prevention Implementations and

Weaknesses".

Having reviewed this whitepaper we want to say it makes an inappropiated

comparison on the windows protections, especially with our product

StackDefender

[ more ] [ reply ]

RE: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Eggers, Bill A [LTD] (William A Eggers mail sprint com)

On a Dell GX260 with an "Intel Extreme" controller using IE 6.0.2 and Win2000, it loads a black image then closes and re-opens the page in a continuous loop. It doesn't allow access to the application until the graphic is done loading. The CPU is pegged, but it doesn't crash the system.

-----Origin

[ more ] [ reply ]

Clearswift Mimesweeper Path Traversal Vulnerability 2004-08-11
Kroma Pierre (kroma syss de)

EXPLOIT libpng 2004-08-10
infamous41md hotpop com

i was debating whether or not to release this, b/c there is possibility for some
_major_ damage being done. just think of online forums, someone sticks a png in
their sig, and we're talking possibly thousands of people being exploited. the
stack return addresses will be different depending on the

[ more ] [ reply ]

Windows doesn't verify digital signature of CRL files 2004-08-10
Michael Howard (mikehow microsoft com)

CryptoAPI in Windows will always verify the CRL signature when
determining revocation status of a certificate. While
CertVerifyCertRevocation can be used to validate certificates, we
recommend developers validate certificates using CertGetCertificateChain
in their code because it will construct a ce

[ more ] [ reply ]

HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5 2004-08-11
Amit Klein (amit klein sanctuminc com)

////////////////////////////////////////////////////////////////////
//=====================>> Security Advisory <<====================//
////////////////////////////////////////////////////////////////////

--------------------------------------------------------------------
-----[ Microsoft Outloo

[ more ] [ reply ]

ptl-2004-03: WIDCOMM Bluetooth Connectivity Software Buffer Overflows 2004-08-11
Pentest Security Advisories (alerts pentest co uk)

Pentest Limited Security Advisory

WIDCOMM Bluetooth Connectivity Software Buffer Overflows

Advisory Details
----------------
Title: WIDCOMM Bluetooth Connectivity Software Buffer Overflows
Announcement date: 11 August 2004
Advisory Reference: ptl-2004-03
CVE Name: CAN-2004-0775
Products: WIDCOMM B

[ more ] [ reply ]

BlackICE unprivileged local user attack 2004-08-11
Paul Craig - Pimp Industries (headpimp pimp-industries com)

Pimp industries.
"Its all about the Bling, B^!%@s and Fame!"

BlackICE PC protection / Server Protection
Tested on version v3.6.cno
Unprivileged local user disabling anyone from using BlackICE

(C) Paul Craig - Pimp Industries 2004

Background
---------

[ more ] [ reply ]

Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Bipin Gautam (visitbipin hotmail com) (5 replies)

Hello everybody,

View this page:

http://www.geocities.com/visitbipin/crazy.html

Try scrolling the picture for few seconds...[ don't kill the process] I have tested it on several machines with intel vga. it reboots Winxp with a fetal error because The driver for the display device got stuck

[ more ] [ reply ]

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Eddie Block (lists blocked org)

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Steven Leikeim (steven enel ucalgary ca)

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Anthony Petito (anthonypetito gmail com)

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Jack C (jack crepinc com) (1 replies)

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Christopher X. Candreva (chris westnet com) (1 replies)

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Mike Pumford (mpumford mpc-data co uk)

Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-11
Conor Byrne (conorb gmail com)

AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability 2004-08-10
homicidal gmail com

THIS WAS NOT DISCOVERED BY ME.

Source: Secunia (http://secunia.com/advisories/12198/)

Description:

Ryan McGeehan has reported a vulnerability in AOL Instant Messenger (AIM), which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a bound

[ more ] [ reply ]