SecurityFocus

Solution for bugtraq id 10570 (Epic Games Unreal Engine Memory Corruption Vulnerability) 2004-06-23
Gerco Dries (gerco gdries com)

Hi everyone,

I have created a simple UnrealScript patch for this vulnerability in Unreal
Tournament v436 and v451(b). As far as I know it does not negatively affect
the functioning of the "\secure\" query or anything else, but it has not
been extensively tested.

You can download the patch at http:

[ more ] [ reply ]

Linux Broadcom 5820 Cryptonet Driver Integer Overflow 2004-06-23
infamous41md hotpop com

Linux Broadcom 5820 Cryptonet Driver Integer Overflow
-----------------------------------------------------

Overview:

There exists an integer overflow in the cryptonet driver. A user supplied
value is used to size a dynamic buffer, and this buffer is subsequently filled
with user supplied dat

[ more ] [ reply ]

MDKSA-2004:062 - Updated kernel packages fix multiple vulnerabilities 2004-06-23
Mandrake Linux Security Team (security linux-mandrake com)

DLINK 704, script injection vulnerability 2004-06-21
c3rb3r (c3rb3r sympatico ca)

TITLE: Security flaw in DLINK 704 - SOHO routers (http://www.dlink.com)

TYPE: Script injection over DHCP

QUOTE from DLINK (actually for the DLINK 704p):

The DI-704P is an Ethernet Broadband Router with a built-in 4-port switch. It
also features a parallel port to share a printer on the home or o

[ more ] [ reply ]

Microsoft MN-500 Wireless Router Web-Based Administration DoS 2004-06-21
Kurczaba Associates advisories (advisories kurczaba com)

Microsoft MN-500 Wireless Router Web-Based Administration DoS

http://www.kurczaba.com/securityadvisories/0406213.htm
-------------------------------------------------------------

Vulnerability ID Number:
0406213

Overview:
A vulnerability has been found in the Microsoft MN-500 Wireless Router Web

[ more ] [ reply ]

Re: Virus scan attack 2004-06-22
Joe Fubar (fubar1 gmx net)

Please check McAfees site if you are running an outdated engine,

The 4.1.60 Engine is Out of Date and No Longer Supported
The notice below addresses two separate issues tracked and brought to
resolution by McAfee AVERT and Support as they pertain to the 4.1.60 and
4.3.20 Engines
Scenario 1
The 4.1.

[ more ] [ reply ]

SGI Advanced Linux Environment 2.4 security update #21 2004-06-21
SGI Security Coordinator (agent99 sgi com)

DHCP Vuln // no code 0day // 2004-06-22
System Administrator (lowdownhaxor hotmail com)

Technical Cyber Security Alert TA04-174A
Multiple Vulnerabilities in ISC DHCP 3

Original release date: June 22, 2004
Last revised: --
Source: US-CERT

Systems Affected

* ISC DHCP versions 3.0.1rc12 and 3.0.1rc13

Overview

Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a
d

[ more ] [ reply ]

[SECURITY] [DSA 523-1] New www-sql packages fix buffer overflow 2004-06-20
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 523-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 19th, 2004

[ more ] [ reply ]

SGI Advanced Linux Environment 3 Security Update #3 2004-06-21
SGI Security Coordinator (agent99 sgi com)

Wireless Modem (BT Voyager 2000 Wireless ADSL Router cleartext password) 2004-06-22
Konstantin V. Gavrilenko (mlists arhont com)

Arhont Ltd. - Information Security

Arhont Advisory by: Konstantin Gavrilenko (http://www.arhont.com)
Advisory: cleartext account password obtainable using SNMP
Class: design/configuration bug
Test platform: BT Voyager 2000 Wireless ADSL Router
Vendor Contact Date: 10/06/2004
PD*

[ more ] [ reply ]

RE: Antivirus/Trojan/Spyware scanners DoS! 2004-06-21
Ian Bergman (Ian tpnevents com)

SAV Corp 9.0 found six instances of eicar_test in 28 seconds of total
runtime on a test file server of no exceptional speed.

No real performance hit there.

-----Original Message-----
From: Bipin Gautam [mailto:visitbipin (at) hotmail (dot) com [email concealed]]
Sent: Sunday, June 13, 2004 3:33 AM
To: bugtraq (at) securityfocus (dot) c [email concealed]

[ more ] [ reply ]

[SECURITY] [DSA 521-1] New sup packages fix format string vulnerabilities 2004-06-19
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 521-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 18th, 2004

[ more ] [ reply ]

Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181 2004-06-22
Greg Kujawa (greg kujawa diamondcellar com)

In-Reply-To: <LIEKJLEBDKKNBDDGIJAAAEBECFAA.fedhead (at) rogers (dot) com [email concealed]>

These files are similar to those that I found when posting a message to Bugtraq regarding unpatched MSIE vulnerabilities. I doubt that Ad-Aware itself is creating these files. They are probably being pulled or scanned from a Temporary I

[ more ] [ reply ]

MDKSA-2004:061 - Updated dhcp packages fix buffer overflow vulnerabilities 2004-06-22
Mandrake Linux Security Team (security linux-mandrake com)

[ GLSA 200406-17 ] IPsec-Tools: authentication bug in racoon 2004-06-22
Thierry Carrez (koon gentoo org)