|
|
Prev week |
Colapse all |
Post message
Re: Caveat Lector: Beastie Boys Evil 2004-06-17 KF (lists) (kf_lists secnetops com) That could be why it sounds like crap when my X-Box trys to play it... the audio cuts in an out REAL bad... I assume you would want to take a peak at beastie.exe if you really wanted to figure out what they are doing. -KF Dragos Ruiu wrote: >Well I truly regret actually purchasing a copy of th [ more ] [ reply ] Re: Unprivilegued settings for FreeBSD kernel variables 2004-06-18 Christian Ullrich (chris chrullrich de) * Eygene A. Ryabinkin wrote on Thursday, 2004-06-17: > On Tue, Jun 15, 2004 at 09:01:13PM +0200, Dag-Erling Smørgrav wrote: > > I've already told you that there is no such threat, since the attack > > you describe can only be initiated by someone who already has > > unrestricted access. Please s [ more ] [ reply ] Re: Is predictable spam filtering a vulnerability? 2004-06-17 David F. Skoll (dfs roaringpenguin com) On Wed, 16 Jun 2004, R Armiento wrote: > However, 'C':s spam filter silently drops the email. In my opinion, any spam filter that silently drops e-mail is broken, and is indeed a security risk. A spam filter MUST respond with a 500 SMTP failure code if it rejects a message. Regards, David. [ more ] [ reply ] USB risks (continued) 2004-06-18 Gadi Evron (ge egotistical reprehensible net) I'm emailing this to bugtraq as well. A discussion there might produce more interesting results than "MS sucks" on FD. This is rather important and has grown in importance over the last couple of years. There were a few discussions on the subject, but nothing to help formulate a plan on how to d [ more ] [ reply ] Re: Linux Kernel i2c Integer Overflow Vulnerability 2004-06-17 Greg KH (greg kroah com) On Thu, Jun 17, 2004 at 12:51:01PM +0100, Shaun Colley wrote: > There is a potential integer overflow which can occur > during the allocation of memory, during parsing of the > I2C_RDWR option in the i2cdev_ioctl() routine. Below > is the vulnerable code: <snip> Yes, this was a bug, 11 months ago [ more ] [ reply ] Re: Symantec Enterprise Firewall DNSD cache poisoning Vulnerability 2004-06-18 Peter Jelver (pj esec dk) In-Reply-To: <1087321536.7690.85.camel (at) bender.telecom.com (dot) ar [email concealed]> This has yet to be investigated and commented by the vendor, but the SEF firewall dnsd has the option to configure "forwarders" - dnsd will defer all requests to these. A mitigating strategy until the vendor has an answer could be to con [ more ] [ reply ] Re: Problem With IP Logging In Invision Power Board? 2004-06-17 Brian Dessent (brian dessent net) GulfTech Security wrote: > > IPB like many other forum systems logs visitors IP's However I have > noticed in the past that people who are surfing through some proxies > have their internal (private) IP logged instead of their "real" IP > Address. Here are a few screenshots I took of my LAN IP bein [ more ] [ reply ] RE: Is predictable spam filtering a vulnerability? 2004-06-17 Hamlesh Motah (admin hamlesh com) Interesting insight that, in most cases I'd think B and C are likely to be on the same network, possibly protected by the same spam filtering, meaning that A's email wouldn't reach B. I know this isn't always the case, just my thoughts on it. The above would help reduce the probability of finding [ more ] [ reply ] Re: Unprivilegued settings for FreeBSD kernel variables 2004-06-18 Jason V. Miller (jmiller securityfocus com) Please have a look at my post in response to the original message, as there is some misunderstanding here. If an attacker compromises a machine running at security level 3, then they cannot lower the securelevel sysctl. The "technique" used in the original post involved loading an arbitrary kernel [ more ] [ reply ] Re: Caveat Lector: Beastie Boys Evil 2004-06-17 Shaun Lipscombe (shaun lipscombe gmsl co uk) * Dragos Ruiu wrote: > Well I truly regret actually purchasing a copy of the new Beastie Boys album > to support them. > > It seems that Capitol Records has some sort of new copy protection system, > that automatically, silently, installs "helpful" copy protection software on > MacOS and Windows [ more ] [ reply ] RE: Is predictable spam filtering a vulnerability? 2004-06-17 Aaron Cake (aaron vltpm com) > During a recent email conversation with several participants, we > discovered that the email service of one participant silently > dropped legitimate emails that happened to contain certain > combinations of words common in spam. I believe this sort of > filter is common practice, and in fact even [ more ] [ reply ] Re: Is predictable spam filtering a vulnerability? 2004-06-17 Joel Eriksson (je-secfocus bitnux com) On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote: [snip] > For example: attacker 'A' sends 'B' a social engineering request > for "the secret plans" and says "if you are unsure, forward my > request to your boss and ask if this is okay". 'B' forwards the > email to his boss 'C' and asks "I [ more ] [ reply ] RE: Caveat Lector: Beastie Boys Evil 2004-06-18 Chris Merkel (chrism geo-synthetics com) FWIW, the Mike D said that he would have preferred that there were no DRM on the album, but that it's a standard practice for all EMI releases. Check out this post from BoingBoing: http://www.boingboing.net/2004/06/11/new_beasties_disc_ha.html (Besides, DRM is standard issue nowadays and quite eas [ more ] [ reply ] Re: Unprivilegued settings for FreeBSD kernel variables 2004-06-17 Manuel Bouyer (bouyer antioche eu org) On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote: > [...] > > AFFECTED DISTRIBUTIONS: > FreeBSD 5.x i386 > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed) NetBSD is not, a LKM can't be loaded if securelevel is > 0. -- Manuel Bouyer <bouyer (at) antioche.eu (dot) org [email concealed]> [ more ] [ reply ] Re: Unprivilegued settings for FreeBSD kernel variables 2004-06-17 Eygene A. Ryabinkin (rea rea mbslab kiae ru) On Tue, Jun 15, 2004 at 09:01:13PM +0200, Dag-Erling Sm?rgrav wrote: > I've already told you that there is no such threat, since the attack > you describe can only be initiated by someone who already has > unrestricted access. Please stop wasting everybody's time. You are wrong. Unrestricted acces [ more ] [ reply ] "IBM Access Support" (eGatherer) Activex Dangerous Methods Vulnerability 2004-06-17 Drew Copley (dcopley eEye com) "IBM Access Support" (eGatherer) Activex Dangerous Methods Vulnerability Release Date: June 15, 2004 Date Reported: February 20, 2004 Patch Development Time (In Days): 116 Severity: High (Remote Code Execution) Vendor: IBM Systems Affected: IBM Access Support (eGatherer) Activex Version 2.0 [ more ] [ reply ] Singapore password file exploit 2004-06-16 Mr. Anderson (dt_student hotmail com) June 13 2004 There is a vulnerability in the software package of Singapore. Say hello to theyr website: http://singapore.sourceforge.net/ This effects every version thye have made. QUOTE OF THEIR DAY: (a while ago)_ "It is now a little over a year since singapore was first released on SourceForg [ more ] [ reply ] "IBM Access Support" (eGatherer) Activex Dangerous Methods Vulnerability 2004-06-16 Drew Copley (dcopley eEye com) "IBM Access Support" (eGatherer) Activex Dangerous Methods Vulnerability Release Date: June 15, 2004 Date Reported: February 20, 2004 Patch Development Time (In Days): 116 Severity: High (Remote Code Execution) Vendor: IBM Systems Affected: IBM Access Support (eGatherer) Activex Version 2.0 [ more ] [ reply ] Re: authentication bug in KAME's racoon 2004-06-17 Michal Ludvig (michal logix cz) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 15 Jun 2004, Thomas Walpuski wrote: > * Michal Ludvig wrote: > > Next time you may dare to contact the developers first... > > The last time I wanted to contact the KAME developers privately I got > no answer at all. Five months later I publish [ more ] [ reply ] Fwd : FD/IE: Popup object fakes the location field 2004-06-16 liudieyu umbrella name to moderator: just got another excellent site spoofing exploit - i didn't notice this msg on bugtraq. this exploit is not perfect. Digest: excellent site spoofing exploit found in the wild FullDisclosure: US Bank scam David Lederman (delphi4pro_at_yahoo.com) http://umbrella.name/iebug.com/displ [ more ] [ reply ] XSS in Snitz Forum 2000 2004-06-17 Pete Foster (petef sec-tec co uk) Sec-Tec Advisory - XSS in Snitz Forums 2000 The most up to date version of this advisory can always be found at: www.sec-tec.co.uk/vulnerability/snitzxss.html Advisory creation date: 6th May 2004 Product: Snitz Forums 2000 Tested version: 3.4.04 (older versions believed to be affected also) Vuln [ more ] [ reply ] [SECURITY] [DSA 520-1] New krb5 packages fix buffer overflows 2004-06-17 Matt Zimmerman (mdz debian org) [ GLSA 200406-13 ] Squid: NTLM authentication helper buffer overflow 2004-06-17 Kurt Lieber (klieber gentoo org) IBM acpRunner Activex Dangerous Methods Vulnerability 2004-06-16 Drew Copley (dcopley eEye com) IBM acpRunner Activex Dangerous Methods Vulnerability Release Date: June 15, 2004 Date Reported: February 20, 2004 Patch Development Time (In Days): 116 Severity: High (Remote Code Execution) Vendor: IBM Systems Affected: acpRunner Activex Version 1.2.5.0 Overview: eEye Digital Security ha [ more ] [ reply ] |
|
Privacy Statement |
error. As you've all pointed out, this function is
safe so forget the misinformation. However, there is
a vulnerability in the i2c ioctl() code, which exists
because of a possible integer overflow. I did discuss
this on the LKML with Greg Kroah-H
[ more ] [ reply ]