|
|
Colapse all |
Post message
NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root 2004-05-12 NetBSD Security-Officer (security-officer netbsd org) [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) 2004-05-12 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol 2004-05-11 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protoc [ more ] [ reply ] Hiding URLs from Outlook and other mail clients 2004-05-11 Carl (carl agenda-rm co uk) Today, one of our staff began receiving emails containing URL's similar to this: http://drs.yahoo.com/www.example.com/NEWS/*http://slashdot.org/#http://d rs.yahoo.com/www.example.com/NEWS When the link is viewed in Outlook (and also Kontact/Kmail), it only displays the portion before the asterisk [ more ] [ reply ] Advisory 04/2004: Net(Free)BSD Systrace local root vulnerabilitiy 2004-05-10 Stefan Esser (s esser e-matters de) [ GLSA 200405-03 ] ClamAV VirusEvent parameter vulnerability 2004-05-11 Thierry Carrez (koon gentoo org) [ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers 2004-05-11 Thierry Carrez (koon gentoo org) Linux Kernel sctp_setsockopt() Integer Overflow 2004-05-11 Shaun Colley (shaunige yahoo co uk) (1 replies) ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~* Product: Linux Kernel Versions: <= 2.4.25 Bug: Integer overflow Impact: Attackers may be able to execute arbitrary code with kernel-level privileges. Risk: High Date: May 11, [ more ] [ reply ] Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow 2004-05-11 Tom Rini (trini kernel crashing org) Re: Somebody exploiting (badly designed) yahoo service? 2004-05-11 Charles Mansmann (charles mansmann mail tju edu) In-Reply-To: <58175.206.45.64.124.1084289079.squirrel (at) mairmo.irmo (dot) hr [email concealed]> This is the wallon.A worm newly identified today by Trend Micro. I posted earlier about our problems with this. Here is a link to the description: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WAL LON.A [ more ] [ reply ] MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl 2004-05-11 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:042 - Updated rsync packages fixes potential to write outside of directory tree. 2004-05-11 Mandrake Linux Security Team (security linux-mandrake com) RE: a litle bypass with IE 2004-05-11 Thor Larholm (thor pivx com) Remove your proxy setttings from IE and try navigating to http://@@website_allowed.pt@my_url - you will get an invalid syntax error. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor (at) pivx (dot) com [email concealed] Stock symbol: PIV [ more ] [ reply ] Somebody exploiting (badly designed) yahoo service? 2004-05-11 Aleksandar Milivojevic (alex milivojevic org) (1 replies) I don't know if this is something new, or something old. Yeasterday I received couple of emails (apperently from people I know). Emails were text/html, and contained only this text: http://drs.yahoo.com/milivojevic.org/NEWS Text was acutally linked to: http://drs.yahoo.com/milivojevic.org/NEWS/ [ more ] [ reply ] Re: Somebody exploiting (badly designed) yahoo service? 2004-05-12 Nick FitzGerald (nick virus-l demon co uk) PING: Outlook 2003 Spam 2004-05-11 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Tuesday, May 11, 2004 Outlook 2003 the premier mail client from the company called 'Microsoft' certainly appears to have a lot of security features built into it. Cursory examination shows excellent thought into 'spam' containment, 'security' consideration and many other little 'things'. So [ more ] [ reply ] [SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows 2004-05-11 joey infodrom org (Martin Schulze) DEEP SEA PHISHING: Internet Explorer / Outlook Express 2004-05-10 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Saturday, May 08, 2004 More silliness : <A HREF=http://www.microsoft.com alt="http://www.microsoft.com"> <IMG SRC="malware.gif" USEMAP="#malware" border=0 alt="http://www.microsoft.com"></A> <map NAME="malware" alt="http://www.microsoft.com">> <area SHAPE=RECT COORDS="224,21" HREF="http://www.ma [ more ] [ reply ] msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh 2004-05-10 Rafel Ivgi, The-Insider (theinsider 012 net il) (1 replies) msxml3.dll crashes after refreshing a page which contains & inside a link/value For Example : <Ref href = "&"/> This is due to a parsing error in msxml3.dll. Version Details: --------------------- I.E Version: 6.0.2600.0 ModVer: 8.10.8308.0 Module name: msxml3.dll Offset: 000b8c10 Stack Dump: ---- [ more ] [ reply ] Re: msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh 2004-05-12 Gao Rui (gaorui infosec pku edu cn) Emule 0.42e Remote Denial Of Service Exploit 2004-05-10 Rafel Ivgi, The-Insider (theinsider 012 net il) #!/usr/bin/perl system("cls"); # Emule 0.42e Remote Denial Of Service Exploit # Coded by Rafel Ivgi, The-Insider: http://theinsider.deep-ice.com # usage: perl emule042e.pl <host> <port> <how many times> use IO::Socket; my $host = $ARGV[0]; my $port = $ARGV[1]; my $times = $ARGV[2]; if ($host) { [ more ] [ reply ] RE: An undetectable Online Bank Vulnerability? 2004-05-08 M Peterson (apalamen sbcglobal net) Here is a part of some of my information again: Fortunately Bank of America and ASBBank (New Zealand) have moved this previous (3rd-party) remote script to one executing locally on their own servers. -----Original Message----- From: M Peterson [mailto:apalamen (at) sbcglobal (dot) net [email concealed]] Sent: Thursday, April [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2004-007
=================================
Topic: Systrace systrace_exit() local root
Version: NetBSD-current: source prior to Apr 16, 2004
netBSD 2.0 branch: source prior to Apr 16, 2004
netBSD 1.6.2: not affected
NetBSD
[ more ] [ reply ]