SecurityFocus

3com NBX VOIP NetSet Denial of Service Attack 2004-04-29
Michael Scheidell (scheidell secnap net)

Systems: 3com NBX IP VOIP NetSet(r) Configuration Manager
Severity: Serious
Category: Denial of Service
Classification: Insufficient user input checking
BugTraq-ID: TBD
CERT VU#: TBD
CVE ID: TBD
Vendor URL: www.3com.com
Author: Michael S. Scheidell, SECNAP Network Security Corporation
Original Rel

[ more ] [ reply ]

RE: New Worm??? - High level of activity on port 445 2004-04-29
Thor Larholm (thor pivx com)

MS04-011 fixed 14 different vulnerabilities but the two that have
received most attention are the PCT and LSASS vulnerabilities. Both have
publicly available exploit code and are fairly trivial to automate.

You are most likely experiencing traffic caused by the LSASS
vulnerability. To successfully

[ more ] [ reply ]

RE: New Worm??? - High level of activity on port 445 2004-04-29
Roger A. Grimes (roger banneretcs com)

Without any more details, like traffic captures, I can only assume it is
one of the new Lsass worms looking for MS04-011 vulnerable machines.

http://www.sarc.com/avcenter/venc/data/hacktool.lsasssba.html

Roger

************************************************************************

***
*Roger A

[ more ] [ reply ]

RE: New Worm??? - High level of activity on port 445 2004-04-29
Jodrell Dimaculangan (jodrell pchli com)

This maybe a clue,

There was a new variant of the AGOBOT worm that we "uncovered".
In Safe Mode run regedt32
goto\HKLM\software\Microsoft\Windows\CurrentVersion\Run and RunServices
Look for any Symantec entries (it will look official but since we do not
use Symantec NAV, it brought up red flags).

[ more ] [ reply ]

Re: HP Web JetAdmin vulnerabilities. 2004-04-29
Samuel Walker (jackwalker nc rr com)

In-Reply-To: <20040427094201.GA492 (at) echelon.cluster.phenoelit (dot) de [email concealed]>

Hi there BugTraq,

Your article about the vulnerabilities of HP WebJetAdmin caught my attention as I use HP WebJetAdmin 7.5 to manage about 30 network printers. It is a great tool. However, though I have not investigated all the issu

[ more ] [ reply ]

Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. 2004-04-29
3APA3A (3APA3A SECURITY NNOV RU)

Dear KF (lists),

--Thursday, April 29, 2004, 3:55:39 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:

Kl> Thus far I have been unable to locate a good unicode return address...
Kl> but thats not to say there is not one there. =] . For those of you
Kl> wondering smb.conf DOES allow for characters like

[ more ] [ reply ]

[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution 2004-04-29
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 496-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 29th, 2004

[ more ] [ reply ]

MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC) 2004-04-29
houseofdabus HOD (houseofdabus inbox ru)

MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC).

HOD-ms04011-lsasrv-expl.c:

--- snip ---

/* HOD-ms04011-lsasrv-expl.c:

*

* MS04011 Lsasrv.dll RPC buffer overflow remote exploit

* Version 0.1 coded by

*

*

* .::[ houseofdabus ]::.

*

*

* ---------

[ more ] [ reply ]

New Worm??? - High level of activity on port 445 2004-04-29
Tony Abell (TonAbe osgtool com)

Since late yesterday 4/28/04 afternoon around 4pm our firewall started
throwing alarms on netprobes. We are seeing a large amount of probes coming
from one machine that is probing random IPs on port 445. The source port is
random as well. We traced it back to a Japanese Win2K machine w/SP4
installed

[ more ] [ reply ]

MDKSA-2004:038 - Updated sysklogd packages fix vulnerability 2004-04-28
Mandrake Linux Security Team (security linux-mandrake com)

[slackware-security] kernel security updates (SSA:2004-119-01) 2004-04-28
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel security updates (SSA:2004-119-01)

New kernel packages are available for Slackware 9.1 and -current to
fix security issues. Also available are new kernel modules packages
(including alsa-driver), and a new version of the

[ more ] [ reply ]

RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. 2004-04-28
Bryce Porter (bporter heart net)

I tried this on Windows XP with SP1 on a few machines in my office, and had varying results.

If I went into the My Network Places, it recognized the 'share name' was too long and displayed an error dialog. It would not let me open the share and nothing else happened. Explorer did not lock up.

If I

[ more ] [ reply ]

SGI Advanced Linux Environment security update #19 2004-04-28
SGI Security Coordinator (agent99 sgi com)

SMC Routers have remote administration enabled by default 2004-04-28
user86 (user86 earthlink net) (2 replies)

Tested Model: 7008ABR (part number 750.9814 with firmware 1.032 installed)
Confirmed by another person on: 7004VBR (version 1, firmware 1.231)
Others may be vulnerable.

SMC broadband routers ship with remote administration enabled by default on
their port 1900 on the WAN side of the router. If yo

[ more ] [ reply ]

Re: SMC Routers have remote administration enabled by default 2004-04-29
Michael Curtis (email curto us)

Re: SMC Routers have remote administration enabled by default 2004-04-29
user86 (user86 earthlink net) (1 replies)

Re: SMC Routers have remote administration enabled by default 2004-04-29
user86 (user86 earthlink net)

[ESA-20040428-004] 'kernel' Several security and bug fixes 2004-04-28
EnGarde Secure Linux (security guardiandigital com)

Re: Horde webmail: mysql access 2004-04-27
Christopher T. Beers (ctbeers syr edu)

--On Sunday, April 25, 2004 11:11 PM +0200 sig (at) flaming.tolna (dot) net [email concealed] wrote:

| Hello
| ....
| By default, You can access to these database servers, with the username:
| "horde" and with no password, from a remote host. Then you will have
| permission to list the databases, and to use some of them. In f

[ more ] [ reply ]

Re: Squirrelmail Chpasswod bof 2004-04-27
p dont think (pdontthink angrynerds com)

All,

Replying to this thread using the web interface didn't seem to work
at all, so... Please excuse me effectively starting the thread over,
but wanted to make sure a follow-up got posted to the list. See:

http://www.securityfocus.com/archive/1/360547/2004-04-14/2004-04-20/2

> Hi all
>

[ more ] [ reply ]

resources consumption in DiGi WWW Server 2004-04-27
Donato Ferrante (fdonato autistici org)

Donato Ferrante

Application: DiGi WWW Server
http://wwwserver.sourceforge.net

Version: Compieuw.1

Bug: resources consumption

Date: 27-Apr-2004

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]

[ more ] [ reply ]

Multiple vulnerabilities paFileDB 2004-04-27
k1LL3r B0y (k1ll3rb0y hotmail com)

Advisory: http://bichosoft.webcindario.com/advisory-04.txt

########################################################################
#
###################### :.: DarkBicho :.: ################################
# #
# PROGRAM: paFileDB #
# VERSION: 3.1 #
# URL: http://www.ph

[ more ] [ reply ]

SGI ProPack v2.4: Kernel update #3 2004-04-27
SGI Security Coordinator (agent99 sgi com)

MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities 2004-04-27
Mandrake Linux Security Team (security linux-mandrake com)

[ GLSA 200404-18 ] Multiple Vulnerabilities in ssmtp 2004-04-26
Joshua J. Berry (condordes gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]