|
|
Colapse all |
Post message
[cliph (at) isec (dot) pl [email concealed]: Linux kernel setsockopt MCAST_MSFILTER integer overflow] 2004-04-20 David Ahmad (da securityfocus com) ----- Forwarded message from Wojciech Purczynski <cliph (at) isec (dot) pl [email concealed]> ----- From: Wojciech Purczynski <cliph (at) isec (dot) pl [email concealed]> Subject: Linux kernel setsockopt MCAST_MSFILTER integer overflow To: bugtraq (at) securityfocus (dot) com [email concealed], <full-disclosure (at) lists.netsys (dot) com [email concealed]>, <vulnwatch (at) vulnwatch (dot) org [email concealed]> Cc: vendor-sec (at) lst (dot) de [email concealed] Repl [ more ] [ reply ] Format String in Cherokee 2004-04-20 CoKi (coki nosystem com ar) ------------------------------------------------- No System Group - Advisory #3 - 17/04/04 ------------------------------------------------- Program: Cherokee Web Server Homepage: http://www.0x50.org Vulnerable Versions: Cherokee 0.4.16 and prior Risk: Low / Medium Impact: Local Format St [ more ] [ reply ] US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP 2004-04-20 CERT Advisory (cert-advisory cert org) NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP 2004-04-20 David Ahmad (da securityfocus com) http://www.uniras.gov.uk/vuls/2004/236929/index.htm -- NISCC Vulnerability Advisory 236929 Vulnerability Issues in TCP Version Information Advisory Reference 236929 Release Date 20 April 2004 Last Revision 20 April 2004 Version Number 1.0 What is Affected? The vulnerability described [ more ] [ reply ] MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability 2004-04-20 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities 2004-04-19 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:033 - Updated xine-ui packages fix temporary file insecurities 2004-04-19 Mandrake Linux Security Team (security linux-mandrake com) NcFTP - password leaking 2004-04-19 Konstantin Gavrilenko (mlists arhont com) (1 replies) MDKSA-2004:032 - Updated libneon packages fix temporary file insecurities 2004-04-19 Mandrake Linux Security Team (security linux-mandrake com) Exchange pop3 remote exploit 2004-04-19 securma massine (securma caramail com) #!/usr/bin/perl -w #Exchange pop3 Remote Exploit #eXchange POP3 is a gateway (connector) that downloads messages from Internet mailboxes #using the POP3 or IMAP protocol. It then determines the proper recipient(s) for each message #and sends them to Exchange Server using the SMTP protocol. #eXch [ more ] [ reply ] [slackware-security] cvs security update (SSA:2004-108-02) 2004-04-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] cvs security update (SSA:2004-108-02) CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both use [ more ] [ reply ] phpBB modified by Przemo arbitary code execution 2004-04-19 Dariusz 'Officerrr' Kolasinski (ofi poligon com pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --====----====----====----====----====----====----====----====----====-- --===-- Product: phpBB modified by Przemo Version: v1.8 Vendor: http://przemo.org/phpBB2/ Discover by: Officerrr <officerrr at poligon.com.pl> Vendor Response: Not contacted yet. [ more ] [ reply ] RE: "Delete anti-virus and firewall software" --Microsoft 2004-04-16 Thor Larholm (thor pivx com) The Knowledge Base article is no longer available on support.microsoft.com, but a lot of other sites have a copy: http://www.kbalertz.com/Feedback_820673.aspx Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@ [ more ] [ reply ] Re: After Ms patches last Wed ... 2004-04-17 geoff froh densho org > I was told a Win2K user at work experienced the same thing. Seems that > Microsoft may not have spent enough time testing one of these patches on the > Win2K platform. Dunno which one, since in recent years I'd found > Microsoft's patches to be well-tested enough that I haven't made a point to > [ more ] [ reply ] KPhone STUN DoS (Malformed STUN Packets) 2004-04-19 Aviram Jenik (aviram beyondsecurity com) KPhone STUN DoS (Malformed STUN Packets) ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/unixfocus/5PP0B1FCLY.html SUMMARY <http://www.wirlab.net/kphone/> KPhone is "a SIP (Session Initiation Protocol) user agent for Linux, [ more ] [ reply ] Eudora 6.1 is evil 2004-04-19 psz maths usyd edu au (Paul Szabo) Eudora 6.1 on Windows is evil - have tested "Light Mode" (free) only so far, do not know if "Sponsored Mode" or "Paid Mode" would be any different. (Do not use: stay away from Eudora, or maybe use version 6.0.3.) --- Attachment spoof, LaunchProtect: http://lists.netsys.com/pipermail/full-disclo [ more ] [ reply ] [slackware-security] utempter security update (SSA:2004-110-01) 2004-04-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] utempter security update (SSA:2004-110-01) New utempter packages are available for Slackware 9.1 and -current to fix a security issue. (Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier [ more ] [ reply ] Solaris 9 patch 113579-03 introduces a NIS security bug 2004-04-19 Chris Thompson (cet1 cus cam ac uk) [Posted to newsgroup comp.unix.solaris, and mailed to bugtraq (at) securityfocus (dot) com [email concealed]] Patch 113579-03, which has been in the recommended patch set for Solaris 9 since mid-February, introduces a security bug. If you are not running a NIS server using Solaris 9 you are not affected. If you do, but don' [ more ] [ reply ] Zaep AntiSpam Cross Site Scripting 2004-04-19 Aviram Jenik (aviram beyondsecurity com) Zaep AntiSpam Cross Site Scripting ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/windowsntfocus/5EP0I15CKK.html SUMMARY Beyond Security has discovered a security vulnerability in <http://www.zaep.com/> Zaep AntiSpam 2.0, [ more ] [ reply ] Microsoft Help and Support Center argument injection vulnerability 2004-04-13 Jouko Pynnonen (jouko iki fi) OVERVIEW ======== "Help and Support Center (HSC) is a feature in Windows that provides help on a variety of topics" (from www.microsoft.com). It can be accessed via HCP: URLs. HSC is installed by default on Windows XP and Windows Server 2003 systems. An argument injection vulnerability in HSC [ more ] [ reply ] Re: Squirrelmail Chpasswod bof 2004-04-19 rip overflow no In-Reply-To: <20040417193848.GA31925 (at) piper.madduck (dot) net [email concealed]> Hi >> webmaster@orco:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999 > >can we please see the code for this exploit? Certainly, but i admire your courage to ask for such a simple one tho :] Let's take a quick peek at chpasswd.c: <---sn [ more ] [ reply ] MDKSA-2004:031 - Updated utempter packages fix several vulnerabilities 2004-04-19 Mandrake Linux Security Team (security linux-mandrake com) Idea of CAW (Creation of Attack Wood) 2004-04-18 kincses zoli (kincses caesar elte hu) (1 replies) hali, there is the attack tree concept of Bruce Schneier: http://www.schneier.com/paper-attacktrees-ddj-ft.html http://www.counterpane.com/attacktrees.pdf there is a SW that helps creating such trees: SecurITree from Amenaza, http://www.amenaza.com/ i am working on attack tree of smartcards, and [ more ] [ reply ] |
|
Privacy Statement |
Don't know if this is duplicate info from another message, but there are two different issues with the KB835732 update. Specifically on Windows 2000 machines.
The first issue involves cached data in RAM. If a machine
[ more ] [ reply ]