SecurityFocus

SGI Advanced Linux Environment security update #15 2004-03-26
SGI Security Coordinator (agent99 sgi com)

SGI Advanced Linux Environment security update #16 2004-03-26
SGI Security Coordinator (agent99 sgi com)

OpenLinux: mc Updated packages resolve local buffer overflow vulnerability 2004-03-25
please_reply_to_security sco com

OpenLinux: mutt remote buffer overflow 2004-03-25
please_reply_to_security sco com

eSignal v7 remote buffer overflow (exploit) 2004-03-25
Vizzy (vizzy freemail hu)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

===========-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-======
=====
VizibleSoft Security Advisory #2004/01 25th Mar 2004

http://viziblesoft.com/insect/advisories/vz012004-esignal7.txt
insect (at) viziblesoft (dot) com [email concealed]
===

[ more ] [ reply ]

Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities 2004-03-25
Ulf Härnhammar (Ulf Harnhammar 9485 student uu se)

"Emil v2 is a filter for converting Internet Messages. It supports
three basic formats: MIME, SUN Mailtool and plain old style RFC822."
It is an old program from SUNET (Swedish University NETwork).

Emil is one of the packages in SUSE Linux and Debian GNU/Linux. It
is also one of the ports in the Fr

[ more ] [ reply ]

UPDATED: MS Word - password protection vulnerabilty 2004-03-25
Andrew Barkley (abarkle3 csc com)

Hi ...

There are several vulnerabilities published/discussed regarding MS Word (MS Office) in general, however, 'tis is the most "no brainer" I've discovered ...

Vulnerability:

Password protected document that has "tracked changes, comments or forms" password protected

Vulnerable:

M

[ more ] [ reply ]

UPDATED: MS Word - password protection vulnerabilty 2004-03-25
Andrew W Barkley (abarkle3 csc com) (1 replies)

Hi ...

There are several vulnerabilities published/discussed regarding MS Word &
MS Office in general, however, 'tis is the most "no brainer" I've
discovered ...

Vulnerability:
Password protected document that has "tracked changes, comments or forms"
password protected

Vulerable:
MS Word (Win2K/

[ more ] [ reply ]

R: UPDATED: MS Word - password protection vulnerabilty 2004-03-26
s zdrojewski itvirtualcommunity net

Remote crash in Etherlords I 1.07 and II 1.03 2004-03-25
Luigi Auriemma (aluigi altervista org)

#######################################################################

Luigi Auriemma

Application: - Etherlords I
http://www.etherlords.com/etherlords1/
- Etherlords II
http://www.etherlords.com
Versions: Etherlords

[ more ] [ reply ]

GLSA200403-04 Multiple security vulnerabilities in Apache 2 2004-03-25
Aida Escriva-Sammer (aescriva gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - -

[ more ] [ reply ]

New Adventures In Phishing 2004-03-25
Jim Halfpenny (jim openanswers co uk)

Hi,
I received a typical phishing email yesterday, and took the usual steps to
inform the owner of the 0wned server hosting the scam as well as the
financial institution concerned. The email I forwarded to said institution
bounced because it, "Could not be checked for viruses."

I suspect the reason

[ more ] [ reply ]

Re: Phpbb 2.0.7a And Earlier Secuity Issues 2004-03-25
JeiAr (security gulftech org)

In-Reply-To: <20040322031300.15846.qmail (at) search.securityfocus (dot) com [email concealed]>

Hi,

Unfortunately the phpBB team underestimated/misunderstood the damage these issues could cause to a phpBB installation, so there is no official fix as of yet. however I hear they are working on an officialy released fix as we

[ more ] [ reply ]

[SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities 2004-03-24
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 468-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
March 24th, 2004

[ more ] [ reply ]

Check Point SmartDashboard Buffer Overflow 2004-03-25
Andreas Constantinides (MegaHz) (megahz megahz org)

MegaHz Security Advisory
19/03/2004

Check Point SmartDashboard Buffer Overflow

Summary
===================

The Check Point Smartview Tracker which is the log viewer for Check
Point Firewall-1 is suffering from buffer overflow vulnerabilities to
various of its fields.

Systems Affected
=======

[ more ] [ reply ]

mysqlbug tmpfile/symlink vulnerability. 2004-03-24
Shaun Colley (shaunige yahoo co uk)

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

Product: mysqlbug packaged with MySQL.
Versions: All
Bug: Symlink bug / tmpfile bug.
Impact: Attacker's can overwrite arbitrary
files.
Risk: Low/Medium
Date: March 24, 2004
Author:

[ more ] [ reply ]

Dark Age of Camelot login client vulnerability to man in the middle attack 2004-03-24
Todd Chapman (tchapman leoninedev com)

----------------------------------------
Security Advisory
----------------------------------------
Software:
Dark Age of Camelot from Mythic Entertainment
including Shrouded Isles & Trials of Atlantis Expansion Packs
http://www.darkageofcamelot.com

Affected Version:
North Ameri

[ more ] [ reply ]

Buffer overflow in PicoPhone 1.63 2004-03-24
Luigi Auriemma (aluigi altervista org)

#######################################################################

Luigi Auriemma

Application: Picophone
http://www.vitez.it/picophone/
Versions: <= 1.63
Platforms: Windows
Bug: buffer overflow in the logging function
Risk:

[ more ] [ reply ]

Dameware Passes Weak File Encryption Key in the Clear 2004-03-23
ax09001h (ax09001h hotmail com)

Dameware Mini Remote Control version 4.1.0.0 and presumably other versions pass a Blowfish encryption key over the wire in the clear. It is bad enough that they appear to be using Blowfish in Electronic Codebook Mode; but they compound their errors by the following two vulnerabilities.

The Dam

[ more ] [ reply ]

Broadcast client buffer-overflow in Terminator 3 1.0 2004-03-23
Luigi Auriemma (aluigi altervista org)

#######################################################################

Luigi Auriemma

Application: Terminator 3: War of the Machines
http://www.t3war.com
Versions: 1.0
Platforms: Windows
Bug: broadcast client's buffer-overflow
Risk:

[ more ] [ reply ]

HP Web JetAdmin vulnerabilities. 2004-03-24
wirepair (wirepair roguemail net) (1 replies)

lo all:
http://sh0dan.org/files/hpjadmadv.txt

Fear the vi formatting.
Product: HP Web JetAdmin Version 7.5.2546 (Others that use this codebase
assumed vulnerable) Note: Only tested on the Windows Platform.
Vulnerability: Denial of Service, Upload Any file to the filesystem to a
known location, Writ

[ more ] [ reply ]

Re: HP Web JetAdmin vulnerabilities. 2004-03-24
H D Moore (sflist digitaloffense net)

TrendMacro Interscan Viruswall Directory Traversal 2004-03-24
Tri Huynh (trihuynh zeeup com) (1 replies)

TrendMacro Interscan Viruswall Directory Traversal
=================================================

PROGRAM: TrendMacro Interscan Viruswall
HOMEPAGE: http://www.trendmicro.com
VULNERABLE VERSIONS: - 3.5x (Windows)
- Unix/Solaris ve

[ more ] [ reply ]

Re: TrendMacro Interscan Viruswall Directory Traversal 2004-03-24
Brian Keefer (chort amaunetsgothique com) (1 replies)

Re: TrendMicro (not Macro) Interscan Viruswall Directory Traversal 2004-03-25
Tri Huynh (trihuynh zeeup com)