|
|
Colapse all |
Post message
[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390) 2004-02-19 joey infodrom org (Martin Schulze) PunkBuster SQL Injection Attack 2004-02-19 Just1n T1mberlake (hotpackets hellokitty com) Timberlake Advisory 200402181e-03. Program: http://pbdb.sourceforge.net/ PunkBuster screenshot management system. Simplifying the task of capturing and cataloguing screenshots. It sticks to the roof like a gecko. It supports screenshot retrieval and cataloguing to a website - which includes searc [ more ] [ reply ] MDKSA-2004:014 - Updated metamail packages fix buffer overflow vulnerabilities 2004-02-19 Mandrake Linux Security Team (security linux-mandrake com) Zone Labs Security Advisory ZL04-08 - SMTP processing vulnerability 2004-02-19 Zone Labs Product Security (Product-Security zonelabs com) Aol Instant Messenger/Microsoft Internet Explorer remote code execution 2004-02-19 Michael Evanchik (mike high-pow-er com) Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658) 2004-02-19 K-OTiK Security (Special-Alerts k-otik com) hi, Thor Larholm reported a new unpatched and critical IE vuln wich is exploited as an infection vector for malicious codes and trojans (bid 9658)... here are some details regarding this bug, from Berman Enconado of TrendMicro - (more details will be released by Thor) The exploit allows e [ more ] [ reply ] RE: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability 2004-02-18 kquest toplayer com I want to mention that the claim about EEYE is my own logical conclusion. I don't know if it's true or not. I based my opinion on my own experience dealing with the OpenSSL and MS ASN.1 vulnerabilities. I ended up writing my own X509 editor/decoder and SSL client when I was researching the OpenSSL [ more ] [ reply ] Multiple WinXP kernel vulns can give user mode programs kernel mode privileges 2004-02-18 first last (randnut hotmail com) (2 replies) Multiple WinXP kernel vulns can give user mode programs kernel mode privileges Summary ======= There exist several vulnerabilities in one of Windows XP kernel's native API functions which allow any user with the SeDebugPrivilege privilege to execute arbitrary code in kernel mode, and read from [ more ] [ reply ] RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges 2004-02-19 Alun Jones (alun texis com) Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges 2004-02-19 3APA3A (3APA3A SECURITY NNOV RU) bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vulnerability 2004-02-18 kquest toplayer com This is not an unspecified remote DoS. This is related to the vulnerabilities discovered by EEYE. The reason the exploit caused a DoS is because the OpenSSL vulnerabilities and vulnerabilities discovered by EEYE overlap. They both have a length integer overflow. I actually believe that EEYE discove [ more ] [ reply ] metamail format string bugs and buffer overflows 2004-02-18 Ulf Härnhammar (Ulf Harnhammar 9485 student uu se) metamail format string bugs and buffer overflows PROGRAM: metamail VENDOR: Bell Communications Research, Inc. (Bellcore) DOWNLOAD URLs: ftp://thumper.bellcore.com/pub/nsb/ http://ftp.funet.fi/pub/unix/mail/metamail/ VULNERABLE VERSIONS: 2.2, 2.4, 2.5, 2.6, 2.7, possibly others IMMUN [ more ] [ reply ] Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" 2004-02-18 Fredrik Björk (Fredrik Bjork List varbergenergi se) (1 replies) Hi! Our AP9617 card behaves a bit differently, but still, the password checks out... It's too in a Silicon 10 kVA UPS, but the card can be used in everything from the smallest BackUPS to huge Silicons. /Fredrik User Name : [anything] Password : ******************* Final Functional Test: ver [ more ] [ reply ] Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" 2004-02-18 Charles R. Anderson (cra WPI EDU) Re: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities 2004-02-18 Massimo Arrigoni (info earlyimpact com) In-Reply-To: <40331EF8.6000700 (at) s-quadra (dot) com [email concealed]> Regarding: S-Quadra Advisory #2004-02-16 http://www.securityfocus.com/archive/1/354288/2004-02-15/2004-02-21/0 S-Quadra was given specific information about available fixes and other comments related to the alleged security vulnerabilities. Yet they [ more ] [ reply ] article: Alleged Trojan horse in Israeli Anti-Ballistic Missile System 2004-02-18 Gadi Evron (ge egotistical reprehensible net) OT: reports of a Trojan horse in the Arrow project 2004-02-17 Gadi Evron (ge egotistical reprehensible net) The Arrow is a counter-ballistic missiles project run by Israel. There have been reports the past couple of days about a Trojan horse in the code, inserted by Egypt. As one of the Israelis on the list I feel obligated to provide with some facts. It's an interesting story in any case. You can fin [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 442-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 19th, 2004
[ more ] [ reply ]