|
|
Colapse all |
Post message
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption 2004-02-11 Sam Schinke (sschinke myrealbox com) Hello Marc, Tuesday, February 10, 2004, 12:47:29 PM, you wrote: MM> For example we setup a totally IPSEC secured network and we broke MM> into that network via our ASN bug which is called by the Kerberos. MM> We also have written exploits that take advantage of ASN via MM> NTLMv2 authentica [ more ] [ reply ] [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow 2004-02-11 Tim Yamin (plasmaroo gentoo org) Update - CheckPoint Vulnerabilities 2004-02-11 Mark Litchfield (mark ngssoftware com) Whilst examining what was going on in the world of security, I came across an update by Checkpoint in regards to some recently reported vulnerabilities in their products, specifically CheckPoint FW-1 and CheckPoint VPN-1. For more info - http://www.checkpoint.com/corporate/iss.html Mark [ more ] [ reply ] AIM worm spreading around? 2004-02-11 Moshe Jacobson (moshe runslinux net) I have had little success in finding information on the AIM worm that seems to be going around now. It affects the official AOL Instant Messenger client only, it seems. Once you click on this link (and there are different endings to the URL each time, in place of the YUAF): http://www.wgutv.co [ more ] [ reply ] Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow 2004-02-11 Berend-Jan Wever (SkyLined edup tudelft nl) Hi all, badpack3t wasn't totally wrong when he called it a BoF because the formatstring can cause BoFs. Anyway, it's a nice little formatstring to exploit, with multiple possible attack vectors. I found it easiest to overwrite the exception handler code (since it's RWE) and then cause an exception. [ more ] [ reply ] RE: Another Low Blow From Microsoft: MBSA Failure! 2004-02-10 Eric McCarty (eric lawmpd com) MBSA detects Patches that have been applied. You installed the patch, MBSA said the patch was there. Sounds relatively logical to me. I don't see the failure there. "The patch management script failed to reboot those few hundred systems" This is your problem, not MBSA. Eric C. McCarty Systems Ad [ more ] [ reply ] Internet Explorer and Microsoft clipboard poor security policy 2004-02-11 bool gte net Overview: Sensitive information can be unknowingly disclosed through use malicious web coding that exploits Internet Explorer and Microsoft clipboard. Recently, a brief test was run at a large corporation investigating means of execution and resulting security implications. Within this document [ more ] [ reply ] RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption 2004-02-11 Rainer Gerhards (rgerhards hq adiscon com) > > And that the server is more likely to be attacked is just > an assumption > > - in the days of class A vuln sweeps and random worm scans, I don't > > think that servers are at most risk. In fact, I think the > unprotected > > home machines are... > > > Yes, but... > > In order to trigger the [ more ] [ reply ] XFree86 vulnerability exploit 2004-02-11 Bender (bender2 sdf lonestar org) Hello Below you can find a exploit for latest bug in XFree86 sofware. Tested on some versions of RedHat Linux (mainly 7.0). regards Bender /* For educational purposes only */ /* Brought to you by bender2 (at) lonestar (dot) org [email concealed] 11.10.2004 */ #include <fcntl.h> #define NOP [ more ] [ reply ] SGI Advanced Linux Environment security update #10 2004-02-11 SGI Security Coordinator (agent99 sgi com) ISS Security Brief: Microsoft ASN.1 Integer Manipulation Vulnerabilities 2004-02-11 X-Force (xforce iss net) -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief February 11, 2004 Microsoft ASN.1 Integer Manipulation Vulnerabilities Synopsis: Microsoft has release Security Bulletin MS04-007 to address vulnerabilities in the ASN.1 parsing component of the Windows Operating System [ more ] [ reply ] RE: Samba 3.x + kernel 2.6.x local root vulnerability 2004-02-10 John Airey rnib org uk > -----Original Message----- > From: Michal Medvecky [mailto:M.Medvecky (at) sh.cvut (dot) cz [email concealed]] > Sent: 09 February 2004 21:23 > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: Samba 3.x + kernel 2.6.x local root vulnerability > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "share" - smb server > "slovaki [ more ] [ reply ] Re: Decompression Bombs 2004-02-10 Bipin Gautam. (door_hunt3r blackcodemail com) In-Reply-To: <7DB0958915FDD611961400A0C98F18464E8DB1 (at) WINTRIX.thermeon (dot) com [email concealed]> I feel.. softwares should check the actual intrigity of data first... before extracting the archive insted completely trusting on the header information. [this will indeed show down the decompression process to some exte [ more ] [ reply ] RE: Hacking USB Thumbdrives, Thumprint authentication 2004-02-10 David Cross ngc com Fingerprint data is difficult to hash since the comparators are fuzzy in nature. Basically you are dealing with vectors or distances between minutiae (points of interest) and their direction including slant/curve. Minutiae readings will differ slightly with each print sampling. For accuracy each [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: OpenLinux: slocate local user buffer overflow
Advisory number: CSSA-2004-001.0
Issue date: 2004 February 10
Cross reference: sr88603
[ more ] [ reply ]