|
|
Colapse all |
Post message
[Fwd: [TH-research] OT: Israeli Post Office break-in] 2004-01-11 Gadi Evron (ge egotistical reprehensible net) bzip2 bombs still causes problems in antivirus-software 2004-01-09 Dr. Peter Bieringer (pbieringer aerasec de) Hi, sure you remember the e-mail from Steve Wray in August 2003 about bzip2 bombs and the possible DoS against antivirus-software: http://lists.netsys.com/pipermail/full-disclosure/2003-August/009255.htm l We found that this is still an issue, especially we found that one vendor detects bzip2 bom [ more ] [ reply ] [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) 2004-01-09 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) New kernels are available for Slackware 8.1 containing a backported fix from a bounds-checking problem in the kernel's mremap() call which could be used by a local attacker [ more ] [ reply ] Windows FTP Server Format String Vulnerability 2004-01-08 Peter Winter-Smith (peter4020 hotmail com) Windows FTP Server Format String Vulnerability ############################################## Credit: Author : Peter Winter-Smith Software: Packages : Windows FTP Server Version : 1.6 and below Vendor : HD Soft/Windows Ftp Server SOFTWARE Vendor Url : http://srv.nease.net/ Vulnerabi [ more ] [ reply ] [SECURITY] [DSA 417-2] New Linux 2.4.18 packages fix local root exploit (alpha) 2004-01-09 joey infodrom org (Martin Schulze) [SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection 2004-01-09 joey infodrom org (Martin Schulze) Openssl proof of concept code? 2004-01-08 Lachniet, Mark (mlachniet sequoianet com) Please excuse the cross-post, and please forgive me if I am missing something that I should have found through conventional sources. A few months ago, there were issues with the openssl code base, as noted on bugtraq and in the following URLs: http://www.openssl.org/news/secadv_20031104.txt and htt [ more ] [ reply ] MDKSA-2004:001 - Updated kernel packages fix local root vulnerability 2004-01-08 Mandrake Linux Security Team (security linux-mandrake com) SGI Advanced Linux Environment security update #8 2004-01-07 SGI Security Coordinator (agent99 sgi com) [SECURITY] INN: Buffer overflow in control message handling 2004-01-08 Russ Allbery (rra isc org) A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is fairly likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN 2.3.x and earlier are not affected. The INN CURRENT tree is affected. S [ more ] [ reply ] Yahoo Instant Messenger Long Filename Downloading Buffer Overflow 2004-01-08 Tri Huynh (trihuynh zeeup com) Yahoo Instant Messenger Long Filename Downloading Buffer Overflow ================================================= PROGRAM: Yahoo Instant Messenger (YIM) HOMEPAGE: http://messenger.yahoo.com VULNERABLE VERSIONS: 5.6.0.1351 and below DESCRIPTION ============================================= [ more ] [ reply ] [SECURITY] [DSA 418-1] New vbox3 packages fix privilege leak 2004-01-08 Matt Zimmerman (mdz debian org) Re: Microsoft Word Protection Bypass 2004-01-08 Vladimir Katalov (vkatalov elcomsoft com) In-Reply-To: <OF60A8C9AA.4F52F3E5-ON00256E0F.003B08BA-C1256E0F.003B9AEC@localhost> >To: bugtraq (at) securityfocus (dot) com [email concealed] >Cc: "Microsoft Security Response Center" <secure (at) microsoft (dot) com [email concealed]> >Subject: Microsoft Word Protection Bypass >From: Thorsten Delbrouck-Konetzko <Thorsten.Delbrouck (at) guardeonic (dot) com [email concealed]> >D [ more ] [ reply ] [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn) 2004-01-08 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability 2004-01-08 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability Document ID: 47765 Revision 1.0 FINAL For Public Release 2004 January 8 17:00 UTC (GMT) - ----------------------------------------------------------------------- [ more ] [ reply ] [CLA-2004:801] Conectiva Security Announcement - ethereal 2004-01-07 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : ethereal SUMMARY : Fix for ethereal vulnerabi [ more ] [ reply ] [slackware-security] Kernel security update (SSA:2004-006-01) 2004-01-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Kernel security update (SSA:2004-006-01) New kernels are available for Slackware 9.0, 9.1 and -current. The 9.1 and -current kernels have been upgraded to 2.4.24, and a fix has been backported to the 2.4.21 kernels in Slackware [ more ] [ reply ] EDIMAX AR-6004 Full Rate ADSL Router Cross Site Scripting Vulnerabillity 2004-01-06 Rafel Ivgi (theinsider 012 net il) [SECURITY] [DSA 415-1] New zebra packages fix denial of service 2004-01-07 Matt Zimmerman (mdz debian org) SnapStream PVS LITE Cross Site Scripting Vulnerabillity 2004-01-06 Rafel Ivgi (theinsider 012 net il) RealNetworks fails to address Cross-Site Scripting in RealOne Player 2004-01-07 Arman Nayyeri (arman-n Phreaker net) RealNetworks fails to address Cross-Site Scripting in RealOne Player ==================================================================== Title: RealNetworks fails to address Cross-Site Scripting in RealOne Date: Tuesday, January 06, 2004 Software: RealOne Player Vendor: RealNetworks [ more ] [ reply ] ZyXEL10 OF ZyWALL Series Router Cross Site Scripting Vulnerabillity 2004-01-06 Rafel Ivgi (theinsider 012 net il) [SECURITY] [DSA 414-1] New jabber packages fix denial of service 2004-01-07 Matt Zimmerman (mdz debian org) [SECURITY] [DSA 416-1] New fsp packages fix buffer overflow, directory traversal 2004-01-07 Matt Zimmerman (mdz debian org) Re: Microsoft Word Protection Bypass 2004-01-07 Thorsten Delbrouck-Konetzko (Thorsten Delbrouck guardeonic com) (1 replies) joop gerritse <jjge (at) xs4all (dot) nl [email concealed]> wrote on 03.01.2004 12:34:45: > A much simpler trick is to write the document out > in RTF form, and use a text editor. There are several methods to extract the contents of a protected document, but that fails to be the point here. Equipped with a method to unprote [ more ] [ reply ] [SECURITY] [DSA 417-1] New Linux 2.4.18 packages fix local root exploit (powerpc+alpha) 2004-01-07 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
below.
Gadi Evron.
Date: Sat, 10 Jan 2004 19:23:15 -0800
From: Gadi Evron <ge (at) linuxbox (dot) org [email concealed]>
To: th-research
Subject: [TH-research] OT: Israeli Post Office break-in
Mail from Gadi Evron <ge (at) linuxbox (dot) org [email concealed]>
This is completely
[ more ] [ reply ]