SecurityFocus

RE: Linux kernel do_mremap() proof-of-concept exploit code 2004-01-06
tlarholm pivx com

> From: Bruno Lustosa [mailto:bruno (at) lustosa (dot) net [email concealed]]
> Tested it under Linux 2.6.1-rc1, and surprisingly,
> the machine rebooted instantly. Isn't the mremap
> bug supposed to be fixed on the 2.6 series?

It is, but not in 2.6.1-rc1.

From http://isec.pl/vulnerabilities/isec-0013-mremap.txt:

"Version

[ more ] [ reply ]

FirstClass Client 7.1: Command Execution via Email Web Link 2004-01-05
Richard Maudsley (r_i_c_h btopenworld com)

Product: FirstClass Desktop Client 7.1
Developer: SoftArc
URL: http://www.softarc.com/

Description: Users clicking on a maliciously crafted link will result in
local file execution.

Details:
FirstClass RTF formatted messages can include hyper-links to web URL's.
When the messages recipient click

[ more ] [ reply ]

Lotus Notes Domino 6.0.2 (linux) faulty default permissions 2004-01-06
Rene (l0om excluded org)

Lotus Notes Domino 6.0.2 (linux)

for the installation it is recommended to add a new

user like "notes". after this you should log in as

root install the services. well, after i have done

this i have noticed the following.

there are faulty default permissions for the

important

[ more ] [ reply ]

[SECURITY] [DSA 413-1] New Linux 2.4.18 packages fix locate root exploit 2004-01-06
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 413-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 6th, 2004

[ more ] [ reply ]

Vuln in PHPGEDVIEW 2.61 Multi-Problem 2004-01-06
Vietnamese Security Group (security security com vn)

Tittle : Vuln in PHPGEDVIEW 2.61

Lang : PHP

Author : Windak

Website: www.security.com.vn

Version : PHPGEDVIEW 2.61 Multi-Problem

Introduction :

PHPGEDVIEW is program read projects GEDCOM file ( default html ) .

Bug :

1) Php code injection :

Rick : Hight

- Vuln in any fi

[ more ] [ reply ]

Linux mremap bug correction 2004-01-06
Paul Starzetz (ihaquer isec pl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

our initial posting contains a mistake about the vulnerability of the 2.2
kernel series. Since the 2.2 kernel series doesn't support the
MREMAP_FIXED flag it is NOT vulnerable. The source states
"MREMAP_FIXED option added 5-Dec-1999" but it didn

[ more ] [ reply ]

[SECURITY] [DSA 410-1] New libnids packages fix buffer overflow 2004-01-06
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 410-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004

[ more ] [ reply ]

[CLA-2004:800] Conectiva Security Announcement - lftp 2004-01-06
Conectiva Updates (secure conectiva com br)

Multiple Vulnerabilities in Phorum 3.4.5 2004-01-05
Calum Power (enune fribble net)

Phorum 3.4.5 Vulnerabilities

-----------------------------
Credit:
Author: : Calum Power
Version(s) : <= 3.4.5
Vendor : Phorum
Vendor URL : http://phorum.org

Vendor Contacted: Yes
Vendor Fix: Phorum has released Phorum v3.4.6 as a response to this
advisory. Please patch your vulnerable

[ more ] [ reply ]

[SECURITY] [DSA 412-1] New nd packages fix buffer overflows 2004-01-06
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 412-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004

[ more ] [ reply ]

[SECURITY] [DSA 411-1] New mpg321 packages fix format string vulnerability 2004-01-06
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 411-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004

[ more ] [ reply ]

Immunix Secured OS 7.3 kernel update 2004-01-06
Immunix Security Team (security immunix com)

-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: kernel
Affected products: Immunix 7.3
Bugs fixed: CAN-2003-0985
Date: Mon Jan 5 2004
Advisory ID: IMNX-2004-73-001-01
Author: Seth Arnold <sarnold (at) immunix (dot) com [email concealed]>
----

[ more ] [ reply ]

[SECURITY] [DSA 409-1] New bind packages fix denial of service 2004-01-06
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 409-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004

[ more ] [ reply ]

Linux kernel do_mremap() proof-of-concept exploit code 2004-01-05
Christophe Devine (devine iie cnam fr) (2 replies)

The following program can be used to test if a x86 Linux system
is vulnerable to the do_mremap() exploit; use at your own risk.

$ cat mremap_poc.c

/*
* Proof-of-concept exploit code for do_mremap()
*
* Copyright (C) 2004 Christophe Devine and Julien Tinnes
*
* This program is free softwar

[ more ] [ reply ]

Re: Linux kernel do_mremap() proof-of-concept exploit code 2004-01-06
Bruno Lustosa (bruno lustosa net)

Re: Linux kernel do_mremap() proof-of-concept exploit code 2004-01-06
Alexandre Hautequest (hquest ondacorp com br)

vBulletin Forum 2.3.xx calendar.php SQL Injection 2004-01-05
Qianwei Hu (a1476854 hotmail com)

vBulletin Forum 2.3.xx calendar.php SQL Injection
========================================================
Website: www.safechina.net
Discovered by: mslug (a1476854 (at) hotmail (dot) com [email concealed])

Description:
=============
There exist a sql injection problem in calendar.php. Notice the eventid
field.

-------- Cut

[ more ] [ reply ]

SUSE Security Announcement: Linux Kernel (SuSE-SA:2004:001) 2004-01-05
thomas suse de (Thomas Biege)

[RHSA-2003:417-01] Updated kernel resolves security vulnerability 2004-01-05
bugzilla redhat com

[SECURITY] [DSA 408-1] New screen packages fix group utmp exploit 2004-01-05
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 408-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 5th, 2004

[ more ] [ reply ]

Linux kernel mremap vulnerability 2004-01-05
Paul Starzetz (ihaquer isec pl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Synopsis: Linux kernel do_mremap local privilege escalation vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
Vendor: http://www.kernel.org/
URL: http://isec.pl/vulnerabilities/isec-0012-mremap.txt
CVE: http://cve.

[ more ] [ reply ]

[ESA-20040105-001] 'kernel' bug and security fixes. 2004-01-05
EnGarde Secure Linux (security guardiandigital com)

TSLSA-2004-01 - kernel 2004-01-05
Trustix Security Advisor (tsl trustix org)

[SECURITY] [DSA 407-1] New ethereal packages fix several vulnerabilities 2004-01-05
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 407-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 5th, 2004

[ more ] [ reply ]

[CLA-2004:799] Conectiva Security Announcement - kernel 2004-01-05
Conectiva Updates (secure conectiva com br)

Announcing adore-ng 0.31 2004-01-04
Stealth (stealth team-teso net)

hi,

At

http://stealth.7350.org/rootkits/adore-ng-0.31.tgz

you can find the latest Adore-ng. Since the new version supports
various new features as previously braindumped in Phrack #61
(evil-log-tagging, LKM infection, reboot residency) I announce
this version.

If you never used adore before, her

[ more ] [ reply ]

Re: Linux kernel mremap vulnerability 2004-01-05
Paul Starzetz (ihaquer isec pl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

due to monday related problems there is a small error in my posting. The
correct URL is:

http://isec.pl/vulnerabilities/isec-0013-mremap.txt

- --
Paul Starzetz
iSEC Security Research
http://isec.pl/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG

[ more ] [ reply ]

[SECURITY] [DSA 406-1] New lftp packages fix arbitrary code execution 2004-01-05
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 406-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 5th, 2004

[ more ] [ reply ]

HotNews arbitary file inclusion 2004-01-04
Dariusz 'Officerrr' Kolasinski (officerrr poligon com pl)

HotNews arbitary file inclusion.

===+++===+++===+++
Product: HotNews
Version: <= v0.7.2
Vendor: http://sourceforge.net/projects/hotnews/
Bug discovered by: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]>
Vendor Response: Not contacted yet.
===+++===+++===+++

Problem #1:
===+++===+++===+++
Attacker can inclu

[ more ] [ reply ]