The problem as you mention it is something that I have seen as well.
For all I have been able to find, it has to do with the load on the
ethernet port and very likely, with the occurance of collisions on the
ethernet segment it is connected to.

Currently, my modem is connected to a dedicated router

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 404-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 4th, 2003

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SUSE Security Announcement

Package: Linux Kernel
Announcement-ID: SuSE-SA:2003:049
Date: Thursd

[ more ]  [ reply ]

> So, unfortunately I don't think that check alone is sufficient.

For in-depth information about dlmalloc's frontlink() macro exploitation,
check out the excellent paper by MaXX, at:

http://phrack.org/phrack/57/p57-0x08

You can also see an exploitation example of mine (heap/heap2-ex.c) in the
mis

[ more ]  [ reply ]

There were complains that previous POC wasn't working on some kernels, and I
even saw a guy on IRC asking about POC using a different method.

The previous version was relying on the Linux ELF loader to call do_brk for
us. This one uses sys_brk(), but to bypass a check of available memory in
sys_

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

Vulnerability: Improper authentication checking for delete

Discussion: Due to improper authentication checking a pop-up opened by any of the multiple XSS vulnerabilities by the admin of the site can cause a database compromise.

Exploit: By using one of the multiple XSS vulnerabilities in thi

[ more ]  [ reply ]

----- Forwarded message from rsync-announce (at) lists.samba (dot) org [email concealed] -----

Date: Thu, 4 Dec 2003 16:55:27 +1100
To: rsync-announce (at) lists.samba (dot) org [email concealed], rsync (at) lists.samba (dot) org [email concealed]
Mail-Followup-To: rsync-announce (at) lists.samba (dot) org [email concealed], rsync (at) lists.samba (dot) org [email concealed]
Cc:
From: rsync-announce (at) lists.samba (dot) org [email concealed]
Subject: [rsync-announce

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2003-0048

Package name: rsync
Summary: remote code execution
Date: 2003-12-04
Affected versions: TSL 1.2, 1

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] rsync security update (SSA:2003-337-01)

Rsync is a file transfer client and server.

A security problem which may lead to unauthorized machine access
or code execution has been fixed by upgrading to rsync-2.5.7.
This problem only

[ more ]  [ reply ]

Vulnerability: XSS vulnerabilities in register.asp

Description: The registration form in register.asp does not properly sanitize user input. This means a malicious user can place script into the form fields when they register. The script is stored in the database intact and is called and exec

[ more ]  [ reply ]

Vulnerability: XSS Vulnerabilities in msg

Description: XSS (Cross Site Scripting) vulnerabilities exist in the msg parameter passed in the URL to many pages. This can be used to run arbitrary code on the website, or redirect to some other malicious script. These pages include:

deliver.asp

[ more ]  [ reply ]

Vulnerability: Plaintext Vulnerability

Description: All of the data in this database is stored in plain text (not encrypted), including usernames, passwords, credit card numbers, addresses, etc. Many times the database is placed into a web accessible folder (by default)

Exploit: None Requir

[ more ]  [ reply ]

In-Reply-To: <3FCDDEB3.8050006 (at) nopiracy (dot) de [email concealed]>

>heap attacks that try to make use of the unlink macro (and this are the

>most out there). I know that modifying unlink does not protect against

>frontlink attacks. But most heap exploiters do not even know that there

>is anything else than unlink.

[ more ]  [ reply ]

Linksys WRT54G Denial of Service Vulnerability

System(s)

===========

Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)

Detail(s)

===========

Sending a blank GET request to the router on port 80 (or 8080) halts the embedded webserver. This may allow an attacker to force the own

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : Multiple OpenSSH/OpenSSL Vulnerabilities Update
Number : 20030904-02-P
Date : December 3, 2003
Reference :

[ more ]  [ reply ]

About XBoard:

XBoard is a graphical chessboard that can serve as a user interface
to chess engines (such as GNU Chess), the Internet Chess Servers,
electronic mail correspondence chess, or your own collection of
saved games. pxboard is a script that saves its standard input to
a temporary fil

[ more ]  [ reply ]

All this week TechNet is hosting a series of security-related Webcasts. Subjects include:

- Using Portable Handheld Devices in a Secure Manner

- Secure Network Access

- Designing a Secure - Reliable - and Usable Patch Management Infrastructure

- Securing Your Exchange 2003 Environment

-

[ more ]  [ reply ]