SecurityFocus

Yahoo Instant Messenger YAUTO.DLL buffer overflow 2003-12-03
Tri Huynh (trihuynh zeeup com)

Yahoo Instant Messenger YAUTO.DLL buffer overflow
=================================================

PROGRAM: Yahoo Instant Messenger (YIM)
HOMEPAGE: http://messenger.yahoo.com
VULNERABLE VERSIONS: 5.6.0.1347 and below

DESCRIPTION
=================================================

YIM is one of th

[ more ] [ reply ]

Altova XMLSpy "phones home" user data 2003-12-03
Bruno Lustosa (bruno lustosa net)

I don't know if this is already well known, but it has come to my
attention that whenever someone will launch XMLSpy, the program will try
to connect to Altova's servers, send some user info through a POST to a
web server, and wait for a response.
It will then answer whether the copy is authentic or

[ more ] [ reply ]

Websense Blocked Sites XSS 2003-12-03
Mr. P.Taylor (petert imagine-sw com)

Websense Blocked Sites XSS

Risk: High

Product: Websense Enterprise v4.3.0 - v5.1 (Maybe others we only
tested this version)

Product URL: http://www.websense.com

Found By: PeterT - petert (at) imagine-sw (dot) com [email concealed]

Problem:
When Websense blocks a web site, it returns a web page to the browser
stating
that

[ more ] [ reply ]

GLSA: rsync.gentoo.org rotation server compromised (200312-01) 2003-12-03
Daniel Robbins (drobbins gentoo org)

- ------------------------------------------------------------------------
---
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-01
- ------------------------------------------------------------------------
---

GLSA: 200312-01
summary: rsync.gentoo.org rotation server compromised
severity: norm

[ more ] [ reply ]

SUSE Security Announcement: gpg (SuSE-SA:2003:048) 2003-12-03
Roman Drahtmueller (draht suse de)

eZphotoshare Multiple Overflow Vulnerabilities 2003-12-03
Peter Winter-Smith (peter4020 hotmail com)

eZphotoshare Multiple Overflow Vulnerabilities

##############################################

Credit:
Author : Peter Winter-Smith

Software:
Package : eZphotoshare
Versions : All up to and including the latest verson
Vendor : eZnetwork
Vendor Url : http://www.ezphotoshare.com/

Vulner

[ more ] [ reply ]

FreeBSD arp poison patch 2003-12-03
bert_raccoon freemail ru

There is well known problem arp poisoning problem in FreeBSD. If

arp reply is received without request FreeBSD logs error

into syslog, but changes arp table entry. It makes possibility

for local atacker to change arp cache entry. In network this

behaviour can only occure when adapter chang

[ more ] [ reply ]

GnuPG 1.2.3, 1.3.3 external HKP interface format string issue 2003-12-03
S-Quadra Security Research (research s-quadra com)

S-Quadra Advisory #2003-12-03

Topic: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue
Severity: Low
Vendor URL: http://www.gnupg.org
Advisory URL: http://www.s-quadra.com/advisories/Adv-20031203.txt
Release date: 3 Dec 2003

1. DESCRIPTION

GnuPG is a complete an

[ more ] [ reply ]

do_brk() vulnerability on SGI Altix systems 2003-12-02
SGI Security Coordinator (agent99 sgi com)

[slackware-security] minor advisory typo (SSA:2003-336-01b) 2003-12-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] minor advisory typo (SSA:2003-336-01b)

The recently issued kernel advisory (SSA:2003-336-01) reads:

"More details about the Apache issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mi

[ more ] [ reply ]

[slackware-security] Kernel security update (SSA:2003-336-01) 2003-12-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Kernel security update (SSA:2003-336-01)

New kernels are available for Slackware 9.1 and -current. These
have been upgraded to Linux kernel version 2.4.23, which fixes a
bug in the kernel's do_brk() function that could be explo

[ more ] [ reply ]

Cisco Security Advisory: SNMP trap Reveals WEP Key in Cisco Aironet AP 2003-12-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[RHSA-2003:335-01] Updated Net-SNMP packages fix security and other bugs 2003-12-02
bugzilla redhat com

IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability 2003-12-02
Oliver Karow (Oliver Karow gmx de)

IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
=====================================================================

During the audit of 3rd party product, based on IBM Directory Server,
i found a cross site scripting vulnerability on IBM's Directory Server 4.1
Web Admin Gui.

[ more ] [ reply ]

[iSEC] Linux kernel do_brk() lacks argument bound checking 2003-12-01
Paul Starzetz (ihaquer isec pl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Synopsis: Linux kernel do_brk() lacks argument bound checking
Product: Linux
Version: up to 2.4.23, others
Vendor: http://www.kernel.org/

URL: http://isec.pl/vulnerabilities/isec-0012-do_brk.txt
CVE: http://cve.mitre.org/cgi-bin/cvenam

[ more ] [ reply ]

[RHSA-2003:392-00] Updated 2.4 kernel fixes privilege escalation security vulnerability 2003-12-02
bugzilla redhat com

Linux kernel do_brk() proof-of-concept exploit code 2003-12-02
Christophe Devine (DEVINE iie cnam fr) (1 replies)

The following program can be used to test if a x86 Linux system
is vulnerable to the do_brk() exploit; use at your own risk.

$ nasm brk_poc.asm -o a.out
$ chmod 755 a.out

$ uname -a
Linux test3 2.4.22-10mdk #1 Thu Sep 18 12:30:58 CEST 2003 i686 unknown unknown GNU/Linux
$ ./a.out &
[1] 1698
$ ca

[ more ] [ reply ]

Re: Linux kernel do_brk() proof-of-concept exploit code 2003-12-02
Calum (bugtraq umtstrial co uk)

Comments on 5 IE vulnerabilities 2003-12-01
Thor Larholm (thor pivx com) (1 replies)

Despite the severity of some of the vulnerabilities posted by Liu Die
Yu, such as the ability for system compromises, it is relatively easy to
mitigate against the impact and even prevent them from having any effect
at all.

Much ado has been made about those vulnerabilities and they have been
cover

[ more ] [ reply ]

Re: Comments on 5 IE vulnerabilities 2003-12-02
Pavel Kankovsky (peak argo troja mff cuni cz)

UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2 2003-12-01
security sco com

To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: UnixWare 7.1.1 : Bind: cache poisoning BIND

[ more ] [ reply ]

TSLSA-2003-0046 - kernel 2003-12-01
Trustix Security Advisor (tsl trustix org)

MDKSA-2003:110 - Updated kernel packages fix vulnerability 2003-12-01
Mandrake Linux Security Team (security linux-mandrake com)

Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached) 2003-12-01
Steven M. Christey (coley mitre org)

bugtraq (at) bugtraq (dot) org [email concealed] said:

>CVE Candidate: CAN-2003-0970 - Authentication Bypass to Add IDS Rules
> CAN-2003-0971 - Authentication Bypass to Add Users

These numbers are incorrect.

> CAN-2003-0960 - Logical error in Applied Watch Console allowing user-adds
> CAN-2003-0961 - Logical

[ more ] [ reply ]