SecurityFocus

Re: hard links on Linux create local DoS vulnerability and security problems 2003-11-24
Carl Ekman (calle gosig nu)

Since many systems have /tmp on the root filesystem /tmp could also be used to
link to setuid binaries.

> The link to setuid programs is more of concern except that it won't be able
> to happen unless you have setuid-root programs in a home directory
> partition, which sounds bad anyway.

[ more ] [ reply ]

Re: hard links on Linux create local DoS vulnerability and security problems 2003-11-24
Bruno Lustosa (bruno lustosa net)

* Jakob Lell <jlell (at) JakobLell (dot) de [email concealed]> [24-11-2003 16:11]:
> Furthermore, users can even create links to a setuid binary. If there is a
> security whole like a buffer overflow in any setuid binary, a cracker can
> create a hard link to this file in his home directory. This link still exists
> when the

[ more ] [ reply ]

Re: Unhackable network really unhackable? 2003-11-24
vb dontpanic ulm ccc de

On Mon, Nov 24, 2003 at 10:15:22PM +0900, ?$B%8!<%9%]!<%H!!9uED wrote:
> Are there someone who're
> knowledgeable about a security method to change randomly individual
> PC's IP?

Hm... I don't know that stuff, but I do know that security by obscurity
will not work.

What else beside "hiding" IPs by

[ more ] [ reply ]

Re: hard links on Linux create local DoS vulnerability and security problems 2003-11-24
Brian Bennett (bahamat digitalelf net)

On Mon, Nov 24, 2003 at 05:36:29PM +0100, Jakob Lell wrote:
> Hello,
> on Linux it is possible for any user to create a hard link to a file belonging
> to another user. This hard link continues to exist even if the original file
> is removed by the owner. However, as the link still belongs to the

[ more ] [ reply ]

GLSA: phpsysinfo (200311-06) 2003-11-24
Andrea Barisani (lcars gentoo org)

GLSA: libnids (200311-07) 2003-11-24
Andrea Barisani (lcars gentoo org)

GLSA: ethereal (200311-04) 2003-11-24
Andrea Barisani (lcars gentoo org)

GLSA: glibc (200311-05) 2003-11-24
Andrea Barisani (lcars gentoo org)

Re: hard links on Linux create local DoS vulnerability and security problems 2003-11-24
flaps dgp toronto edu (Alan J Rosenthal)

>on Linux it is possible for any user to create a hard link to a file belonging
>to another user.

Only if they can write to some directory on the same partition.

>Furthermore, users can even create links to a setuid binary.

Only if it's on the same partition. This is just one of a huge number of

[ more ] [ reply ]

hard links on Linux create local DoS vulnerability and security problems 2003-11-24
Jakob Lell (jlell JakobLell de)

Hello,
on Linux it is possible for any user to create a hard link to a file belonging
to another user. This hard link continues to exist even if the original file
is removed by the owner. However, as the link still belongs to the original
owner, it is still counted to his quota. If a malicious us

[ more ] [ reply ]

RE: DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security 2003-11-21
Richard Bertolett ci austin tx us

All,

I took a look at the failure analysis section, and perhaps I can help
clarify RTUs vs. 'dialups', but it is hard for me to tell much about the
SCADA Systems they run.

Dial-ups are usually remote RTUs that are dialed from the control center and
polled for data/changes/exception events, etc.

[ more ] [ reply ]

RE: DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security 2003-11-21
Russ (Russ Cooper rc on ca)

Well, they did specifically discount both current (at the time) Internet worms/activity, and terrorist activity, as having any part in the blackout. As for the RTU failures, FE told investigators they believed that was because they believed the RTU's "started queuing and overloading the terminals bu

[ more ] [ reply ]

Re: DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security 2003-11-21
Charley Hamilton (chamilto uci edu)

Geoff -

One of the reasons the report is long but not conclusive about
many issues is that it is report 1 of 2. The goal is to put out what
information is currently available and the preliminary conclusions,
then invite public comment and suggestions about additional
research/forensic avenues.

T

[ more ] [ reply ]

Unhackable network really unhackable? 2003-11-24
$B%8!<%9%]!<%H!!9uED(B (akuroda mx5 nisiq net)

Have you ever checked out the InvisiLAN technology?
InvisiLAN is seemingly developed by ex-KGB and CIA directors. It's a
random IP change technology inside LAN by a set of secureID like
network cards and special router. Anarkey Network security, a Dutch
company started to distribute InvisiLAN in Eur

[ more ] [ reply ]

New version of ike-scan (IPsec IKE scanner) available - v1.5.1 2003-11-24
Roy Hills (Roy Hills nta-monitor com)

ike-scan v1.5.1 has been released. There are many changes from the last
official release which was v1.2. In summary, the changes are:

a) More IKE backoff patterns which allows more systems to be fingerprinted;
b) More flexible backoff pattern specification which allows systems with
more complex

[ more ] [ reply ]

[RHSA-2003:296-01] Updated stunnel packages available 2003-11-24
bugzilla redhat com

[RHSA-2003:311-01] Updated Pan packages fix denial of service vulnerability 2003-11-24
bugzilla redhat com

[RHSA-2003:316-01] Updated iproute packages fix local security vulnerability 2003-11-24
bugzilla redhat com

Monit 4.1 HTTP interface multiple security vulnerabilities 2003-11-24
S-Quadra Security Research (e legerov s-quadra com)

S-Quadra Advisory #2003-11-24

Topic: Monit 4.1 HTTP interface Multiple Security Vulnerabilities
Severity: High
Vendor URL: http://www.tildeslash.com/monit/
Advisory URL: http://www.s-quadra.com/advisories/Adv-20031124.txt
Release date: 22 Nov 2003

1. DESCRIPTION

Monit (http:

[ more ] [ reply ]

[RHSA-2003:342-01] Updated EPIC packages fix security vulnerability 2003-11-24
bugzilla redhat com

Re: [aadams (at) securityfocus (dot) com [email concealed]: Linux Kernel <= 2.4.21 MXCSR Local DOS Exploitation] 2003-11-24
Matt Zimmerman (mdz debian org)

On Thu, Nov 20, 2003 at 05:10:57PM -0700, David Ahmad wrote:

> As far as I know, this bug was not discussed or exploited anywhere
> publicly. Also, the technique used to cause the memory copy to
> fail is clever and may be useful in other scenarios.

Perhaps not exploited, but it was definitely di

[ more ] [ reply ]

Thomnson TCM315 Denial of service 2003-11-23
Administrador de ShellSec (admin shellsec net)

________________________________________________________________________
___

. : Shell Security Advisory : .

Subject: Buffer overflow in the cable modem Thomson TCM315

Issue date: 2003 November 23

Related link: http://www.shellsec.net/leer_advisory.php?id=2

Homepage: ht

[ more ] [ reply ]

simple buffer overflow in gedit 2003-11-23
Andreas Constantinides (MegaHz) (megahz megahz org)

Hello,
I discover a strange but simple buffer overflow in gedit.
I am using RH9,

to demostrate the buffer here is a simple file buffer generator:

===========buffer.c == cut here===============
/*
simple buffer overflow generator by MegaHz megahz (at) megahz (dot) org [email concealed]
*/
#include <iostream>
using namespace

[ more ] [ reply ]

[CommerceSQL] Remote File Read Vulnerability 2003-11-23
Mariusz Ciesla (craig tenbit pl)

CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)

By using prepared GET page variable it allows user to read remote files

Example:

With index.cgi?page

[ more ] [ reply ]

Re: m00-mod_gzip.c 2003-11-23
Przemyslaw Frasunek (venglin freebsd lublin pl)

Re: yet another panic() in OpenBSD 2003-11-22
Henning Brauer (henning openbsd org)

On Fri, Nov 21, 2003 at 05:46:01PM -0500, noir (at) uberhax0r (dot) net [email concealed] wrote:
> a project lacking the basic QA and unit testing and here is the outcome:
>
> #include <stdio.h>
> #include <sys/types.h>
> #include <sys/sem.h>
> #include <sys/ipc.h>
>
> int
> main()
> {
> int i;
>
> for(i = 0; i <

[ more ] [ reply ]

[Opera 7] Arbitrary File Auto-Saved Vulnerability. 2003-11-22
:: Operash :: (nesumin softhome net)

------------------------------------------------------------------------
---------
TITLE : [Opera 7] Arbitrary File Auto-Saved Vulnerability.
-= For Whom The Remote Customizing Runs? =-
PRODUCT : Opera 7 for Windows
VERSIONS : 7.22 build 3221 (JP:build 3222)

[ more ] [ reply ]

Re: [aadams (at) securityfocus (dot) com [email concealed]: Linux Kernel <= 2.4.21 MXCSR Local DOS Exploitation] 2003-11-21
Thilo Schulz (arny ats s bawue de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 21 November 2003 01:10, David Ahmad wrote:
> Starting with the P3, Intel processors included SSE support which amongst
> many other things added the MXCSR register to handle SSE status and
> control information (and various behavioral flags).

[ more ] [ reply ]

webfs 1.7.x:webserver remote file overflow exploit (use ftpd to mkdir) 2003-11-22
yan feng (jsk ph4nt0m net)

/***********************************************************************
***********hate money. if you have much. please shit ,lol...

*only love #ph4nt0m(irc.ox557.org) #cheese..(sec..)

*page: jsk.ph4nt0m.org

*love taiwan. nah :( chen&li. go die...........

*[root@localhost root]# ./hack -h

[ more ] [ reply ]

Re: help needed with DotGNU security review (was Re: ..researchers org..) 2003-11-22
Crispin Cowan (crispin immunix com)

Norbert Bollow wrote:

>How should I go about trying to find people who are skilled in the
>area of finding security bugs, and who would be willing to have a
>good look at key components of DotGNU (see http://dotgnu.org ) before
>they're widely deployed?
>
This is what Sardonix was designed to do. I

[ more ] [ reply ]