Systems Administrator <sysadmin (at) sunet.com (dot) au [email concealed]> said:

> Quick question: would it make sense to have somewhere:
>
>- A common (computer/human readable) format for vulnerability
> disclosures
>- A common format for bugfix publications

There are a couple proposals out there, but I don't think they've

[ more ]  [ reply ]

In-Reply-To: <6520144396.20031113223723 (at) hex.net (dot) ru [email concealed]>

HEX has submitted incorrect information on Web Wiz Forums (again!!!).

The values of the variables mentioned by HEX are filtered further on in the code.

The file register_new_user.asp is not a file that exsits in Web Wiz Forums version 7.01

[ more ]  [ reply ]

> -----Original Message-----
> From: full-disclosure-admin (at) lists.netsys (dot) com [email concealed]
> [mailto:full-disclosure-admin (at) lists.netsys (dot) com [email concealed]] On Behalf Of
> srenna (at) vdbmusic (dot) com [email concealed]
> Sent: Friday, November 14, 2003 7:30 AM
> To: Adam Laurie; Pentest Security Advisories;
> bugtraq (at) securityfocus (dot) com [email concealed]; full-disclosure@l

[ more ]  [ reply ]

Summary:
--------

All versions of Quagga (and also GNU Zebra, from which Quagga was
forked) are vulnerable to a remotely triggerable denial of
service.

Scope of vulnerability:
-----------------------

All versions of GNU Zebra and all versions of Quagga /prior/ to
0.96.4, where a daemon's vty, i

[ more ]  [ reply ]

PHPlist, http://www.phplist.com is a popular open source newsletter
application written in PHP.

Recently a file injection vulnerability has been discovered allowing
remote attackers to issue arbitrary commands on the hosted machine, as
the webserver user.
The issue has been resolved in the late

[ more ]  [ reply ]

It would be very interesting to see any results that try to compare
the timeliness of vendor response. I attemped to conduct such a study
a year and a half ago, but the study failed due to lack of time and a
lot of other factors such as:

- the relatively small percentage of disclosure timelines

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated glibc packages provide security and bug fixes
Advisory ID: RHSA-2003:325-01
Issue date: 2003-11

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Symantec Security Response Advisory

13 November 2003
Symantec pcAnywhere Service-Mode Help File Elevation of Privilege

Risk Impact
High (very dependent on product configuration and operating
environment)

Overview
Security analysts from Secure Networ

[ more ]  [ reply ]

The home page of the one time password system (or otpw -- http://www.cl.cam.ac.uk/~mgk25/otpw.html) has info about how OpenSSH doesn't correctly return PAM_CONV_ERR when a user cancels a login (but instead incorrectly calls pam_end() having the side effect that memory is not correctly scrubbed (or

[ more ]  [ reply ]

Webwasher Classic Error-Message XSS Vulnerability
=================================================

Description
===========

WebWasher Classic is vulnerable to a XSS attack.

If a HTTP GET-Request, containing script code, is sent to the
proxy port (default 8080/TCP), an error page is shown, which c

[ more ]  [ reply ]

Informations :
°°°°°°°°°°°°
Language : ASP
Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
Website : http://www.webwizforums.com
Problems : Permanent XSS

Objects :
°°°°°°°
- register_new_user.asp
- register.asp

The values variable are not filtered:

strLocation = Request.Form("location")
s

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : postgresql
SUMMARY : Buffer overflow vulnerab

[ more ]  [ reply ]

Big thanks to Symantec for being so responsive.
-KF

[ more ]  [ reply ]

terminatorX Exploitable Stack-Based Overflow (load_tt_part())

------------------------------------------------------------------------

SUMMARY

There is a stack-based overflow which is likely to be exploited locally

in order to cause the product to execute malicious code, allowing a

[ more ]  [ reply ]

-- Corsaire Security Advisory --

Title: PeopleSoft Gateway Administration servlet path disclosure issue
Date: 04.07.03
Application: PeopleTools 8.20/8.43 and prior
Environment: Various
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030704-003

-- Scop

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: fileutils/coreutils
Adv

[ more ]  [ reply ]

Eudora 6.0.1 for Windows was released recently. The buffer overflow (and
code execution) with long spoofed attachment names seems to be fixed; the
spoofing itself is not, though it was known for years.

Spoofing demo (essentially identical to 6.0 version) below.

Cheers,

Paul Szabo - psz (at) maths (dot) usyd [email concealed]

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NSFOCUS Security Advisory(SA2003-08)

Topic: HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability

Release Date: 2003-11-13

CVE CAN ID: CAN-2003-0090

http://www.nsfocus.com/english/homepage/research/0308.htm

Affected system:
====

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated zebra packages fix security vulnerabilities
Advisory ID: RHSA-2003:307-01
Issue date: 2003-11-1

[ more ]  [ reply ]