SecurityFocus

[RHSA-2003:313-01] Updated PostgreSQL packages fix buffer overflow 2003-11-13
bugzilla redhat com

Local PoC exploit terminatorX v3.81 2003-11-13
demz (demz geekz nl)

Local PoC exploit terminatorX v3.81
demz
demz (at) geekz (dot) nl [email concealed] // www.geekz.nl

[ more ] [ reply ]

NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability 2003-11-13
NSFOCUS Security Team (security nsfocus com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NSFOCUS Security Advisory(SA2003-07)

Topic: HP-UX Software Distributor Buffer Overflow Vulnerability

Release Date: 2003-11-13

CVE CAN ID: CAN-2003-0089

http://www.nsfocus.com/english/homepage/research/0307.htm

Affected system:
===================

[ more ] [ reply ]

Corsaire Security Advisory: PeopleSoft IScript XSS issue 2003-11-13
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: PeopleSoft IScript XSS issue
Date: 04.07.03
Application: PeopleTools 8.20/8.43 and prior
Environment: Various
Author: Glyn Geoghegan [glyn.geoghegan (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030704-004

-- Scope --

The aim of this document i

[ more ] [ reply ]

Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues 2003-11-13
advisories (advisories corsaire com)

-- Corsaire Security Advisory --

Title: PeopleSoft PeopleBooks Search CGI multiple argument issues
Date: 04.07.03
Application: PeopleTools 8.20/8.43 and prior
Environment: Various
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
Reference: c030704-010

-- Scope --

[ more ] [ reply ]

OpenLinux: unzip directory traversal 2003-11-12
security sco com

To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenLinux:

[ more ] [ reply ]

iwconfig vulnerability - the last code was demaged sending by email 2003-11-12
hekuran doli (hekuran doli atikos info)

************************************************************************
***
iwconfig is a tool that manipulate the basic wireless parameters, allowing
privilege escalation due to buffer overflow vulnerability. The iwconfig is
not setuid by default, but I have seen in several places it was. The fl

[ more ] [ reply ]

RE: Funny article 2003-11-12
Lance James (lance james bakbone com)

Comparing Microsoft days of risk with linux is apples and oranges. Microsoft
OS's are bundled with their products. Linux has distro'd applications from
multiple vendors. Where is their line there?

-----Original Message-----
From: Valdis.Kletnieks (at) vt (dot) edu [email concealed] [mailto:Valdis.Kletnieks (at) vt (dot) edu [email concealed]]
Sent: We

[ more ] [ reply ]

[CLA-2003:783] Conectiva Security Announcement - hylafax 2003-11-12
Conectiva Updates (secure conectiva com br)

Re: Gamespy uses DMCA to destroy bug research and full disclosure 2003-11-12
C Ryll (carolynryll hotmail com) (1 replies)

Luigi,

It seems apparent that these lawyers are morons that are merely copy and
pasting some of the contents of a Universal vs. Reimerdes related
requisition (where DMCA was used to ward off breaking of DVD encryption
mechanisms) into your notice, without having a full understanding of your
sta

[ more ] [ reply ]

RE: Gamespy uses DMCA to destroy bug research and full disclosure 2003-11-12
Ed Carp (erc pobox com)

SRT2003-11-11-1151 - clamav-milter remote exploit / DoS 2003-11-12
KF (dotslash snosoft com)

[ more ] [ reply ]

[CLA-2003:782] Conectiva Security Announcement - xinetd 2003-11-12
Conectiva Updates (secure conectiva com br)

Re: [Full-Disclosure] Microsoft prepares security assault on Linux 2003-11-12
Jason Coombs (jasonc science org)

I wrote an information security book last year under contract with
Microsoft Press. The book was never published -- among other things it
explains truthfully the poor security condition of Windows and offers
detailed instructions and advice for defending against Microsoft's bad
business practice

[ more ] [ reply ]

Serious flaws in bluetooth security lead to disclosure of personal data 2003-11-11
Adam Laurie (adam algroup co uk)

folks,

please find attached a disclosure paper on bluetooth.

cheers,
Adam
--
Adam Laurie Tel: +44 (20) 8742 0755
A.L. Digital Ltd. Fax: +44 (20) 8742 5995
The Stores http://www.thebunker.net
2 Bath Road http://www.aldigital.co.uk

[ more ] [ reply ]

RE: [Full-Disclosure] Proof of concept for Windows Workstation Service overflow 2003-11-12
Anderson, Dan (DanAnderson ferrellgas com)

Looking at his little bit of information in the advisory
(http://www.eeye.com/html/Research/Advisories/AD20031111.html)

"...a buffer overflow happens on the specified host if the debug file is
writeable.

Generally, the "debug" subdirectory in the Windows directory is not
writeable by everyone if t

[ more ] [ reply ]

[CLA-2003:781] Conectiva Security Announcement - mpg123 2003-11-12
Conectiva Updates (secure conectiva com br)

Funny article 2003-11-12
Paulo Ferreira (paulof bellsouth net) (2 replies)

"Microsoft Corp. is preparing a major PR assault over Windows' perceived
security failings in which it will criticize Linux for taking too long
to fix bugs, we have learned."

http://www.infoworld.com/article/03/11/11/HNmsassault_1.html

[ more ] [ reply ]

Re: Funny article 2003-11-12
martin f krafft (madduck madduck net) (1 replies)

Re: Funny article 2003-11-12
dphull ku edu

Re: Funny article 2003-11-12
Valdis Kletnieks vt edu

[RHSA-2003:325-01] Updated glibc packages provide security and bug fixes 2003-11-12
bugzilla redhat com

Opera Directory Traversal in Internal URI Protocol (Advisory) 2003-11-12
S G Masood (sgmasood yahoo com)

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

[ more ] [ reply ]

Opera Skinned & Opera Directory Traversal (Additional Details & a Simple Exploit) 2003-11-12
S G Masood (sgmasood yahoo com)

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

[ more ] [ reply ]

Opera Skinned : Arbitrary File Dropping And Execution (Advisory) 2003-11-12
S G Masood (sgmasood yahoo com)

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

[ more ] [ reply ]

The Developer Implications of Windows XP SP2 2003-11-12
Michael Howard (mikehow microsoft com)

Moving forward, Microsoft intends to reduce the attack surface of its
products, such as turning less-often used features off, running more
code in lower privilege, closing network ports and adding more defensive
layers. However, this _may_ cause some applications to fail or behave
inconsistently, bu

[ more ] [ reply ]

Frontpage Extensions Remote Command Execution 2003-11-12
Brett Moore (brett moore security-assessment com)

========================================================================

= Frontpage Extensions Remote Command Execution
=
= MS Bulletin posted:
= http ://www.microsoft.com/technet/security/bulletin/ms03-051.asp
=
= Affected Software:
= Microsoft Windows 2000 Service Pack 2, Service Pack 3
= Micro

[ more ] [ reply ]

Nokia IPSO Script Injection Vulnerability leads to Passive Remote Root, via Network Voyager 2003-11-11
FishNet Security CSIRT (CSIRT fishnetsecurity com)

attn mods: this is a resend with updated source address, if you catch
this in time.

________________________________________________________________________

FishNet Security Assessment Services and Vulnerability Research
Disclosure: FN2003111001
____________________________________________________

[ more ] [ reply ]

MS03-048: Thor and unpatched? 2003-11-11
psz maths usyd edu au (Paul Szabo)

Where are Thor and his web page

http://www.PivX.com/larholm/unpatched/

when we need them? The cumulative IE patch MS03-048 is out, and we would
like to know what is fixed and what remains.

(Is it known what http://www.pivx.com/qwikfix/ does? Will it remain free?
Is "Mocrosoft" a mis-spelling or

[ more ] [ reply ]

Insecure handling of procfs descriptors in UnixWare 7.1.1, 7.1.3 and Open UNIX 8.0.0 can lead to local privilege escalation. 2003-11-12
advisories(-at-)texonet.com (advisories texonet com)

-----------------------------------------------------------------------
Texonet Security Advisory 20031024
-----------------------------------------------------------------------
Advisory ID : TEXONET-20031024
Authors : Joel Soderberg and Christer Oberg
Issue date : Friday, October 24, 2003

[ more ] [ reply ]