|
|
Colapse all |
Post message
UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : Network device drivers reuse old frame buffer data to pad packets 2003-09-27 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : N [ more ] [ reply ] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems 2003-09-27 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists (dot) nets [email concealed]y s.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : [ more ] [ reply ] UnixWare 7.1.3 Open UNIX 8.0.0 : Sendmail: buffer overflow in versions 8.12.8 and prior. 2003-09-27 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists (dot) nets [email concealed]y s.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 : Sendmail: buff [ more ] [ reply ] MDKSA-2003:095 - Updated proftpd packages fix remote root vulnerability 2003-09-26 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2003:096 - Updated apache2 packages fix CGI scripting deadlock 2003-09-26 Mandrake Linux Security Team (security linux-mandrake com) Re: base64 2003-09-26 Steven M. Christey (coley mitre org) (1 replies) Buck Huppmann said: >"Be liberal in what you accept, and conservative in what you send." >-- jon >RFC-1122 (originates in RFC760) > >or was that wisdom for a different time? Funny you bring up that quote, as I've been thinking about it for a while now too. I think that's wisdom for a different t [ more ] [ reply ] Mplayer Buffer Overflow 2003-09-26 Otero, Hernan (hernan otero eds com) Favorite Linux Player Buffer Overflow Product: Mplayer Developers: http://www.mplayerhq.hu OS: Port to All *NIX and Win32 Remote Exploitable: YES Developers has been contacted, problem was fixed, recomended update your mplayer version. In the source tree there is a file called asf_s [ more ] [ reply ] RE: base64 2003-09-26 Rainer Gerhards (rgerhards hq adiscon com) > > Do all this canonicalization before the message hits your > attachment > > type policy enforcement and malware scanner, so they only > have to deal > > with the common forms that everybody handles the same. > > With the obvious disadvantage that we're all reduced to using > the lowest-comm [ more ] [ reply ] RE: Ruh-Roh SOBIG.G? 2003-09-26 James C. Slora, Jr. (james slora phra com) I have received one classic Swen.A message with an SCR attachment. What does this have to do with Sobig.x? Most likely we are seeing the results of secondary file infectors - Yaha, Klez, Bugbear, etc. Virus detection is generally "first and out". I have previously seen file infectors piggybacking [ more ] [ reply ] Packetstorm started a try2crack of A.R.C.S. Algorithm 2003-09-26 Angelo Rosiello (guilecool usa com) (2 replies) Try2Crack ! A.R.C.S., or the Angelo Rosiello and Roberto Carrrozzo Stream cipher, is a copyrighted algorithm that the authors have allowed http://packetstorm.org sole rights to host and distribute. The algorithm's theory utilizes Vernam's cipher, respecting Shannon's principles, and is based on [ more ] [ reply ] Re: Packetstorm started a try2crack of A.R.C.S. Algorithm 2003-09-26 der Mouse (mouse Rodents Montreal QC CA) RE: base64 2003-09-26 Michael Wojcik (Michael Wojcik microfocus com) > From: Bennett Todd [mailto:bet (at) rahul (dot) net [email concealed]] > Sent: Friday, September 26, 2003 1:08 PM > > For the kind of companies I work in, the very best solution would > (in my opinion!) be a canonicalizer that was smart enough to hold > off actually committing any rewrites until it finds something that's > [ more ] [ reply ] RE: base64 2003-09-26 Louis Erickson (LErickson ariba com) (1 replies) On 26 September 2003 at 10:08 AM, Bennett Todd <bet (at) rahul (dot) net [email concealed]> wrote: <snip other issues with canonicalization> > Also, in this sort of setting at least, you need very different > handling of inbound -vs- outbound messages. Inbound messages get > repaired --- or broken, in the case of digital sig [ more ] [ reply ] RE: CyberInsecurity: The cost of Monopoly 2003-09-26 emacdona edmacdonald net > > This was released yesterday just incase nobody noticed. > http://www.ccianet.org/papers/cyberinsecurity.pdf > > Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger. > Interesting read. > > > and a related story: http://story.news.yahoo.com/news?tmpl=story&cid=1804&ncid= [ more ] [ reply ] Re: ICMP pokes holes in firewalls... 2003-09-26 H D Moore hdm (at) digitaloffense (dot) net [email concealed],(by way of Lucio ) (lucio pixel it) (1 replies) Only if these systems are running kernel version 2.2, the 2.4 NAT system has been rewritten and is not vulnerable. On Friday 26 September 2003 04:55 am, Lucio wrote: > > This also applies to Linux NAT gateways. > > I'm rellay not an expert in building a firewall with a Linux box, but > I've tried t [ more ] [ reply ] McNews 1.3 : File Disclosure Vulnerability 2003-09-26 Sebastien Lelarge (sebastien lelarge tremplin-utc net) |
|
Privacy Statement |
> Outlaw people from receiving email on Windows, and we can
> do away with all this sludge
Heh. The base64 ambiguity isn't Windows MUAs issue ;-) Just tested MUAs for *nix:
1) kmail.
data truncated, warning
excellent!
2) pine. depending on input
* data truncated, warning reported
[ more ] [ reply ]