An October 31 change will apparently affect announcements and
distribution of various patches (including security-related patches)
for Tru64 UNIX and OpenVMS. As an example, a recent announcement had:

Date: Thu, 11 Sep 2003 22:30:02 -0600 (MDT)
To: "OpenVMS Patch Mailing List" <openvms (at) list (dot) sup [email concealed]

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : DCE 1.2.2c Denial of Service Vulnerability
Number : 20030902-01-P
Date : September, 26 2003
Reference : CVE

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 390-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
September 26th, 2003

[ more ]  [ reply ]

CNET is reporting that @Stake fired Dan Geer yesterday:

http://news.com.com/2100-1014_3-5082649.html

Over a recent CCIA report coauthored by him, and released Wednesday:

http://www.ccianet.org/papers/cyberinsecurity.pdf

@Stake's comments - "The values and opinions of the report are not in
line w

[ more ]  [ reply ]

This was released yesterday just incase nobody noticed.
http://www.ccianet.org/papers/cyberinsecurity.pdf

Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger.
Interesting read.

[ more ]  [ reply ]

Howdy,

Tested on an SMC2404WBR - BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL

Broadband Router.

Sending a stream of UDP random packets to multiple ports 0-65000 on the

router will cause the router to freeze until a soft reset is performed on

it. In one case, the router did survive but

[ more ]  [ reply ]

I am inclined to agree with Sanctum's position here. Without actually
executing the javascript, and triggering all the possible events, and
tracing the javascript (in a sandbox, maybe), it is pretty much impossible
to identify the fact that the function called would result in a new URL to
investigat

[ more ]  [ reply ]

Severity:
HIGH (if playing ASX streaming content)
LOW (if playing only normal files)

Description:
A remotely exploitable buffer overflow vulnerability was found in MPlayer.
A malicious host can craft a harmful ASX header, and trick MPlayer into
executing arbitrary code upon parsing that header.

MP

[ more ]  [ reply ]

David Wilson:

> So, there is ambiguity in RFC 2045, and this is the point of the
> original post. Different people, and therefore different
> implementations will have different interpretations. There is
> therefore potential for a vulnerability when checks are
> performed using one interpretation

[ more ]  [ reply ]

On Thursday 25 September 2003 03:18 am, Dragos Ruiu wrote:
> Now I noted with concern this morning that I started getting more
> wicked screensavers. :-) Analysis indicates that this new nuisance of
> this the newly ressurected malware does not correspond with any of
> the earlier variants. (the fil

[ more ]  [ reply ]

>NAT gateway has been
>detected as a ignore-the-source UDP forwarder

2.4 kernels: NAT doesn't work without ip_conntrack, and ip_conntrack
always keeps track of source IP addresses (hence its function). I can't
think of a situation for any Linux machine which allows inbound UDP
replies from other s

[ more ]  [ reply ]

Atphttpd <=0.4b exploit attached..
--
[mail: d_fence(at)gmx(dot)net][GPG: 0x4470D90B][bash~# ;-]
[GPG FGPRINT: B681 14F3 8716 CBBA 32A6 3AE5 9E2C 8CCE 4470 D90B]

[ more ]  [ reply ]

On September 25, 2003 08:48 am, Nick Fisher wrote:
> As you point out above, one of the biggest problems with SoBig was the
> bandwidth usage. As such wouldn't it be better to DISCARD the messages and
> not REJECT them? SoBig spoofs return addresses, why do you have to clog my
> mail server with bou

[ more ]  [ reply ]