|
|
Prev week |
Colapse all |
Post message
How VeriSign's SiteFinder service breaks Outlook Express 2003-09-20 Richard M. Smith (rms computerbytesman com) Hello, I discovered that VeriSign's SiteFinder service breaks Microsoft's Outlook Express email reader. If a user misspells a domain name in their POP3 or SMTP server name, Outlook Express no longer provides meaningful error messages to a user to help them to fix the problem. Similar problems may [ more ] [ reply ] Does VeriSign's SiteFinder service violate the ECPA? 2003-09-20 Richard M. Smith (rms computerbytesman com) Hi, Here's a question for the lawyers. In certain situations, does the VeriSign SiteFinder service violate the Electronic Communications Privacy Act (AKA, ECPA)? Here's the actual text of the ECPA: http://www4.law.cornell.edu/uscode/18/pIch119.html With my packet sniffer, I noticed that the [ more ] [ reply ] How Verisign's SiteFinder service breaks Windows networking utilities 2003-09-20 Richard M. Smith (rms computerbytesman com) Hi, Verisign's SiteFinder service also breaks many of the standard Windows networking utilities by providing misleading error messages, temporary lockups, and incorrect status information. For example, referencing a UNC path with a misspelled domain name with SiteFinder in the picture gives an inc [ more ] [ reply ] [SECURITY] [DSA-383-2] OpenSSH buffer management fix 2003-09-21 Wichert Akkerman (wichert wiggy net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-383-2 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Wichert Akkerman September 21, 2003 - ----------- [ more ] [ reply ] Snort not backdoored, Sourcefire not compromised 2003-09-22 Martin Roesch (roesch sourcefire com) It's come to my attention that some group is claiming to have broken into a Sourcefire server and backdoored the Snort source code. First things first, there is no backdoor in Snort nor has there ever been, everyone can relax. A shell server got compromised well over a year ago, but what these [ more ] [ reply ] [SECURITY] [DSA-382-3] OpenSSH buffer management fix 2003-09-21 Wichert Akkerman (wichert wiggy net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-382-3 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Wichert Akkerman September 21, 2003 - ----------- [ more ] [ reply ] [RHSA-2003:243-01] Updated Apache and mod_ssl packages fix security vulnerabilities 2003-09-22 bugzilla redhat com Denial of service vulnerability in Xitami Open Source Web Server 2003-09-22 Oliver Karow (Oliver karow gmx de) Denial of service vulnerability in Xitami Open Source Web Server ================================================================ Date: 22.09.2003 ===== Affected Systems ================ The vulnerability was discovered on several versions (production and beta) of Xitami webserver for Windows N [ more ] [ reply ] Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-21 Patrick J. Volkerding (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 20 Sep 2003, Piermark wrote: > Hi, > > I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from > http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7. 1p1-i386-1.tgz > > Now i have 3 new tcp/ip ports into my sys [ more ] [ reply ] SuSE Security Announcement: sendmail, sendmail-tls (SuSE-SA:2003:040) 2003-09-20 Roman Drahtmueller (draht suse de) Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-21 Robert Jaroszuk (zim iq pl) On Sat, 20 Sep 2003, Piermark wrote: ; Hi, ; ; I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from ; http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7. 1p1-i386-1.tgz ; ; Now i have 3 new tcp/ip ports into my system: (thank Nmap) :-) ; ; - 867 Open ; - 879 [ more ] [ reply ] [SECURITY] [DSA-389-1] New ipmasq packages fix insecure packet filtering rules 2003-09-20 Matt Zimmerman (mdz debian org) Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-21 Martin Östlund (martin lemonlime se) > Hi, Hello > I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from > http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7. 1p1-i386-1.tgz > > Now i have 3 new tcp/ip ports into my system: (thank Nmap) :-) > > - 867 Open > - 879 Open > - 889 Open > > Example: [ more ] [ reply ] <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-20 Piermark (bugs84 libero it) Hi, I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7. 1p1-i386-1.tgz Now i have 3 new tcp/ip ports into my system: (thank Nmap) :-) - 867 Open - 879 Open - 889 Open Example: telnet> open (to) 127.0.0.1 8 [ more ] [ reply ] LSH: Buffer overrun and remote root compromise in lshd 2003-09-20 nisse lysator liu se (Niels Möller) The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows 2003-09-20 flashsky fangxing (flashsky xfocus org) [SECURITY] [DSA-388-1] New kdebase packages fix multiple vulnerabilites in KDM 2003-09-20 Matt Zimmerman (mdz debian org) Vulnrability in myPHPnuke 1.8.8 2003-09-20 Lifo Fifo (lifofifo20 yahoo com) Language : PHP Script : http://www.myphpnuke.com 1.8.8 Problem : SQL Injection Description : myphpnuke is a widely used Content Managemnt System. Problem : In auth.inc.php file, ********************* if ((isset($aid)) && (isset($pwd)) && ($op == "login")) { if($aid!="" AND $pwd!="") [ more ] [ reply ] [Advisory] Powerslave 4.3 Information Leak Vuln. 2003-09-19 Enrico Kern (phantom h07 org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================= H Zero Seven Security Advisory Product : FlyingDog Software - Powerslave Portalmanager Impact : information leak vulnerability Issue date: 19 Sept. 2003 Update : Powerslave 4.4.3 [ more ] [ reply ] [CLA-2003:747] Conectiva Security Announcement - kde 2003-09-19 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kde SUMMARY : Several vulnerabilities (kdm, k [ more ] [ reply ] MDKSA-2003:094 - Updated MySQL packages fix buffer overflow vulnerability 2003-09-19 Mandrake Linux Security Team (security linux-mandrake com) RE: Wave of fake Official Microsoft Advisory 2003-09-19 Lee Evans (lee vital co uk) Hi, Following links provide further details: http://www.theregister.co.uk/content/56/32925.html http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a (at) mm (dot) ht [email concealed] ml Regards Lee -- Lee Evans > -----Original Message----- > From: Mail [mailto:mail (at) Gnome (dot) CA [email concealed]] On Behalf Of Bruno Clermont > Se [ more ] [ reply ] MDKSA-2003:093 - Updated gtkhtml packages fix vulnerability 2003-09-19 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
1. threat padding character as end of
[ more ] [ reply ]