|
|
Colapse all |
Post message
Microsoft security update broken? 2003-09-08 Guy Barnum (GuyBarnum Armscole com) The microsoft security update for MS03-023 downloaded via the windows update web site appears to be broken. Either the patch does not properly install or is not able to be detected by the web based update scan after install. Symptoms: running the update-scan at www.windowsupdate.com after having [ more ] [ reply ] Multiple Heap Overflows in FTP Desktop 2003-09-08 Bahaa Naamneh (b_naamneh hotmail com) Multiple Heap Overflows in FTP Desktop Introduction: ============= "FTP Desktop lets you access FTP sites as if they were folders on your computer. Now you can move your files between your hard disk and remote FTP sites with greater ease." - Vendors Description [ http://www.ftpdeskt [ more ] [ reply ] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 2003-09-08 ADBecker chmortgage com Updated antivirus software should catch this exploit and prevent any application from being launched. We have McAfee VirusScan 7 Ent. which caught both exploit examples at http://greymagic.com/adv/gm001-ie/ Andrew Becker C.H. Mortgage, D.R. Horton Phoenix IT/MIS Department Phone: (866) 639-730 [ more ] [ reply ] Re: Re[2]: 11 years of inetd default insecurity? 2003-09-08 psz maths usyd edu au (Paul Szabo) (1 replies) 3APA3A <3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]> wrote: >>> -R 0 -s your_ad_can_be_here > >> Your cure is worse than the disease: rate limiting allows a DoS >> against the service, no limit allows a DoS against the whole >> machine. > > -s limits number of processes invoked from same IP. You can add [ more ] [ reply ] Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032 2003-09-08 Drew Copley (dcopley eeye com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/hta Changing this makes one immune. If you change this to application/htaOLD, then someone has to use application/htaOLD on you. I would suggest a very long random number/char [ more ] [ reply ] [SECURITY] [DSA-376-2] New exim packages fix incorrect permissions on documentation 2003-09-07 Matt Zimmerman (mdz debian org) BAD NEWS: Microsoft Security Bulletin MS03-032 2003-09-07 http-equiv (at) excite (dot) com [email concealed] (1 malware com) (1 replies) Since the cat somehow got out of the bag, and more importantly, this is so blatantly obvious, herewith is the "Bad News": The patch for Drew's object data=funky.hta doesn't work: http://www.malware.com/badnews.html <script> var oPopup = window.createPopup(); function showPopup() { oPo [ more ] [ reply ] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 2003-09-08 GreyMagic Software (security greymagic com) Re: 11 years of inetd default insecurity? 2003-09-08 psz maths usyd edu au (Paul Szabo) (2 replies) 3APA3A <3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]> wrote: > III. Details > > Inetd has an option > -R rate ... default is 256 ... > ... if more than 256 connections received in one minute [inetd] will > disable service for next 10 minutes ... > ... IP address of attacker will never be logged. > > IV. Workarou [ more ] [ reply ] [SECURITY] [DSA-378-1] New mah-jong packages fix buffer overflows, denial of service 2003-09-07 Matt Zimmerman (mdz debian org) IkonBoard 3.1.2a arbitrary command execution 2003-09-08 Nick Cleaton (nick cleaton net) The IkonBoard 3.1.1 arbitrary command execution bug described in: http://www.securityfocus.com/archive/1/317234 is also present in IkonBoard version 3.1.2a. I have a full working exploit, which I'll publish next week. Suggested fix ============= Make the following two changes to the file [ more ] [ reply ] Apache::Gallery local webserver compromise, privilege escalation 2003-09-07 Jon Hart (warchild spoofed org) Greetings, Apache::Gallery (http://apachegallery.dk) is a free and popular perl module that, in combination with mod_perl and Apache, provides a powerful and customizable web gallery of your photographs. A::G unfortunately misuse Inline::C to created shared libraries. From the Inline::C documenta [ more ] [ reply ] Advisory: Incorrect Handling of XSS Protection in ASP.Net 2003-09-08 WebCohort Research (research webcohort com) Monday, September 8th, 2003 Background: ---------- As part of Microsoft's attempts to make it easier for application developers to write secure code, Microsoft has added a new feature, named Request Validation, to the ASP.Net 1.1 framework. This feature is provides out of the box protection against [ more ] [ reply ] Re: Crash Mozilla 1.5 2003-09-06 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I posted it to bugzilla in March 2003 http://bugzilla.mozilla.org/show_bug.cgi?id=199694 There was short discussion activity refering this bug but obviously no real problem solving. Marc On Fri, 5 Sep 2003, Stephen Samuel wrote: > Date: Fri, [ more ] [ reply ] [CLA-2003:736] Conectiva Security Announcement - stunnel 2003-09-05 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : stunnel SUMMARY : File descriptor leak and SI [ more ] [ reply ] New CERT/CC PGP Key 2003-09-05 CERT Advisory (cert-advisory cert org) -----BEGIN PGP SIGNED MESSAGE----- New CERT Coordination Center (CERT/CC) PGP Key The CERT/CC has generated a new PGP key. We use this key to sign all outgoing email, including documents sent to this list. Effective immediately, this new key is available and will be valid until Monday, November [ more ] [ reply ] Why is Win98 not listed in MS03-034? 2003-09-05 Andreas Marx (amarx gega-it de) Hi! I was just wondering what has happened with MS03-034, because Windows 98 was not listed as platform anymore (in the section "Platforms not affected"), only Windows Me. This usually means, that this platform is not supported any longer and no further patches will be provided anymore. I conta [ more ] [ reply ] Remote and Local Vulnerabilities In WS_FTP Server 2003-09-06 pejman d (pejman rite ca) hi dear i am pejman.d ,i finded the new bug in ws_ftp server Vulnerable Systems : ws_ftp server 4,3 the bug is buffer overflow in ftp command service stop and some error step by step buffer overflow : 1- login to ftp server by any username and password 2- use the quote command for sen [ more ] [ reply ] 11 years of inetd default insecurity? 2003-09-06 3APA3A (3APA3A SECURITY NNOV RU) (2 replies) Dear bugtraq (at) securityfocus (dot) com [email concealed], Well, we all blame Microsoft in insecure default configuration... Isn't it time to clean outdated code in Unix? I. Intro Saint_Byte reported DoS vulnerability in wu-ftp. Small perl script (like one below) kills ftp service... With closer look we have good old ine [ more ] [ reply ] Microsoft WordPerfect Document Converter Exploit 2003-09-05 Valgasu (valgasu rstack org) You can find a simple exploit for the Eeye vulnerability on Microsoft WordPerfect Document Converter Buffer Overflow : http://valgasu.rstack.org/word.zip Modify the source and add new targets OS. This exploit works on several french Windows NT/2K with Word 2000 9.0.2812 but it's trivial to modify e [ more ] [ reply ] |
|
Privacy Statement |
Luigi Auriemma
Application: Winamp
http://www.winamp.com and http://classic.winamp.com
Versions: Winamp 2.91 using IN_MIDI.DLL 3.01
(Winamp 3 crashes but I have not fou
[ more ] [ reply ]