-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : exim
SUMMARY : Remote buffer overflow vulnera

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

seems like Mozilla is not interested in fixing bugs,
the exploit I posted in March to bugtraq (described in
http://www.mail-archive.com/bugtraq (at) securityfocus (dot) com [email concealed]/msg11430.html),
still crashes the actual version 1.4 of the Mozilla Browser:
My v

[ more ]  [ reply ]

EnterEdge has discovered a Denial of Service condition in ISS RealSecure

Server Sensor 7.0. The condition is present when running ISS's RealSecure

Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid

unicode characters via ssl, the server sensor will shut down the IIS

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : pam_smb
SUMMARY : Remote buffer overflow vuln

[ more ]  [ reply ]

Hello!

I just saw the couple of security updates Microsoft has released today. And
comments like this (from MS03-035):

> - By default, Outlook 2002 block programmatic access to the
> Address Book. In addition, Outlook 98 and 2000 block
> programmatic access to the Outlook Address Book if t

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 377-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
September 4th, 2003

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 376-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
September 4th, 2003

[ more ]  [ reply ]

In-Reply-To: <000301c3726e$5f919010$0200000a@JumperLappy>

>MS03-038 (code execution in Access Snapshot Viewer, an ActiveX control)

got

>a rating of Moderate for webpage based exploits but completely forgets to

>mention HTML email.

While we're criticizing MS's handling of this series of goof-

[ more ]  [ reply ]

We'd like to share with you the release of InlineEgg 1.0. the following
is a reduced version of the
README available at
http://community.corest.com/~gera/ProgrammingPearls/InlineEgg.html,
the same page points to the .tar.gz

Welcome to InlineEgg.

Short version:

InlineEgg is a collection of

[ more ]  [ reply ]

Rosiello Security

http://www.rosiello.org

(

I advise you to read the original paper:

http://www.rosiello.org/archivio/Stack%20Overflow-en.pdf

)

Stack Overflow?s Analysis & Exploiting Ways

Introduction

The first passage to foll

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 04 September 2003 17:45, you wrote:
> Hi,
>
> sorry for being innacurate, but I noticed that our transparent-proxy system
> is trying (and even to succeeds at some level) to hijack client http
> connections.

Sounds like a bug in your proxy

[ more ]  [ reply ]

[-- Genre : Denial of Service(DoS)
[-- Name : augustiner.c
[-- Desc : Freezing Windows 98(not SE).
[-- : DoS'ing Zonealarm

(note: those are seperate incidents. It affects both independantly, not just
W98 with ZA)

[-- Url : www.nologin.org

Yo everyone!

_6Mo_hAcK posted a

[ more ]  [ reply ]

> -----Original Message-----
> From: Aaron Cheek [mailto:aaron_cheek (at) yahoo (dot) com [email concealed]]
> Sent: Wednesday, September 03, 2003 5:03 PM
> To: Schmehl, Paul L
> Cc: stefano.zanero (at) ieee (dot) org [email concealed]; BUGTRAQ (at) securityfocus (dot) com [email concealed]
> Subject: Re: Windows Update: A single point of failure for
> the world's economy?
>
> > Mo

[ more ]  [ reply ]

> -----Original Message-----
> From: Jeremy C. Reed [mailto:reed (at) reedmedia (dot) net [email concealed]]
> Sent: Wednesday, September 03, 2003 5:12 PM
> To: Schmehl, Paul L
> Cc: Stefano Zanero; BugTraq
> Subject: Re: Windows Update: A single point of failure for
> the world's economy?
>
> cvsup (or cvs) to update to new

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

leafnode-SA-2003:01.fetchnews-hang

Topic: potential denial of service in leafnode

Announcement: leafnode-SA-2003:01
Writer: Matthias Andree
Version: 1.01
Announced: 2003-09-04
Category: main
Type: potential denial of service
Impact: fetchnews hang

[ more ]  [ reply ]

I see a trend going on here, Word, Office, Office, Office and Office. I
guess Office has been overdue in regards to security bulletins lately :)

MS03-034 (NetBIOS information disclosure) gets a rating of Low, even though
Blaster showed us just how many Windows installations run with all ports
acces

[ more ]  [ reply ]

As suggested the day of the blackout, SCADA / DCS security was
a primary factor in the blackouts.

--MSBlast's Effect on the Blackout
(29 August 2003)
The MSBlast worm apparently slowed some communications lines that
connect data centers used to manage the power grid, abetting the
"cascading effect

[ more ]  [ reply ]

> More of a risk than up2date for RedHat or emerge -u
> system for Gentoo? Or cvsup for *BSD?

Certainly!!! For Red Hat (and all the major distros),
you have a zillion mirrors all over the world, and,
additionally, you can in extremely straightforward way
(e.g. wget -r) bulk download all the patc

[ more ]  [ reply ]