|
|
Colapse all |
Post message
Administrivia: List sluggish + buffer overflow protection thread. 2003-08-19 Dave Ahmad (da securityfocus com) It has been a long day. I've rejected & deleted from the Bugtraq queue well over 1000 messages with Sobig.F attachments. I've got a few hundred left to go. I apologize if any of your messages havn't yet been approved. It's because they're buried in the queue, I'll get to them. On another note, [ more ] [ reply ] MPSB03-05 Patch and Work Around for Dreamweaver MX, DRK, and UltraDev Server Behaviors 2003-08-19 Jennifer Taylor (jetaylor macromedia com) In-Reply-To: <200308041508.h74F824G026875 (at) novappc (dot) com [email concealed]> Thank you again for bringing this to the attention of Macromedia. The issues have been resolved. More information and the necessary patches are available at: http://www- staging.macromedia.com/devnet/security/security_zone/mpsb03-05.htm [ more ] [ reply ] MDKSA-2003:083 - Updated eroaster packages fix temporary file vulnerability 2003-08-19 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2003:073-1 - Updated unzip packages fix vulnerability 2003-08-19 Mandrake Linux Security Team (security linux-mandrake com) Re: Buffer overflow prevention 2003-08-19 Theo de Raadt (deraadt cvs openbsd org) > i don't care about other peoples war. but: > > > W^X was invented because we saw the need for it. We had no idea that > > anyone else was working in the same area. > > i think it is somewhat strange. there realy smart people start building > something before they do some research and look if s [ more ] [ reply ] RE: Windows Update: A single point of failure for the world's economy? 2003-08-19 Russ (Russ Cooper rc on ca) Let me state up front that I am in complete agreement with Microsoft's move should they decide to set Automatic Updates to enabled on any and all OS' they sell, have sold, will ever sell. In case you're not aware, I like to think I am one of the most vocal critics of Windows Update. Firstly, to add [ more ] [ reply ] Remote Execution of Commands in Omail Webmail 0.98.4 and earlier 2003-08-19 Phillip Whelan (pwhelan bunkerchile net) Windows Update: A single point of failure for the world's economy? 2003-08-19 Richard M. Smith (rms computerbytesman com) Hi, The Washington Post has an article in today's paper saying that Microsoft is mulling over making the Auto-Update feature of Windows XP be turned on by default. The article can be found here: Microsoft Weighs Automatic Security Updates as a Default http://www.washingtonpost.com/ac2/wp-d [ more ] [ reply ] Re: Need help. Proof of concept 100% security. 2003-08-18 xenophi1e (oliver lavery sympatico ca) In-Reply-To: <1061409854.1743.99.camel (at) limit.tm (dot) org [email concealed]> >3. Results of EFC are in front of you all. There have been 2000+ plus >attacks, still system is up and running without a reboot. All >applications are doing what they are supposed to do. All these >security loopholes and attacks have cost mon [ more ] [ reply ] Re: Buffer overflow prevention 2003-08-19 pageexec freemail hu > In essence, PAX attempts a best-effort of mapping existing and unchanged > Linux binaries (except for marking) so that they are mapped best for > security. They do this by changing almost only kernel code. This is not correct. PaX is about researching various ways of protection against memory co [ more ] [ reply ] Re: Buffer overflow prevention 2003-08-18 Theo de Raadt (deraadt cvs openbsd org) (3 replies) >I agree whole heartedly. It is interesting to see OpenBSD transition >from a stance of "audit is the only way" to actually employing access >control [...] I persist in my belief that policy-based mechanisms do not improve security. If you cannot make a default policy that everyone can live unde [ more ] [ reply ] [CLA-2003:723] Conectiva Security Announcement - openslp 2003-08-18 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : openslp SUMMARY : Temporary file creation vul [ more ] [ reply ] A Vonage VOIP 3-way call CID Spoofing Vulnerability 2003-08-14 Nathan Wosnack (nathan hypervivid com) Original Advisory: Wednesday, August 13, 2003 Severity: Medium - High Description: An attacker using the VOIP (Voice Over IP) carrier Vonage, has the ability to spoof the caller ID of a called party through the three- way calling feature. This trick essentially acts similar to a POTS-base [ more ] [ reply ] Re: Buffer overflow prevention 2003-08-18 Theo de Raadt (deraadt cvs openbsd org) (2 replies) >> If we had been aware of PAX as you claim, why would we have thought >> that i386 solutions were impossible? > >You have thought that i386 solutions were possible, because you have >implemented them. Can you please stop spinning this? W^X was up and running on some of our architectures before we [ more ] [ reply ] [Full-Disclosure] [SECURITY] [DSA-364-3] New man-db packages fix segmentation fault 2003-08-18 debian-security-announce lists debian org |
|
Privacy Statement |
What's Piolet: Piolet is a peer-to-peer file sharing client.
More information can be found at www.piolet.com
Vulnerability Description: By connecting TCP port 701, client show to user
a "voice chat session request" message.
[ more ] [ reply ]