|
|
Colapse all |
Post message
[bWM#012] Passing script/html-filter with special chars (multibrowser) 2003-07-30 ben moeckel badwebmasters net ben moeckel security research - http://badWebMasters.net - security advisories - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - badWebMasters security advisory #012: Passing script/html-filter with special chars (multibrowser) Discovery date: 2003-07-16 Author [ more ] [ reply ] RE: RPC DCOM still vulnerable even after applying patches 2003-07-29 sloppy seconds (beleguese yahoo com) M$ has confirmed that these are actually separate new vulnerabilities unrelated to MS03-026. The MS03-026 patch "specifically addresses the privilege escalation vulnerability in DCOM" per their security representative. New patches are due out shortly. -syrous __________________________________ Do [ more ] [ reply ] Re: IE6 SP1 - Trivial Crash 2003-07-29 MARLON BORBA (MBORBA trf3 gov br) confirmed here. windows 2000 and ie with their latest service packs. as a side note, tested with mozilla. at first nothing strange seen (it even displays a message saying '1.html - file not found'), but when i select 'view/page source', it quickly crashes. bye, marlon. >>> "James Wolfe" <james@qu [ more ] [ reply ] Re: DCOM RPC exploit (dcom.c) 2003-07-29 sk scan-associates net In-Reply-To: <20030727025321.64988.qmail (at) web11001.mail.yahoo (dot) com [email concealed]> >One glitch is that the exploitation is not very >stealth. All RPC/COM based functions stop working >completely after exploitation and fail to heal until >the machine is restarted. Many of these functions are >quite visible and e [ more ] [ reply ] Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-29 Patrick Haruksteiner (haruk gmx at) Hi there! I discoverd another security issue with the Mac OS X screensaver. If you have installed escapepod from Ambrosia Software and hit crtl-alt-delete(==backspace) when the screensaver with password protection is running, it kills the screensaver and the desktop is open to anybody - s [ more ] [ reply ] [LSD] IRIX nsd remote buffer overflow vulnerability 2003-07-30 Last Stage of Delirium (contact lsd-pl net) Hello, We have discovered a serious security vulnerability in the IRIX nsd service, which when properly exploited can result in an unauthorized remote root access to the vulnerable system. SGI was informed about this issue and assigned this bug number CVE CAN-2003-0575 (ftp://patches.sgi.com/suppo [ more ] [ reply ] [SECURITY] [DSA-354-1] New xconq packages fix buffer overflows 2003-07-29 Matt Zimmerman (mdz debian org) Solaris ld.so.1 buffer overflow 2003-07-29 Jouko Pynnonen (jouko iki fi) (1 replies) OVERVIEW ======== There is a buffer overflow vulnerability in the Solaris runtime linker, /lib/ld.so.1. A local user can gain elevated privileges if there are any dynamically linked, executable SUID/SGID programs in the filesystem. On a typical Solaris installation most or all SUID/SGID progr [ more ] [ reply ] IRIX nsd server and modules mishandle AUTH_UNIX gid list 2003-07-29 SGI Security Coordinator (agent99 sgi com) MS03-029 / Q823803 and RRAS Problems [im] 2003-07-29 Microsoft Security Response Center (secure microsoft com) Microsoft is aware of a problem with the recently released security patch MS03-029 (http://www.microsoft.com/technet/security/bulletin/MS03-029.asp) This patch corrects a Moderate rated Denial of Service security vulnerability in Microsoft Windows NT 4.0 Server. Specifically there is a problem with [ more ] [ reply ] man-db[] multiple(4) vulnerabilities. 2003-07-29 Vade 79 (v9 fakehalo deadpig org) [part 1: add_to_dirlist() buffer overflow] man-db contains a buffer overflow vulnerability do to the lack of bounds checking in multiple sscanf() calls. which formats the user supplied file ~/.manpath. here is the function(src/manp.c): static void add_to_dirlist (FILE *config, int user) [ more ] [ reply ] Remote Linux Kernel < 2.4.21 DoS in XDR routine. 2003-07-29 Jared Stanbrough (jareds pdx edu) (1 replies) Hello all, I have discovered a signed/unsigned issue in a routine responsible for demarshalling XDR data for NFSv3 procedure calls. As far as I can tell, this bug has existed since NFSv3 support was integrated. It has been silently fixed in 2.4.21. The bug is in the decode_fh routine of fs/nfsd/n [ more ] [ reply ] Re: Remote Linux Kernel < 2.4.21 DoS in XDR routine. 2003-07-29 Stephen Clowater (steve stevesworld hopto org) (1 replies) RE: RPC DCOM still vulnerable even after applying patches 2003-07-29 Thor Larholm (thor pivx com) Positively confirmed on patched Windows 2000 SP4 - did not reproduce on patched XP Home. Drag/Drop and other COM functions stop working, after a very visible svchost.exe crash. The hdmore loopback exploit is more friendly - it gave a nice DoS on all RPC/COM services (no drag/drop) without crashing [ more ] [ reply ] NetScreen ScreenOS 4.0.3r2 DOS 2003-07-29 Papa loves Mambo (plm ioerror org) There is a vulnerability in NetScreen's latest ScreenOS that allows a malicious user to create a denial of service attack remotely. This has only been confirmed with the following operating systems and NetScreen hardware. Microsoft Windows 2000 Professional SP1 and SP2 NetScreen 204 and [ more ] [ reply ] IE6 SP1 - Trivial Crash 2003-07-29 James Wolfe (james quicsolutions com) Overview/Description: In March of 2000, someone posted to bugtraq a flaw in the MS Outlook Express ActiveX control which allowed for "the reading of any file on the users machine." My guess is that MS, in an attempt to bugfix it, didnt debug properly and left the following new bug. So now, usin [ more ] [ reply ] |
|
Privacy Statement |
LD_PRELOAD=/`perl -e 'print "A"x2000'`/ passwd
and try it again.
Thanks,
Dave
-----Original Message-----
From: clint walker [mailto:cwalker (at) gnx (dot) com [email concealed]]
Sent: Wednesday, July 30, 2003 10:28 AM
To: 'Jouko Pynnonen'; bugtraq@
[ more ] [ reply ]