SecurityFocus

[SCSA-019] Gattaca Server 2003 Vulnerable to Multiple vulnerabilities 2003-07-10
Gregory LEBRAS (gregory lebras security-corporation com)

=====================================================================

Security Corporation Security Advisory [SCSA-019]

Gattaca Server 2003 Vulnerable to Multiple vulnerabilities

=====================================================================

PROGRAM: Gattaca Server 2003

HOMEPAGE: w

[ more ] [ reply ]

[OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) 2003-07-10
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

[OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick) 2003-07-10
OpenPKG (openpkg openpkg org)

Acroread 5.0.7 buffer overflow 2003-07-09
psz maths usyd edu au (Paul Szabo)

I. BACKGROUND

Acroread from http://www.adobe.com is the pre-eminent PDF file viewer. The
latest version Acroread 5.0.7 for Linux was released on 17 June 2003.

II. DESCRIPTION

Despite recent security fixes, an exploitable buffer overflow with long URL
strings remains. The overflow occurs when you

[ more ] [ reply ]

Re: xpdf vulnerability - CAN-2003-0434 2003-07-09
Andries Brouwer cwi nl

>> A urlCommand like the default "netscape -remote 'openURL(%s)'"
>> is OK since the %s is protected by single quotes.

> How so? Consider an argument of
> '`rm -rf /tmp/test`'

xpdf already filters out single and double quotes, so
these do not occur in arguments.

[ more ] [ reply ]

PalmOS Memo Record Hiding Vulnerability. 2003-07-09
Shaun Moore (shaunige yahoo co uk) (1 replies)

Application: PalmOS
Operating System: PalmOS
Vendor: Palm(tm)
Versions: ALL
Author: shaunige (at) yahoo.co (dot) uk [email concealed]

-[BACKGROUND]-:

PalmOS includes a pre-installed 'Security'
Application, which allows a Palm enabled device to add
weak security, to hide data and protect the PDA from
casual snoopers. One par

[ more ] [ reply ]

Re: PalmOS Memo Record Hiding Vulnerability. 2003-07-09
Goetz Bock (bock blacknet de)

Website to (Safely) Check Content Filtering S/W for Malicious Code??? 2003-07-09
scott Stevens (stevenss mtmc army mil)

Does anyone know if any safe sites out there to try to test whether or not

content filtering s/w is behaving as advertised? We simply want to test

things like unsigned ActiveX objects, malicious Java, mobile code, etc

that is SUPPOSE to be stripped out via this software. We want to use a

d

[ more ] [ reply ]

Pipe Filename Local Privilege Escalation FAQ 2003-07-09
@stake Advisories (advisories atstake com)

xpdf vulnerability - CAN-2003-0434 2003-07-09
Andries Brouwer cwi nl (1 replies)

[I sent this letter on 2003-06-28, but no letters arrived that day,
it seems. A second attempt.]

I see RedHat and Mandrake reactions to the vulnerability
in xpdf reported by Martyn Gilmore. But their updates do
not fix the problem.

They change xpdf, and make it filter out backquotes before
invoki

[ more ] [ reply ]

Re: xpdf vulnerability - CAN-2003-0434 2003-07-09
stanislav shalunov (shalunov internet2 edu)

Cisco Security Advisory: Denial-of-Service of TCP-based Services in CatOS 2003-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Microsoft Utility Manager Local Privilege Escalation 2003-07-09
NGSSoftware Insight Security Research (nisr nextgenss com)

NGSSoftware Insight Security Research Advisory

Name: Microsoft Utility Manager Local Privilege Escalation
Systems Affected: Windows 2000 SP3
Severity: Medium Risk
Vendor URL: http://www.microsoft.com
Authors: Chris Paget [ foon (at) ngssoftware (dot) com [email concealed] ]
Chris Anley [ chris (at) ngssoftware (dot) com [email concealed] ]

[ more ] [ reply ]

Re: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets) 2003-07-09
Stephen Samuel (samuel bcgreen com)

I actually *would* describe the bug below as a logwatch bug.
If you have a uid=0 program calling shell scripts from
data like filenames, those filenames should be sanitized.
It would be easy enough to scan the filename for unexpected
characters and refuse to use them on that basis.

something as sim

[ more ] [ reply ]

Information Disclosure Vulnerability in bitboard2 2003-07-09
Marc Bromm (theblacksheep fastmail fm)

================================================
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<---------------------------------------------

[ more ] [ reply ]

Re: ProductCart XSS Vulnerability 2003-07-08
Massimo Arrigoni (support earlyimpact com)

In-Reply-To: <20030705052949.8408.qmail (at) www.securityfocus (dot) com [email concealed]>

This security issue ONLY affects ProductCart v1.5 and before. It was fixed

several months ago. Users of ProductCart v1.5 can update their software

free of charge using the following fix, which also addresses the other

recently pos

[ more ] [ reply ]

Re: Another ProductCart SQL Injection Vulnerability 2003-07-07
Massimo Arrigoni (support earlyimpact com)

In-Reply-To: <20030705063915.10225.qmail (at) www.securityfocus (dot) com [email concealed]>

Additional information on how to better protect a ProductCart-powered

store, and specifically on how to avoid unauthorized access to stores

using a MS Access database, is available at this address:

http://www.earlyimpact.com/pdf

[ more ] [ reply ]

[SECURITY] [DSA-345-1] New xbl packages fix buffer overflow 2003-07-09
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 345-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003

[ more ] [ reply ]

[SECURITY] [DSA-343-1] New skk, ddskk packages fix insecure temporary file creation 2003-07-08
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 343-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003

[ more ] [ reply ]

[SECURITY] [DSA-346-1] New phpsysinfo packages fix directory traversal 2003-07-09
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 346-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003

[ more ] [ reply ]

Re: zkfingerd-2.0.2(the last version)Format String Vulnerabilities 2003-07-08
Vade 79 (v9 fakehalo deadpig org)

In-Reply-To: <20030708063317.8474.qmail (at) www.securityfocus (dot) com [email concealed]>

went through the zkfingerd-2.0.2 source after reading this. curious on

exploitation :)... anyways, i am not seeing anywheres in the source where

the "msg" buffer can allow for direct user input(formats). only static

data/proper

[ more ] [ reply ]

Tomcat Dangerous Documentation/Tomcat Default Plaintext Password Storage 2003-07-09
Mike Bommarito (g0thm0g attbi com)

From the Realm HOW-TO on the Tomcat 4.0/4.1 documentation pages:

"For each of the standard Realm implementations, the user's password (by

default) is stored in clear text. In many environments, this is

undesireable because casual observers of the authentication data can

collect enough inf

[ more ] [ reply ]

ZH2003-2SA (security advisory): QShop priviledge escalation 2003-07-09
G00db0y (G00db0y zone-h org)

ZH2003-2SA (security advisory): QShop priviledge escalation

Published: 09/07/2003

Released: 09/07/2003

Name: QShop priviledge escalation

Affected Systems: QShop v2.5 (and older versions?)

Issue: Remote attackers can obtain full access to the remote system

Author: G00db0y (at) zone-h (dot) org [email concealed]

[ more ] [ reply ]

Fwd: RE: Contact information for Microsoft Security Response Center [tf] 2003-07-08
keepitsecret hush com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Very good.

All one needs to do is ask. After wading through a mountain of childish,
almost fanatical defences of Microsoft and bitter flames for asking
the question, we have a solution from Microsoft today.

- ----- Forwarded Message from Microsoft S

[ more ] [ reply ]

[SECURITY] [DSA-347-1] New teapop packages fix SQL injection 2003-07-09
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 347-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003

[ more ] [ reply ]

Coda RPC2 Denial of Serviec 2003-07-09
andrewg felinemenace org

_,'| _.-''``-...___..--';)
/_ \'. __..-' , ,--...--'''
<\ .`--''' ` /'
`-';' ; ; ;
__...--'' ___...--_..' .;.'
fL (,__....----'''

[ more ] [ reply ]

Black Box Voting 2003-07-09
Joshua Jore (josh lavendergreens org)

(forwarded)

Subject: [GPM] Black Box Voting

Inside A U.S. Election Vote Counting Program
Tuesday, 8 July 2003, 6:20 pm
Article: Bev Harris

Inside A U.S. Election Vote Counting Program

By Bev Harris*
* Bev Harris is the Author of the soon to be published book " Black Box Voting: Ballot Tamperi

[ more ] [ reply ]