|
|
Colapse all |
Post message
[CLA-2003:664] Conectiva Security Announcement - radiusd-cistron 2003-06-27 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : radiusd-cistron SUMMARY : Buffer overflow vul [ more ] [ reply ] Symantec NAV 7.6 CE Major Fault 2003-06-25 Pal Juvancz (Pal Juvancz publicworks qld gov au) Symantec NAV 7.6 Corporate Edition has a MAJOR fault when running on XP. It simply will NOT scan floppies on the fly (even with the most restrictive settings enabled) This is a bug that has been confirmed by Symantec (after 3 months of sitting on their bum doing absolutely NOTHING about it [ more ] [ reply ] Bahamut IRCd <= 1.4.35 and several derived daemons 2003-06-26 Joel Eriksson (je-secfocus bitnux com) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ======================================================================== == 0xbadc0ded Advisory #01 - 2003/06/26 - Bahamut IRCd <= 1.4.35 and others ======================================================================== == Reference http://0xbadc0 [ more ] [ reply ] Re: Bahamut IRCd <= 1.4.35 and several derived daemons 2003-06-26 Barnaba Marcello (l barnaba openssl it) RE: Authentication Vulnerability in NetScreen ScreenOS 2003-06-26 Brian Soby (tmpbox5 hotmail com) (1 replies) >However, after a user is authenticated, anyone else may also access the >protected services if they orginate from the same source IP address (NAT'd >network). The authentication mechanism is designed to authenticate based on >source-ip address only. Most firewalls track authenticated users base [ more ] [ reply ] RE: Authentication Vulnerability in NetScreen ScreenOS 2003-06-26 Hugo van der Kooij (hvdkooij vanderkooij org) Windows Media Services Remote Command Execution #2 2003-06-26 Brett Moore (brett moore security-assessment com) ======================================================================== = Windows Media Services Remote Command Execution #2 = = brett.moore (at) security-assessment (dot) com [email concealed] = http://www.security-assessment.com = = MS Bulletin posted: June 25, 2003 = http://www.microsoft.com/technet/security/bulletin/MS03-0 [ more ] [ reply ] Re: Internet Explorer >=5.0 : Buffer overflow 2003-06-26 xenophi1e (oliver lavery sympatico ca) In-Reply-To: <20030622005821.17280.qmail (at) www.securityfocus (dot) com [email concealed]> ><script> > wnd=open("about:blank","",""); > wnd.moveTo(screen.Width,screen.Height); > WndDoc=wnd.document; > WndDoc.open(); This is a good one. Works for me on IE 6.0.2800.1106.xpsp2. It's a stack based buffer overf [ more ] [ reply ] Linux 2.4.x execve() file read race vulnerability 2003-06-26 Paul Starzetz (paul starzetz de) Hi people, again it is time to discover a funny bug inside the Linux execve() system call. Details: --------- While looking at the execve() code I've found the following piece of code (from fs/binfmt_elf.c): static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) { [ more ] [ reply ] BEFSR81 SNMP Community String Information Disclosure Vulnerability 2003-06-26 franck dunter (dunter76 hotmail com) same bug http://www.securityfocus.com/bid/7317 but for the model BEFSR81 After my scan whit nmap, i just found SNMP open (port 161 udp). I scan the MIB, i found some thing very interesthing. on plages enterprises.3955.3.4.1.12.0 : the username enterprises.3955.3.4.1.13.0 : the password [ more ] [ reply ] [KSA-002] Multiple Vulnerabilities In Moregroupware 2003-06-26 François SORIN (francois sorin security-corporation com) PROGRAM: Moregroupware HOMEPAGE: http://www.moregroupware.com/ VULNERABLE VERSIONS: 0.6.7 and prior ? RISK: Low/Medium IMPACT: Cross Site Scripting RELEASE DATE: 2003-06-26 ================================================= TABLE OF CONTENTS ================================================= 1...... [ more ] [ reply ] various portmon vulnerabilities 2003-06-25 Nik Reiman (nik aboleo net) Ok, I have released portmon 1.9, which addresses both of the security "holes" which were brought up on bugtraq recently. Please see: http://www.securityfocus.com/archive/82/326718 http://www.securityfocus.com/archive/1/325482 It is important to note that portmon is (and never was) installed SUID [ more ] [ reply ] OptiSwitch remote root compromise 2003-06-26 CrazZzy Slash (slash istc kg) (1 replies) Hello bugtraq :) I've found bug in OptiSwitch 400 and 800 series, maybe another series :) So abou t: then you connecting to the switch via telnet or console you may gain root acc ess pressing Crtl+C <cr><cr> so you will :) Ok here is detailed information... Manufactor: MRV Communications, Inc. ht [ more ] [ reply ] [CLA-2003:662] Conectiva Security Announcement - ethereal 2003-06-25 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : ethereal SUMMARY : Several vulnerabilities DA [ more ] [ reply ] [RHSA-2003:173-01] Updated ypserv packages fix a denial of service vulnerability 2003-06-25 bugzilla redhat com [RHSA-2003:067-01] Updated XFree86 packages provide security and bug fixes 2003-06-25 bugzilla redhat com Authentication Vulnerability in NetScreen ScreenOS 2003-06-25 HedgeHog (hedgehog703 comcast net) Authentication Vulnerability in NetScreen ScreenOS Versions affected: ScreenOS 4.0.2r2.0 - possibly all versions Summary of problem: NetScreen firewalls have a feature that if enabled, requires users to provide a username and password to access resources and services behind a firewall, such as [ more ] [ reply ] Privilege escalation applet, Java Media Framework 2003-06-24 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bugtraqqers, this is the proof-of-concept code for the vulnerability described in http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760 The code shows that there is more in this vulnerability than crash the vm, it allows to read and write [ more ] [ reply ] Multiple IPv6-Induced Bugs & Vulnerabilities on IRIX 2003-06-24 SGI Security Coordinator (agent99 sgi com) Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE) 2003-06-23 Steven M. Christey (coley mitre org) Matt Moore said: >I also reported this to Microsoft - sometime around May or June >2002... I copied Steve Christey at Mitre on a couple of the emails I can confirm that on July 19, 2002, Matt CC'ed me on an email to the Microsoft Security Response Center in which Matt asked about when his report [ more ] [ reply ] RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow 2003-06-24 Eric Lawrence (ericlaw Exchange Microsoft com) To further restrict the potential impact of coding flaws in ActiveX controls, consider sitelocking. Sitelocking can help prevent your control from being illegitimately used elsewhere. http://msdn.microsoft.com/downloads/samples/internet/default.asp?url=/do wnloads/samples/internet/components/Site [ more ] [ reply ] |
|
Privacy Statement |
asp
[ more ] [ reply ]