|
|
Colapse all |
Post message
kermit buffer overflow on hp-ux 2003-05-05 John Morris (jrm atl hp com) -----BEGIN PGP SIGNED MESSAGE----- Re: buffer overflow in kermit We were unable to duplicate the buffer overflow reported by bt (at) delfi (dot) lt [email concealed] when the patches recommended in the following security bulletin are installed. - ---------------------------------------------------------------------- **REV [ more ] [ reply ] Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd) 2003-05-02 Frank da Cruz (fdc columbia edu) > I see. The problem is that the latest patch for kermit in HP-UX 11.0 is > PHCO_22665 . This kermit patch does not increase version of kermit, it only > patches known kermit(v. 6.0.192) vulnerabilities. I have kermit > v.6.0.192,shipped with default HP-UX 11.0 install and patched with latest HP > [ more ] [ reply ] Microsoft IIS Authentication Manager Account Conformation Vuln? 2003-05-03 JeiAr (jeiar kmfms com) Let me start off by saying that im not sure if this already exists, but i have never heard of it and neither has anyone i asked. So i'm SURE you all know about the IIS Authentication Manager Vuln (aexp4b.htr) and it can let people possibly bruteforce and change local account info on a Wind [ more ] [ reply ] rwrite buffer overflow in hp-ux 2003-05-03 John Morris (jrm atl hp com) -----BEGIN PGP SIGNED MESSAGE----- Re: buffer overflow in rwrite We were unable to duplicate the buffer overflow reported by bt (at) delfi (dot) lt [email concealed] when the patches recommended in the following security bulletin are installed. - ----------------------------------------------------------------- **REVISED 0 [ more ] [ reply ] Code Injection Vulnerabilities in WebcamXP Chat Feature 2003-05-02 Frame4 Security Systems (webmaster frame4 com) Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd) 2003-05-02 Frank da Cruz (fdc columbia edu) (1 replies) > don't know if you have been involved already.. > No, this is the first I've seen of it; thanks for sending it along. On Fri, 2 May 2003 19:49:03 +0300 bt (at) delfi (dot) lt [email concealed] wrote to bugtraq (at) securityfocus (dot) com [email concealed]: > Hi! > > There are many buffer overflows in kermit on HP-UX 11.0 . I am sure it is > vulnerabl [ more ] [ reply ] HP-UX 11.0 /usr/lbin/rwrite 2003-05-02 bt delfi lt Hi! There is a vulnerability in /usr/lbin/rwrite on HP-UX 11.0 (other versions might be vulnerable too). /usr/lbin/rwrite is installed setuid to root by default. $ /usr/lbin/rwrite something `perl -e 'print "A" x 14628'` something Segmentation fault Solution : remove setuid bit until patch is av [ more ] [ reply ] HP-UX 11.0 /usr/bin/kermit 2003-05-02 bt delfi lt Hi! There are many buffer overflows in kermit on HP-UX 11.0 . I am sure it is vulnerable in other HP-UX versions, too, since "C-Kermit 6.0.192, 6 Sep 96, for HP-UX 10.00" is installed in HP-UX 11.0 by default. /usr/bin/kermit is setuid to bin and setgrp to daemon, so upon succesfull exploitation, [ more ] [ reply ] [RHSA-2003:113-01] Updated mod_auth_any packages available 2003-05-02 redhat-announce-list-admin redhat com Privacy Compromise Ifriends Webcam 2003-05-02 morning_wood (se_cur_ity hotmail com) morning_wood http://exploit.wox.org For the past year Ifriends.com ( WP Associates ) has known about a security compromise in its chathost software ifcam96d. The program is coded in such a way, and the structure of Ifriends.com Java/Browser based traction scheme that makes it possible to bypass [ more ] [ reply ] [SECURITY] [DSA 298-1] New EPIC4 packages fix DoS and arbitrary code execution 2003-05-02 joey infodrom org (Martin Schulze) Re: OpenSSH/PAM timing attack allows remote users identification 2003-05-01 ilja van sprundel (ilja netric org) Dynamic DNS "Spoofing" & IRC 2003-05-01 Intel Nop (0x90 invisiblenet net) (5 replies) This is a trivial "feature/flaw" I've been holding onto for a bit, and it's probably commonly known, but I haven't seen it posted anywhere, more of a neat little thing in taking advantage of IRC and it's treatment of dyndns within DNS if reverse lookup is possible. IRC (Internet Relay Chat) servers [ more ] [ reply ] Re: OpenSSH/PAM timing attack allows remote users identification 2003-05-01 Nicolas Couture (nc stormvault net) After a bad experience with ssh_brute.c from mediaservice.net who released, lately, an advisory for OpenSSH <= 3.6.1p1 that became CAN-2003-0190 (http://lab.mediaservice.net/advisory/2003-01-openssh.txt) I decided to write my own working exploit: --- gossh.sh --- #!/bin/sh # OpenSSH <= 3.6.p1 - Use [ more ] [ reply ] |
|
Privacy Statement |
More info about Mod_Survey can be found on its home page, which is
available at http://gathering.itm.mh.se/modsurv
[ more ] [ reply ]