|
|
Colapse all |
Post message
[CLA-2003:632] Conectiva Security Announcement - apache 2003-04-30 Conectiva Updates (secure conectiva com br) [ESA-20030430-013] 'snort' stream4 preprocessor integer overflow vulnerability 2003-04-30 EnGarde Secure Linux (security guardiandigital com) [ESA-20030430-014] 'tcpdump' multiple vulnerabilities 2003-04-30 EnGarde Secure Linux (security guardiandigital com) Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) 2003-04-30 Damien Miller (djm mindrot org) (1 replies) 1. Systems affected: Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected if OpenSSH was compiled using a non-AIX compiler (e.g. gcc). Please note that the IBM-supplied OpenSSH packages[1] are not vulnerable. 2. Description: The default behavior of the runtime linker on AIX is t [ more ] [ reply ] OpenSSH/PAM timing attack allows remote users identification 2003-04-30 Marco Ivaldi (raptor mediaservice net) RE: [Opera 7] Yet Another Story of "Phantom of the Opera" 2003-04-30 GreyMagic Software (security greymagic com) >This vulnerability is caused by script in Opera 7's console.html >that is not enough to sanitize single-quote. We've notified Opera of this concern almost three months ago (05-Feb-2003), after 7.01 was released. Here is a part of the original mail we sent: --- Opera 7 security fix --- ... we did [ more ] [ reply ] [SECURITY] [DSA 292-3] New mime-support packages really fix temporary file race conditions 2003-04-30 joey infodrom org (Martin Schulze) Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service 2003-04-30 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability ======================================================================== ======= Revision Numeral 1.0 For Public Releas [ more ] [ reply ] Latest MS SQL Server vulnerabilities revealed 2003-04-29 Cesar (cesarc56 yahoo com) There are available to download, a new POC tool, paper and presentation on the latest MS SQL Server bugs. Hunting Flaws in Microsoft SQL Server Presentation This presentation was delivered at the Black Hat 2003 Windows Security Conference, and illustrates many new Microsoft SQL Server vulnerabil [ more ] [ reply ] April appeared to be a month of IE bugs. Here's another one. 2003-04-29 ERRor (error pochtamt ru) Hello, Bugtraq. Malicious htm file can freeze IE with 100% CPU usage: Construct the file freeze.htm: c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm After opening freeze.htm IE will hang with 100% CPU usage until IEXPLORE.EXE process is not killed. Two bytes (0xff 0xfe) at th [ more ] [ reply ] HPUX rexec buffer overflow vulnerability 2003-04-29 Davide Del Vecchio (dante alighieri org) ======================================================= HPUX rexec buffer overflow vulnerability ======================================================= Davide Del Vecchio Adv#5 Discovered in: 19/02/2003 Date: 29/04/2003 Tested on HP-UX B.10.20 Description: The rexec command works the sa [ more ] [ reply ] Auerswald COMsuite/ Back Door 2003-04-29 Kroma Pierre (kroma syss de) ------------------------------------------------------------------------ SySS-Advisory: Auerswald COMsuite/ Back Door DATE: April 16th 03 (Published 29th April 03) AUTHOR: Sebastian Schreiber <Schreiber (at) SySS (dot) de [email concealed]> SySS GmbH 72070 Tübingen / Germany Tel.: +49-7071-407856-0 AF [ more ] [ reply ] Coldfusion MX: Java in CFM causes Crash 2003-04-29 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess Security Advisory Name: Macromedia Coldfusion MX Systems: All platforms with jdk 1.3.1 Level _03 until _07 Risk Category: Medium Vulnerability Type: Integer Overflow Vendor URL: http://www.macromedia.com Author: Marc Schoenefeld (marc@ill [ more ] [ reply ] RE: Windows Server 2003 Security Guide available 2003-04-29 paul (xml mailandnews com) Jason Coombs wrote: > Anyone interested in downloading these guides must be aware that they > are distributed by Microsoft in the form of self-extracting .exe's > bearing digital signatures embedded in the Portable Executable file's > header section. Obviously use self-extracting .exes is a ludicr [ more ] [ reply ] MDKSA-2003:052 - Updated snort packages fix remote vulnerability 2003-04-29 Mandrake Linux Security Team (security linux-mandrake com) [RHSA-2003:079-01] Updated zlib packages fix gzprintf buffer overflow vulnerability 2003-04-29 bugzilla redhat com Re: Microsoft IIS Integrated Authentication 2003-04-29 Michael vonGlasow HVBInfo com The same is possible with SMB and probably with anything else that relies on NTLM authentication. The two domains involved may even have different NetBIOS names. As I see it, this is as feature rather than a bug. It is a kind of "poor man's single sign-on" which can be used in workgroup environment [ more ] [ reply ] RE: Windows Server 2003 Security Guide available 2003-04-29 J.'LoneWolf' Mattsson (lonewolf earthmagic org) <snip> >For each file listed above there is a "full-file sha1 hash" which can be >verified using any full-file sha1 hashing utility. Microsoft does not >provide any such utility I'd normally not post this type of shameless plug to a mailinglist, but as I think it's actually on topic this once, [ more ] [ reply ] IdeaBox: Remote Command Execution 2003-04-29 euronymous (just-a-user yandex ru) =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: IdeaBox: Remote Command Execution product: IdeaBox 1.0 vendor: http://ideabox.phpoutsourcing.com risk: high date: 04/25/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/022.en.txt http://f0kp.iplus.ru [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : apache
SUMMARY : Denial of service vulnerabil
[ more ] [ reply ]