|
|
Colapse all |
Post message
[SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato) 2003-04-15 joey infodrom org (Martin Schulze) MDKSA-2003:045 - Updated evolution packages fix multiple vulnerabilities 2003-04-15 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 287-1] New EPIC packages fix DoS and arbitrary code execution 2003-04-15 joey infodrom org (Martin Schulze) BitchX trojan, the real follow up. 2003-04-15 Rob Andrews (randrews relinetworks com) Since Micha didn't take the time to post this email after it was passed along to himself and others on one of EFnet's oper lists I submit the following to explain what really happened to the BitchX website and DNS over the weekend. I also would like to point out that in the future I may b [ more ] [ reply ] [SCSA-016] Multiple vulnerabilities in Ez publish 2003-04-15 Grégory Le Bras (gregory lebras security-corporation com) ====================================================================== Security Corporation Security Advisory [SCSA-016] Multiple vulnerabilities in Ez publish ====================================================================== PROGRAM: Ez publish HOMEPAGE: http://www.ez.no VULNERABLE [ more ] [ reply ] MDKSA-2003:046 - Updated gtkhtml packages fix vulnerability 2003-04-15 Mandrake Linux Security Team (security linux-mandrake com) [CLA-2003:626] Conectiva Security Announcement - mutt 2003-04-14 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : mutt SUMMARY : Buffer overflow in IMAP code D [ more ] [ reply ] bitchx sources trojaned - follow up 2003-04-14 Micha³ Szwaczko (mikey wirelabs lublin pl) It seems that my posts have been misfired a little. Let me summarize how,when and why I got trojaned sources Since I am not a security guru whatsoever I couldn't know that this issue is already known. Anyway, it did happen to me this Saturday so there is a possibility that something weird is lin [ more ] [ reply ] FipsGuestbook Version 1.12.7 script injection. 2003-04-14 drG4njubas (drG4nj mail ru) Date: 14.04.2003 Subject: FipsGuestbook Version 1.12.7 script injection. Description: Written entirely in ASP and VBScript, easy to install ASP guestbook manager with web based administration panel. Vendor: FipsASP http://www.fips.at.tf Vulnerability: new_entry.asp neglects filtering user input [ more ] [ reply ] ActivCard password cache memory leakage 2003-04-14 OTERO Hernan Gustavo EDS (bazhgo techint net) In December of the 2002 I was analysing the ActivCard product for a client. During the analysis I noticed that making a memory dump of the process "scardsrv" was possible to obtain the users stored staticaly in the card. This issue at first, could seem smaller, although in depth already it has a [ more ] [ reply ] Web Wiz Site News realease v3.06 administration access. 2003-04-14 drG4njubas (drG4nj mail ru) Date: 14.04.2003 Subject: Web Wiz Site News realease v3.06 administration access. Description: Free asp news management system. Includes, simple intergration, short news item with link to full story, insert images, links, text formatting, user comments(optional) with email notification, anti-sp [ more ] [ reply ] bitchx sources backdoored on distribution site 2003-04-13 Micha³ Szwaczko (mikey wirelabs lublin pl) (1 replies) Hi, Can anyone verify that the bitchx 1.0c19 sources are backdoored. The configure script contains the following code which I think is a shell daemon. Perhaps I am making fool of myself right now since I am not a security guru but this looks weird. Can you verify ? If this is true, then the host [ more ] [ reply ] Multiple Vulnerabilities in BSD LPR Subsystem on IRIX 2003-04-14 SGI Security Coordinator (agent99 sgi com) Instaboard 1.3 SQL Injection 2003-04-14 Jim Dew (jdew cleannorth org) Affected Product: NetPleasure's Instaboard 1.3 www.netpleasure.com/instaboard/ Venerability: Multiple SQL Injection Vunerabilities. http://server/instaboard/index.cfm?frmid=1%20AND%20u.userid%20IN%20(sele ct%20userid%20from%20users) http://server/instaboard/index.cfm?frmid=1&tpcid=1%20SQL http://s [ more ] [ reply ] [SECURITY] [DSA 285-1] New lprng packages fix insecure temporary file creation 2003-04-14 joey infodrom org (Martin Schulze) [SECURITY] [DSA 286-1] New gs-common packages fix insecure temporary file creation 2003-04-14 joey infodrom org (Martin Schulze) Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach 2003-04-13 Aviram Jenik (aviram beyondsecurity com) This advisory is available online at: http://www.securiteam.com/securitynews/5XP0B0U9PE.html Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach ------------------------------------------------------------------------ SUMMARY "Over 497 million Internet users now use Macr [ more ] [ reply ] Multiple vulnerabilities in SheerDNS 2003-04-13 Jedi/Sector One (j pureftpd org) Date : 04/13/2003 Product : SheerDNS Author : Frank Denis <j (at) pureftpd (dot) org [email concealed]> ------------------------[ Product description ]------------------------ SheerDNS was written to be a simple replacement master DNS server that can be used where atomic updates are required. Because it stores [ more ] [ reply ] [SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato 2003-04-07 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 267-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 15th, 2003
[ more ] [ reply ]