|
|
Colapse all |
Post message
[CLA-2003:615] Conectiva Security Announcement - samba 2003-04-04 Conectiva Updates (secure conectiva com br) Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function 2003-04-04 Muhammad Faisal Rauf Danka (mfrd attitudex com) Just to add a little more to what Mr Jedi said, Only allowing php code of the choice, may also endup in infinite loops causing denial of service. Including that, they may attempt to establish connection with other machines, within the LAN or imagine bruteforcing SQL servers on the internet, or bann [ more ] [ reply ] [CLA-2003:617] Conectiva Security Announcement - file 2003-04-04 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : file SUMMARY : Buffer overflow vulnerability [ more ] [ reply ] SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call 2003-04-04 KF (dotslash snosoft com) [CLA-2003:616] Conectiva Security Announcement - dhcp 2003-04-04 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : dhcp SUMMARY : Denial of service vulnerabilit [ more ] [ reply ] [CLA-2003:614] Conectiva Security Announcement - sendmail 2003-04-04 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : sendmail SUMMARY : Buffer overflow vulnerabil [ more ] [ reply ] An Alternate View of Recently Reported PHP Vulnerabilities 2003-04-04 Steven M. Christey (coley linus mitre org) (1 replies) Recently, there has been a bit of commentary on certain vulnerabilities that have been reported for the PHP language. Whether these issues should be "blamed" on PHP itself or not, they may be of some concern to PHP *application* developers and auditors. >This is a bit pointless, IMHO. > >[snip] [ more ] [ reply ] Re: An Alternate View of Recently Reported PHP Vulnerabilities 2003-04-04 Sascha Schumann (sascha schumann cx) RE: NetBIOS could be used as network flood amplier 2003-04-04 Russ (Russ Cooper rc on ca) Its called a NetBIOS Broadcast Storm, and its 15 years old now. No need to write your own code, many manufacturers, like Ungermann-Bass, IBM, Tandem Computers and others all wrote code that could do this quite effectively. The only difference between your code and theirs is that theirs would do it w [ more ] [ reply ] [CLA-2003:613] Conectiva Security Announcement - snort 2003-04-04 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : snort SUMMARY : RPC preprocessor vulnerabilit [ more ] [ reply ] NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol 2003-04-04 NetBSD Security Officer (security-officer netbsd org) Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged 2003-04-04 Vladimir Katalov (vkatalov elcomsoft com) In-Reply-To: <200303261835.h2QIZD6g027059 (at) www.harkless (dot) org [email concealed]> Dan Harkless <bugtraq (at) harkless (dot) org [email concealed]> writes: >For those of us not familiar with Acrobat plugins, is there some facility >for the program retrieving/installing plugins automatically, or, to exploit >this would you need to entice a user [ more ] [ reply ] NetBSD Security Advisory 2003-009: sendmail buffer overrun in prescan() address parser 2003-04-04 NetBSD Security Officer (security-officer netbsd org) TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0 2003-04-04 Rushjo (at) tripbit (dot) org [email concealed] (rushjo tripbit org) TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0 contributed by: rushjo ======================================================================== ======== Tripbit Security Advisory TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0 =============================== [ more ] [ reply ] [SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution 2003-04-04 joey infodrom org (Martin Schulze) AspJar guestbook script injection vulnerability. 2003-04-04 drG4njubas (drG4nj mail ru) This advisory and other useful files can be found at www.blcktigerz.org Subject: AspJar guestbook script injection vulnerability. Description: Free Advanced ASP Guestbook Script Vendor: http://www.aspjar.com Vulnerability: guest.asp neglects filtering user input allowing for script injection [ more ] [ reply ] SuSE Security Announcement: openssl (SuSE-SA:2003:024) 2003-04-04 Sebastian Krahmer (krahmer suse de) Syscall implementation could lead to whether or not a file exists 2003-04-02 Andrew Griffiths (andrewg d2 net au) Product: Linux and various other kernels Tested: - RedHat kernel 2.4.18-26.7.x (second latest ;)) - RedHat kernel 2.4.18-27.7.x - Debian 3.0 box - FreeBSD 4.4 Description: Due to the implementation of various system calls, it becomes possible to test whether or not a file exists in a direct [ more ] [ reply ] [SECURITY] [DSA 278-1] New sendmail packages fix denial of service 2003-04-04 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : samba
SUMMARY : Remote vulnerability and loca
[ more ] [ reply ]