SecurityFocus

[SECURITY] [DSA 269-1] New heimdal packages fix authentication failure 2003-03-26
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 269-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 26th, 2003

[ more ] [ reply ]

@(#)Mordred Labs advisory - Integer overflow in PHP memory allocator 2003-03-26
Sir Mordred (mordred s-mail com)

//@(#) Mordred Security Labs advisory

Release date: March 26, 2003
Name: Integer overflow in PHP memory allocator
Versions affected: < 4.3.2
Risk: very high
Author: Sir Mordred (mordred (at) s-mail (dot) com [email concealed], http://mslabs.iwebland.com)

I. Description:

PHP is a widely-used general-purpose scripting language

[ more ] [ reply ]

RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue 2003-03-26
Martin O'Neal (bugtraq corsaire com)

As a follow to this, the vendor has now released a permanent fix for the
product, which can be downloaded from:
http://www.clearswift.com/download/SQL/downloadList.asp?productID=301

Regards,
Martin O'Neal

[ more ] [ reply ]

Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) HTTP URL pattern evasion issue 2003-03-26
Martin O'Neal (bugtraq corsaire com)

-- Corsaire Security Advisory --

Title: Symantec Enterprise Firewall (SEF) HTTP URL pattern evasion issue
Date: 24.02.03
Application: Symantec Enterprise Firewall (SEF) 7.0
Environment: Windows NT 4.0, Windows 2000,
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General Distribution

[ more ] [ reply ]

SuSE Security Announcement: apcupsd (SuSE-SA:2003:022) 2003-03-26
Thomas Biege (thomas suse de)

WebDAV exploit: using wide character decoder scheme 2003-03-26
¿ÀÁ¤¿í (mat panicsecurity org)

#!/bin/perl

#

# 2003.3.24

#

# mat (at) monkey (dot) org [email concealed]

# mat (at) panicsecurity (dot) org [email concealed]

#

# tested on Windows 2000 Advanced Server SP3: Korean language edition

# ntdll.dll with 2002.7.3 version

# You need to change some parameters to make this exploit work on your platform of choice

#

# This exploit uses u

[ more ] [ reply ]

GLSA: mod_ssl (200303-23) 2003-03-25
Daniel Ahlberg (aliz gentoo org)

MDKSA-2003:035 - Updated openssl packages fix RSA-related insecurities 2003-03-25
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2003:034 - Updated rxvt packages fix escape sequence insecurities 2003-03-25
Mandrake Linux Security Team (security linux-mandrake com)

Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged 2003-03-24
Vladimir Katalov (info elcomsoft com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged

March 24, 2003

SUMMARY
========================================================================
=======

Adobe Acrobat Reader supports plug-ins, i.e. additiona

[ more ] [ reply ]

MDKSA-2003:036 - Updated netpbm packages fix math overflow errors 2003-03-25
Mandrake Linux Security Team (security linux-mandrake com)

Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows 2003-03-25
security sco com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: apcupsd remote root vulnerability and buffer overflows
Advisory number: CSSA-2003-0

[ more ] [ reply ]

MDKSA-2003:037 - Updated glibc packages fix vulnerabilities in RPC XDR decoder 2003-03-25
Mandrake Linux Security Team (security linux-mandrake com)

IIS 5.0 WebDAV -Proof of concept-. Fully documented. 2003-03-25
Roman Medina (roman rs-labs com) (2 replies)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I wrote another exploit for the nt.dll bug some days ago.
Explanation and a little documentation is included in the source
file. It compiles in Linux/gcc without any error.

http://www.rs-labs.com/exploitsntools/rs_iis.c
[19.5 kbytes]

Regards,

[ more ] [ reply ]

TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit 2003-03-26
Martin Vuagnoux (bugtraq vuagnoux com)

Re: IIS 5.0 WebDAV -Proof of concept-. Fully documented. 2003-03-25
Dave Aitel (dave immunitysec com)

GLSA: stunnel (200303-24) 2003-03-25
Daniel Ahlberg (aliz gentoo org)

SuSE Security Announcement: kernel (SuSE-SA:2003:021) 2003-03-25
Roman Drahtmueller (draht suse de)

Emule 0.27b remote crash 2003-03-25
Auriemma Luigi (aluigi pivx com)

######################################################################

Application: Emule (http://emule-project.net)
Versions: 0.27b and previous versions
Platform: Windows
Bug: The program tries to read memory offset 0x00000000 if an
attacker send a chat message without

[ more ] [ reply ]

Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI 2003-03-25
Axis Product Security (product-security axis com)

Date: 2003-03-25

1. Topic

System log access and file access/overwrite via HTTP/CGI

2. Description

CGI applications allowing file and directory creation and overwrites,
and access to the system log has incorrect access permissions in a
number of Axis products.

In affected products a user with

[ more ] [ reply ]

Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible 2003-03-24
Rizan Sheikh Mohd (sheikhrizan rocketmail com)

In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A (at) a0001-xpo0114-s.hodc.ad (dot) alls [email concealed]ta
te.com>

Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server &

management are separated. It seems that syslog is running on port 514udp:

$ ps -aef | grep syslog

root 7239 7231 0 Mar

[ more ] [ reply ]

VChat 2003-03-23
subj (r2subj3ct dwclan org)

Product : VChat

Version : First

WebSite : http://vchat.host.sk

Problem :

* View messages

* Easy DoS

Description:

------------

View messages:

==============

File with all chat sessions are in txt file (msg.txt) and everybody can

read it

Easy DoS:

=========

I

[ more ] [ reply ]

PHPNuke viewpage.php allows Remote File retrieving 2003-03-25
Zero_X www.lobnan.de Team (zero-x linuxmail org) (2 replies)

viewpage.php is a part of PHPNuke.

The Script allows an attacker to view all files on the System.

Example:

http://server.com/viewpage.php?file=/etc/passwd

Zero X member of www.Lobnan.de

[ more ] [ reply ]

Re: PHPNuke viewpage.php and another SQL injections 2003-03-25
Tibor Pittich (Tibor Pittich phuture sk)

Re: PHPNuke viewpage.php allows Remote File retrieving 2003-03-25
DaiTengu (daitengu war-ensemble com) (1 replies)

Re: PHPNuke viewpage.php allows Remote File retrieving 2003-03-25
Jim Geovedi (negative magnesium net)

IRM 005: JWalk Application Server Version 3.2c9 DirectoryTraversal Vulnerability 2003-03-25
IRM Advisories (advisories irmplc com)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
IRM Security Advisory No. 005

JWALK application server version 3.2C9 Directory Traversal Vulnerability

Vulnerablity Type / Importance: Information Leakage / High

Problem discovered: November 28th 2002
Vendor contacted: Novembe

[ more ] [ reply ]

[SECURITY] [DSA 268-1] New mutt packages fix arbitrary code execution 2003-03-25
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 268-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 25th, 2003

[ more ] [ reply ]

[RHSA-2003:095-02] New samba packages fix security vulnerabilities 2003-03-25
bugzilla redhat com

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: New samba packages fix security vulnerabilities
Advisory ID: RHSA-2003:095-02
Issue date: 2003-03-17
Updated on: 2003-03-25
Product: Re

[ more ] [ reply ]

CSS in PHP WEB CHAT 2003-03-25
Over_G (overg mail ru)

Product: PHP WEB CHAT
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------

Actions:

1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=
<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%

[ more ] [ reply ]